April Dickson & JEB Sheriff (OUHSC)

This session provides a practical walkthrough of how institutions can move from policy drafting to full implementation and ongoing execution. Using examples such as the OU IT Password Policy, we will outline the key steps involved—from identifying the security need and developing policy language, to navigating stakeholder review, approval processes, and governance oversight. The presentation then shifts to operationalizing the policy, including technical enforcement, communication planning, training, and sustained monitoring for compliance and effectiveness. Attendees will leave with actionable strategies for creating policies that not only get approved but also successfully embedded into daily practice across their organizations.