Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Process for the Creation, Review, and Enactment of Network Policies

IT Roundtable presentation of current version on Monday September 10, 2001 by Mark Wehrle. Presented to NPC by Mark Wehrle on Wednesday May 16, 2001. Original draft presented to IT Steering by Deke Kassabian on Monday March 29, 1999 and to the NPC on August 9, 1999 and edited by Deke Kassabian on August 19, 1999 to reflect changes suggested by the NPC.


Each policy should go through a number of steps before it can be presented formally to the NPC and then to other committees on campus. The following process lists what is required to get a policy discussion started, and if/where a proposed policy's status is at each step along the way to approval. Anyone is invited to participate in authoring a policy, however the proposed policy will be put into a queue and given the appropriate priority setting by the NPC if any members are required to be a primary author. The NPC authorizes status of each policy.

Step 1: Identification

Any member of the University community may identify an issue for which policy discussion may be warranted. While we expect that this most often will be a provider of service within a School or Center or within ISC, we see no reason why the identification step couldn't happen from within the user community.

  1. Compose a summary and purpose of the proposed policy and email this summary to the NPC at network-policy@isc.upenn.edu . Include the policy author(s) and if any assistance is required by NPC members.
  2. The NPC will review the proposal for feasibility. Review may involve further explanation via email, or possibly the requester's attendance at the next NPC meeting.
  3. The NPC will decide if proposal gets on the next successive meeting's agenda.
  4. Proposal will either be granted or denied at the next successive NPC meeting or 30 days after submission to the NPC.
  5. If the policy is feasible NPC will set the appropriate priority level and schedule this new policy into the draft queue.

Step 2: Draft Policy

Once a policy issue is identified, a draft policy should be generated. The person who originally identified the need could write a policy draft or could invite participation from other interested parties. These draft policy sponsors are responsible for writing up a thorough treatment of the issue and a proposed policy for review by the Network Policy Committee. Note that blank policy templates can be found at:

http://www.net.isc.upenn.edu/policy/template.txt.

The policy status now becomes proposed, and is posted up on the NPC web site as Scheduled for Review by the NPC.

Step 3: Discussion at NPC meeting

The proposed policy is presented for review to the NPC at which time a more detailed presentation and discussion of the policy will take place. The policy may pass on unchanged to the next step, it may continue with modifications, or it may be thrown out if it is considered not worthy of further consideration. If the policy continues with modifications, then it will be on the NPC meeting agenda until it goes to the next step or it gets thrown out.

The policy is posted up on the NPC website as a Draft Policy. The status remains proposed until such time that the NPC approves to the next step.

Step 4: Review Period

Those draft policies that make it to this step would be published on the web as a draft policy for public review for a period of 30 days. Announcements would be made to distribution lists most directly impacted by the policy topic (e.g., SUG, MacNet, PCNet). Any member of the University would be able to comment on the proposal during the review period. Policy comments can be reviewed in their entirety at http://www.net.isc.upenn.edu/policy/archive-list.html

The NPC and the draft sponsors would be responsible for taking this input forward to the next step, or taking this back to the previous step.

During the review period, the following tasks should take place:

  1. The policy author and/or interested parties should agree on whom should answer the email comments.
  2. All feedback via email should be answered within 3 business days.
  3. All comments and feedback are reviewed in detail at the following NPC Meeting.
  4. The NPC will decide if the feedback results in a significant change to the policy and if the policy should be reworked, posted for another 30 day review, moved onto the next step, or thrown out.

The policy status now becomes under review, and is posted up on the NPC website as being in a 30 Day Review Period.

Step 5: Final Policy Draft

At the end of the review period, the NPC decides whether to take the proposal forward to a final form or to throw it out. If the policy is to be taken forward, specific changes may be agreed upon by the NPC and before allowing the policy to move to the final stage.

The policy status remains under review, and is posted up on the NPC website as being a Draft Policy until such time that it can be presented to IT Roundtable.

Step 6: Policy Approval

The policy is recommended for approval by the NPC and enactment and is presented to IT Roundtable. IT Roundtable either recommends the policy be forwarded to the Vice Provost for ISC and/or the Provost, or it rejects the policy. Once the policy is approved at this level, it gets an official policy number and date and is published in final form on the web and perhaps the Almanac.

The policy status now becomes approved and is posted up on the NPC website as being an Approved and Enacted Policy.

If the policy is not approved, then it can be returned to any step of this process or it may be thrown out entirely.

Conclusion

This process can be viewed as a cycle, as any policy may be revisited and returned to step 1 as needed. Policies that are thrown out or obsolete will be archived at the NPC web site and given the status of rejected or obsolete. Existing policies that are brought back into the process will be given the appropriate status as listed above in each step.

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania