REG 08.00.08 - IT Governance

About this Regulation

Authority:
Chancellor
Responsible Office:
Chief Information Officer
First Issued:
04-30-2026

1. Purpose

1.1 The University recognizes the central role of Information Technology (IT) in enabling its academic, administrative, and community mission. Accordingly, the University adopts ISO/IEC 38500 as the guiding standard for the governance of IT to ensure its effective, responsible, and strategic use.

1.2 The Executive Steering Committee (ESC) for IT Governance is established as the University’s governing body for IT and is charged with overseeing the use of IT in alignment with institutional purpose, values, and strategic priorities.

2. Committee Authority

2.1 The Executive Steering Committee (ESC) is the University’s designated decision-making body for Information Technology governance. The ESC establishes and prioritizes institutional technology services and service levels in alignment with University strategic priorities.

2.2 Decisions that cannot achieve consensus are escalated to the Chancellor for final determination.

3. Responsibilities

3.1 The Executive Steering Committee (ESC) governs the University’s use of Information Technology (IT) in accordance with ISO/IEC 38500:2024. In fulfilling its governance role, the ESC exercises oversight through the activities of evaluate, direct, and monitor, ensuring that IT supports the University’s purpose, delivers value, manages risk, and meets stakeholder expectations.

3.2 The ESC shall utilize the following principles in carrying out its oversight responsibilities:

3.2.1 Purpose (ISO 38500 §5.2): The ESC shall ensure that the use of IT aligns with and supports the University’s mission, strategic priorities, and institutional values.

3.2.2 Value Generation (ISO 38500 §5.3) The ESC shall ensure that IT investments, services, and digital capabilities generate value for the University and contribute to student success, academic excellence, and administrative effectiveness. The ESC shall promote appropriate investment in IT and ensure that resources are used efficiently and effectively.

3.2.3 Strategy (ISO 38500 §5.4) The ESC shall ensure that IT strategy is aligned with and integrated into the University’s overall strategic plan. The ESC shall consider the impact of emerging technologies and ensure that IT capabilities support current and future institutional needs.

3.2.4 Oversight (ISO 38500 §5.5) The ESC shall oversee the performance of IT services and initiatives to ensure alignment with institutional objectives and expectations. The ESC shall ensure that appropriate policies, standards, and controls are established and followed.

3.2.5 Accountability (ISO 38500 §5.6): The ESC shall ensure that roles, responsibilities, and decision rights for IT governance and management are clearly defined and appropriately assigned. The ESC retains accountability for the effective and acceptable use of IT, regardless of delegation.

3.2.6 Stakeholder Engagement (ISO 38500 §5.7): The ESC shall ensure that stakeholder needs, expectations, and experiences are identified and considered in IT decision-making. The ESC shall promote transparency and effective communication regarding IT priorities and outcomes.

3.2.7 Leadership (ISO 38500 §5.8): The ESC shall promote leadership that supports the effective, ethical, and strategic use of IT across the University. The ESC shall support a culture that enables innovation, adaptability, and successful IT-enabled change.

3.2.8 Data and Decisions (ISO 38500 §5.9): The ESC shall ensure that data is recognized and managed as a strategic institutional asset. The ESC shall promote the use of reliable, secure, and appropriate data to support informed decision-making.

3.2.9 Risk Governance (ISO 38500 §5.10): The ESC shall ensure that IT-related risks are identified, assessed, and managed in alignment with the University’s risk tolerance. The ESC shall promote cybersecurity, data protection, and operational resilience.

3.2.10 Social Responsibility (ISO 38500 §5.11): The ESC shall ensure that the use of IT is ethical, transparent, and aligned with institutional and societal expectations. The ESC shall consider the broader impacts of IT on stakeholders and the community.

3.2.11 Viability and Performance Over Time (ISO 38500 §5.12): The ESC shall ensure that IT capabilities remain sustainable, resilient, and responsive to changing institutional needs over time. The ESC shall support long-term planning, lifecycle management, and continuous improvement of IT services and infrastructure

4. Membership

4.1 Membership in the ESC is based on appointment by the Chancellor. The ESC is convened and chaired by the Assistant Vice Chancellor for Information Technology Services and Chief Information Officer.

4.2 Current members are:

4.2.1 Provost and Executive Vice Chancellor

4.2.2 Vice Chancellor for Enrollment Management

4.2.3 Vice Chancellor for Finance and Administration

4.2.4 Assistant Vice Chancellor for Information Technology Services and Chief Information Officer

4.2.5 Vice Chancellor for Strategic Initiatives and Chief of Staff

5. Member Responsibilities and Governance Expectations

5.1 ESC members shall act in the best interest of the University and support effective, institution-wide governance of Information Technology.

5.2 Members shall:

5.2.1 Prioritize University-wide strategic objectives over unit-level interests.

5.2.2 Represent constituent perspectives while exercising independent, enterprise-level judgment.

5.2.3 Participate actively in collaborative, informed decision-making aligned with institutional priorities and capacity.

5.2.4 Ensure IT decisions reflect applicable external requirements, including UNC System, state, and federal policies.

5.2.5 Promote coordination with the Division of Information Technology (DoIT) and alignment with institutional standards and platforms.

5.2.6 Communicate ESC decisions and priorities within their respective areas to support transparency and shared understanding.

6. Committee Procedures

6.1 The ESC will establish procedures for capturing minutes, communicating decisions, and periodically reviewing and updating the committee charge as needed.

6.2 The ESC meets quarterly and as needed additionally throughout the calendar year.

6.3 The ESC chair is responsible for recording and communicating committee decisions to campus.

6.4 Vice Chancellor for Finance and Administration serves as liaison to the Chancellor.

7.0 Advisory Committees

7.1 In support of the principle of stakeholder engagement, the Executive Steering Committee (ESC) appoints and oversees advisory committees to ensure that stakeholder perspectives are appropriately represented in IT governance. These committees serve in an advisory capacity, providing input and recommendations on policies, priorities, and procedures within their respective areas. The ESC considers and evaluates this input as part of its governance responsibilities.

7.2 Current Advisory Committees include:

7.2.1 Administrative Systems Advisory Committee

7.2.2 Learning Technology Advisory Committee

7.2.3 Data Governance Committee

7.2.4 Research Needs Advisory Committee

7.2.5 Web, Mobile and Social Media Advisory Committee

Additional References: