IT Policies, Regulations and Rules
To protect university assets, OIT Security and Compliance (S&C) works in collaboration with campuswide IT representatives and the Office of General Counsel (OGC) to develop Policies, Regulations and Rules for Information Technology (IT PRRs). Upon final approval of iterative drafts, OGC publishes IT PRRs in the Information Technology category of their Policies, Regulations & Rules website.
For more information about PRRs, see the official definitions.
Standard Operating Procedures and Guidance
S&C develops and publishes further details, such as standard operating procedures and guidance, on this website and in knowledge articles.
PRR Development Process
After creating or revising the first draft of an IT PRR, the draft undergoes the review and approval process shown in the following table and flowchart:
| Step | Action Owner | Description |
|---|---|---|
| 1 | Security & Compliance (S&C) | Creates or begins revising the IT PRR. |
| 2 | IT Policy & Compliance Working Group (IT PCWG) | Review and endorsement |
| 3 | Information Security Advisory Group (ISAG) | Review and endorsement |
| 4 | Campus IT Directors (CITD) | Review and endorsement |
| 5 | S&C Management | Review and endorsement |
| 6 | Chief Information Officer (CIO)/ Vice Chancellor for IT | Review and endorsement |
| 7 | Faculty, Staff, and Student Senate reviews (if needed, typically only for IT policy and regulations, not for most rules) | Review and endorsement |
| 8 | IT Governance | Review and endorsement |
| 9 | Chancellor’s Cabinet | Review and final approval |
| 10 | Office of General Counsel (OGC) | Publish to OGC’s IT PRR website |
