Standards for Voice and Data Services at Cornell, July 2006

Over the past years there has been dynamic growth in and dependence on information technologies in higher education, and no one doubts that IT services have offered wonderful benefits to the Cornell community. These dependencies have also created new legal and reputation risks as well as operational and institutional policy challenges. Evolving Federal and State regulations for IT security combined with University liability associated with privacy legislation and data breach notification laws highlight these concerns. It is incumbent on the University to preserve and protect its resources appropriately.

A recent audit of wireless networking at Cornell points to a particular concern: the absence of a centralized, coordinating responsibility for the liabilities associated with unregulated wireless access and associated access wireless provides to core systems. The audit report specifically states.

... The lack of a strong internal control environment plus inadequate oversight, have resulted in the proliferation of wireless networks with inadequate security provisions...

To address this absence, the report strongly recommends that:

... The responsibility for overseeing the deployment of wireless technologies at an institutional level be officially assigned...

In response to this concern, and as wireless is but one of several like concerns for Cornell's telephony, wired network and digitized institutional data, the Executive Vice President has identified Cornell Information Technologies as the central office with the responsibility to establish and monitor minimum institution-wide operational standards for these services. These standards may include but are not limited to: media installation, wired and wireless hardware configuration, desktop and server data protection standards, and general system security and monitoring requirements. CIT will move forward with this responsibility by consulting campus committees inclusive of FABIT, ITMC, and others, to review such operational standards and submit them to the Office of the Vice President for Information Technologies for approval. To the degree that operational standards present institutional policy principles, this committee will partner with the IT Policy Office, via the Office of the Vice President for IT, to work them through the University Policy Office.

To assure broad participation by interested parties, I am asking for everyone's cooperation in this effort as we, the Cornell Community, address necessary networking and business needs of the University together.

Cornell University is an equal opportunity, affirmative action educator and employer.