UW-Madison - Periodic IT Policy Review Procedure

Establishes a framework for accomplishing regular review of existing policies that is consistent with the IT Policy Procedure and the overarching IT Policy Development & Management Policy.

UW-510 IT Policy is the policy for this procedure.

Procedure Statement

UW–Madison's IT Policy Development & Management Policy (UW-510) requires periodic review of IT Policies, in consultation with appropriate stakeholders. The IT Policy Procedure, which governs the development, revision, modification, and retirement of IT policies, identifies "scheduled review" as an internal source of policy proposals. This Periodic IT Policy Review Procedure establishes a framework for accomplishing regular review of existing policies that is consistent with the IT Policy Procedure and the overarching IT Policy Development & Management Policy.

Who Is Affected by This Procedure?

This policy applies to all IT Policies that are due for review according to a schedule developed under the IT Policy Procedure. It does not apply to policy reviews initiated in response to other triggers, such as identification by a stakeholder of a perceived policy gap.

Procedure Detail

The Periodic IT Policy Review Procedure consists of 14 steps. These steps are informed by and align with the seven stages of the IT policy development process, as described in the IT Policy Procedure. An overview of the Periodic IT Policy Review Procedure is shown in Figure 1.

Swim lane diagram showing an overview of the flow of steps in the Periodic IT Policy Review Procedure and who has responsibility for each step. The same information is repeated in the text of the document.Figure 1: Workflow for Periodic Review of IT Policies, by Role

Step 1: Identify Policy Due for Review

Table 1: Summary of Step 1
Role with primary responsibility Tools Policy Development Process Stage
IT Policy Staff IT Policy review calendar 7: Maintain

IT Policy Staff will monitor an IT Policy Review Calendar. When a policy is due to be reviewed, IT Policy Staff will move on to Step 2. 

Step 2: Provide Portfolio Subcommittee with Policy History and Stakeholder Feedback

Table 2: Summary of Step 2
Role with primary responsibility Tools Policy Development Process Stage
IT Policy Staff IT Policy shared Google Drive N/A (administrative step)

IT Policy Staff will locate available historical records related to the policy being reviewed and provide them to the PAT Portfolio Subcommittee for review. If IT Policy Staff has received any feedback on the policy from stakeholders, that information will also be provided to the Portfolio Subcommittee. 

 Step 3: Review Policy History and Stakeholder Feedback and Identify Technical SMEs

Table 3: Summary of Step 3
Role with primary responsibility Tools Policy Development Process Stage
PAT Portfolio Subcommittee Historical policy records N/A (administrative step)

The PAT Portfolio Subcommittee will review historical documents and stakeholder feedback provided by IT Policy Staff. The Portfolio Subcommittee will identify technical subject matter experts (SMEs) who can provide feedback on the existing policy. A list of technical SMEs will be provided to IT Policy Staff. 

Step 4: Initiate Review

Table 4: Summary of Step 4
Role with primary responsibility Tools Policy Development Process Stage
IT Policy Staff IT Policy SOP, email templates, survey 1: Identify Need

IT Policy Staff will send a survey to the technical SMEs identified by the PAT Portfolio Subcommittee and to the Policy Library Coordinator (PLC). This survey will ask for feedback on the perceived relevance, effectiveness, and clarity of the policy.

Step 5: Stakeholder Review

Table 5: Summary of Step 5
Roles with primary responsibility Facilitator Tools Policy Development Process Stage
Technical Subject Matter Experts, Policy Library Coordinator IT Policy Staff Survey 1: Identify Need

Upon receipt of the survey, SMEs and the PLC will provide responses to the survey questions, using the free response fields to provide additional information as appropriate.

Step 6: PAT Portfolio Subcommittee Review

Table 6: Summary of Step 6
Role with primary responsibility Facilitator Inputs Policy Development Process Stage
PAT Portfolio Subcommittee IT Policy Staff Published policy, historical documents, survey results 2: Analyze Need

The PAT Portfolio Subcommittee will review the published policy, historical documents, stakeholder feedback, and the survey responses provided by the SMEs and the PLC. They will consider the SME and PLC input, along with the historical information and stakeholder feedback gathered in Step 3, to evaluate whether the policy continues to:

  • Respond to needs appropriately addressed by IT Governance
  • Feasibly address the identified needs
  • Fulfill its stated purpose

The PAT Portfolio Subcommittee may follow up with SMEs, the PLC, and stakeholders for additional information and discussion, as needed.

Step 7: Recommend Action

Table 7: Summary of Step 7
Role with primary responsibility Tool Policy Development Process Stage
PAT Portfolio Subcommittee Template 2: Analyze Need

Based on the review in Step 6, the PAT Portfolio Subcommittee will recommend a course of action to the PAT. 

Step 8: Take Action

Table 8: Summary of Step 8
Role with primary responsibility Facilitator Input Policy Development Process Stage
PAT IT Policy Staff PAT Portfolio Subcommittee recommendation from Step 6 2: Analyze Need

The PAT will review the Portfolio Subcommittee’s recommendation and decide whether to accept it. If the recommendation is accepted, the policy then moves on to the next step in the process, according to Table 9: 

Table 9: Next steps, according to recommendation
Recommendation Next step
Keep as-is 12: Review and Recommend
Revise* (i.e., make minor changes) 11: Draft
Modify* (i.e., make major changes) 9: Form Working Group
Retire 12:Review and Recommend

*For clarity and consistency, we use the UW–Madison Policy Library’s definitions of “minor revision” (i.e., changes that “do not alter the meaning of the policy”) and “modification” (i.e., “substantive revisions that affect the meaning of the policy or are otherwise material”).

Step 9: Form Working Group

Table 10: Summary of Step 9
Role with primary responsibility Tool Policy Development Process Stage
IT Policy Staff IT Policy SOP N/A (administrative step)

 If the PAT decides to make major changes to a policy, the policy will proceed through the remaining stages of the Policy Development Process (Stages 3-7). Following standard operating procedure, IT Policy Staff will establish a working group to determine how the policy should be modified. 

Step 10: Charter Policy Initiative

Table 11: Summary of Step 10
Role with primary responsibility Facilitator Inputs Policy Development Process Stage
PAT IT Policy Staff Template 3: Create Charter

Step 10 is identical to Stage 3 of the Policy Development Process. A charter will be created to provide a shared understanding of the work to be done. This shared understanding is needed to ensure the team tasked with drafting or modifying the IT policy or related document knows how to produce deliverables that meet the expectations of stakeholders and IT Governance. 

Step 11: Draft

Table 12: Summary of Step 11
Role with primary responsibility Facilitator Inputs Tool Policy Development Process Stage
Working Group or PAT Portfolio Subcommittee IT Policy Staff PAT Portfolio Subcommittee recommendation, charter Template(s) 4: Draft

Step 11 is identical to Stage 4 of the Policy Development Process and as such should be considered iterative.

If minor changes are to be made, the PAT Portfolio Subcommittee will draft a proposed revision. The Portfolio Subcommittee may be assisted by SMEs, IT Policy Staff, and the Policy Library Coordinator. 

If major changes are to be made, a modified policy is drafted by a working group, guided by the charter created in Step 10.

Whether changes are drafted by the PAT Portfolio Subcommittee or a working group, input should be sought from SMEs and other appropriate stakeholders.

Step 12: Review and Recommend

Table 13: Summary of Step 12
Roles with primary responsibility Facilitator Inputs Policy Development Process Stage
PAT, ITC IT Policy Staff Recommendation or draft policy 5: Review and Assess

Step 12 is identical to Stage 5 of the Policy Development Process and as such should be considered iterative. 

In this step the PAT and ITC will review the draft policy produced in Step 11 to understand how it will affect the ability of faculty, staff and students to carry out UW-Madison’s teaching, learning and research activities.

Step 13: Approve

Table 14: Summary of Step 13
Role with primary responsibility Facilitator Inputs Policy Development Process Stage
CIO IT Policy Staff ITC recommendation 6: Approve

Step 13 is identical to Stage 6 of the Policy Development Process: The VP-IT (CIO) approves the final draft. This approval is necessary because only the VP-IT (CIO) has the authority to establish IT Policy at UW-Madison. VP-IT (CIO) approval triggers publication of the policy or related document.

Step 14: Update Publication

Table 15: Summary of Step 14
Role with primary responsibility Facilitator Inputs Policy Development Process Stage
IT Policy Staff or Policy Library Coordinator IT Policy Staff CIO approval, final policy document 7: Maintain

During this step, published policy is aligned with approved policy. Actions that may be taken include:

  • Updating the “last reviewed” and “due for review” information in a published policy or related document
  • Replacing a published policy or related document with a revised or modified version
  • Removing a retired policy or related document

For policies, IT Policy Staff will coordinate necessary publication updates with the Policy Library Coordinator. For related documents, IT Policy Staff will make updates directly.

 Roles and Responsibilities

Table 16: Roles and Responsibilities for Review of Existing Policies
Position  Role Responsibilities
Information Technology Committee (ITC)

The shared governance body for policy and planning for information technology throughout the university .
  • Review and provide feedback on recommended policy actions and document drafts
  • Make policy recommendations to the VP IT-CIO
Policy Planning & Analysis Team (PAT) The PAT is a subcommittee. Membership is determined according to the PAT Charter
  • Review and provide feedback on recommended policy actions and document drafts
  • Make policy recommendations to ITC
  • Determine relative order of priority for policy initiatives based on available resources
Vice Provost for Information Technology & Chief Information Officer (VP IT-CIO) Administer the IT Policy Program and approve and issue IT Policies 

Approve policies and policy actions
Policy Library Coordinator (PLC) Ensure that UW–Madison policies are up to date, well-written, and aligned with UW System Administration policy, Wisconsin state statutes, and other governing policies, rules, regulations, and laws
  • Provide expertise on Policy Library standards
  • Publish revised or modified policies to the Policy Library
  • Remove retired policies from Policy Library
IT Policy Staff Support IT policy development
  • Track review due dates and initiate review
  • Coordinate/facilitate overall review process (i.e., taking actions necessary to move policies between steps)
  • Identify relevant historical policy review records 
  • Facilitate working groups
  • Publish revised or modified policy-related documents to the Knowledge Base (KB)
  • Remove retired policy-related documents from the KB
  • Document and maintain records of reviews and their results
Technical Subject Matter Experts (SMEs) Apply technical or domain knowledge and experience with existing policy implementation to provide insights on policy applicability and validity 
  • Review policies and policy-related documents upon request
  • Recommend disposition following review (i.e., leave as-is, retire, modify, or revise)
PAT Portfolio Subcommittee

A standing subcommittee of the PAT charged with advising on the portfolio implications of any IT Policy development work, including making recommendations for the appropriate approach, scope, and proper portfolio fit of proposed policy work 
  • Conduct administrative review and recommend action
  • Review historical records
  • Identify appropriate SMEs for each policy
  • Communication/awareness planning and execution
  • Develop, review, and maintain tools (e.g., checklists, calendars)
Working Group

An ad hoc group of technical SMEs and other stakeholders formed to execute a policy modification
  • Review input on policy provided by SMEs and PAT Portfolio Subcommittee
  • Liaise with stakeholders and PAT
  • Draft and revise policy language

Definitions

For definitions please see the IT Policy Glossary.

Contact

Please address questions or comments to itpolicy@cio.wisc.edu.

Related References

IT Policy Glossary

UW-510 IT Policy Development & Management

IT Policy Procedure

UW-Madison Policy Library

Guidelines for Policy Development at UW-Madison (Policy Library)

UW-Madison Policy Retirement Request Form


Keywords:
policy procedure pat itc governance review periodic 
Doc ID:
156983
Owned by:
Heather J. in IT Policy
Created:
2025-12-01
Updated:
2025-12-01
Sites:
IT Policy