Shawn Kim
Director of GRC,
Stanford University
Three Universities, Three Approaches to Reach the Same Goal: Building a Unified IT Policy Framework
Thursday, April 30, 2026 | 2:15PM–3:00PM PT | Pacific Ballroom A, Second Floor
Session Type:
Breakout Session
Delivery Format:
Presentation/Panel
This session explores proven strategies from different universities and presents a practical, scalable model for building a unified, risk-based IT policy framework that simplifies compliance while enabling academic innovation. Participants will learn strategies for drafting and establishing a tiered policy architecture (policies, standards, and procedures); define data classifications; and map overlapping regulations into a single NIST-aligned control framework. The presenters will share lessons learned and guide how best to engage stakeholders in the feedback process to identify any potential barriers, build buy-in, and ensure full policy implementation and compliance.
