> 1. Policy Development
Search this site
3. An effective organizer with skills in:
|Development Plan||Portfolio Documentation|
|Identify areas for which policies and procedures need to be documented and set up mechanisms for developing, approving and revising those policies and procedures.||Report the policies developed. Review and reflect on the mechanisms set up for administering the policies, and their acceptance and effectiveness.|
One of the first major changes I initiated at Andrews was to add three new positions to the existing two supporting PCs. In July, 1997, I wrote a memo to the campus outlining the change in staffing, and associated changes in hardware and software support policies. To coincide with the announcement of these changes, the ITS Client Services Department produced a comprehensive document covering software support, hardware support, network support, and Computer Store policies. It also included details of the standard hardware and software policies.
Another question that arises from time to time is what to do about problems that are reported out of normal work hours, and in particular, those occurring during Sabbath. A question about 24x7 support was asked on the EDUCAUSE CIO list, and of the 12 institutions that responded, there were about five variations on the approach that was taken. Andrews has not formalized any policy on this as yet, which sometimes means the out of hours support load is not shared around equitably.
In 1999, the area of hardware standards was revisited. This was prompted in part by the desire to adopt a quality platform from a reputable vendor, and we had been having good success with the business line of machines from Dell. We believed there were significant Total Cost of Ownership (TCO) issues stemming from this. Another factor was the approach of Y2K. As a result, we prepared a revised hardware standards document (March 1999), and with Dan Widner, Director of Client Services, gave presentations to the Deans' Council (9 March, 1999), Financial Management Committee (11 March, 1999), and President's Cabinet (15 March, 1999). There was support in principle for what we were trying to accomplish, but I have to confess that my approach to proposing change was somewhat naïve, so we were unsuccessful in having our recommendations adopted.
Even before we had a officially adopted computer acceptable use policy, we had a formal account signup form that included a section on acceptable uses and inappropriate uses of computer accounts (see example). The development of the official policy is covered fully in the next section. See Computers and Networks Usage Policy for the current version of this policy.
Copyright matters are dealt with in Section D of the Computers and Networks Usage Policy under Software and Intellectual Property. Appendix RR is a summary of "Software Use and the Law" prepared by the Software Publishers Association. Appendix SS, also prepared by the Software Publishers Association, summarizes the Copyright Act and the concept of Fair Use. Section A.5 of the policy covers the issue of privacy and confidentiality.
In early 2000, the MP3 compression format made its mark. With compression rates of 10:1 and higher, it became quite feasible for music collectors with Internet connections to share their favorite music over the Internet. A program called Napster was developed to simplify the sharing process, and was so successful that within a short time, huge amounts of bandwidth were being consumed by students in the residential halls uploading and downloading music. This was expressly prohibited in Section A.3.h of the Computers and Networks Usage Policy, as well as being in contravention of copyright law.
In February of 2000, I met with the Student Services Council to explain the issues surrounding MP3, Napster, and copyright law. I was interviewed for an news article that was published online (also on local server), where I am quoted as saying:
"David Heise, Chief Information Officer for Andrews University, said, 'Having Napster on a computer violates Andrews' acceptable usage policy on at least three counts: it uses resources excessively, it is indiscriminate about violating copyright laws (a federal offence), and it offers off-campus service. We want our students to realize the ethical concerns that are unknowingly placed on them when they use Napster.'"
Email was another area warranting special attention. There were issues about requiring students to have an official email address for university correspondence, account name formation, account activation, password policies, privacy, archiving and retention, and many others. I drafted a document as a discussion point for developing a comprehensive email policy.
The committees that had the most to do with approving the Computers and Networks Usage Policy were the Academic Computing Committee and the Administrative Computing Committee. The Web Committee did a lot of work framing and getting approval for the Web Policy. This was started by Mailen Kootsey in early 1997 as a draft document covering personal web pages. The Web Committee approved a formal web policy document (Andrews University web server; local copy)
Writing policies to cover the area of computer hardware and software standards is always a tricky proposition. Each individual often believes they are a special case, and especially in an academic environment, the notion of enforcing software standards is very foreign and hard to swallow. Fried (1995) has some very wise counsel on the subject, and makes a good case for what he calls "self enforcing standards". See my slide on this from the course I taught on IT Management using his book "Managing Information Technology in Turbulent Times". (This was slide 11 from the session on chapter 2 of the book.)
In December, 2000, I conducted a brief email survey using the the EDUCAUSE CIO list to solicit responses from other CIOs in higher education. Colleen Keller, Information Specialist for EDUCAUSE, requested permission to post a link to the survey on the EDUCAUSE Information Resources page ( http://www.educause.edu/asp/doclib/ and http://www.educause.edu/asp/doclib/subject_docs.asp?Term_ID=375), which I was glad to give. See EDUCAUSE Request to post office software study.
I read many of the policies that are made available online by other colleges and universities, and borrowed ideas from some of them. After most of the policy writing reported here had been completed, I obtained other resource material, which should hopefully prove useful during revision cycles that are still in the future.
|Committee Discussion and Approvals|
|Internet access while traveling|
|PC Theft Control|
|PC support pricing options|
|Computer Account Terminations|
|Scope of computing committees|
|Computers and Networks|
However, while these approaches may lead to policies that are in line with best practice, they do little to address the issues of acceptance and effectiveness and their ongoing usefulness and value. To do this, it is necessary to involve the constituents, those who will be affected by the policies that are put into effect. This is most readily done through the use of discussion groups, the committee process, and presentations in forums such as the Deans' Council, the University Senate, and meetings of the General Faculty.
Note: The links to committee minutes go directly to the relevant item, which will be preceded by the characters [*] in red with a gray shaded background.
The costs for the initial rollout were covered out of Risk Management funds, and were included in the purchase price for new systems. This approach led to very good acceptance of the policy, since the need was clearly demonstrated, and departments suffering this kind of loss had to fund the entire replacement from their own budget.
|29-Jan-1997||Include email address under the definition of Directory Information.|
|15-Apr-1998||Data entry standards and data quality, setting up a Quality Improvement Team.|
|13-May-1998||Report on revisions to Data Entry Standards Manual.|
|03-Aug-1999||Data Quality QIT (Quality Improvement Team set up.|
|05-Oct-1999||Facilitator for Data Quality QIT named.|
We prepared several scenarios as to how we might accomplish this, and presented them in a number of venues. The minutes of February 26, 1997 Administrative Computing Committee give a brief summary of the final proposal, and the reaction to it.
"The Administrative Computing Committee reports to the President. It also serves to advise the University's Chief Information Officer and the President's Cabinet. Its minutes are subject to the scrutiny and review of the Andrews University Senate. This committee meets at the call of the chair at least once per quarter."
In preparation for the November 23, 1998 meeting of the Administrative Computing Committee, I located some sample charter statements as a starting point for creating our own charter document. The ideas presented at the committee seemed to be well accepted by the committee, and one of my staff members and I were charged with preparing a draft for the next meeting.
In the April 4, 2000 meeting of the Administrative Computing Committee, the Charter, Membership, and Attendance appeared on the agenda again. This was prompted by a waning of interest in and attendance at the committee's meetings. It is my suspicion that interest had been high during the implementation of Banner, when stakeholders wanted to be sure their interests were well represented. Once the implementation of Banner was mostly complete, we began to have attendance problems, and this prompted another attempt at redefining the scope of the committee. However, as the April 4 minutes show, interest was hard to muster.
I presented a draft charter document at the February 13, 2001 meeting of the Administrative Computing Committee. In this draft, I proposed a new name for the committee, a Charge or Mission, Role and Responsibilities, and Membership guidelines, each preceded by some other examples. There was little discussion during the meeting, as members were going to read it and bring their ideas to future meetings. However, this continues to be unfinished business.
On April 6, 1999, the committee discussed a new Institutional Data Access Policy governing closure of inactive Banner accounts. This item could also be placed under Section 5. Computer Account Terminations, but the security threat is so significant that I put here under Security. The policy was discussed and revised on May 4, 1999, and was approved after a final review on June 1, 1999.
Then the President's Cabinet voted to implement web filtering incrementally across campus. Web filtering on faculty and staff computers would be optional, and an instruction sheet was handed out that explained how to configure the browser to apply and to remove web filtering. Even though web filtering was voluntary, some of the faculty created an incredible fuss because they thought their academic freedom was being tampered with. This was debated in the General Faculty meetings, and occupied several months of discussion time at the University Senate. However, once the dust settled, most people were pleased to have protection from inadvertently following a link in their research and ending up on porn site.
In the mid-90s, we had 16 28.8Kbps and 32 33.3Kbps modems, and it is true that these were too slow, and there were not enough of them. We debated long and hard the question of whether we should even be in the business of providing general dialup Internet access, or whether we should merely direct people to a local ISP (Internet Service Provider). Eventually, it was argued that since on campus students had 10Mbps network connections in their rooms, off campus students (who pay the same technology fee) should not have to pay extra for their own dialup connections.
So an new bank of 60 56Kbps modems was purchased and installed. This greatly relieved the situation, temporarily. After doing some research, it was discovered that a handful of users were abusing their connect time privileges, so it became necessary to develop some fair use policies for the modems. A policy was developed by the Academic Computing Committee, and on June 6, 2000, the Administrative Computing Committee reviewed and support the the policy.
Created: Sunday, February 20, 2000 05:34 PM
Last Modified: Monday, September 28, 2009 5:34 PM