Policy Review Process
The CIO is responsible for facilitating a review of all IT policies on an annual basis or as required, to stay current with applicable laws and/or Board Policies.
The purpose of the review is to determine:
- if the policy is still necessary and accurate
- if the policy should be combined with another policy or if it should be rescinded
- if the policy is up to date with current laws and regulations and Board policies;
- if changes are required to improve the effectiveness or clarity of the policy;
Process for policy review:
- On an annual basis (February-April)s, each policy will be updated by the IT leadership team and all necessary subject matter experts. Each policy will be reviewed for a time period of one week.
- After each policy is reviewed/updated, it will be presenting to the IT governance committee for feedback. Each policy will be reviewed for a time period of two weeks to ensure time for adequate feedback.
- After all feedback is gathered during a three week window, changes will be approved/declined and the policy will be updated and posted on the IT policy page. All changes to the policy will be accepted/tracked in a Word document that will be linked in the policy revision page.
Related pages: