Policy on Policies
| Policy Category | Issuing Authority | Responsibility | Publication Date | Next Review Date |
|---|---|---|---|---|
| Administrative | President | Enterprise Risk Management | 11/26/2025 | 11/26/2028 |
Policy Statement/Background:
Stony Brook University (University) is committed to supporting and promoting a culture
of compliance, consistency, and accountability across the institution. This policy
is the foundation for a uniform and systematic process for developing, maintaining
and publishing University-wide policies, while enhancing operational efficiency, decision-making
and compliance with federal and state laws/regulations, as well as SUNY policy and
procedures.
A policy is a directive that states the University’s official position on a particular
issue. University-wide policies endure across time and administrations, and connect
Stony Brook’s mission to individual conduct. University-wide policies:
- Mandate actions or constraints for members of the Stony Brook community
- Have broad application throughout the University
- Support the University’s mission
- Promote quality and operational efficiency
- Help manage institutional risks
- Support equity and integrity in practices across the University
Policy:
The University has a process whereby it formally creates, revises, maintains, and
publishes all University-wide policies. These policies are available in the University
Policy Manual (Manual), which is accessible via the University policy website (www.stonybrook.edu/policy). The scope of the policies in the Manual apply University-wide. A policy may indicate
a narrower scope and must be clearly explained.
Policies that are specific to Stony Brook University Hospital and its campuses (collectively
“SBUH”) are governed in accordance with their respective policies on the creation,
revision, review, distribution, archiving/access of administrative policy and procedures.
SBUH policies are located in the Manual with limited secured access.
All University-wide policies are issued by University leadership and must be approved
by the University President (or designee) in accordance with the process detailed
in this policy. Enterprise Risk Management (ERM) is responsible for managing this
policy on behalf of the President. ERM will oversee the University’s policy development
process, coordinate with University leadership to ensure compliance with this policy,
manage all aspects of the Manual (which is officially housed in a policy management
software system known as Policy Manager) and the policy website.
An Issuing Authority is part of the University leadership team and is the owner of
a University-wide policy. The Issuing Authority must assign responsibility for implementing
and supporting each of its policies. This responsibility may be delegated to an area(s)
(i.e., office, subdivision, unit, or committee). Implementing procedures and guidelines
are generally not included within a policy. Rather, such items should be housed on
appropriate University websites and include supporting resources (e.g., forms, trainings,
FAQs, where to send inquiries, etc.). Issuing Authorities and areas assigned responsibility
are encouraged to work with ERM on implementation and communication plans.
Policies that are not University-wide are not published in the Manual. Areas are responsible
for creating, revising, maintaining, and publishing their policies – subject to the
approval of the area’s highest-ranking administrator. These area policies:
- Address needs at the area level or control issues that affect a smaller subset of the University
- Apply only to the employees, staff, students and others within the issuing area
- May create additional specifications, requirements or restrictions
- May not be more permissive than or contradict a University-wide policy
- Should be accessible on the area’s respective University website
Officials who are engaged in the University-wide policymaking process must abide by the following requirements:
A. Policy Form and Format
All University-wide policies will follow the form and format specified in a template approved by ERM. Each policy template must include the following key information:
- Title
- Policy Category
- Issuing Authority
- Responsibility
- Publication Date
- Next Review Date
- Policy
B. Policy Development
The Issuing Authority is responsible for developing its policies and making sure that policies provide clear, accurate and current information. The Issuing Authority should determine how to best manage development of their policies and may assign a designee (Policy Coordinator) for each of its policies. The types of policy changes are as follows:
- Creation & Material Revisions
- Minor Edits
- Emergency & Temporary Suspension
- Retirement
- Elevation
The information below details the process for the types of policy changes:
1. Creation & Material Revisions
The Issuing Authority is responsible for the creation of new policies and for material revisions (i.e., substantive changes) to existing policies. The Issuing Authority is responsible for the following:
- Identifying policy needs
- Conducting research
- Engaging stakeholders and soliciting feedback
- Appointing primary policy drafter/editor
- Sharing final draft policy on approved template with ERM (which will review form and substance)
- Seeking review and approval by the Office of General Counsel and President (or designee)
- Sending final written approval to publish the policy to ERM
Once a policy is approved, ERM will ensure that the policy is published in the Manual. The policy will receive a publication date (i.e., date uploaded to the Policy Manager system) and a next review date (no greater than 3 years from publication). ERM will post an announcement to the policy website for a minimum of 30 days.
2. Minor Edits
The Issuing Authority is responsible for making minor edits (i.e., nonsubstantive changes) to existing policies. The Issuing Authority takes the lead on ensuring the following:
- Identifying policy needs
- Sharing final draft policy on approved template with ERM (which will review format and consistency)
ERM will ensure that the policy is published in the Manual. The policy will receive
a publication date (i.e., date uploaded to Policy Manager system) and a next review
date (no greater than 3 years from publication). ERM will post an announcement to
the policy website for a minimum of 30 days.
ERM reserves the right to make minor edits to policy. In those instances, ERM will
notify either the Issuing Authority or Policy Coordinator of proposed edits prior
to publication.
3. Emergency Policies & Temporary Suspension
The President has the authority to issue an emergency policy or temporarily suspend an existing policy. Such measures are meant to provide flexibility so that the University can immediately comply with federal, state, or local laws/regulations, as well as SUNY policy and directives. Emergency policies and temporary suspensions will be clearly identified and should not remain in effect for more than 6 months.
4. Retirement of Policies
Issuing Authorities may propose that a policy be retired when it is no longer needed or is more effectively combined with another policy. The Issuing Authority takes the lead on ensuring the following:
- Identifying policy need
- Engaging stakeholders and soliciting feedback
- Seeking review and approval by the Office of General Counsel and President (or designee)
- Sending final written approval to retire the policy to ERM
Once approved, the policy will be officially labeled as retired and given a retirement date. ERM will post an announcement to the policy website for a minimum of 30 days. The policy will also be archived in the Policy Manager system.
5. elevation of Policies
There may be instances where an existing University-wide policy is published exclusively by an area, but not published in the Manual. Such policies should be elevated into the Manual. ERM will work with Issuing Authorities and/or Policy Coordinators to ensure such policies are transferred to the proper form and format, and published in Policy Manager and the Manual.
Once published, the policy will receive a publication date (i.e., date uploaded to Policy Manager system) and a next review date (no greater than 3 years from publication). ERM will post an announcement to the policy website for a minimum of 30 days.
C. Policy Maintenance & Communication
As the steward of University-wide policies, ERM is responsible for the following:
- Policy Archives: whenever a new version of a policy is published in the Policy Manager system, the prior policy version will be automatically archived.
- Policy Manual: maintaining the online administrative Policy Manager system and supporting elements (e.g., policy templates, trainings, etc.).
- Policy Website: maintaining the policy website (e.g., access to policies, resources, notifications, etc.).
- Records Retention: ensuring that all University-wide policies are retained indefinitely.
- Review Cycle: ensuring that all University-wide policies are reviewed at least every three years. Policies may be reviewed more frequently at the discretion of the Issuing Authority and/or ERM.
Definitions:
- Issuing Authority: University leadership team member who is the owner of a University-wide policy. This individual has ultimate responsibility for their policies, which includes charging area(s) with the responsibility of carrying out and maintaining policies on their behalf. An Issuing Authority may be referred to in a policy by a person’s title (e.g., President, Provost, Sr. Vice President, etc.) or by the area(s) they lead (e.g., Advancement, Research, etc.). There may be more than one Issuing Authority, resulting in policy co-ownership.
- Policy: a directive that states the University’s official position on a particular issue.
- Policy Coordinator: designee(s) appointed by an Issuing Authority to oversee the development and implementation of policy.
- Policy Manual: the University’s official policy repository for University-wide policies, available at: www.stonybrook.edu/policy.
- Procedure: operational processes that detail how to carry out and support policy.
- Responsibility: the designated area(s) (i.e., office, subdivision, unit, committee, etc.) that is responsible for carrying out and maintaining policy. Areas are generally subject matter experts and are responsible for policy implementation and operational administration. This includes maintaining all pertinent items that implement the policy (e.g., compliance/enforcement, committees, websites, guidelines, FAQs, forms, etc.).
Contact:
Additional information about this policy is available here:
Marrisa Trachtenberg, JD
Director of Risk Management & Policy Compliance
411 Administration Building
Stony Brook, NY 11790
(631) 632-9576
Marrisa.Trachtenberg@stonybrook.edu
