IT Policy Governance - Best Practice



IT Policy Committee (ITPC) Best Practice

The IT Policy Committee (ITPC) charge is to research and prepare recommendations on proposed policy and standards changes as well as requests for variances. 


The committee was created in the summer of 1999 as the Network Policy Committee (NPC) at the request of Mike Palladino, then Executive Director of Networking for ISC.

This is actually the second incarnation of the NPC, which first existed for a few years in the early 1990s and was responsible for recommending some of the common practices in use today. In June 2018, the Network Policy Committee was converted to IT Policy Committee (ITPC) to broaden the committee's work scope to include ISC IT policies. 

1.1 Information Services & Computing shall sponsor an IT Policy Committee (ITPC), composed of representatives from Schools and Centers, for the purpose of researching and preparing recommendations on proposed policy and standards changes as well as requests for variances.

1.2 The IT Policy Committee (ITPC) shall have a designated chair who is responsible for maintaining adequate policy progression, chairing regular meetings, publishing and circulating meeting minutes, and reporting on policy status quarterly to the IT Security Committee (ITSEC) and annually to the IT Round Table (ITR)

1.3 New IT policy and significant changes to existing IT policy will be first submitted to the IT Policy Committee (ITPC) in concept form for financial and cultural impact analysis within Penn Schools and Centers.

1.4 The IT Policy Committee shall prepare an impact analysis for review by the Privacy and Security Executive Committee (PSEC).

1.5 The IT Policy Committee (ITPC) will draft specific policy language and submit it to the Penn IT community for a 30-day review of any policy changes approved by the Privacy and Security Executive Committee (PSEC) in concept.

1.6 Upon approval of a policy change by the Vice President of Information Systems Computing the ITPC Chair shall arrange to publish a link to the new or revised policy in the Almanac.

2.1 The ITPC chair shall ensure the chair position is represented at each ITPC meeting

2.2 The ITPC chair shall ensure administrative processes are followed and all collaboration systems are updated and maintained.

2.3 The ITPC chair shall administer membership communications and publish minutes.

2.4 The ITPC chair shall schedule a review of existing Policy, Standards, and Practices on established cycles.

2.5 The ITPC chair shall report on Policy, Standards, and Practice status at ITSEC meetings.

2.6 The ITPC chair shall mentor new members and sponsors on responsibilities and procedures

3.1 Schools and Centers are expected to actively participate on the IT Policy Committee.

3.2 School or Center representatives shall ensure the School or Center is represented at each meeting.

3.3 School or Center representatives shall fully disseminate relevant ITPC discussions, materials, and pending decisions within their organization.

3.4 School or Center representatives shall organize and communicate their organization's positions to the ITPC committee.

Privacy and Security Executive Committee (PSEC) Best Practices

1.1 PSEC shall evaluate the cost-benefit of proposed Policies, associated Best Practices, and any controversial Standards.

1.2 PSEC shall refer to the Council of Deans and/or Senior Round Table as appropriate for proper vetting and council.