Skip to end of metadata
Go to start of metadata

IT Policy Principles and Procedures FY 2013-2014

Information technology policy will be developed, implemented, monitored, endorsed and enforced using the following principles and procedures at the UW-Madison.1

I. Rationale

It is necessary to implement IT policy to comply with federal and state laws, and to meet internal institutional needs. IT policy provides guidance, and establishes expectations for IT consumers and producers in the UW-Madison community. 

The IT Policy Principles and Procedures outline the process for creating IT policy at UW-Madison. The policy development process is aligned with the Strategic Plan for Information Technology.2 Policy development procedures encourage collaboration and communication throughout the campus community, and provide a basis for sound planning practices that support strong decision-making. The roles and responsibilities for those involved in the policymaking process, including the role of campus governance groups, are also identified. The principles and procedures detail a policy development process that:

  • is transparent,

  • aligns IT policies with institutional and local goals and needs,

  • ensures only needed policies are developed,

  • ensures policies are consistent,

  • ensures policies are appropriately reviewed, and

  • includes mechanisms for policy implementation and revision.

II. Scope

The IT Policy Principles and Procedures guide IT policy development at UW-Madison. The principles and procedures apply to all components of UW-Madison. The glossary is an extension of these principles and procedures.3

III. Roles and Responsibilities

The following are stakeholders in the IT policy development process.4

  1. Chief Information Officer and Vice Provost for Information Technology

    The Chief Information Officer and Vice Provost for Information Technology is responsible for of IT policy development at UW-Madison.

    Role: The CIO, along with advisors and assistants, leads IT policy in order to assure that:

    • Policies address compelling needs, are consistent with campus culture and strategies, and there is appropriate sponsorship when planning an IT policy initiative.
    • There is campus buy-in, appropriate review and revision, and practical implementation of IT policy.

  2. Shared Governance

    UW-Madison has a strong commitment to shared governance and distributed management. The governance and process for IT policy must incorporate stakeholders from throughout the institution.

    Shared governance for IT policies is already in place. The Information Technology Committee^5^ (ITC) is the primary shared governance committee for IT policy. The involvement of shared governance helps assure alignment with institutional culture and the goals and needs of broad campus constituencies.

    Role: The ITC and the CIO engage in an ongoing dialogue regarding the specifics of how shared governance should be involved in the policy development process.   

  3. Deans, Directors and other Campus Executives

    Executives can provide high-level coordination of IT policy with other areas of institutional policy. Executives help assure alignment with the goals and needs of schools, colleges and divisions, and they encourage the development of the institutional and local infrastructure and procedures needed to support compliance.

    Role: One or more representative groups provide a high level coordination and sponsorship.

  4. Operational--level management

    Operational-level leaders assure alignment with the operational goals and needs of their units, integration of institutional policy with local policy and processes, and the development of local infrastructure and procedures to support compliance.

    Role: One or more representative teams of operational level leaders and managers analyze the issues and make recommendations related to IT policy proposals.  These teams could be chartered by an executive level group of Deans and Directors.

  5. Technologists, Support Staff and Users

    The involvement of technologists, support staff and user communities such as faculty, staff and students helps assure that a proposed policy is desirable and feasible from a technical perspective, and that compliance is practical for those creating, maintaining and using the related technical infrastructure or services.

    Role: The operational level team(s) identified above charter policy issues teams to perform specific detailed research, provide specialized expertise, expand involvement by a broad spectrum of those affected (for example: faculty, staff and students) and provide other support to the operational level management team(s).

IV. Principles of the Policy Development Process

The policy development process is used to create new IT policies, and supporting guidelines and standards for policy implementation. Policy development can originate anywhere on campus, but development should follow this process, and these principles.  

Principle 1: To ensure campus-wide input and collaboration, planning for new policy initiatives will incorporate needs from many venues and campus groups, including, but not limited to, the UW-Madison Strategic Plan for IT Policy, IT Policy Forums, and the Policy Planning Team.

Principle 2: When planning policy development it is necessary to assure there is:

  • compelling need,

  • strategic alignment,

  • appropriate policy scope, and

  • adequate executive sponsorship. 

Principle 3: Throughout the policy development process it is necessary to ensure there is:

  • transparent process,

  • inclusive representation,

  • appropriate review and revision, and

  • practical implementation.

Principle 4: Policy development follows a designated process with specific sequential phases that must be followed under the direction of the CIO.

General Process for IT Policy Development6

   

1. Planning.

With community input, community leaders and the CIOs office plan initiatives.

 

2. Initiation.

The CIOs office begins an initiative by identifying sponsors, stakeholders and issues.

 

3. Elaboration.

The stakeholders consider the issues and present recommendations to the sponsors.

 

4. Drafting.

Documents are drafted in consultation with the sponsors, stakeholders, and the community.

 

5. Endorsement.

Documents are reviewed and endorsed for issuance by the appropriate executive.

 

6. Rollout.

Departments and offices collaborate to deploy a practical implementation.

 

7. Communications.

Community leaders and the CIOs office encourage widespread implementation.

 

8. Revision.

The community provides feedback to the CIOs office to guide periodic review.

Icon

*NOTE: In March of 2011 re-numbered the steps of the IT Policy Process. Planning is now step 1, Initiation step 2, etc.

Principle 5: The resources required to complete each phase of the policy development process will vary depending on:

  • pre-existing consensus,

  • impact on the institution,

  • urgency of need, and

  • relative priorities.

Principle 6: The roles and responsibilities described in Section III should be followed throughout the policy development process.

V. Policy Development Practices

The following practices are used when conducting the policy development process. 

  1. Communication. Communication of IT policy development will occur at multiple stages during the development process. Policy forums will be conducted by the CIO's IT policy office to discuss policy development with the campus community. To promote transparency and obtain campus input, individual policy teams will present the status of IT policy initiatives at regular intervals during policy development. IT policy initiatives in development phases will be available on the wiki maintained by the IT Policy and Planning Department.7 Official IT policies will published on the CIO's website.8

  2. Participation. The CIO's IT policy office encourages active participation from the campus community during the development stages. Individuals are encouraged to participate on policy development teams.

  3. Vetting. The CIO's IT policy office engages stakeholders during the policy development process.

  4. Campus Coordination of Development. IT policy development that originates outside the CIO's policy office should coordinate with the CIO and follow the policy development process listed above.

  5. Awareness and Training. IT policies will be published with appropriate guidelines for IT user and producer implementation.

VI. Policy Mandates

Policies may be initiated, preempted or set by Federal, State, Regents, UW-System or Campus Executive mandates, and policy or guidelines issued to carry out the mandate.

Due to urgent situations, the CIO may create executive mandates that are effective immediately, and have the authority of policy.  They will be reviewed using the General Process for IT Policy Development listed above and an official policy will be developed. 

----
[1] This document is available at https://wiki.doit.wisc.edu/confluence/display/POLICY/PPT
[2] Further detail on the UW-Madison Strategic Plan for Information Technology can be found at http://www.cio.wisc.edu/plan/
[3] The complete glossary is located at https://wiki.doit.wisc.edu/confluence/display/POLICY/Glossary
[4] Appendix C includes a more detailed list of stakeholders
[5] The ITC is described at http://www.secfac.wisc.edu/governance/FPP/Chapter_6.htm#642
[6] Further detail on the IT Policy Development Process can be found at https://wiki.doit.wisc.edu/confluence/display/POLICY/IT+Policy+Process
[7] The wiki maintained by the IT Policy and Planning Department is available at https://wiki.doit.wisc.edu/confluence/display/POLICY/ 
[8] IT Policies are published at <http://www.cio.wisc.edu/policies/

Appendix A

Appendix B

Stakeholders in the IT Policy Process

This list is not comprehensive, but provides examples of individuals and groups who have a role in policy development.

  • Information Technology consumers and producers
  • Faculty
  • Staff
  • Students
  • University Leadership
  • Faculty Senate
  • WisconsinState Legislature
  • Information Technology Council (ITC)
  • CIO's IT policy office
  • Administrative Legal Services  
  • Internal Audit
  • Data Stewards
  • IT Policy Planning Team
  • Authentication/Authorization Coordinating Team (ACT)
  • Network Advisory Group (NAG)
  • Identification Authentication Authorization Group (IAA)  
  • Madison Technology Advisory Group (MTAG)
  • Identity Management Leadership Group (IMLG)
  • Campus Records Review Group (CRRG)

Appendix C

References

   

Glossary

https://wiki.doit.wisc.edu/confluence/display/POLICY/Glossary

 

IT Policy and Planning Department

policy@cio.wisc.edu

 

Published IT Policies

http://www.cio.wisc.edu/policies/

 

Policy Department Wiki

https://wiki.doit.wisc.edu/confluence/display/POLICY/Home
 
  File Modified
Microsoft Word 97 Document
IT Policy Principles and Procedures… FY 2010-2011, 2011-2012 and 2013-2014 IT Policy Principles and Procedures (DOC)
Jan 14, 2014 by GARY W DECLUTE
JPEG File
IT_Policy_Process-2011-03-03a.jpg FY 2010-2011 IT Policy Process Diagram
Jul 18, 2011 by GARY W DECLUTE
JPEG File
General_Information_Policy_Process-… FY 2009-2010 IT Policy Process Diagram
May 18, 2009 by GARY W DECLUTE

Contact