Policies, Procedures, and Standards

Institutional Data Policy (UW 523) requires that access to protected institutional data be authorized and managed. In order to do so, there must be a standard for requesting access, determining whether authorization is granted, the rights and responsibilities that accompany authorization, how and when authorization may be revoked, and tracking and documentation of authorization.

Read the full Institutional Data Access and Authorization Standard (March 1, 2021)
Form: Request access to institutional data

What Data?
Standard applies to all products, systems, services, or applications that generate, collect, store, maintain, transmit, or record protected institutional data. This includes:

• Data Products (e.g., data visualizations, reports)
• Data Systems (e.g., SFS, HRS, Lumen)
• Data services or applications (e.g., Canvas, APIs)

Who this impacts?

This standard applies to ALL individuals who access protected institutional data for any purpose regardless of medium.

Who decides?

Authorization requests are granted or denied by the applicable institutional Data Steward or delegate. Appeals may be made to the applicable steward (if delegated) or the domain Trustee.

Based on what criteria?

Individuals will be authorized to access protected institutional data based on 1) the security classification of the data and 2) the stated business purpose of the need or intended use.

Data Stewards are required by UW System Administrative Policy 1031 to classify major data systems based on risk and to review the classifications annually. The four catagories are Public, Internal, Sensitive, and Restricted.

• Read the Data Classification descriptions
• Explore data within each data domain (click “Classification Rationals” in the table)

Institutional Data Policy (UW 523) requires that institutional data elements be documented and communicated to ensure transparency, clarity, shared understanding, replicability, and ease of use. To ensure consistency, data definitions of terms appearing in institutional data products must be reviewed and approved by data governance.

• Read the Institutional Data Definitions Procedure (March 2023)

Following approval, terms and institutional data products at UW Madison are cataloged and described in a metadata management software tool (Data Cookbook – request access) which powers our public-facing data catalog RADAR and associated glossary of terms and definitions.

Institutional Data Policy (UW 523) requires that institutional data sources, elements, processes, integrations, and products be documented and communicated. In order to do so, there must be a standard for determining what is subject to the documentation requirement, what constitutes sufficient documentation, and the roles and processes for creating documentation.

• Read the Institutional Data Documentation Standard (Feb 2022) which details and provides example documentation for:
  • Term – a unique word or phrase with a definition that has been formally adopted through campus data governance procedures
  • Institutional data product – dashboards, visualizations, reports, etc. based on institutional data sources and display or convey representations of institutional data)
  • Dataset – a collection of Data Elements and used to create an Institutional Data Product
  • Data Element – one part of a Dataset and is often synonymous with field name
  • Integration – such as an API that expose the datasets and elements in a similar way as an institutional data product
• Read the Implementation Statement

Data documentation software
Data Cookbook is a web-based software tool that UW-Madison uses for data documentation and data governance workflow (request access). Its database functionality stores definitions for our institutional data glossary and important documentation for institutional reports and dashboards. Its workflow functionality allows developers, data governance staff and Data Stewards to collaborate on and streamline approval processes

Institutional Data Policy ( UW 523) requires that institutional data be treated as a shared university resource and be responsibly managed throughout the entire data lifecycle. In order to do so, there must be a process for identifying, quantifying, prioritizing, and resolving data governance and data management issues in a timely way, which is established with this procedure.

• Read the Institutional Data Issue Management Procedure (March 1, 2021)
• Form: Report an institutional data issue

The Computer Logging Statement applies to computer systems and network equipment operated by the Division of Information Technology (DoIT).

•  Read the Computer Logging Statement

The Office of Human Resources maintains guidelines for HR and DEI professionals across
campus on how to request access to and properly use employee demographic data, including sex, race and ethnicity collected through voluntary self-identification.

• Read the Resources for Campus Use of Employee Demographic Data

The purpose of this policy is to provide Division of Facilities Planning & Management (FPM) employees with a process for providing access to, and distribution of, facility information, plans, data, documents, drawings and photos.

• Read the Distribution of Facility Data, Documents, and Graphics Information Policy

• Read the Learning Analytics Guiding Principles (May 2019)
• Read the Teaching and Learning Data Transparency Statement

These use guidelines are in place for use of name and pronouns in University systems and also setting campus and University expectations for such use and application.

• Read the Use Guidelines for Name and Pronouns in Use

The University Directory Service (UDS) provides applications and services at UW–Madison with demographic, role, and contact data to support identity management, authentication, and authorization.

• Read the University Directory Service (UDS) Responsible Use Policy

Wiscard photos are considered to be sensitive data according to the UW–Madison data classification policy.

• Release of Wiscard ID Photos to Applications Policy