What is IT Policy?
IT Policy establishes expectations of behaviors for users and providers of IT.
The UW-Madison IT Policy Process emphasizes transparency, inclusive representation, practical implementation and appropriate review & revision.
Pre-requisites for success are compelling need, strategic alignment, appropriate scope, and executive sponsorship.
Areas of IT Policy:
Identity and Access Mgt.
IT Resource Management
Records and Information Mgt.
Policies are short stable statements of what people must or must not do.
Guidelines are optional recommendations, more changeable than policies.
Procedures document “how to” implementation details, changed as needed.
Standards are measurable criterion for consistency, used to review progress.
Principles express intentions and values to guide future decision-making.
Current Initiatives and Projects
Accessible Development and Publishing Phase I Project
Continuous Diagnostics and Mitigation Policy
Security Education, Training and Awareness Policy
Storage, Transmission and Encryption of Sensitive Information
Accessibility/Usability Coordinating Group
Information Security Communications Task Force
Non-UW-Madison Devices and Services
Revision of Information Incident Reporting Policy
Revision of Responsible Use Policy
Many more… (list of all initiatives)
Twenty nine quarterly IT policy forums
Principles and procedures for IT Policy
Policy Index & Policy Glossary
Published IT Policies: http://www.cio.wisc.edu/
Policy Development: https://wiki.doit.wisc.edu/confluence/display/POLICY/Home
IT Policy Process
Groups and persons involved in the process
The UW-Madison Community
Departments and Offices
The Chief Information Officer (CIO)
IT Policy Office (reports through CISO up to the CIO)
Steps of the process
Plan. The CIO’s office and community representatives plan initiatives.
Recommend. Representative stakeholders analyze the issues and make recommendations to the CIO.
Propose. The CIO’ office submits an Impact Statement to UW executives for approval.
Draft. Documents are drafted by the CIO’s office in consultation with representative stakeholders.
Endorse. Documents are reviewed and endorsed by community leaders and advisors.
Approve. UW-Madison executives review and approve the final policy. It becomes UW-Madison policy.
Implement. Community leaders and the CIO’s office encourage widespread implementation.
Review. Community representatives provide feedback to guide periodic review and revision.
Initially, assure there is:
Throughout, assure there is:
appropriate review and revision
Resource Management Principles
Adjust time and effort according to:
impact on the institution
urgency of need