June University Policy Distribution
The June university policy distribution contains four (4) revised policies and one (1) revised procedure.
Revised Policies
- SYS 185, Awarding of UW System Credit in Wisconsin Schools
- SYS 320, Internal Service Entities/Chargebacks
- SYS 1042, Information Security: Threat and Vulnerability Management
- SYS 1212, Sick Leave
Revised Procedure
Click on the link above to view the draft and ensure that your feedback is captured for review during the post-comment period. Comments can include attachments, including word documents and PDFs. Comments on SYS 185 are due by 5:00pm on Monday, June 23. Comments on SYS 320, SYS 1042, SYS 1042.A, and SYS 1212 are due at 5:00pm on Friday, July 11.
DRAFT REVISED POLICY
SYS 185, Awarding of UW System Credit in Wisconsin Schools
These policy revisions will be effective upon signature by the president.
Summary of Policy and Policy Revisions
This policy establishes academic and financial expectations for the UW System institutions and participating Wisconsin schools for credit-bearing courses taught in Wisconsin schools by school instructors that have been authorized to do so by a UW System institution. The following revisions have been made:
- In Section 6.C, language regarding the reimbursement of tuition was changed.
- “After this reimbursement, tuition will be assessed based on the tuition rates established in the prior academic year”.
- In Section 7, updated the format of the revision history dates to match other SYS policies.
- Throughout the policy, replaced the term “institution” with “university” where appropriate.
DRAFT REVISED POLICY
SYS 320, Internal Service Entities/Chargebacks
These policy revisions will be effective upon signature by the president.
Summary of Policy and Policy Revisions
The purpose of this policy is to standardize the methods of accounting for internal and external sales and services for University of Wisconsin (UW) System internal service departments. Proposed revisions are as follows:
- Added policy sections to align with current SYS policy template, including Section 1, Policy Purpose; Section 2, Responsible UW System Officer; Section 3, Scope and Institutional Responsibilities; Section 5, Definitions; Section 7, Related Documents; Section 8, Policy History; and Section 9, Scheduled Review.
- Removed Constraints section and moved content to Section 1.
- Removed Procedures section and incorporated content into Section 6.
- Throughout the policy, updated references to “internal service departments” to “internal service entities,” and references to “class codes” to “ledger account and revenue category.”
- In the first paragraph of Section 6.A, updated accounting code for General Administration and Logistical Services included under Institutional Support to the new code in Workday.
- In the second paragraph of Section 6.A, updated process for coding credits for interdepartmental transactions of internal service entities or storerooms which provide services to reflect the new process in Workday.
- Moved information about sales and services of an auxiliary enterprise from Section 6.B to Section 6.A. Updated accounting code for Auxiliary Enterprises to the new code in Workday and updated process to new process in Workday.
- In Section 6.A, added additional information about accounting for costs coded to internal service delivery expenses in Workday.
- In Section 6.B, clarified the process for coding sales and services for departments funded by General Purpose Revenue (GPR) and for departments funded by Program Revenue (PR).
DRAFT REVISED POLICY
SYS 1042, Information Security: Threat and Vulnerability Management
These policy revisions will be effective 6 months after signature by the president.
Summary of Policy and Policy Revisions
This policy and accompanying procedure sets expectations for how we identify and fix known security issues in our IT systems, keep software up to date, and stay aware of cyber threats; especially those targeting the higher education sector. This policy is being revised as part of a regularly scheduled review and to incorporate feedback received from campuses.
The most significant update to this policy is a shift to using a risk-based approach for vulnerability management. Rather than treating all technical issues the same, this approach helps campuses prioritize which vulnerabilities to address first based on how likely they are to be exploited, the potential impact, and how critical the affected systems are to operations. Previously, decisions were based mostly on external severity ratings, which don’t always reflect our specific campus environments; for example, whether a system is public-facing or supports essential services. This change supports more strategic use of time and resources and also aligns us with industry standards in this control area.
Finally, the remaining revisions primarily involve formatting, structural reorganization, and clarifications. For example, the original policy primarily referenced the procedure and lacked substantive standalone requirements; we’ve since moved key requirements into the policy itself where appropriate.
Proposed Policy Revisions:
- Reorganized and clarified the Policy statements to introduce and distinguish the core elements of the threat and vulnerability management program, including vulnerability management, scanning, patch management, penetration testing, and threat intelligence. Previously, the policy primarily referenced the standard for these elements. Key policy-level statements have now been elevated from the standard into the policy itself, while detailed implementation requirements remain within the standard.
- Improved the Background section to better reflect the policy’s alignment with the broader UW Information Security Program and evolving threat landscape.
- Reformatted policy layout and structure for clarity and consistency with other SYS policies.
DRAFT REVISED POLICY
SYS 1212, Sick Leave
These policy revisions will be effective upon signature by the president.
Summary of Policy and Policy Revisions
The purpose of this policy is to establish parameters for the administration of sick leave for all UW System employees. It covers sick leave eligibility, accrual, usage, and reporting.
This is a Workday-related update. Proposed revisions are as follows:
- In Sections 6.G.VI and 6.G.VII, add the requirement that FLSA-exempt university staff submit a monthly no-leave-taken report in the same manner as other FLSA-exempt employee groups (Faculty, Academic Staff, Limited Appointees).
- FLSA-Exempt university staff are not subject to the sick leave accrual penalty for non-compliance, as the related statute does not specifically identify their employee category (See Wis. Stat. §40.05(4)(bp).)
- This revision is tied to Workday’s rule system for leave management and the timekeeping treatment of FLSA exempt vs. FLSA non-exempt employees. FLSA-exempt university staff will receive reminders to certify no-leave-taken, but will not be subject to the statutory sick leave accrual cap.
DRAFT REVISED PROCEDURE
SYS 1042.A, Information Security: Threat and Vulnerability Management Standard
These policy revisions will be effective 6 months after signature by the vice president for finance and administration.
Summary of Procedure and Procedure Revisions
This procedure supports the policy SYS 1042, Information Security: Threat and Vulnerability Management and sets expectations for how we identify and fix known security issues in our IT systems, keep software up to date, and stay aware of cyber threats; especially those targeting the higher education sector.
Proposed Procedure (Standard) Revisions:
- Removed the following sections:
- A Roles and Responsibilities – Defining roles and responsibilities in a standardized way is challenging across campuses due to variations in organizational structure and how responsibilities are assigned.
- B.VI Documentation and Metrics – Documentation and metric requirements are now incorporated, where appropriate, into each respective policy and standard section.
- Emphasized a risk-based approach to vulnerability management, prioritizing remediation based on likelihood and impact of exploitation, asset criticality, and operational context.
- Clarified that remediation timelines begin upon initial detection and availability of a patch or viable mitigation.
- Clarified authenticated vulnerability scanning is a recommended best practice, with specific guidance on when it is recommended.
- Reformatted standard layout and structure for clarity and consistency with other SYS policies.
SYS Policy Approvals
On June 12, President Rothman approved the new policy SYS 405, Universities of Wisconsin Travel and Expense Policy, and revisions to the policy SYS 435, Universities of Wisconsin Business Meals and Events. He also approved the rescission of the following policies:
- SYS 405, Travel and Expense – General Travel & Expense Policy
- SYS 410, Purchase & Payment of Business Air Travel
- SYS 415, Purchase & Payment of Lodging
- SYS 420, Travel & Expense – Meal and Incidental Expense (M&IE) Per Diem Allowance Reimbursements
- SYS 425, Use of Personal Vehicles, Rental Case and Fleet for Business Transportation
- SYS 430, Travel & Expense – Purchase & Payment Miscellaneous Travel Expenses
On June 16, President Rothman approved the new policy SYS 195, Institutional Statements.
On June 17, President Rothman approved revisions to the policy SYS 1315, Patents and Inventions.
On June 18, President Rothman approved the rescission of SYS 616, University of Wisconsin Student Drivers Under the State’s Liability Protection. Chief Compliance Officer Smith also approved the new guidance for SYS 615: Guidelines for Students Driving Universities of Wisconsin Vehicles.
Given the volume of policy approvals, brief summaries of these items can be found on the June Distribution SYS Policy Approvals Page.
FY 2026 Policy Priorities Memo
Attached please find the . It provides an accounting of the policy work completed in fiscal year 2025 and notifies universities of the University of Wisconsin System Administrative (SYS) policies and procedures that are scheduled for revision or development during fiscal year 2026.
Upcoming Policy Effective Dates
The following policy revisions were previously approved by President Rothman and have upcoming effective dates. Please review the revisions in preparation for the upcoming effective date.
The policies and procedures below have effective dates of July 1, 2025:
- SYS 216, Academic Basis Pay Deferral Policy (approved May 22, 2025)
- SYS 312, Official Functions (approved May 30, 2025)
- SYS 324.A, Procedures for Interinstitutional Financial Transactions (approved May 28, 2025)
- SYS 330, Prizes, Awards, and Gifts (approved April 23, 2025)
- SYS 351, Purchasing Card Compliance Policy (approved June 5, 2025)
- SYS 351.A, University Card Procedures (approved June 5, 2025)
- SYS 352, U.S. Bank Shared Liability Card Policy (approved June 5, 2025)
- SYS 405, Universities of Wisconsin Travel and Expense Policy (approved June 12, 2025)
- SYS 435, Universities of Wisconsin Business Meals and Events (approved June 12, 2025)
- SYS 400 Series Policy Rescissions (approved June 12, 2025)
- SYS 1210, Vacation, Paid Leave Banks, and Vacation Cash Payouts (approved March 6, 2025)
- SYS 1211, Personal Holiday and Legal Holiday Administration (approved March 6, 2025)
- SYS 1212, Sick Leave (approved March 6, 2025)
- SYS 1238, Crafts Workers (approved March 6, 2025)
- SYS 1254, Performance Management (approved March 6, 2025)
- SYS 1277, Compensation (approved March 6, 2025)
The policy and procedure below have an effective date of August 1, 2025:
- SYS 1037, Information Security: IT Disaster Recovery (approved February 11, 2025)
- SYS 1037.A, Information Security: IT Disaster Recovery Standard (approved February 11, 2025)
Federal Fridays
The Universities of Wisconsin Federal Update Working group has a Federal Updates web page for the public to learn about the federal issues the UW is monitoring. The site provides a dashboard view of the various issues organized by topic, with a summary and links related to the topic.