What is IT Policy?

What is IT Policy?

IT Policy establishes expectations of behaviors for users and providers of IT.

The UW-Madison IT Policy Process emphasizes transparency, inclusive representation, practical implementation and appropriate review & revision.

Pre-requisites for success are compelling need, strategic alignment, appropriate scope, and executive sponsorship.

Areas of IT Policy:

Cybersecurity

Identity and Access Mgt.

Information Networking

Intellectual Property

IT Accessibility

IT Resource Management

Records and Information Mgt.

Definitions:

Policies are short stable statements of what people must or must not do.

Guidelines are optional recommendations, more changeable than policies.

Procedures document “how to” implementation details, changed as needed.

Standards are measurable criterion for consistency, used to review progress.

Principles express intentions and values to guide future decision-making.

Current Initiatives and Projects

Accessible Development and Publishing Phase I Project

Continuous Diagnostics and Mitigation Policy

Credential Security Policy

HIPAA Security Policy

IT Compliance Agreement

Security Education, Training and Awareness Policy

Storage, Transmission and Encryption of Sensitive Information

Ongoing Initiatives

Accessibility/Usability Coordinating Group

Information Security Communications Task Force

Policy Communications

Policy Forums

Policy Planning Team

Review of IT Policies

UW-MIST facilitation

Completed Initiatives

Restricted Data Management

Non-UW-Madison Devices and Services

Revision of Information Incident Reporting Policy

Revision of Responsible Use Policy

Many more… (list of all initiatives)

Program Development

Twenty nine quarterly IT policy forums

UW-Madison IT Policy web site

Principles and procedures for IT Policy

Policy development Wiki

Policy Index & Policy Glossary

Websites

Published IT Policies: http://www.cio.wisc.edu/

Policy Development:  https://wiki.doit.wisc.edu/confluence/display/POLICY/Home

IT Policy Process

Groups and persons involved in the process

The UW-Madison Community

University executives

Community Leaders

Community Representatives

Departments and Offices

Stakeholders

Advisors

The Chief Information Officer (CIO)

IT Policy Office (reports through CISO up to the CIO)

Steps of the process

Plan. The CIO’s office and community representatives plan initiatives.

Recommend. Representative stakeholders analyze the issues and make recommendations to the CIO.

Propose. The CIO’ office submits an Impact Statement to UW executives for approval.

Draft. Documents are drafted by the CIO’s office in consultation with representative stakeholders.

Endorse. Documents are reviewed and endorsed by community leaders and advisors.

Approve. UW-Madison executives review and approve the final policy. It becomes UW-Madison policy.

Implement. Community leaders and the CIO’s office encourage widespread implementation.

Review. Community representatives provide feedback to guide periodic review and revision.

Planning Principles

Initially, assure there is:

compelling need

strategic alignment

appropriate scope

executive sponsorship

Development Principles

Throughout, assure there is:

transparent process

inclusive representation

appropriate review and revision

practical implementation

Resource Management Principles

Adjust time and effort according to:

pre-existing consensus

impact on the institution

urgency of need

relative priorities