From Keel to Masthead: A Holistic Approach to Overhauling University IT Governance Documents

Wednesday, April 11 | 11:00AM–12:00PM ET | Maryland Ballroom F, Fifth Floor
Session Type: Breakout Session
Delivery Format: Interactive Presentation
This presentation will chart the holistic approach taken to rearchitect a labyrinthine set of information security policies, standards, procedures, and guidance documents to reflect changes in technology, business, and academic processes, as well as laws and regulations. Key components to achieving success included abandoning an initial document-focused approach; dissecting the project into discrete tasks with specific deadlines; soliciting and incorporating stakeholder feedback at every step; and using biweekly stand-up meetings to keep the project on track and on time, ultimately reducing 26 policies to 4 and over 70 standards and procedures to 30.

Outcomes: Explore the concrete project management steps used that enabled successful revision of IT policies, standards, and procedures * Get strategies to overcome malaise and avoidance regarding necessary updates to policies, standards, or procedures at your institution * Appreciate the necessity of communication from the start with leadership and a broad set of stakeholders about the project to create buy-in for the time and effort required of all


  • Cory Brant

    Information Policy & Compliance Jr. Analyst, University of Virginia
  • Brian Davis

    Director, Information Security, University of Virginia
  • Margaret Gokturk

    Director of IT Compliance, Information Security Policy & Compliance, University of Virginia
  • Patricia Simpson

    Sr Project Manager, Process Improvement Specialist, Virginia Tech
  • Tim Tolson

    Director of IT Policy and Outreach, University of Virginia

Resources & Downloads

  • EDUCAUSE Presentation Overhauling University IT Governance Documents 2018April Final

    1 MB, pdf - Updated on 10/25/2018