IT Policy Development & Management

Layout for printing
Policy Number:
UW-510
Responsible Office:
Division of Information Technology (DoIT)

University Policy

Rationale/​Purpose:

IT Policy establishes expectations for UW-Madison IT resource users and providers. The key aims of all IT Policy are: (1) Reduce institutional risk; 2) Increase the effectiveness of IT in support of the mission of the institution; 3) Help the university in complying with applicable laws, regulations, UW System policies, and other external mandates.

To successfully support these aims, this policy establishes the roles, responsibilities, and characteristics for the full lifecycle of IT policies, procedures, standards, and guidelines from their initial development, through their implementation, and finally to their long-term management

Definitions:
Information Technology Committee (ITC)
The shared governance committee for policy and planning of IT throughout the University
IT Policies
Includes policies, procedures, standards, guidelines, and implementation plans under the oversight of the Vice Provost for Information Technology
Policy Planning and Analysis Team (PAT)
A subcommittee of the ITC
Scope:

This policy applies to the development and full lifecycle of all IT policies under the oversight of the Vice Provost for Information Technology at UW-Madison.

Policy:
  1. Policy Development Principles
    1. Development of new IT policies must be based on a compelling need and practical implementation.
    2. IT policy development will be transparent and collaborative.
  2. All IT policies will declare in plain language:
    1. The rationale of why it is needed.
    2. When and to whom it applies.
    3. The rules, regulations, and/or directions that must be followed in order to accomplish the desired stated outcome(s) set forth in the rationale.
    4. The compliance exception process.
    5. The consequences for compliance failures.
    6. Those who are accountable and responsible for implementation, compliance, and exceptions.
  3. Roles and Responsibilities
    1. The Information Technology Committee (ITC) is accountable and responsible for:
      1. Reviewing and providing guidance for IT Policies at all points of the policy lifecycle.
      2. Ensuring that all relevant stakeholders have been consulted during the review process.
      3. Providing Policy Planning and Analysis Team (PAT) oversight.
    2. The Vice Provost for Information Technology (VP IT), or delegate, is accountable and responsible for:
      1. Administering the IT Policy Program.
      2. Approving and issuing IT Policies.
      3. Providing PAT oversight.
    3. The PAT is responsible for:
      1. Organizing and recommending IT Policy initiatives.
      2. Guiding IT policy development throughout the policy lifecycle.
      3. Monitoring, guiding, and providing recommendations for improving the IT policy process per UW-Madison Policy UW-510.
  4. Policy Management and Curation: The VP IT or delegate is responsible for periodic review of IT Policies and will consult with the appropriate stakeholders to determine if further review and consultation are needed.
  5. Exceptions to this policy may be granted by the VP IT.
  6. The VP IT may issue provisional IT policies that are effective for a stated time frame.
Related UW–Madison Documents, Web Pages, or Other Resources:

IT Policy Procedures

Policy Planning & Analysis Team (PAT) Charter (in development)

Policy Administration

Approval Authority:
Chief Information Officer & Vice Provost for Information Technology
Policy Manager:
Assistant Director, Cybersecurity Program and Business Services
Contact:
IT Policy Writer and Analyst -- Heather Johnston, HEATHER.JOHNSTON@WISC.EDU
Effective Date:
06-17-2024
Revised Dates:

12-20-2019, 06-17-2024

Reviewed Dates:

12-20-2019

Retrieved:
07-26-2024 19:13:07