/policies/,/policies/administrative/,/policies/administrative/uw-health-administrative/,/policies/administrative/uw-health-administrative/administration/,

/policies/administrative/uw-health-administrative/administration/156.policy

20170390

page

100

UWHC,UWMF,

Policies,Administrative,UW Health Administrative,Administration

UW Health Technology Request Policy (1.56)

UW Health Technology Request Policy (1.56) - Policies, Administrative, UW Health Administrative, Administration

1.56

Page 1 of 4


Administrative (Non-Clinical) Policy
This administrative policy applies to the operations and staff of the University of Wisconsin Hospitals and
Clinics Authority (UWHCA) as integrated effective July 1, 2015, including the legacy operations and
staff of University of Wisconsin Hospital and Clinics (UWHC) and University of Wisconsin Medical
Foundation (UWMF).
Policy Title: UW Health Technology Request Policy
Policy Number: 1.56
Effective Date: April 1, 2017
Chapter: Administration
Version: Revision
I. PURPOSE
This policy describes the approval process required for users who want to update, purchase, acquire,
install, or use any hardware or software technology that will be used on the internal UW Health network
or managed by UW Health Information Services (IS). Adherence to this policy protects UW Health
systems and data from security threats and meets the procurement requirements for all technology used
for UW Health clinical and business functions.
II. DEFINITIONS
Technology: UW Health IS defines technology as including, but not limited to, the following:
1. Computing hardware, including computers, servers, and other ancillary devices, that connect to
the UW Health network.
2. Applications, software, and services installed on or accessed from UW Health computers,
including cloud based applications and software as a service.
3. Corporate mobile devices, including smart phones and tablets, and any applications used on these
devices.
4. Corporate applications and data accessed from or installed on personal mobile devices, including
smart phones and tablets.
5. Clinical systems or equipment, instruments, or acquisition devices (i.e., radiology equipment and
modalities, ECG carts, etc.) that require a network connection or transmit data to the network.
6. Desktop and mobile telephones.
7. Audio/visual (AV) equipment.
8. Electronic media used in conjunction with any other technology on the UW Health network (i.e.,
flash drives, thumb drives, external hard drives, etc.)
End User: A person who uses UW Health technology or technology that attaches to the UW Health
network.
ServiceNow: An electronic system used by UW Health IS to track incoming service requests, including
hardware and software requests.

III. POLICY ELEMENTS

A. Submitting Requests
1. Capital budget requests are reviewed and approved as part of IS governance. If a
department knows the specific technology it intends to purchase at the time of budget

Page 2 of 4

review, they should submit a New Technology Request (NTR) in parallel with the budget
process to avoid delays and identify any issues as early in the acquisition process as
possible. If the specific technology is not yet known, departments may alternatively
request that staff from IS participate in early discussions about a new technology for the
same reason.
2. Before new technology can be attached to, placed on or used from the UW Health
network, the following three criteria must be met:
a. The user shall submit a new technology request to UW Health IS via
ServiceNow.
b. UW Health IS shall assess whether the new technology duplicates existing
systems, resource requirements to support the new technology, and any risks
associated with use of the technology.
c. When appropriate, UW Health IS shall advise the requestor, the requestor’s
management, and UW Health Compliance of IS department findings regarding
the new technology, and request a final decision on whether to proceed given
identified risks to the organization. New and existing technology may not be
installed without the help or authorization of IS.
3. End users are responsible for providing evidence to the Procurement Department of UW
Health IS review in conjunction with the requisition process. IS is under no obligation to
allow new technology that departments purchase without IS review to connect to the UW
Health network.
B. Timelines
1. The time required to review NTRs and fully deploy a new technology depends on many
factors, including the complexity of the technology and available resources.
2. Information Services will make every effort to provide estimated timelines after initial
review of a new request. Generally NTRs are evaluated within two months of
submission.
C. Configuration Standards
1. UW Health IS is responsible for determining standard configuration requirements for
technology connected to the UW Health computer network.
2. Technology that does not meet standard configuration requirements, such as vendor-
supplied hardware and configurations, may not be connected to the UW Health computer
network until evaluated and approved by UW Health IS.
3. Only technology that has been reviewed through the new technology review process may
be connected to the UW Health internal computer network.
4. Personally owned devices may not be connected to the UW Health internal computer
network, without exception.
5. UW Health offers free public wireless access via a separate network for devices not
owned and managed by UW Health.

IV. PROCEDURE

A. Requests for New Technology
1. End Users who wish to update, purchase, acquire, install, or use technology on or from
the UW Health network shall complete the new technology request form via ServiceNow
(Contact the Help Desk if you need assistance locating this form).
2. Only management staff or authorized delegates may submit requests.
B. UW Health IS Procedure for New Technology: Once a ServiceNow request for new technology is
received:
1. The IS Project Management Office (PMO) performs an initial assessment of the request
to determine assignment of the request to the appropriate ownership team. Ownership

Page 3 of 4

teams may be IS application teams, or other teams outside of IS who will be ultimately
responsible for ongoing support for the new technology.
2. The ownership team:
a. Reviews the request and ensures the request contains sufficient detail to facilitate
further review.
b. Follows up with the end user and vendor to gather technical and security details
applicable to the technology.
c. Determines the anticipated level of support needed.
3. After collecting technical and security details, the ownership team completes their review
in ServiceNow, which passes the request to the IS Security Consultant team.
a. The Security Consultant role is to identify and document any risks associated
with use of the new technology.
b. A Security Consultant will review the technical and security details associated
with the technology, request follow-up discussions with the ownership team and
vendor if needed, and document the security, privacy, and compliance risks in a
risk assessment for the end users’ consideration, further IS review, and ultimate
organizational risk related decisions.
c. If the Security Consultant team is unable to obtain sufficient detail to understand
and document risk, the new technology request will be returned to the ownership
team to either gather further data, or notify the end user that it is not possible to
proceed with the new technology review until the information is provided.
4. Upon completion of a risk assessment, the Security Consultants complete their review in
ServiceNow, which passes the request to the weekly IS Director’s meeting for Business
Case Review (BCR). IS Directors:
a. Review the request(s) to ensure the technology is business appropriate
b. Determine if there are existing enterprise supported technologies that serve the
same purpose
c. Determine technical support requirements of the technology
5. If the request does not pass the business case review, the request goes back to the
ownership team who will notify the requester and their management of the denial. The
ownership team will work with the requester to find an alternate solution, or to present
their case to Risk and Compliance for awareness and acceptance of organizational risk.
6. If the request is approved, it is forwarded to the UW Health IS Governance Committee
for evaluation of available resources and final review.
7. Upon completion of UW Health IS Governance Committee review, the end user’s
Director and Vice President receive the final IS recommendation and risk assessment,
and make the final determination on whether to proceed.

V. FORM

Complete the appropriate technology request form(s) via ServiceNow.

VI. REFERENCES

Administrative Policy 1.04-UW Health Workstation Security and Management
Administrative Policy 1.06-Electronic Media Handling, Destruction, and Disposal
Administrative Policy 1.46-UW Health Mobile Device
Administrative Policy 4.01-Contract Approval and Signature



Page 4 of 4


VII. COORDINATION

Sr. Management Sponsor: SVP, Chief Information Officer
Author: UW Health IS Director of Project Management; UW Health IS Director of Customer
Service
Reviewer: UW Health IS Directors

Approval Committee: UW Health Administrative Policy & Procedure Committee

SIGNED BY

Elizabeth Bolt
UW Health Chief Administrative Officer


Revision Detail:

Previous revision: 102015
Next revision: 042020