UW-Madison IT Policy Program, February 2018
What is IT Policy?
IT Policy establishes expectations
of behaviors for users and
providers of IT
Areas of IT Policy:
- Identity and Access Mgt.
- Information Networking
- Intellectual Property
- IT Accessibility
- IT Resource Management
- Records and Information Mgt.
Policies are short stable
statements of what people
must or must not do.
Guidelines are optional
changeable than policies.
Procedures document "how to"
changed as needed.
Standards are measurable
criterion for consistency,
used to review progress.
Principles express intentions
and values to guide future
The IT Policy Process emphasizes compelling need, transparency, sufficient collaboration, and practical implementation. (See outline below.)
|Current Initiatives and Projects||Ongoing Initiatives|
Published IT Policies: https://kb.wisc.edu/itpolicy/
IT Policy Development: https://wiki.doit.wisc.edu/confluence/display/POLICY/Home
Copyright (C) 2008, 2018 Board of Regents of the University of Wisconsin System
IT Policy Process - Steps and Principles
September 12, 2017
The goal of the process is to ensure that there is compelling need, transparency, sufficient collaboration, and practical implementation.
The CIO’s Office, Responsible Executives(i), Sponsors, and community representatives prioritize and initiate policy development.
Representative stakeholders consider possible development of policy and procedures, and make recommendations to the Sponsors.
Guided by the recommendations, the the PAT analyzes and the Responsible Executives submit a proposal for development of policy to the ITSC(2) for approval.
Guided by the proposal, a small team drafts the policy and procedures in consultation with representative stakeholders. The PAT analyzes the draft.
Advisory groups, IT governance groups, and the ITSC review and endorse the policy and procedures. Changes are incorporated by the drafting team.
The ITC(3) and UW-Madison decision-makers approve the policy and procedures. The drafting team incorporates amendments. It becomes UW-Madison policy.
The Responsible Executives work with service providers and community representatives to enable efficient and effective compliance.
Responsible Executives, service providers, and community leaders motivate and monitor compliance.
Community representatives and service providers are consulted during review and revision.
(1) Responsible Executives have the lead on a policy.
(2) Information Technology Steering Committee.
(3) Information Technology Committee.
The goal of the cardinal principles is to create and maintain wide-spread compliance with IT policy. All other principles and practices of IT policy support or elaborate upon the cardinal principles.
- Compelling need
The need for the policy and procedures is sufficiently compelling to motivate collaboration and practical implementation.
The policy development process is sufficiently transparent to enable collaboration and practical implementation.
There is sufficient collaboration to produce a widely agreed upon policy and the requirements for a practical implementation.
- Practical implementation
The deployed implementation of the policy and procedures is sufficiently practical to enable efficient and effective compliance.