UW-Madison IT Policy Program, August 2018
What is IT Policy?
IT Policy establishes expectations
of behaviors for users and
providers of IT
Areas of IT Policy:
- Electronic Records Mgt.
- Intellectual Property
- IT Accessibility
- Networking & Telecom
Policies are short stable
statements of what people
must or must not do.
Guidelines are optional
changeable than policies.
Procedures document "how to"
changed as needed.
Standards are measurable
criterion for consistency,
used to review progress.
Principles express intentions
and values to guide future
The IT Policy Process emphasizes compelling need, transparency, sufficient collaboration, and practical implementation. (See outline below.)
|Current Initiatives and Projects||Ongoing Initiatives|
Published IT Policies: https://kb.wisc.edu/itpolicy/
IT Policy Development: https://wiki.doit.wisc.edu/confluence/display/POLICY/Home
Copyright (C) 2008, 2018 Board of Regents of the University of Wisconsin System
IT Policy Process - Steps and Principles
The VP IT’s Office, Responsible Executives (RE), Sponsors, and community representatives identify needs, prioritize, estimate impact, and initiate development.
Representative stakeholders discuss the policy and implementation, refine the impact estimate, consult with advisory groups, and make recommendations to the Sponsors.
Guided by the recommendations, a small drafting team (DT) writes a proposal to develop a policy. The PAT analyzes the proposal. The RE submits it to the ITC.
Guided by the proposal, the DT drafts the policy and implementation and consults with stakeholders and advisory groups. The PAT analyzes the documents, and the RE submits them to IT Governance.
IT Governance advisory groups review and endorse the policy and implementation. The DT incorporates changes.
The ITC approves the policy and implementation. The DT incorporates amendments.
The VP IT issues the policy. The RE works with service providers and the community to deploy a practical implementation that enables efficient and effective compliance.
The RE, university management, and community leaders motivate and monitor compliance.
Service providers and representative stakeholders are consulted during review. Revision repeats the earlier steps of the process in abbreviated form. The extent of abbreviation depends upon the impact of the revisions.
The “Cardinal Principles” are vital for the success of IT Policy development and implementation at UW-Madison.
- Compelling Need – Motivates discussion and collaborative development.
- Transparency – Enables discussion and collaborative development.
- Collaboration – Surfaces requirements and encourages a willingness to comply.
- Practical Implementation – Enables the knowledge and ability to comply.
The diagram illustrates how adhering to the cardinal principles helps UW-Madison develop IT policies that achieve wide-spread compliance.
What is sufficiently compelling? ...sufficiently practical? ...sufficiently collaborative? ...sufficiently transparent?
These are shared perceptions among the stakeholders. To test this: If the need is sufficiently compelling, it should be possible to communicate with the stakeholders and develop a sizeable majority perception of the importance and need. Similarly, it should be possible to develop a sizeable majority perception that the implementation is sufficiently practical, and the development process is both sufficiently collaborative and sufficiently transparent. There needs to improvement if less than a sizeble majority will concur.
- Amend Formally amend a document, (not merely a suggestion.)
- Analyze Comment on policy implications and process.
- Approve Authoritative action that indicates agreement.
- Deploy Initially release a practical implementation of the policy and procedures.
- Endorse Advisory action that indicates of agreement.
- Monitor Various means to measure or estimate compliance.
- Propose Formal proposal for development of policy and procedures.
- Sponsors Chartered sponsors of a policy or team.
- Recommend Advise on the need for and requirements of policy and procedures.
Executives Executives who advance the policy and procedures through the policy process.
- Review Advisory action that makes suggestions for improvement.