Purpose

To define the approach to the development, approval and maintenance of IT policies and standards.

Scope

This applies to all policies and standards recommended by governance for UFIT and issued by the Vice President and Chief Information Officer.

Standard

New Policy Development:

  1. Topical committees develop draft policy. Drafts can be prepared by the chair, staff, or using whatever process the committee prefers. The committee submits its final working draft to the IT Policy Coordinator (ITPC).
  2. The ITPC solicits feedback on the draft policy from the other UF Information Technology Governance topical committees, constituent groups (such as the IT Directors), Infrastructure Council of the Faculty Senate, and Office of the General Counsel. Feedback is requested within a limited timeframe in the form of specific comments (bulleted lists addressing specific items in the draft policy). The ITPC consolidates all comments into a document that is provided back to the originating topical committee. This step is expected to not exceed 15 business days.
  3. The originating committee considers the feedback, makes changes to the working draft as deemed appropriate. The chair of the topical committee recommends the final draft policy to the CIO, by submitting the final draft along with responses to the comments back to the ITPC. This step is expected to not exceed 15 business days.
  4. The ITPC provides the CIO with the recommendation, final draft, and feedback notes.
  5. The CIO consults with other university administrators and leadership as appropriate, and can approve the policy, or send it back to ITPC to return to the topical committee with noted concerns or suggestions. This step is expected to not exceed 5 business days.
  6. Once approved, the ITPC publishes the policy and feedback notes, and provides notification to affected parties as appropriate. For instance, a policy affecting the entire UF community would be widely advertised, while a policy primarily impacting IT staff could be distributed directly to them.

Policy Review and Revision

  1. The IT Policy Coordinator (ITPC) tracks policy review dates and notifies each of the topical committee chairs of the policies needing review that originated with their committee. The originating committee will review the policies, and either provide a draft revision to the ITPC or inform the ITCP that review was completed, and no changes are recommended.
  2. The ITPC solicits feedback on the draft policy revision from the other UF Information Technology Governance topical committees, constituent groups (such as the IT Directors), Infrastructure Council of the Faculty Senate, and Office of the General Counsel. Feedback is requested within a limited timeframe in the form of specific comments (bulleted lists addressing specific items in the draft policy). The ITPC consolidates all comments into a document that is provided back to the originating topical committee. This step is expected to not exceed 15 business days.
  3. The originating committee considers the feedback, makes changes to the draft revision as deemed appropriate. The chair of the topical committee recommends the final revised policy draft to the CIO, by submitting the final draft along with responses to the comments back to the IT Policy Coordinator. This step is expected to not exceed 15 business days. The ITPC provides the CIO with the recommendation, final revised draft, and feedback notes.
  4. The CIO consults with other university administrators and leadership as appropriate, and can approve the policy revision, or send it back to the ITPC to return to the topical committee with noted concerns or suggestions. This step is not expected to exceed 5 business days.
  5. Once approved, the ITPC publishes the policy revision and feedback notes, updating the review and revision tracking information for the policy. If no policy changes were recommended, the ITPC will update the revision tracking information to reflect this. The ITPC provides notification to affected parties as appropriate. For instance, a policy affecting the entire UF community would be widely advertised, while a policy primarily impacting IT staff could be distributed directly to them.

Standard Approval Process

The UFIT Senior Director responsible for each topical committee is responsible for the development and review of standards needed to implement approved policies. Each Senior Director will consult with relevant constituent groups (such as the IT Directors) and UFIT Leadership team prior to approval of standards.

References:

Policy and Standard Approval Process (PDF, 215.9 kB)

IT Policy Process Dec 2019 (PDF, 149.3 kB)