Please report any problems to the Shared Tools Team at    Broken Links? Missing Macros? WIKI Retiring Plugins
Skip to end of metadata
Go to start of metadata

Guidance on Use of non-UW-Madison Devices, Applications and Services (nUWGuidance)

Non-UW-Madison Devices, Applications and Services Guidelines, Awareness and Training (nUWGuidance) seeks to help UW-Madison faculty and staff responsibly manage University data that is stored or processed on non-UW-Madison-operated devices and cloud services.

The published version of the guidelines for applications and services can be found at:


To comment on draft documents or any other aspect of IT policy, please add your comments at the bottom of the page in question, or send email to Comments are welcome on any document at any time.


Current Questions

Current Process Step

Communications strategy?

Unable to render {include} The included page could not be found.




12/05/13Rev A of guidelines. Now link to Revision date not updated. Also revised and which direct the users from the old versions to the new version.
12/03/13Published List of major external cloud services offered as campus-wide services by DoIT, contact point for additional cloud services for which UW-Madison already has an agreement, and recommendations for how to handle other new or existing cloud services for which UW-Madison does not have an agreement.
11/20/13IT Policy Forum 2013-11, brief update on revised guidelines.

(tick) Published revised guidelines, combining both instruction and research, and also covering administration. No substantial changes to the guidelines included in the document, however, the current version combines all three of instruction, research and admin into a single document, making it much easier for someone with multiple roles to see all the relevant guidelines.

10/31/13Final edits. Combined guidelines are approved.
10/23/13Final draft of combined guidelines submitted for approval
10/08/13Revised drafts of individual guidelines for instruction, research, and admin, including 'diff' files for each. Revised draft of combined guidelines.
10/04/13Draft of checklist for those considering use of non-UW-Madison apps and services.
09/25/13PPT Meeting 2013-09-25, more discussion about possible BYOD and/or cloud services policies.
09/24/13Updated draft of cloud contracting process diagram.

Box discussions continue, especially on use for HIPAA PHI.

07/24/2013UW-Madison Box service announcement. Box discussions begin, especially on use for HIPAA PHI
07/07/13PPT Meeting 2013-07-31, while discussing communications plan, concluded that we need a BYOD and/or Cloud Service policy, primarily for education regarding exist (but scattered) policy, and also as vehicle to publish recommended procedures.
07/2013Gmail security discussions.
06/2013Yet More Drop Box issues.
05/15/13Draft of BYOD communications plan for PPT
05/08/13PPT Meeting 2013-05-08, discuss need for BYOD and Cloud policies.
05/07/13BYOD discussion at May IT Policy forum.
05/2013More Drop Box issues.
04/2013Drop Box issues.
03/18/13First Excel format list of cloud contracts.
03/13/13PPT Meeting 2013-03-13, discussed need for a contracting process for cloud service.
03/10/13Developed draft of cloud contracting process diagram.
02/27/13Drafted revision of individual guidelines for instruction, research, and admin, including 'diff' files for each. Drafted combined guidelines.

(info) Cloud services featured and discussed at IT Policy Forum.

02/07/13Incorporated cloud contract list from Purchasing Services in contract list.
01/22/13Updated services and applications list. (Discovered MHEC cloud agreement.)
12/07/12Developed first list of cloud apps and serives. (Until this time, there were so few, there was no need for a list.)

(info) Rev A of 2009 guidelines. Minor fixes only.

05/11/12Google Drive service announcement.
04/12/12Checked 2do list. Remaining items are:
  • Guidelines for administration (probably could be the text common to both the Instruction and Research documents, with references to those two documents for those doing admin of Instruction or Research.)
  • Templates for use by departments, for example: template policies, guidelines, procedures, etc.
04/09/12Drafted changes to the guidelines for Research and Instruction. No substantive change in what is recommeneded. Lots of formatting, re-wording, shuffling around.
03/21/12Check for contracts for non-UW-Madison Apps. Only found two: Google Apps, Moodle
01/06/12My UW Mobile executive committee charter.
12/2011ITC discussion on cloud services.
09/15/11Recruited members for a nUWGuidance team.


Created initiative pages on wiki. Drafted Charter.


POD/Cloud Meeting . Review results of discussion at the Aug IT Policy Forum, Discuss membership of implementation teams. This is the last planned meeting of the current POD/Cloud team. Implementation teams will be organized.


(info) IT Policy Forum . Includes POD/Cloud implementation discussion groups.


POD/Cloud Meeting Special meeting to prepare for IT policy forum discussion.


(tick) POD/Cloud Meeting with the CIO.


POD/Cloud Meeting . Final edits to draft. Planning for meeting with the CIO.


POD/Cloud Meeting . Reviewed draft of revised POD recommendations. Created a list of possible implementation teams.


POD/Cloud Meeting . Reviewed draft executive summary of revised POD recommendations.


POD Meeting . Discussed revision of POD recommendations.


POD Meeting . Discussed electonic records and mobile apps.


Meeting with APR Tools leadership . Discussed mobile and personally owned devices and apps.


POD Meeting . Discussed Email, Calendar, Chat project (ECC)


POD Meeting. Follow up on meeting with CIO. Meetings/liaison with other teams. Event planning.


Follow up meeting with Mobile Apps subcommittee.


POD Meeting. Meeting with CIO.


Meeting the Mobile Apps subcommittee.


POD Meeting. Planned next steps. (Lots of possible contacts with other teams and initiatives.


POD Meeting. Hideko Mills visits POD team to discuss Mobile Devices Initiative and relationship with Personally Owned Devices initiative. Mobile Apps Initiative is about device type independent of ownership. Personally Owned Devices is about the ownership independent of the device type. Much overlap, however, since many personally owned devices are mobile, and that is likely to increase. Same underlying privacy and security issues.


POD Meeting.


First draft of CommonServices document (list of UW and non-UW apps and services.)


POD Meeting.


POD Meeting. Discussed possible event to be held in November.


POD Meeting. Discuss results of meeting with CIO. Discuss next steps.


Meeting with OCIS to discuss the initiative and current recommendations. Identified that access to POD's is necessary in order to investigate possible security incidents.


(info) Campus reaches an agreement on Google Apps, and begins managing the domain.


POD Meeting with CIO . Discuss recommendations. Next steps.


Policy Planning Team (PPT) suggests that the Personally Owned Devices (POD) team can address issues of immediate concern during FY 2010/2011 regarding Use of Non-UW-Madison Applications and Services. This is because the primary recommendation of the POD team is equally applicable to personally owned devices and non-UW-Madison appliations and services. (Note: it becomes increasingly clear that the POD initiative needs a new name to more accurately describe the expanded scope.)


POD Meeting. Preparation for meeting with the CIO and preparation for the forum.


Deadline for changes by team. Final version to be submitted to the CIO on April 9.


POD Meeting. Final review of recommendations.


Team deadline for edits to be included in "final draft".


POD Meeting. Review recommendations. Next steps.


Updated POD Recommendations, with changes from prior meeting.


POD Meeting. Review recommendations.


Updated POD Recommendations, with changes from prior meeting.


POD Meeting.


Original version of POD Recommendations.


Updated POD Charter.


Continued behind-the-scenes activity negotiating contracts for non-UW-Madison applications and services.


It is noted that we should (eventually) have Guidelines for Use of Non-UW-Madison Applications and Services for Administration. These would not differ substantially from the previous guidelines, but would reorganize the material to highlight the administration-specific issues.


Organizational meeting of Policy Stakeholders Team.


Invited additional members of PPT to participate. (One more volunteered.)


Invited additional members of UW-MIST to particate in the Policy Stakeholders Team. (Two more volunteered.)


POD Meeting 2009-11-20. POD Team immediately realizes that the same privacy and security principles apply to non-UW-Madison applications and services. Thereafter, much activity of the team is applicable to both.


Meeting to discuss scope.


Invited several people to participate in a meeting to discuss scope.


Decided that a pre-charter meeting to discuss scope was needed.


CIO news article on Status of Google, Doodle and other UW agreements. (Cached here)


Discussion of POD at the August IT Policy Forum. Discussion results.


Behing-the-scenes activity researching the issues and negotiating contracts for non-UW-Madison applications and services.


(tick) Guidelines for instruction and research are published on


Scheduled Initiation of POD in September. Need to form a PST.


PPT Meeting. The policy statement might be included in IRM. Next steps: Wait until it becomes more apparent whether or not IRM will include a POD policy statement. Procedures, guidelines or standards could be developed independently.


IT Policy Forum. POD tied for second (with Role-based Access Control when voting to prioritize posssible initiatives in the IT Policy Plan for FY 2009-2010.


PPT Meeting. Included initiative in 2009-2010 plan.


Requested input from TP-Prime list on draft Guidelines for Use of Non-UW-Madison Applications and Services. This name replaces "third party apps" and "cloud computing".


IT Policy Forum. TPA received support for inclusion in the IT Policy Plan for FY 2009-2010.


Included this initiative in the list of possible new initiatives. This policy was proposed after the the IT Policy Plan was developed and approved. (The plan anticipates that other possible initiatives might be identified during the fiscal year.)

Additional Pages


  • No labels