Policy on Information and Communication Technology (ICT) Decisions


This policy is intended to assist campus units in making information and communication decisions, to reduce both direct and indirect expenses, to better assess aggregate campus demand for technologies, to ensure access to and effective integration of technology on campus, to reduce risk, and to minimize the potential impact of adverse or unintended consequences to the University or its affiliated units and auxiliaries.


Acquisition, acceptance or development of Information and Communication Technology (ICT) products or services that materially affect Cal Poly's users, assets, operations, or business continuity, or its ability to comply with existing policies, laws and related regulatory, legal or administrative practices, must conform to established campus standards, guidelines, and practices for making technology decisions.

The standards and practices created to implement this policy shall establish the criteria for reviewing and making decisions, provide guidelines for required or recommended reviews and their conduct, and define the roles and responsibilities of those involved in the review process. The criteria shall consider potential impact and risk to the university; accessibility, security, policy and regulatory compliancy issues; operational and support issues; and integration with established University priorities, infrastructure, services, systems and standards.

This policy shall apply to all technology decisions that meet the campus criteria for review, regardless of who initiates the request or the funding source. Any ICT product or service may be subject to review based on substantive changes (e.g., technical, functional, operational) or its potential impact on users and/or the University.


The Vice President for Information Technology Services/Chief Information Officer (VP/CIO) is responsible for application and enforcement of this policy.

The VP/CIO or designee, in consultation with university procurement or other affected parties, is responsible for developing standards, guidelines and practices for implementing the policy.

The official version of this policy will be maintained in the Information Services section of the Campus Administrative Policies (CAP).  Recommended changes shall be reviewed by the campus and approved by the President through the CAP process.


Effective Date Actions Taken
December 2018 Revised owner of Compliance and Oversight from Provost Office to VP ITS/CIO. Revised to reflect evolution of change from “Equipment and Information Technology (E&IT)” to “Information and Communication Technology (ICT)”.
July 2015 Revised to encompass all technology decisions, not just software, based on policies and practices established since initial release. Submitted for CAP review and approval. Related standards and practices are currently being revised.
March 22, 2007 Posted online. Linked from IT policies, procurement, and other websites. Accompanied by related standards, guidelines, and practices.
March 2007 Approved by President Warren J. Baker
January 16, 2007 Reviewed and endorsed by Information Resources Management Policy and Planning Committee
2003-04 to 2006-07 Reviewed by campus computing advisory groups representing student, faculty and administrative users


Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000


Did you know?

Stay Safe Online Tips