Brown University

IT Policy Development and Review Process at Brown University

Reliability and availability of the communications infrastructure are vital to the success of Brown's academic mission. The IT policies that are put into place are done so in the interests of the entire community, to communicate to end users the kinds of actions that can adversely impact the ability of other users to perform University functions in support of Brown's academic mission.

To ensure that Brown's IT policies are reasonable for students, faculty and staff, the following development and review process has been put into place:

Development Phase

  1. A policy to be generated or updated will be listed on the policy home page with its status so designated. For new policies, a draft will be written based on an assessment of risk to Brown, with input gathered from Brown's peer organizations and other sources as required.
  2. A notice will be sent to CIS Directors, communicating that a policy is going to be generated and the general reasons why the action is necessary.
  3. Subject Matter Experts will be gathered to discuss the new or revised document and make modifications as necessary.
  4. As the final step in the development phase, representatives from the Office of the General Counsel and Internal Audit will be consulted regarding legal and enforcement issues and their recommendations incorporated into the policy.

Review Phase

  1. The draft document will be sent to the CIS Directors, who are expected to engage their staffs as necessary.
  2. The policy will be referred to the Information Technology Advisory Board (ITAB) for their input.
  3. The Departmental Computing Coordinators (DCCs) and System Administrators (officially recognized by their departments and registered as such in the CIS database) will be consulted for their assessment on the impact of the new policy, or policy changes, and for its technical viability.
  4. A Morning Mail will be sent to the entire Brown community, notifying them that the policy will be open for general review for two weeks. Any comments would be directed to ITPolicy@brown.edu.
  5. A copy of the "final" draft document will be posted for comment on the draft policy web site and final comments will be reviewed.
  6. The ITAB will provide a final review and signoff.

Note: As draft documents are routed, requests for comments will be due by a particular date, and if no input is received by that date, concurrence will be assumed.

Implementation Phase

  1. The newly published policy will be announced campus-wide via Morning Mail.
  2. Policies are reviewed on a regular basis to maintain their relevance and accuracy. [ policy review cycle ]

Last Revised: September 1, 2009