Topics Map > UW-Madison > CIO > Resource Management
Topics Map > UW-Madison > CIO > Identity and Access Management
Topics Map > UW-Madison > Cybersecurity > Access Control
Topics Map > UW-Madison > Cybersecurity > Monitoring and Mitigation

UW-Madison - CIO - UDS Responsible Use Policy

The UDS Responsible Use Policy applies to anyone configuring applications or services to use data from the University Directory Service (UDS).

Official Printable PDF

Background

The UDS provides applications and services at the University of Wisconsin-Madison with demographic, role and contact data to support identity management, authentication and authorization.(i) The following policy is designed to ensure judicious and compliant use of that information, protecting the security and privacy of that data where necessary.

Policy

  1. UDS data use must be authorized by the appropriate data custodians for student, employee or other data using the UDS authorization request form. This form specifies what data elements are needed for what purpose. UDS consumers(ii) will be notified annually to reapply for authorization. The data obtained must be used only for the specific purpose identified on the request form and not for any other purpose, and must not be supplied to other applications.

  2. UDS data use must comply with the applicable State of Wisconsin and Federal laws and regulations concerning privacy and security as well as complying with University policy. UDS data use is specifically bound by the University FERPA Policy (https://registrar.wisc.edu/ferpa_overview_fac.htm) and University Responsible Use Policy (https://kb.wisc.edu/itpolicy/cio-responsible-use-policy).

  3. UDS data may be used for purposes of providing identity management, which includes, for example, directory authentication and authorization services, and contact information.

  4. UDS consumers must provide details on what UDS data they store locally.

  5. UDS consumers must take all necessary precautions to secure UDS data in transmission and in storage. This includes utilizing security best practices as posted at https://it.wisc.edu/about/office-of-the-cio/cybersecurity/.

  6. Consumers of UDS data will be held responsible for any security breach traceable to their use or specific authorization and will be held liable for any willful misuse or deliberate system damage traceable to their use and specific authorization.

  7. Periodic and random audits will be performed on use of UDS data by the Office of Cybersecurity.

  8. Consumers of UDS data must provide access logs and access to systems containing UDS data upon request to the Office of Cybersecurity.

Authority

Issued by the UW-Madison Vice Provost for Information Technology.

Enforcement

See provisions 6, 7 and 8 of the policy.

Contact

Please address questions or comments to policy@cio.wisc.edu.

References

IT Policy Glossary: https://kb.wisc.edu/itpolicy/glossary
(i) Identity management refers to the policies, processes and technologies by which the identities of persons are proofed, registered and maintained. Authentication is the process of validating that identity. Authorization is providing access rights and privileges based on that identity.
(ii) UDS consumers refers to applications or services that use data from the UDS.


Effective:   Jul 07, 2005
Revised:    Jun 28, 2013
Reviewed:  Jan 04, 2016
Review by: Jan, 2018
Maintained by: DoIT Middleware and the Office of the CIO

History at: https://kb.wisc.edu/itpolicy/cio-uds-responsible-use-history
Reference at: https://kb.wisc.edu/itpolicy/cio-uds-responsible-use-policy

Text in italics is not part of the official text. Please link to this page when referring to this document.




Keywords:policies guidelines policy recommendations requirements guideline recommendation requirement requirements, it-security-staff it-staff information-technology security, identity-management resource-management security cybersecurity identity resource, access business-use monitoring retention storage transmission distribution, access-control monitoring-and-mitigation access cdm mitigation monitoring   Doc ID:59269
Owner:GARY D.Group:IT Policy
Created:2015-12-31 12:39 CDTUpdated:2016-11-27 16:55 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-uds-responsible-use-policy
Feedback:  0   0