Responsible Office: Vice Chancellor for Information Technology/CIO	Last Review: 01/10/2023 Next Review: 01/10/2025
Contact: Dan Harder	Phone: 901.448.2500 Email: dharder@uthsc.edu

Purpose

To define how IT Standards and Practices are developed, approved, implemented, and maintained.

Scope

All UTHSC IT Standards and Practices.

Definitions

Practice – supporting documentation with a more detailed explanation on how a Standard should be executed.

Standard – supporting documentation at the campus level for a UT-system policy.

Responsibilities

The UTHSC Office of the Vice Chancellor for Information Technology/CIO (CIO) has the responsibility for developing UTHSC Information Technology Standards, Practices, Procedures, and Guidance specific to UTHSC campuses, colleges, or institutes conformant with UT-wide IT Policies and Standards to accompany and supplement individual information technology Standards and Practices.

The UTHSC Office of Cybersecurity and the Chief Information Security Officer (CISO) has the responsibility for developing Standards, Practices, Procedures and Guidance specific to security related topics conformant with UT-wide Security Policies and Standards.

Practice

1. Standard and Practice development and approval
   1. Any UT faculty, staff member or student may propose a topic or content for a UTHSC IT Standard or Practice. Such proposals should be directed to the Office of the CIO. Security specific proposals should be directed to the Office of Cybersecurity or the Chief Information Security Officer (CISO).
   2. The CIO or CISO decides which proposals are appropriate for consideration and directs the Governance, Risk, and Compliance (GRC) team to develop the document(s).
   3. The GRC team prepares a draft of the proposal Standard or Practice and submits it to the CIO or CISO who may seek input from the Office of General Counsel, the Office of Institutional Compliance, UTHSC administration and others as appropriate.
   4. The CIO or CISO approves the Standard/Practice for implementation
2. Standard and Practice implementation
   1. Standards and Practices are published on the UT policy website.
   2. Information about standards and practices may also be communicated via announcements, memoranda, and training.
3. Standard and Practice maintenance
   1. Revisions to Standards and Practices follow the same process for approval as new Standards or Practices.
   2. Standards and Practices are reviewed as appropriate or as required by law.

References

1. ITS-GP-001-Standard on UTHSC Information Technology Standards and Practices