Responsible Office: Vice Chancellor for Information Technology/CIO	Last Review: 03/01/2025 Next Review: 03/01/2027
Contact: Dan Harder	Phone: 901.448.2500 Email: dharder@uthsc.edu

Purpose

To define how IT Standards and Practices are developed, approved, implemented, and maintained.

Scope

All University of Tennessee Health Science Center (UTSHC) IT Standards and Practices.

Definitions

Practice – supporting documentation with a more detailed explanation of how a Standard should be executed.

Standard – supporting documentation at the campus level for a UT-system policy.

Responsibilities

The Executive Leadership of ITS has the responsibility for developing UTHSC Information Technology Standards, Practices, Procedures, and Guidance specific to UTHSC campuses, colleges, or institutes conformant with UT-wide IT Policies and Standards to accompany and supplement individual information technology Standards and Practices.

The UTHSC Office of Cybersecurity and the Chief Information Security Officer (CISO) has the responsibility for developing Standards, Practices, Procedures, and Guidance specific to security-related topics conformant with UT-wide Security Policies and Standards.

Practice

1. Standard and Practice development and approval
   1. Any UT faculty, staff, or student may propose a topic or content for a UTHSC IT Standard or Practice. Such proposals should be directed to the Executive Leadership of ITS. Security-specific proposals should be directed to the Office of Cybersecurity or the Chief Information Security Officer (CISO).
   2. The Executive Leadership decides which proposals are appropriate for consideration and directs the Governance, Risk, and Compliance (GRC) team to develop the document(s).
   3. The GRC team prepares a draft of the proposal Standard or Practice and submits it to the Executive Leadership who may seek input from the Office of General Counsel, the Office of Institutional Compliance, UTHSC administration, and others as appropriate.
   4. The Executive Leadership approves the Standard/Practice for implementation.
2. Standard and Practice implementation
   1. Standards and Practices are published on the UT policy website.
   2. Information about standards and practices may also be communicated via announcements, memoranda, and training.
3. Standard and Practice maintenance
   1. Revisions to Standards and Practices follow the same process for approval as new Standards or Practices.
   2. Standards and Practices are reviewed as appropriate or as required by law.

Policy History

Version #	Effective Date
1	03/18/2016
2	03/16/2018
3	04/17/2022
4	01/10/2023
5	03/01/2025 – new naming convention

References

1. IT0001-General Statement on Information Technology Policy
2. IT0001-HSC-A-Standard on UTHSC Information Technology Standards and Practices