View Bill 21-22-19

Senate Bill 21-22-19

Bill ID: 21-22-19
Name: Proposal to Request Review of IT Governance and Opportunities for Constituency-Based Feedback into IT Policies & Standards
Proposed: 09/17/2021
Sponsor: Karen Lips, Professor, Faculty Senator
Proposal: Currently, the University of Maryland Policy on Acceptable Use of Information Technology Resources (X-1.00(A)) provides substantial latitude to the Vice President and Chief Information Officer to enact and enforce standards related to information technology resources. The Information Technology Council (IT Council) advises and reports on policy issues concerning the Division of IT to the University Senate and the Vice President for Information Technology and CIO. Given that the IT council has not reported regularly on its activities to the Senate, and does not appear to be consulted or informed on all policy decisions made by OIT, it is unknown whether the IT council plays an effective role in IT governance on campus, particularly by assessing the impact of IT standards on campus units, gathering information from all stakeholders, etc. Generally, there is little transparency about the way in which IT standards are developed, adopted, and enforced. Given the increased involvement of IT technologies in all aspects of academic and personal life, inadequate oversight of IT decision making undermines the principles of shared governance and can have significant negative impacts on academic freedom and personal privacy.

The IT council should report to the senate about their activities on a regular basis (e.g., semi-annually). In addition, any reports or recommendations made by the IT council as part of their activities should be made public to the University community. The Senate should institute a review of the current Policy on Acceptable Use of Information Technology Resources, how it is being used, and consider whether changes are warranted in the governance of IT resources, e.g., by empowering the IT council to have a stronger role in IT governance.

The Senate should task the IT council, to prepare as soon as possible, a report to the senate detailing the process now used to review new IT standards and directives, and the steps taken to evaluate the impact of IT standards on students, faculty, and staff, as well as on teaching and research units. The report should detail, in particular, the process currently used to enact the new campus privacy policy. The IT Council may consult with other Senate Committees as needed in formulating recommended solutions to any problems identified.

The current email standard was issued by the VP/CIO on 10/01/2019. A subsequent review of the IT Council identified deficiencies with the original standard and recommended changes in November 2020. The conclusions of the IT council review and the council's recommendations were not made public. Changes to the published email standard were not made by the division of IT until September 2021 (https://umd.service-now.com/itsupport?id=kb_article_view&article=KB0015077). The fact that the email standard was modified has not yet been communicated to the campus community, highlighting the lack of transparency in the implementation of IT policies.
Active?Yes

Status

Status: Under Review
Under Review By: Senate Executive Committee (SEC)
Received: 10/11/2021
Decision Date: 10/18/2021
Related Files: