The University System of Georgia (USG) comprises thirty-one institutions of higher learning, a marine research institute, and a system central office. These institutions represent the rich diversity of a state system spanning the spectrum of educational and research offerings. This handbook respects the value of the diversity of institutions while providing guidance with regards to information technology (IT) operations within the USG.
Information, in all forms, is a strategic asset to an institution and to the USG as a system. Under Board of Regents’ policy, it is the responsibility of the Vice Chancellor and Chief Information Officer (VC/CIO) to establish “the procedures and guidelines under which the acquisition, development, planning, design, construction/renovation, management, and operation of USG technology facilities and systems shall be accomplished.” Part of this responsibility is to prepare a handbook of Information Technology (IT) standards and best practices to be followed by each USG institution.
The hierarchy of USG IT policies and procedures is as follows:
- BoR Policy Manual is the top-level set of Board-approved policies from which all lower-level USG documents flow. Section 11.0, Information Technology, covers all aspects USG information technology including general policy, IT project authorization, and information security.
- USG IT Handbook contains the IT requirements and recommendations that establish acceptable IT practices for all USG institutions and organizations.
- Institution/Organization Policies and Procedures establish the detailed practices and tools used by each USG institution or organization to meet the standards set forth in the BoR IT Handbook.
- Program/Project Policies and Procedures establish the detailed practices and tools used within each program/project to implement the standards and best practices set forth in the BoR IT Handbook and/or the institution/organization policies and procedures.
This BoR IT Handbook serves several purposes. Primarily, it sets forth the essential procedural components that each USG institution must follow to meet both Board of Regents policy mandates, the statutory or regulatory requirements of the state of Georgia and the federal government, and best IT practices. Secondly, it is designed also to provide new IT professionals within the USG the necessary information and tools to perform effectively. Finally, it serves as a useful reference document for seasoned professionals at USG colleges and universities who need to remain current with changes in Board of Regents policy and federal and state law.
As a web-based document, the Handbook provides direct links to reference information – Board of Regents policies, Georgia statutes, and other federal and state resources – to assist the reader to identify the underlying source of some procedures and to provide broader understanding of the basis for others.
Thus, the Handbook, while focusing on USG procedures, also offers ready access to important policies, statutes, and regulations that will aid the IT officer in his/her daily performance of duties.
The following definitions of shall, will, must, may, may not, and should are used throughout this Handbook.
- Shall, Will, and Must indicate a legal, regulatory, standard, or policy requirement. Shall and Will are used for persons and organizations, and Must for inanimate objects.
- May indicates an option.
- May Not indicates a prohibition.
- Should indicates a recommendation that, in the absence of an alternative providing equal or better protection from risk, is an acceptable approach to achieve a requirement. The focus of “should” statements generally is more outcome-based; i.e., an alternate method to achieve the requirement may be developed assuming it is documented as effectively managing risk.
Table of Contents
Section 1.0: Information Technology (IT) Governance
Section 2.0: Project and Service Administration
Section 3.0: IT Management
Section 4.0: Financial and Human Resource Management
Section 5.0: Information Security
Section 6.0: Risk Management
Section 7.0: Facilities
Section 8.0: Bring Your Own Device (BYOD) Standard