Policy Development Process
Information Security (InfoSec) policies help further the University’s strategic mission, inform and educate the community about best practices, promote university-wide cyber security awareness, and reduce institutional risk. Policies also help to ensure consistency across the institution and compliance with applicable regulations, laws and other University policies.
A complete policy development process articulates the protocols for creating new policies (including a defined practice for consultation, dissemination, approval), and provisions for monitoring/compliance, and periodic review/refresh of existing policies. The following outlines the development phases for new policies from initiation through approval. Policy compliance/monitoring, and periodic review/refresh are outside the scope of this document.