Please report any problems to the Shared Tools Team at st-help@doit.wisc.edu    Broken Links? Missing Macros? WIKI Retiring Plugins
Child pages
  • Forum 2011-08 Discussion Results
Skip to end of metadata
Go to start of metadata

August 1st, 2011 IT Policy Forum

Notes from all discussion groups, and report back.

Full text of the recommendations is available at: https://wiki.doit.wisc.edu/confluence/display/POLICY/POD+Recommendations

Discussion Group A Notes

Recommendation 1.  Clarify employee responsibilities for using, securing and managing university data and records

  • Create policy on responsibilities for protecting sensitive information and university records.
  • Provide guidance on using, securing and managing university data and records.
  • Specifically address research data in these efforts.

Notes:

  1. How comprehensive are existing policies and guidelines, and what is missing?
  2. What is most important to address during the next year or so?
  3. What are the unique needs associated with research data, and how to engage the research community in discussion?

Discussion Group B Notes

Recommendation 2.  Review and establish contracts for non-UW-Madison applications and services.

Notes:

  1. How to identify apps and services for possible contracts?
  2. How to decide if a contract is needed, and how to prioritize them?
  3. How to involve the stakeholders during the contracting process?

Discussion Group C Notes

Recommendation 3.  Review and provide guidance on use of non-UW-Madison applications and services that are not under contract.

Recommendation 4.  Build Awareness and Training.

  • Create guidelines/templates for departments to use in their operations.
  • Update the "Guidelines for Use of non-UW-Madison Applications and Services for research and for instruction."

Notes:

  1. What sort guidance and templates would be helpful to departments?
    • Examples:
      • Radiology Med School IT, signed policy for tablets, regardless of who had ownership, will share verbiage on contract. UW policy, HIPPA, hospital PDA policy. Remote wipe. Device must be registered. Faculty must vet published materials before epublishing. Dropbox blocked at firewall but nodes are open. 3G, campus wireless unmonitored. Nearly 50iPads registered, regular forums. Dissemination plus oversight. Address groups via their preferred venues; researchers like forums and presentations, e.g. Sexy and funny tip of the week, bogosity reminders.
      • Alumni association limited policy. How to generate interest in database?
      • MATC in its infancy. Using Exchange environment. Remote wipe. Part time faculty huge challenge.
      • Phone replacement by vendors, backup of user data in vendor cloud.
    • Cloud/application guidance. WM "terms of service?"
    • Explorer enterprise wipe? Execution block for high risk users.
      • Smart phone, tablet, notebook used to circumvent IT safeguards.

  2. What are the top messages to each of the campus audiences?
    • Cohesive document in everyday language that explains locations, obligations, data types, check boxes, matrices, training, regular review

  3. How to measure progress?
    • Identify non-participants

Report Back Flip Chart Notes

Group A

Recommendtion #1 Clarify employee responsibilities for using, securing and managing university data and records

  • Create policy on responsibilities for protecting sensitive information and university records.
  • Provide guidance on using, securing and managing university data and records.
  • Specifically address research data in these efforts.

Flip Chart Notes:

  1. How comprehensive are existing policies and guidelines, and what is missing?
    • On-boarding
    • Training in general
      • [For research,] might vary by funding source
    • End user responsibility

  2. What is most important to address during the next year or so?
    • Research communities
    • Data storage and retention
    • IdM

  3. What are the unique needs associated with research data, and how to engage the research community in discussion?
    • Regulatory environment
    • Technology [needed]
    • IRB involvement
    • Data lifecycle [differs from admin data]
    • Gap between expectations and security controls [applied]

Group B

Recommendation 2.  Review and establish contracts for non-UW-Madison applications and services.

Flip Chart Notes:

  1. How to identify apps and services for possible contracts?
    • SLiM, APR Tools, [other teams and groups...]
    • Seek what is being used
      • Ethical boundaries [while seeking]
    • High frequency of change

  2. How to decide if a contract is needed, and how to prioritize them?
    • Timely contracting
    • Look for "critical mass" to become:
      • UW Service
      • contracted service

  3. How to involve the stakeholders during the contracting process?
    • Process, where does someone start?
    • Incentive for vendors
      • CIC, standardize contract language
    • Awareness
      • Look at current language [of service providers]
      • Advertise [some] services, and what to keep in mind if you use it

Group C

Recommendation 3.  Review and provide guidance on use of non-UW-Madison applications and services that are not under contract.

Recommendation 4.  Build Awareness and Training.

  • Create guidelines/templates for departments to use in their operations.
  • Update the "Guidelines for Use of non-UW-Madison Applications and Services for research and for instruction."

Flip Chart Notes:

  1. What sort guidance and templates would be helpful to departments?
    • Examples:
      • Exchange environment: register, data wipe
      • iPads: user signs contract
        • Vet materials with review group
      • Some firewalls block Dropbox
    • Regular forums, learning, oversight
    • Tip-of-the-week
    • Vendors [being] aggressive to replace old phones
    • Vendors [are] backing up phones
      • Notebooks used by both staff and their families
    • Training
      • Regular review of training [to update it]

  2. What are the top messages to each of the campus audiences?
    • Everyday language:
      • Where is your data?
      • Obligations
      • Types of data
      • Checkboxes
      • Matrix [for comparion]

  3. How to measure progress?
    • Identify non-participants
      • "Weakest Link"

Contact

  • No labels