Topics Map > UW-Madison > IT > Policy Program

UW-Madison - Policy Portfolio List

A policy portfolio contains policies and related documents that can be managed as a group.


Table of Contents

  • These fifteen portfolios cover policies and policy-related documents that govern information technology and closely related subjects. Documents identified as "IT Policy" are developed and mantained by the Office of the CIO and are approved by the Information Technology Committee. Relevant documents from other UW-Madison Schools, Colleges and Divisions and from UW System are included in each portfolio. The Policy Planning and Analysis Team and the Office of the CIO cooperate with others to help ensure consistency.


Acquisition and Development

Acquisition and Development addresses the selection, acquiring or development of any IT asset, including hardware, software, data, and IT services. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

Related Documents


Configuration and Maintenance

Configuration and Maintenance addresses how IT devices and software are managed and maintained to ensure correct and secure operation. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

Related Documents

  • None

Contingency Planning

Contigency Planning addresses what is to be done to account for a possible situation or event, particularly ones that involve IT, that may be harmful or disruptive to operations. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

Related Documents


Copyright and Intellectual Property

Copyright and Intellectual Property addresses both the protection of UW copyrights and intellectual property, and respecting the copyright and intellectual property of others.

Policies

Related Documents


Data Management

Data Management addresses the data itself, rather than systems that collect, transmit, store, or process data.

Policies

Related Documents


Digital Accessibility

Digital Accessibility addresses access to electronic resources for people with disabilities.

Policies

Related Documents


Education, Training and Awareness

Education, Training and Awareness addresses IT-related information that faculty, staff, and students should understand in order to properly act within their role at UW. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

  • Accounting Services - Credit Card Merchant Services and PCI Compliance (training, disposal) (on bussvc.wisc.edu)
  • HIPAA (on compliance.wisc.edu)

    • 8.7 Destruction/Disposal of PHI
    • 9.1 HIPAA Privacy and Security Training
    • 9.2 Responding to Employee Noncompliance related to HIPAA
    • 9.3 Responding to Student Noncompliance related to HIPAA
  • IT Policy

  • UW System (on wisconsin.edu)

  • Related Documents


    Electronic Records Management

    Electronic Records Management addresses how electronic versions of public records are managed in compliance with relevant state and federal laws.

    Policies

    Related Documents


    Identity and Access Management

    Identity and Access Management (IAM) addresses online and physical access to assets and data, specifically how a person or resource is identified, the resoures that can be accessed, and what can be done with that access. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

    Policies

    Related Documents


    Monitoring and Mitigation

    Monitoring and Mitigation addresses how IT assets and resources are monitored for vulnerablities or unauthorized access, and how corrective action is taken. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

    Policies

    Related Documents


    Networking and Telecommunications

    Networking and Telecommunications addresses policies related to connecting to, using, and managing the UW-Madison network and telecommunications resources.

    Policies

    Related Documents


    Policy Program

    The Policy Program addresses development, publication, and revision of policies and related-documents.

    Policies

    Related Documents


    Privacy

    Privacy addresses the protection of privacy in an IT environment. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

    Policies

    • Faculty Senate - Access to Faculty and Staff Electronic Files Policy

    • HIPAA (on compliance.wisc.edu)

      • 2.1 Notice of Privacy Practices (NPP)
      • 3.2 Uses and Disclosures of Protected Health Information That Require Patient Authorization
      • 3.3 Uses and Disclosures of PHI Not Requiring Patient Authorization
      • 3.4 Uses and Disclosures of PHI That Require Providing Patient with an Opportunity to Agree or Object
      • 3.5 Uses and Disclosures of Protected Health Information for Education and Training
      • 3.6 Uses and Disclosures of Protected Health Information for Marketing
      • 3.7 Uses and Disclosures of Protected Health Information for Fundraising
      • 3.8 Minimum Necessary Standard
      • 3.9 Verifying Identity and Authority of Persons Seeking Disclosure of a Patient's PHI
      • 3.10 Designated Record Set
      • 3.11 Sale of Protected Health Information Generally Prohibited
      • 5.1 De-identification of Protected Health Information Under the HIPAA Privacy Rule
      • 5.2 Creation of a Limited Data Set Under the HIPAA Privacy Rule
      • 7.1 Requests by Patients for an Accounting of Certain Disclosures
      • 7.2 Requests by Patients to Amend Protected Health Information
      • 7.3 Requests by Patients for Alternative Confidential Communications
      • 7.4 Requests by Patients for Access to Inspect and Obtain a Copy of Protected Health Information
      • 7.5 Requests by Patients for Restrictions on Uses and Disclosures of Protected Health Information
      • 8.5 Security of Faxed, Printed, and Copied Documents Containing Protected Health Information
      • 8.6 Email Communication Involving Protected Health Information
      • 10.1 Complaints Under the HIPAA Privacy Rule
    • IT Policy - Collection of Personal Identity Information via Email

    • UW-Madison IT Professionals - Guidelines, Best Practices, and Advice (on it.wisc.edu)

    • UW System - 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions) (on wisconsin.edu)

    Related Documents


    Resource Management

    Resource Management addresses how UW-Madison manages IT resources.

    Policies

    Related Documents


    Risk Management

    Risk Management addresses how the protection of IT assets and resources will be balanced with the likelihood and impact of malicious activity and the ability of UW and its affiliates to carry out their missions. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

    Policies

    Related Documents


    Contact

    Please address questions or comments to itpolicy@cio.wisc.edu.

    References




    Keywords portfolio portfoliosDoc ID81655
    OwnerTim B.GroupIT Policy
    Created2018-04-18 12:12:41Updated2022-08-31 16:05:54
    SitesIT Policy
    CleanURLhttps://kb.wisc.edu/itpolicy/policy-portfolios
    Feedback  5   0