Policy Development at Georgetown: Directory Enabled

Applications(and not)

Charles F. Leonhardt

leonhardt@georgetown.edu CSG Winter Meeting Sanibel Harbour, FloridaJanuary 11, 2002

Brief History

Seven Years Ago: No Formal IT Policies– University IT Functions too

decentralized– Nine Internal Service Providers– Five, count ‘em, five “CIOs”

Burning Need for Acceptable Use PolicyOne Year to DevelopOne Year for Faculty Senate to debate

and approve

The last 5 Years: many needs for new and revised policiesComputer Systems Acceptable Use Policy More “global” policies, such as privacy

and security More “functional” policies such as domain

naming (e.g. Upenn.georgetown.edu was requested!)

The major focus for today: Conducting Business over the Internet

Policy Overview

Computer Systems Acceptable Use Policy• Approved: 1996• Application: Campus-wide• Audience: all students, faculty, staff,

affiliates, alumni

• Ancillary Policy: Policy For System and Network Administrators

• Action: needs review and revision in view of “Internet explosion” and new technologies

Policy Overview

Related Policies (Global)Privacy Policy

• Need to provide a University philosophy and umbrella policy to guide existing departmental privacy policies (Med School, Registrar, Registrar, Library, etc.)

• http://www.georgetown.edu/policy/privacy/ (out of date and needs revision)

Security Policy • External auditor and Board of Directors

mandated (being revised – a VERY long process)

Policy Overview

Related Policies (Global) Intellectual Property and Technology

Transfer• Revision under review

Electronic Resources Access Policy• Who can use Georgetown’s online resources? • In Development

Copyright• Needs review and updating

Policy Overview

Related Policies (Functional)E-Mail retention policy

• Face the realities of purging email

Software Licensing and Acquisition Policy

• More formally prohibit software copying and support licensing

Naming policy• Philosophy for naming subdomains, servers, etc.

Off-campus Equipment and Data Access• companion to HR “work at home” policy

A New Policy Process

Articulate a clear, concise rationale for the establishment of the policy

Name a process ownerEstablish the working groupEstablish a timelineDetermine whether interim policy is

neededEstablish the approval processList all other (potentially) affected policies

Policies Done in 2001

Internet (Web) Business Policy– Philosophy– Guidelines for Departments Selling

Goods and ServicesWeb Advertising PolicyE-Mail distribution policy

– Voluntary and Involuntary mailing lists

– An “interim” policy

Policy Development: 2002

Account ManagementDirectory and Attribute Use Policy

– (e.g. Calculation of Primary Affiliation)

Identification & Authentication Policy– Very complex and urgently needed

Policies being contemplated:• B2B• Vendor Compliance Policy

A Common Solution?

We are not uniquePolicy situations are not uniqueA more formalized common repository

of policy drafts for:– Directory driven applications– Cross-institution authentication and

authorization– “Global” issues

More Information

University Policy Information:http://www.georgetown.edu/policy

Technology Policy Information:http://www.georgetown.edu/uis/policy

University Policy Search Engine:http://data.georgetown.edu/policy

Copies of Policy Drafts Not Yet Published:

leonhardt@georgetown.edu