Policy Review Process

Owned by Chad Miller
Last updated: Feb 13, 2023
1 min read

The CIO is responsible for facilitating a review of all IT policies on an annual basis or as required, to stay current with applicable laws and/or Board Policies.

The purpose of the review is to determine:

  1. if the policy is still necessary and accurate
  2. if the policy should be combined with another policy or if it should be rescinded
  3. if the policy is up to date with current laws and regulations and Board policies;
  4. if changes are required to improve the effectiveness or clarity of the policy;

Process for policy review:

  1. On an annual basis (February-April)s, each policy will be updated by the IT leadership team and all necessary subject matter experts. Each policy will be reviewed for a time period of one week. 
  2. After each policy is reviewed/updated, it will be presenting to the IT governance committee for feedback. Each policy will be reviewed for a time period of two weeks to ensure time for adequate feedback.
  3. After all feedback is gathered during a three week window, changes will be approved/declined and the policy will be updated and posted on the IT policy page. All changes to the policy will be accepted/tracked in a Word document that will be linked in the policy revision page.

Related pages:

  1. Policy Revision History