Skip to end of metadata
Go to start of metadata

The review schedule normally projects outward three years in order to display the planned review cycle for each policy. As of 08/2015 the review schedule is highly compressed and in flux. Projection of more than one year of activity is speculative. Over time, the review schedule should again stabilize and allow longer term projection of activity.

 
ID or Short Name

 
Effective

Last
Reviewed

Last
Revised

Priority
if active
Fall
15-16
Spring
15-16
Summer
15-16
Fall
16-17 +

Notes
Password Policy and Standard (to be expanded to Credentials Policy)02/200603/2015
(needs major rev)
02/2006
(never revised)
 HighRevise
(recommend)

Revise
(propose,
draft)

Revise
(approve,
publish)

 Major changes needed to address the broader question of how to strengthen UW-Madison credentials. Password Policy and Standard will become part of the broader Credentials Policy.
Vulnerability
Scanning
(to be expanded to CDM)
08/200703/2015
(needs major rev)
08/2007
(never revised)
HighRevise
(recommend)

Revise
(propose,
draft)

Revise
(approve,
publish)

 Needs to be greatly expanded to include not only scanning, but also other means of assessing vulnerabilities and the process of mitigating them on an ongoing basis. This is called Continuous Diagnostics and Mitigation (CDM), and is part of the NIST Risk Mangement Framework (RMF).
Computer
Logging
Statement
11/200512/2011
(OK)
11/2005
(never revised)
HighRevise
(recommend)
Revise
(propose,
draft)
Revise
(approve,
publish)
 May become part of CDM. At a minimum will be revised in conjunction with CDM and must stay in sync with CDM.
Sensitive Info
Definition
01/200906/2014
(needs minor rev, major rev possible)
09/2010
(minor rev)
High

Review by DSC
(could be minor or major rev)

   Will be reviewed by Data Stewards Council.

 
ID or Short Name

 
Effective

Last
Reviewed

Last
Revised

Priority
if active
Fall
15-16
Spring
15-16
Summer
15-16
Fall
16-17

Notes

Policy Principles
& Procedures
(adapting Cornell model)

08/200811/2014
(do major rev)
04/2012
(minor rev)

Mod

Major
revision
(cont)

   Major rewrite to adapt the Cornell policy process for use at UW-Madison. Design for adaptation completed in 01/2015, but have not yet revised the Principles and Procedures to match the new process. Still gaining experience before doing so. Will be an ongoing revision process, completion date TBD.
Restricted Data
Management
07/201401/2015
(needs major rev)
07/2014
(major rev)

 Mod

Policy &
Procedures
(major rev)

Review
Procedures
(minor rev)

 

Review
Policy &
Procedures

Major changes to procedures expected in Fall 2015. Follow up changes to procedures also expected. Signficant policy revison to be considered approximately annually.

Web Accessiblity06/200002/2015
(needs minor rev)
9/2013
(minor rev)

Mod

Revise
(minor rev)
   Considering a minor revision to include a recommendation to work toward WCAG 2.0 A and AA compliance. Major work anticipated in 2016 or 2017 time range when Section 508 "refresh" takes effect.

IReport

06/2009

06/2014
(needs minor rev)

08/2012
(major rev)

Mod

Revise
Policy &
Procedures
(for HIPAA)

Revise
Procedures
(esp. Response procedures)
 

 

Needs minor changes to clarify how the policy and procedures relate to HIPAA.(Changes have already been drafted.) Clarification of response procedures is in progress.

IDispose

07/2009

04/2015
(procedures need major rev)

02/2010
(minor rev)

ModProcedure development by CybersecurityProcedure development by Cybersecurity  Routine review of policy. Does not contain implementation procedures. Do we need them?

 
ID or Short Name

 
Effective

Last
Reviewed

Last
Revised

Priority
if active
Fall
15-16
Spring
15-16
Summer
15-16
Fall
16-17

Notes

IEncrypt

06/2009

12/2014
(needs major rev)

09/2010
(minor rev)

Low

Revise (plan)

 

 

 

Major revisions expected. A draft Storage, Transmission and Encryption Policy was developed in 2012, and never issued. Published as a draft only. Need to re-work the draft revisions again, with significant changes possible.
Interim Encryption Procedures 10/201307/2015
(minor edits to stay current)
10/2013
(minor edits)
LowRevise (plan)   Needs to stay in sync with draft Storage, Transmission and IEncryption Policy, and changes in technology during the interim period.
Interim Encryption Technologies10/201307/2013
(minor edits to stay current)
10/2013
(minor edits)
LowRevise (plan)   Needs to stay in sync with draft Storage, Transmission and IEncryption Policy, and changes in technology during the interim period.
IT Compliance
Agreement
08/201202/2014
(needs major rev)

08/2012
(minor rev)

LowRevise(plan)   Major revision planned as part of NetID activation re-design.
Cellular Phones08/200705/2014
(needs major rev)
08/2007
(never revised officially, but some well-intended changes have occured.)

Low

Telecom is
revising it
(major rev)
   Needs signfiicant work. DoIT Telecom is revising it. Completion date TBD.

NetID
Eligibility

Approx.
09/1993

12/2014
(needs major rev)

10/2011
(minor rev)

 Low

 

Revise (plan)

  

 

Major re-organization planned as part of NetID activation re-design and other changes resulting from use of Manifest system.

 
ID or Short Name

 
Effective

Last
Reviewed

Last
Revised

Priority
if active
Fall
15-16
Spring
15-16
Summer
15-16
Fall
16-17

Notes

Non-UW
Apps & Srvs
See also
BYODandCloud

07/2009

03/2013
(needs major rev)

11/2013
(major rev)

 n/a

 

Review  Supporting documents need significant work. BYOD and Cloud Services team recommendations need to be incorporated.

IAccess

12/2009

05/2013
(OK)

06/2013
(minor rev)

n/a

 

Review

 

 

Compliance standards will need minor revision to incorporate changes in available services.

EDevices

03/2004

07/2011
(OK)

03/2004
(major rev)

 n/a Review  BYOD and Cloud Services recommendations need to be incorporated. Other changes possible.

 
ID or Short Name

 
Effective

Last
Reviewed

Last
Revised

Priority
if active
Fall
15-16
Spring
15-16
Summer
15-16
Fall
16-17

Notes
Web Accessibility Guidelines07/201507/201507/2015n/a  Review Published in 2015 in conjunction with rollout of Web Accessibility Testing Tools Service. There are six documents. Two are published on the CIO policy page. All are published in the KB.

Copyright
Compliance Plan

06/2010

07/2014
(OK)

04/2012
(minor rev)

 n/a  Review Routine review every summer. Few changes expected. Most changes are fixing broken links.
NetID AUS01/200811/2013
(OK)
12/2013
(minor rev)
n/a  Review Routine review. (Is a very stable document.)
UDS Responsible
Use
07/200506/2013
(OK)
06/2013
(minor rev)
n/a  Review Routine review. (Is a very stable document.)

Responsible
Use

Approx.
09/1993

07/2011
(needs major rev)

08/2011
(major rev)

n/a  Review Routine review. This document changes quite slowly. Don't change it unless there is very compelling reason to do so.

 
ID or Short Name

 
Effective

Last
Reviewed

Last
Revised

Priority
if active
Fall
15-16
Spring
15-16
 Summer
15-16
Fall
16-17

Notes
Email Servers10/200410/2012
(OK)
10/2004
(never revised)
n/a   ReviewRoutine review. Post O365 implementation, the document is less relevant, but may still be needed.

COPE

02/2009

07/2013
(OK)

06/2009
(minor rev)

n/a   ReviewMay need changes. Perhaps a question for the DSC?
IP (v4) Allocation08/200908/2011
(OK)
08/2009
(never revised)
n/a   ReviewRoutine review. (Developed, maintained by NAG)
Telephone
Usage
01/200209/2012
(OK)
01/2002
(never revised)
n/a   ReviewRoutine review. (Is a very stable document.)
Access to Faculty
& Staff Files
10/199112/2014
(OK)
3/1999n/a   Review
in 2019
Five year review. (Is a very stable document.) Might never change.

Major and Minor changes

Minor changes do not substantially change what people must do to be compliant. Minor changes clarify the language or provide additional or enhanced options for compliance. There may be an announcement, but no formal rollout.

Major changes significantly adjust what is required for compliance. Major changes receive more review, vetting, endorsement and rollout.

 

(adapting the Cornell model)

Contact