General description of the process. Still needs details related to IT Governance.
IT Policy Principles and Procedures FY 2016-2017
Information technology policy will be developed at UW-Madison using the following principles and procedures.
It is necessary to implement IT policy to comply with federal and state laws, and to meet internal institutional needs. IT policy provides guidance, and establishes expectations for IT consumers and producers in the UW-Madison community.
The IT Policy Principles and Procedures outline the process for creating and revising IT policy at UW-Madison. The policy development process is aligned with the Strategic Plan for Information Technology. Policy development procedures encourage collaboration and communication throughout the campus community, and provide a basis for sound planning practices that support strong decision-making.
The principles and procedures detail a policy development process that:
- is transparent,
- aligns IT policies with institutional and local goals and needs,
- ensures only needed policies are developed,
- ensures policies are consistent,
- ensures policies are appropriately reviewed, and
- includes mechanisms for policy implementation and revision.
The IT Policy Principles and Procedures apply to all IT policy development at UW-Madison.
1. Chief Information Officer and Vice Provost for Information Technology
The Chief Information Officer and Vice Provost for Information Technology is responsible for of IT policy development at UW-Madison.
The CIO, along with advisors and assistants, leads IT policy in order to assure that:
- Policies address compelling needs, are consistent with campus culture and strategies, and have appropriate scope and sponsorship.
- There is transparent process, inclusive representation, appropriate review and revision, and practical implementation during development of IT policy.
2. Shared Governance
UW-Madison has a strong commitment to shared governance and distributed management. The governance and process for IT policy must incorporate stakeholders from throughout the institution.
Shared governance for IT policies is already in place. The Information Technology Committee (ITC) is the primary shared governance committee for IT policy. The involvement of shared governance helps assure alignment with institutional culture, and with the goals and needs of broad campus constituencies.
Role: The ITC and the CIO engage in an ongoing dialogue regarding the specifics of how shared governance should be involved in the policy development process.
3. Deans, Directors and other Campus Executives
Executives can provide high-level coordination of IT policy with other areas of institutional policy. Executives help assure alignment with the goals and needs of schools, colleges and divisions, and they encourage the development of the institutional and local infrastructure and procedures needed to support compliance.
Role: One or more representative groups provide a high level coordination and sponsorship.
4. Operational–level management
Operational-level leaders assure alignment with the operational goals and needs of their units, integration of institutional policy with local policy and processes, and the development of local infrastructure and procedures to support compliance.
Role: One or more representative teams of operational level leaders and managers analyze the issues and make recommendations related to IT policy proposals. These teams could be chartered by an executive level group of Deans and Directors.
5. Technologists, Support Staff and Users
The involvement of technologists, support staff and user communities such as faculty, staff and students helps assure that a proposed policy is desirable and feasible from a technical perspective, and that compliance is practical for those creating, maintaining and using the related technical infrastructure or services.
Role: The operational level team(s) identified above charter policy issues teams to perform specific detailed research, provide specialized expertise, expand involvement by a broad spectrum of those affected (for example: faculty, staff and students) and provide other support to the operational level management team(s).
The policy development process is used to create new and revised IT policies, and supporting guidelines and standards for policy implementation. IT policy development can originate anywhere on campus, but development should follow these principles.
Principle 1 – Collaboration
To ensure campus-wide input and collaboration, planning for new policy initiatives will incorporate needs from many venues and campus groups, including, but not limited to, the IT Strategic Plan, IT Policy Forums, and the Policy Planning Team.
Principle 2 – Success Factors for Planning
When planning policy development it is necessary to assure there is:
- compelling need,
- strategic alignment,
- appropriate policy scope, and
- executive sponsorship.
Principle 3 – Success Factors for Development
Throughout the development process it is necessary to assure there is:
- transparent process,
- inclusive representation,
- appropriate review and revision, and
- practical implementation.
Principle 4 – Development Process
Policy development follows a designated process with specific sequential steps that must be followed under the direction of the CIO. See Appendix A.
Principle 5 – Resource Management
Rather than skip steps in the policy development process, it is better to adjust the time and resources required to complete each step depending upon:
- pre-existing consensus,
- impact on the institution,
- urgency of need, and
- relative priorities.
Principle 6 – Roles and Responsibilities
The roles and responsibilities described in Section III should be followed throughout the policy development process.
1. Communication. Communication of IT policy development will occur at multiple stages during the development process.
- Policy forums will be conducted by the CIO’s IT Policy Office to discuss policy development with the campus community.
- To promote transparency and obtain campus input, individual policy teams will present the status of initiatives at regular intervals.
- Information on initiatives will be available on the IT Policy Development wiki. 
- Official IT policies will be published in the IT Policy Knowledge Base. 
2. Participation. The CIO’s IT Policy Office encourages active participation by the campus community. Individuals are encouraged to participate on policy teams.
3. Vetting. The CIO’s IT Policy Office engages stakeholders during the policy development process.
4. Campus Coordination of Development. IT policy development that originates outside the CIO’s IT Policy Office should coordinate with the CIO and follow the principles in section IV.
5. Awareness and Training. IT policies should be published with appropriate guidelines for IT user and producer implementation.
UW-Madison IT policies may be initiated, preempted or set by federal & state law, Regent and UW System policy, UW-Madison executive mandates.
Due to urgent situations, the CIO may issue executive mandates or policies that are effective immediately. The mandate or policy will be reviewed following the principles and practices described in sections IV and V.
This list is not comprehensive, but provides examples of individuals and groups who have a role in policy development.
- Information Technology consumers and producers
- University Leadership
- Faculty Senate
- Wisconsin State Legislature
- Information Technology Committee (ITC)
- CIO’s IT policy office
- Legal Services
- Internal Audit
- Data Stewards
- IT Policy Planning Team
- Network Advisory Group (NAG)
- Madison Technology Advisory Group (MTAG)
- Identity Management Leadership Group (IMLG)
- University Records Management Advisory Group (URMAG)
IT Policy Office
Published IT Policies
Wiki for IT policy development
Appendix D – Revisions
Changes since 2009:
- In 2015, adaptation of the Cornell policy process for use at UW-Madison. This was a substantive change designed to better engage University leaders when proposing and approving IT policy.
- Many minor changes over time such as correcting links, updating lists, and streamlining language.
 The wiki is available at https://wiki.doit.wisc.edu/confluence/display/POLICY/