Revisions to two current policies are included in the scheduled January UW System Administrative Policy (SYS) institutional policy distribution:

To view and comment on the policies, please click on the links above. Please submit your comments (which may include attachments such as word documents, PDFs, etc.) through the links above. Doing so ensures your feedback is captured and reviewed during the post-comment period.

UW System Administrative Policies: January Policy Distribution

SYS 350, Payment Card Compliance Policy – Deadline for review February 8

  • Below please find a summary of the proposed revision to the policy:
    • Due to the relationship with some third-party entities, UW institutions may find it cost beneficial to allow these entities to remain on the UW network and comply with Service Provider requirements defined by the PCI DSS. This policy revision allows institutions to implement the information security measures needed to do so. The revised language can be found in the Section 6.A: Accepting Payments via Payments Cards.
  • The following general units/functions on campus are affected by the policy revision:
    • Chief Business Officers
    • Controllers
    • Chief Information Officers

SYS 1032, Information Security: Awareness – Deadline for review February 8

  • ​Below please find a summary of the proposed revisions:
    • Revised policy purpose to specify audience is employees and students and removed unenforceable language regarding a level of understanding.
    • Changed responsible UW System officer to AVP for Information Security.
    • Revised scope to apply policy to UW employees and students that have an institution email address.
    • Defined employee and non-public data. Removed definitions for low, moderate, and high-risk data. Adjusted definition for institution to reflect UW Colleges and UW Extension reorganization.
    • Revised policy statement to specify time frame for completion of security awareness training (fiscally).
    • Updated policy title for Regent Policy Document 25-3 to current policy title, throughout document.
    • Removed language requiring contractors, consultants, and business partners to abide to 25-3. This requirement should be included in 25-3, if at all.
    • Added language that employees, who are employed by more than one UW institution, are only required to take a security awareness training at one institution.
    • Other grammatical and sentence structure changes to promote a consistent message throughout the policy.
  • The following general units/functions on campus are affected by the policy revisions:
    • Staff
    • Faculty
    • Student Employees

Source: UW Policies
Revised Payment Card Compliance Policy and Information Security: Awareness Policies Proposed