Please report any problems to wiki-admin(a) or use our support form. For more info Shared Tools KB

To follow disabled (grey) links, please log in to the wiki.

Skip to end of metadata
Go to start of metadata

UW-Madison IT Policy Program, February 2019



What is IT Policy?

  IT Policy establishes expectations
  of behaviors for users and
  providers of IT

   Areas of IT Policy:

  • Cybersecurity
  • Electronic Records Mgt.
  • Intellectual Property
  • IT Accessibility
  • Networking & Telecom


   Policies are short stable
     statements of what people
     must or must not do.

  Guidelines are optional
     recommendations, more
     changeable than policies.

  Procedures document "how to"
     implementation details,
     changed as needed.

  Standards are measurable
     criterion for consistency,
     used to review progress.

  Principles express intentions
    and values to guide future

  The IT Policy Process emphasizes compelling need, transparency, sufficient collaboration, and practical implementation. (See outline below.)


Published IT Policies:
IT Policy Development:

Copyright (C) 2008, 2019 Board of Regents of the University of Wisconsin System

IT Policy Process - Steps and Principles


  1. Plan

    The VP IT’s Office, Responsible Executives (RE), Sponsors, and community representatives identify needs, prioritize, estimate impact, and initiate development.
  2. Recommend

    Representative stakeholders discuss the policy and implementation, refine the impact estimate, consult with advisory groups, and make recommendations to the Sponsors.
  3. Propose

    Guided by the recommendations, a small drafting team (DT) writes a proposal to develop a policy. The PAT analyzes the proposal. The RE submits it to the ITC.
  4. Draft  

    Guided by the proposal, the DT drafts the policy and implementation and consults with stakeholders and advisory groups. The PAT analyzes the documents, and the RE submits them to IT Governance.
  5. Endorse

    IT Governance advisory groups review and endorse the policy and implementation. The DT incorporates changes.
  6. Approve

    The ITC approves the policy and implementation. The DT incorporates amendments.
  7. Deploy

    The VP IT issues the policy. The RE works with service providers and the community to deploy a practical implementation that enables efficient and effective compliance.
  8. Comply

    The RE, university management, and community leaders motivate and monitor compliance.
  9. Review

    Service providers and representative stakeholders are consulted during review. Revision repeats the earlier steps of the process in abbreviated form. The extent of abbreviation depends upon the impact of the revisions.

Cardinal Principles

The “Cardinal Principles” are vital for the success of IT Policy development and implementation at UW-Madison.

  1. Compelling Need – Motivates discussion and collaborative development.
  2. Transparency – Enables discussion and collaborative development.
  3. Collaboration – Surfaces requirements and encourages a willingness to comply.
  4. Practical Implementation – Enables the knowledge and ability to comply.

The diagram illustrates how adhering to the cardinal principles helps UW-Madison develop IT policies that achieve wide-spread compliance.

Diagram illustrating the principles

What is sufficiently compelling? ...sufficiently practical? ...sufficiently collaborative? ...sufficiently transparent?

These are shared perceptions among the stakeholders. To test this: If the need is sufficiently compelling, it should be possible to communicate with the stakeholders and develop a sizeable majority perception of the importance and need. Similarly, it should be possible to develop a sizeable majority perception that the implementation is sufficiently practical, and the development process is both sufficiently collaborative and sufficiently transparent. There needs to improvement if less than a sizeble majority will concur.


  • Amend               Formally amend a document, (not merely a suggestion.)
  • Analyze              Comment on policy implications and process.
  • Approve             Authoritative action that indicates agreement.
  • Deploy               Initially release a practical implementation of the policy and procedures.
  • Endorse             Advisory action that indicates of agreement.
  • Monitor               Various means to measure or estimate compliance.
  • Propose             Formal proposal for development of policy and procedures.
  • Sponsors           Chartered sponsors of a policy or team.
  • Recommend      Advise on the need for and requirements of policy and procedures.
  • Responsible
    Executives         Executives who advance the policy and procedures through the policy process.
  • Review               Advisory action that makes suggestions for improvement.



  • No labels