O4.3.3

=Institutional policies define how digital information is retained and accessed.=

Evidence
Digital information management and computer security is currently an important domain for any institution. Almost anything done on a computer carries a security risk or component, and there is no such thing as perfect security (Rosenblatt, 2008). A policy is needed informing all users of what they need to do to ensure system security. But beyond having a policy metrics must also be created and collected so that monitoring can occur. Furthermore, policies will only be effective if endorsed by the highest level of administration possible.

Katz (2008) suggests that in order to avoid consumerization and the industrialization of IT from undermining institutions the institutions need to take the opportunity to consider new ways of increasing access while remaining personal and affordable. IT will become increasingly strategic to the institution, and effective key leadership is needed. A ‘fabric of rules’ (p. 33) will shape how access to the institution’s information, tools, services, and other resources is mediated. Policies are needed to establish the openness (or otherwise) of research processes, course content, publications, software, instruments and information resources.

Evidence
Rosenblatt (2008) describes how to ensure metrics are measuring compliance with policy, monitoring networks and machines, outreach and education, legal compliance, ID authorization and authentication, asset protection and privacy.

Interoperability standards and also resource discovery standards are discussed by Marshall (2004a). Interoperability standards are important so that different systems can talk to each other and share data, e.g. student information. And resource discovery standards are important so that items can be stored and reused.