Policy-based software

In principle and where reasonably possible, WU practices follow the principle of policy-based software. In essence, the software does only what the policy allows, and the policy is the same as what people may do on the software.

1. The software follows the structure of an organization, with each level having a different level of authority (e.g. central administrators, local administrators, faculty members, students).
2. Users are only able to access information to which they are entitled, and can only perform tasks for which they are authorized.
3. The stages in performing tasks are clearly defined in terms of what is to be done and who is to do it.
4. The software only allows permitted responses.
5. If a required field on a form is not filled in, the software will not accept the form.
6. Users cannot make unauthorized adjustments to existing data.
7. When a task can be automated, the software will do it without human input.

Adapted from "What Is Policy and What Can It Be?" Andrea Westerinen, VP of Technology, Senior Architect and Manager, Cisco Systems, IEEE Policy 2003 Conference.