D7.3.8

=Institutional policies define how digital information is retained and accessed. =

Evidence
Digital information management and computer security is currently an important domain for any institution. Almost anything done on a computer carries a security risk or component, and there is no such thing as perfect security (Rosenblatt, 2008). A policy is needed informing all users of what they need to do to ensure system security. But beyond having a policy metrics must also be created and collected so that monitoring can occur. Furthermore, policies will only be effective if endorsed by the highest level of administration possible.

Katz (2008) suggests that in order to avoid consumerization and the industrialization of IT from undermining institutions the institutions need to take the opportunity to consider new ways of increasing access while remaining personal and affordable. IT will become increasingly strategic to the institution, and effective key leadership is needed. A ‘fabric of rules’ (p. 33) will shape how access to the institution’s information, tools, services, and other resources is mediated. Policies are needed to establish the openness (or otherwise) of research processes, course content, publications, software, instruments and information resources.

Resources
Rosenblatt (2008) describes how to ensure metrics are measuring compliance with policy, monitoring networks and machines, outreach and education, legal compliance, ID authorization and authentication, asset protection and privacy.