Tuesday, 22 March 2011

IT Policy Primer

IT Acceptable Use, Information Technology Access and Protection (ITAPP), and Allocation of Microcomputers Policies
Policies are seldom a subject that will attract an audience ;-)  but as polices do affect the way IT services are handled at MHC, and will thereby affect your work, I think that drawing attention to three key polices that guide the work of ITS may be useful.
All college policies are housed on our internal SharePoint server. If you have any questions about an IT related policy at MHC, please contact me. I am always happy to discuss how policy may apply to you in your work for the college.
Regards,
Chuck Payne
Director, Information Technology
_ _ _ _ _ _
The IT Acceptable Use Policy (General Administration 5.19) provides broad direction on the provisioning and use of IT related equipment and services at MHC.
This policy is built around a few simple principles, and includes a section of rights and responsibilities for college employees:
Principles
The following principles are the basis of managing the college’s computer resources in an ethical and effective manner.
1. The college will maintain an atmosphere that balances respect for individual computer usage and college computing needs.
2. The college will maintain an environment whereby the college’s computer
resources are considered to be reliable, secure and efficient.
3. All college computer resources shall be used primarily for work-related activities (i.e. educational, academic research, and administration purposes) and as such using the college’s computer resources and access to the Internet for incidental personal purposes shall be minimized.
MHC employees have the right:
1) To be provided with an appropriate level of computer technology (software and hardware) to allow them to perform their jobs.
2) To have the computer technology maintained and repaired in a timely manner.
3) To load work-related software on their MHC provided computer system, as long as the software is proven to be legally licensed, does not pose a reliability or security risk, and is related to their work at MHC.
MHC has the right:
1) To deny use of MHC computer equipment or related services based on the contents of this policy, or if the college executive regards the use to be inappropriate or to pose risk to the college.
2) To monitor use of MHC computer equipment and related infrastructure based on Guideline 4,
And Guideline 4 is “Any data stored or transmitted using MHC technology may be monitored by the college. Such data will not be accessed by the college without cause and due process.”
_ _ _ _ _ _ _ _ _ _  
The new Information Technology Access and Protection Policy (General Administration 5.39) deals largely with how we allocate the use of shared IT resources, such as college bandwidth and network resources.
Employee and student access to information through computer systems and networks is required for the college to perform its role. This policy provides guidance in balancing the need for access with the need for security and the cost involved in providing access.”
This policy was written largely in response to questions and concerns brought to GAC in 2009, regarding access to Internet resources. To that end the policy provides guidance on the allocation of bandwidth and on the issue of URL content filtering:
“URL filtering is applied only for security reasons in order to reduce access to sites that have a high security risk. URL filtering based exclusively on content (censorship) will not occur except within the boundaries of policy 5.13 “Internet Policy Compliance” regarding the access of discriminatory or sexually obscene materials.
Access to college filtered Internet content will be opened upon requests made through the IT Support Centre as bandwidth and security management systems in place at the college will allow, unless the content violates policy 5.13, is an indentified source of malware, or if access violates an indentified law or regulation.”
The policy also provides a process for employees, who require exceptional or unusual access to technology, to bring forth requests and have them vetted by the college. An ITAPP committee was established to create this policy, and essentially the same broadly representative group comprises the ongoing ITAPP committee, who is charged with reviewing requests submitted by employees or groups. The ITAPP Committee can assess requests relating to:
- Filtered content;
All requests related to allowing filtered Internet content for individual or wider use that have been rejected after a request to the IT Support Centre;
- Significant and extraordinary IT infrastructure resource consumption
Including requests relating to large bandwidth or other extraordinary IT resource needs;
-  Request for computer systems and equipment that fall under the Exceptions section of the “Computer Allocation” policy.
_ _ _ _ _ _ _ _ _ _ _
The Allocation of Microcomputers Policy (General Administration 5.40) provides guidance as to what computer technology employees are provided with for their work at the college. 
An important stipulation of this policy is that   all college owned computer systems will be purchased through the Information Technology Services Department; no other computer systems will be supported by the college.” So, please consult with ITS, and purchase through ITS, to ensure equipment is compatible with college infrastructure and can be supported by MHC.
This policy clearly indicates that the type of computer the college provides for faculty and staff will be determined based on a demonstrated instructional or business process need, stating “Software requirements and demonstrated need will determine the type of computer made available for use by college employees. Home use or personal computing preference cannot be a deciding factor in the allocation of a computer system; rather the environment needed to do work at the college will determine which system is used.”
Knowing that no policy can cover all circumstances, there is an “Exceptions” section in this policy, providing a process for employees to seek approval for computer systems and configurations that do not clearly fall with the detail of the policy.