IT Policy Governance - Best Practice



1. IT Policy Committee (ITPC)

1.1.1 Information Services & Computing shall sponsor an IT Policy Committee (ITPC), composed of representatives from Schools and Centers, for the purpose of researching and preparing recommendations on proposed policy and standards changes as well as requests for variances.

1.1.2 The IT Policy Committee (ITPC) shall have a designated chair who is responsible for maintaining adequate policy progression, chairing regular meetings, publishing and circulating meeting minutes, and reporting on policy status quarterly to the IT Security Committee (ITSEC) and annually to the IT Round Table (ITR).

1.1.3 New IT policy and significant changes to existing IT policy will be first submitted to the IT Policy Committee (ITPC) in concept form for financial and cultural impact analysis within Penn Schools and Centers.

1.1.4 The IT Policy Committee shall prepare an impact analysis for review by the Privacy and Security Executive Committee (PSEC).

1.1.5 The IT Policy Committee (ITPC) will draft specific policy language and submit to the Penn IT community for a 30-day review any policy changes approved by the Privacy and Security Executive Committee (PSEC) in concept.

1.1.6 Upon approval of a policy change by the Vice President of Information Systems Computing the ITPC Chair shall arrange to publish a link to the new or revised policy in the Almanac.

1.2.1 The ITPC chair shall ensure the chair position is represented at each ITPC meeting

1.2.2 The ITPC chair shall ensure administrative processes are followed and all collaboration systems are updated and maintained.

1.2.3 The ITPC chair shall administer membership communications and publish minutes.

1.2.4 The ITPC chair shall schedule a review of existing Policy, Standards, and Practices on established cycles.

1.2.5 The ITPC chair shall report on Policy, Standards, and Practice status at ITSEC meetings.

1.2.6 The ITPC chair shall mentor new members and sponsors on responsibilities and procedures

1.3.1 Schools and Centers are expected to actively participate on the IT Policy Committee.

1.3.2 School or Center representatives shall ensure the School or Center is represented at each meeting.

1.3.3 School or Center representatives shall fully disseminate relevant ITPC discussions, materials, and pending decisions within their organization.

1.3.4 School or Center representatives shall organize and communicate their organization's positions to the ITPC committee.

2 Privacy and Security Executive Committee (PSEC)

2.1.1 PSEC shall evaluate the cost-benefit of proposed Policies, associated Best Practices, and any controversial Standards.

2.1.2 PSEC shall refer to the Council of Deans and/or Senior Round Table as appropriate for proper vetting and council.