Head & Managers ForumUpdate on IT Policies

Friday 13th of September

Purpose of IT Policies

• Provide clarification for staff and students on the acceptable usage of IT infrastructure and services.

• Provide a level of protection for staff, students and the University from the misuse of IT systems and services.

• Provide information to staff and students on how to get the most out of the services.

• Provide clarification for all staff on how to deal with and escalate issues.

Glossary

Policy: High level goals and rules on managing information technology and data in the University.http://www.ucc.ie/en/media/support/itpolicies/policies/SocialMediaPolicy.pdf

Procedure: Step by step tasks of workflows performed to achieve certain outcomes. They spell out how the policy will be implemented operationallyhttp://www.ucc.ie/en/media/support/itpolicies/procedures/AccessToStaffAccounts.pdf

Standards: Specify in detail how the University hardware and software should be used. http://www.ucc.ie/en/media/support/itpolicies/standards/BulkEmailStandards.pdf

Guidelines: Information and advisory notes on how best to use the services. These documents are not mandatory.http://www.ucc.ie/en/media/support/computercentre/trainingmanuals/BackUpandRestore.pdf

Policy Universe

Principles Confidentiality Integrity Availability Appropriateness

Policy Layers

Standards Layer

Password Standards

Website Standards

Anti-Virus Standards

End User Guidelines

(including portable devices Guidelines)

Procedural Layer

User Admin

Physical Access Change Management

Data Backups

D R Plans

Physical and Logical Layers

Compliance

Information policies

Data Protection

Data Privacy

Policy

Data

Management

Policy Business Controls

IT Security

3rd Party Hosting

IT Policies AUP

Social Media

Policy: Governance and Creation Process

Policy Drafted by IT

Approved by IS Management team

Significant input from AC IS&ER committee

Sent to colleges for review/ sign off

Sent to Academic Board and Council for

final approval

Approved by UMTO/Governing Body if required

Published on UCC website

http://www.ucc.ie/en/it-policies/

Sta

nd

ard

s,

Pro

ced

ure

s a

nd

Gu

ide

line

s a

re m

ost

ly

ap

pro

ved

he

re

Website link: http://www.ucc.ie/en/it-policies/

Inventory of Documentation

Policies Procedures Standards Guidelines

Acceptable Usage Access to IT Services Bulk Email Disposal of devices

Social Media Data Classification Connecting Equipment

Spam guidelines

Data Management Access to Staff account Structured Cabling Irish law and AUP

Information Security Access to student account Network points Portable devices

Policy Breach protocol Smartphones

UCC Official Social Media accounts

Encryption

UCC Other Social Media accounts

Software Licences

Pending Approval

External Hosting of Data Social Media Guidelines

Digital Estate GovernanceData Protection Policy

Questions