Risk Management addresses how the protection of IT assets and resources will be balanced with the likelihood and impact of malicious activity and the ability of UW and its affiliates to carry out their missions. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

• Accounting Services - Credit Card Merchant Services and PCI Compliance (annual validation, approvals, roles, responsibilities, sanctions) _{(on bussvc.wisc.edu)}

• HIPAA _{(on compliance.wisc.edu)}

  • 1.1 Designation of the UW-Madison Health Care Component (UW HCC)
  • 1.2 Designation of the University of Wisconsin Affiliated Covered Entity (UW ACE)
  • 6.1 Managing Arrangements with Business Associates of the University of Wisconsin-Madison
  • 6.2 Managing Business Associate Arrangements When the University of Wisconsin-Madison is the BA
  • 6.3 Use of and Safeguards for PHI by UW-Madison Internal Business Support Personnel
  • 8.1 HIPAA Security Risk Management
  • 8.2 HIPAA Security Oversight
  • 10.2 Designation of Unit Privacy and Security Coordinators

• IT Policy

  • Cybersecurity Risk Management Policy and Implementation Plan
  • Data Classification Policy _{(main entry: Data)}
  • Restricted Data Security Management Policy and Procedures _{(main entry: Monitoring and Mitigation)}

• UW System _{(on wisconsin.edu)}

  • 1031 Data Classification Policy and 1031A Data Classification Procedures _{(main entry: Data)}
  • 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions)
  • 25.4 Strategic Planning for Large or High Risk Projects
  • 25-5 Information Technology: Information Security

Related Documents

• IT Policy-related

  • FERPA Description
  • HIPAA Descrption
  • Non-UW-Madison Applications and Services Guidelines _{(main entry: Acquisition and Development)}