Policy Management

University of Miami Information Technology Policies incorporate the university’s vision, strategy, and principles related to management and use of IT resources, while supporting academic, research, teaching and learning missions.

The Information Security Office is responsible for the ongoing development and maintenance of IT Security Policies and Procedures. These Policies and Procedures are based on regulatory requirements and best practices.


Principles of Policy Management

The University of Miami IT Policy Management structure and process is guided by the following principles:

  • UMIT policies meets the minimum criteria set forth in  university-wide policies, but may be more restrictive
  • The policy development is transparent and flexible, and includes all necessary input from the appropriate stakeholders
  • UMIT provides a central repository to store and organize signed IT policy and procedure documents 
  • UMIT creates policies and procedures in a way that are effective and easy to follow.
  • The policies generated by UMIT are based on risks, compliance requirements, or best practice needs

Drafting of New Polices Services

Please find below some steps to help facilitate the creation of new policies

  1. Identification of criteria that helps categorize an IT Policy, Standard or Guideline based on triggers like laws and regulations, adjustments due to new technologies, or other operational or compliance needs
  2. Definition of roles and responsibilities according to the department or business unit
  3. Assigning a naming convention to the new policy
  4. Development, dissemination, approval and training for policies and procedures as applicable
  5. Post new approved policies to the UMIT website
  6. Control physical retention of original signed policy documents
  7. Periodic review and analysis of new policies and procedures for continued applicability, effectiveness and compliance

Updates of Existing Policies

A change to an existing policy may be initiated based on periodic review or business need. 

Please find below some steps to help facilitate the update of existing policies:

  1. Identification of criteria that helps categorize an IT Policy, Standard or Guideline based on triggers like laws and regulations, adjustments due to new technologies, or other operational or compliance needs
  2. Definition of roles and responsibilities according to the department or business unit
  3. Development, dissemination, approval and training for policies and procedures as applicable
  4. Post new approved policies to the UMIT website
  5. Control physical retention of original signed policy documents
  6. Periodic review and analysis of existing policies and procedures for continued applicability, effectiveness and compliance

Policies & Procedures can be found here.

Note: The ISO is not responsible for drafting all UMIT policies.