Policy Matters

Administered by the Blog Committee, Policy Matters posts are written by members on a variety of topics. From think pieces to how-to's, editorials to news round-ups, there is something for every policy administrator. Interested in contributing a post? Let us know by emailing admin@acupa.org.

Top tags: policy policy development Policy Administration Jessica Teets policy process collaboration Deborah Bartlett pandemic accessibility COVID-19 Jennifer Gallagher Gina Kennedy writing ACUPA data equity IT Productivity remote work How-to Lisa Biagas news resources Sara Gigeroff students AI change compliance culture free speech

Tracking and Managing Legislative Mandates that Affect Institutional Policy

Posted By Cara O'Sullivan, Utah Valley University, Tuesday, March 18, 2025
Updated: Friday, March 14, 2025

In recent years, state legislatures have increased their scrutiny of higher education, resulting in substantial legislation that impacts institutional policy. Depending on the length of the legislative session in your state and the deadlines legislators set for laws and required policies to go into effect, this can inflict quite a time crunch on staff in the Office of General Counsel and policy offices. (In Utah, the legislative session lasts 45 days, from January through early March.) In this article, I will discuss the process we set up at Utah Valley University (UVU) to track legislation that would affect policy, to organize policy revisions, and to assign appropriate changes to policy owners and attorneys who have the applicable subject matter expertise. I will also discuss a policy process we implemented four years ago called the compliance policy process, which is reserved for policy actions required by changes to state and federal law.

Policy Development Process

In Utah, the Utah System of Higher Education’s (USHE) General Counsel conducts a monthly meeting with policy office managers across our system and a separate meeting with attorneys across the USHE system. In these meetings, USHE General Counsel shares any upcoming changes to federal regulations and state code that could impact USHE and institutional policy. During the legislative season, USHE maintains a list of bills going through the state legislature and flags whether they are significant to higher ed or related to campus law enforcement and notes who the stakeholders throughout the system are.

Throughout the legislative season, our General Counsel works proactively with their counterparts across the USHE system to help institution leadership provide input into bills that will impact our institutions. In turn, our General Counsel keeps the Policy Office updated on bills making their way through the legislative process.

UVU’s General Counsel and the Policy Office then determine which bills apply to areas of our institution and which may require us to create new policies or revise existing ones. We then map the legislation to the applicable university policy and the attorney with appropriate subject matter expertise. We contact the policy owners to alert them to the upcoming policy action because they will need to approve any revisions and note the date by which policies must go into effect.

Our policy office has two full time editors and an editorial intern, who split responsibility for editing the necessary policy changes. Through our project tracking system, we document the progress of policy drafts in the review process and ensure Policy Office editors, policy owners, and assigned attorneys have all reviewed and approved the policy drafts.

We then submit the drafts through our compliance policy process to President’s Council and the Board of Trustees.

Compliance Change

Before we developed the compliance change policy process, we relied on our temporary emergency process to implement policies by the dates set by new laws. Per our Policy 101 Policy Governing Policies, we were obligated to submit the temporary emergency policy through the regular policy process and obtain university community commentary. Four years ago, when revising Policy 101, we determined that we needed a policy process to accommodate policy actions mandated by changes to state and federal law that often have tight compliance deadlines. We also reasoned that these mandated policy actions were not subject to the full notice and comment stages because we are required to comply with federal and state legislation.

In the compliance change process, the policy draft goes to President’s Council for approval and goes into effect upon that approval. The Board of Trustees may later ratify or disapprove the policy.

Even though the university community does not have a formal commentary period in this particular process, the UVU Policy Office is still tasked with making policy decisions transparent. So, with each compliance change, we work with the Office of General Counsel and the policy owners to craft an executive summary that explains the legal requirements for a compliance change. We provide this document on our news blog. This assures the university community that university leadership has adhered to our shared governance model and formal policy process.

When first implemented, our compliance change process applied only to limited scope revisions to passages of existing policy or deletions of a policy. But as legislation mandating deep changes to higher education began sweeping across the country, we realized we had to expand the compliance change process to the creation of new policies.

Getting Ahead of the Game

Proactively monitoring legislation and planning for policy changes mandated by legislation helps us avoid a huge rush that can occur at the end of a legislative session—especially when deadlines to place policies into effect can be very tight. This process helps us identify appropriate policy owners and attorneys and adjust workloads as best as possible. In the current environment in which higher education leaders and policy managers find themselves, staying organized and planning proactively can help us better deal with the changes sweeping across our industry.

Tags: Cara O'Sullivan federal government legislation mandates policy changes policy process proactive state government

Share |

Permalink

Where have all the policies gone?

Posted By Gina Kennedy, NOSM University, Monday, March 13, 2023

An Untapped Potential

In the past few years, crisis, cultural shifts, and financial woes have led to a rise of complexity in maintaining our policy systems within our institutions. Meeting all the regulations can be challenging, as they are constantly changing. In addition, institutions are feeling the pressure from regulators, internal staff and faculty, and the community at large to maintain the regulations. Challenges faced yesterday are not the challenges we will face tomorrow or next year. Do you have the confidence that your policies could stand up to regulatory scrutiny? Does this mean that we need to become even more resilient and inventive – is there any untapped potential out there?

As policy leaders we have learned that we need systems and processes to get things done. But is that enough? Even the most skilled person today is challenged with the immense workload of continuous changes and updates required for policy management. Even the way we distribute, collect, account for and present changes has undergone enormous change. It is not just a check list and process – we need to manage risk, ensure data security and privacy while balancing access and inclusiveness and external influences – it all seems daunting, and to top it all off, failing to comply with the ever-evolving regulations can lead to costly fines and lawsuits.

We are looking virtually everywhere for indicators of change, racing with time to have key policies, procedures and training completed to be compliant. Today, no one is standing waiting for the next change to come down the hall, which makes it even more important that we work with synergy across the institution.

We must support and arm ourselves with the tools, processes and technology that facilitate clear communication. We need to define the review and reflection process of our policies, cultivate open discussion and dialogue all while engaging with other departments and units about the need for change, seek an understanding of the barriers for everyone and then provide the necessary follow up to make the needed changes for lasting growth and compliance.

In September, I wrote “Don’t wait for a crisis to create an efficient policy management system.” That ‘safety net’ is one great way to engage a team to ensure compliance, a tool that builds structure – whether you are a small scale operation or a larger scaled institution, a system and a plan is critical. A plan gives both leaders and others a path forward and provides the principles needed to navigate change. In December 2022, Michele Gross (University of Minnesota) wrote “The First Element: Meeting at the Intersection of Policy and Compliance” - outlining the first of seven elements of a compliance program and the importance of the system to frame our compliance at our institutions. For those who may not be aware, the seven elements of a legally effective compliance program are:

Policies & Procedures
Chief Compliance Officer/Compliance Committee
Education & Training
Reporting
Monitoring & Auditing
Enforcement
Responding To Issues

GRC 20/20 Research, LLC wrote “A Tsunami of Change Overwhelms Compliance,” which states that some institutions have broken processes and insufficient resources to manage compliance. I know that there is not one size fits all -- there can’t be. This is why we must continue to evolve – we should rearrange our priorities when we have too much of anything as Sara Gigeroff (University of New Brunswick) wrote in her blog What’s In Your Closet? (Feb 2023). More importantly she states that communicating, setting boundaries, purging, and revaluating are all key elements in managing our policy framework…and our closets!

There's no time like the present to simplify. Legacy systems are expensive and difficult to use. Manual processing is far too time-consuming and in a hybrid environment its not effective. I say m ake retention simple for users and administrators, so they don’t have to interact with files in a separate, siloed repository or go through cumbersome, manual processes. We must invest in this process for it to be effective. Who can remember five-sheet carbon paper? Now that was cumbersome! We have evolved since carbon paper, but some institutions are still stuck in the dark ages when it comes to making a compliance program a priority.

Who is your untapped potential – identify them and get them on board. This process, more than ever, needs support and buy-in from our leadership and other stakeholders across the institution to be successful (more hands make less work). Beware of analysis paralysis – encourage administrators to work with broad strokes. Show them how proactively setting the boundaries for document lifecycle management, rules for sharing and record management classifications can make work simpler, more consistent and save money. If it was possible to make policies ‘fun’ I would say do that too!

Other areas that untap that potential are field experts like our colleagues at ACUPA . They are an excellent way to leverage all our tools – garner support and encourage others to join in the conversations and become members.

It only takes one incident, one mistake, one error to mark an institution’s reputation and erode trust. In my opinion, our untapped potential may simply be harnessing the power of workplace collaboration and an ability to accelerate the processes to protect our most valuable information.