As a reminder, the February 2023 institution policy distribution includes one (1) revised policy, one (1) revised procedure, and one (1) new guidance document.
One (1) revised policy:
One (1) revised procedure:
One (1) new guidance document
Feedback on these items is due by 5:00 PM on Friday, March 10th, 2023.
Click on the links above to view the drafts and ensure that your feedback is captured for review during the post-comment period. Comments can include attachments, including word documents and PDFs.
Please find summaries of the items below.
DRAFT REVISED POLICY
SYS 1035 Package
The purpose of SYS 1035, Information Security: IT Asset Management to establish minimum requirements and responsibilities for the inventory and management of UW IT Assets. This policy revision was developed with a group of subject matter experts representing multiple institutions across UW System including UW-Madison, UW-Platteville, UW-Stevens Point, UW System Administration, and UW-Whitewater. The following revisions were made to the policy:
- Simplified the definition for IT Asset. Scoping statements within the definition were moved to Scope section of the policy, section 3. Examples of IT Assets were removed as these are covered in the Standard for the purpose of inventory requirements
- Added a definition for IT Inventory
- Added a requirement that institutions have documented processes for IT Asset lifecycle management for hardware devices
- Added a requirement that inventory of IT Assets must be kept up to date within a month of changes occurring
- Removed a provision which indicated UWSA would identify a system-wide standard IT management tool to be used by all institutions to account for their IT Assets
- Adjusted reporting requirements pertaining to IT Asset inventories
- Other minor clarifications, reorganizations, and adjustments
The following revisions were made to SYS 1035.A, IT Asset Inventory Standard:
- Procedure renamed from IT Asset Management Standard to IT Asset Inventory Standard
- Scope of the procedure was further limited to IT Asset inventory requirements. Previous sections for IT Asset provisioning and decommissioning, as well as reporting requirements, were removed and generalized in the policy
- Added a statement that IT Asset inventories do not need to be maintained in a single system. Inventories may be spread out across various systems and solutions
- Clarified that if an IT Asset detail is not applicable for a technology or implementation, then it is not required
- Based on feedback received from institutions, descriptive information was provided to identify the categories of IT Assets included in the IT Inventory
- IT Asset details were updated to align with current technologies
A guidance document was developed to highlight anticipated reporting elements for the annual reporting requirement defined in SYS 1035. Reportable asset items and details, including a template, will also be communicated to institutional stakeholders in advance of any reporting events (annual or ad hoc). No reporting will be required for institutions that utilize the central UW System asset management inventory, either directly or through an integration.
February Policy Action Summary
Please find attached the. It details policy work completed between January 7 and March 3, 2023. This includes one (1) revised Regent Policy Document, nine (9) revised UW System Administrative policies, and four (4) revised System Administrative procedures.
Revised Regent Policy Document
- RPD 13-5, Capital Projects Solely Managed by the UW System: Approval, Signature Authority, and Reporting
- SYS 435, Headquarter City & UW System Sponsored Events Policy
- SYS 605, Loss-Fund Operations
- SYS 625, Youth Protection & Compliance
- SYS 1000, Information Security: General Terms and Definitions
- SYS 1036, Information Security: Endpoint Protection
- SYS 1038, Information Security: Network Protection
- SYS 1211, Personal Holiday and Legal Holiday Administration*
- SYS 1254, Performance Management
- SYS 304.A, Fiscal Misconduct: Reporting and Review Process
- SYS 1038.A, Information Security: Network Protection Standard
- SYS 1040.A, Information Security: Privacy Procedure*
- SYS 1277.B, Compensation: Merit Pay
* indicates first notice of approval to campuses
FY2024 Policy Prioritization Process
We will be beginning our annual Policy Prioritization Process for FY2024 at the end of this month on March 31. This process begins with soliciting input from university stakeholders on policies/policy topics that they recommend be addressed in the upcoming fiscal year. More details will follow in the March university distribution.