Meeting Minutes & Action Items
Meeting
Name
UBCO SASI Functional To-Be Process Validation for Access and Identity
Management (AIM)
Date
December 15, 2015
Time
2:30 to 4:00 PM
Location
ART 102
Attendees
Name
Robert Eggleston
Title
Michelle Lowton
Director, Student Development and Advising, UBCO
Debbie Mason
Business Analyst, SASI
Vasu Narayana
Stephanie Oldford
Deloitte Consultant
Erin Shannon
Associate Director, Enrolment Services
Acting Dean of the Faculty of Creative and Critical Studies,
Associate Professor – English, UBCO
Academic Governance Officer, Enrolment Services
(comments received via email)
Agenda
•
•
•
•
•
•
•
Our AIM
Our Pain Points
Our Approach
Our Achievements
Our Work Progress
Our Future (Feedback/Concerns)
Our Guiding Principles (Group Activity)
#
Action Items
Raised by
1
Change management team to prepare
terminology documentation.
Marianne
Boyle
2
Review Guiding Principles feedback and
recommendations and respond
Erin
Shannon
Owner
Due Date
NOTES:
Our AIM:
 Create a framework to control access to the new SIS based on who a person is (e.g.,
admissions advisor) and what duties the employee performs.
Page 1 of 4
Meeting Minutes & Action Items

Refactor solution for Sauder and Grad to ensure that we have an holistic solution.
Our PainPoints:
 Paper Access Request Forms are confusing to fill in
 Partial HR Knowledge – status at UBC unknown, no notice of changes/departures
 Manual Provisioning – manual steps to avoid duplicate accounts, access is additive
 Manual De-provisioning – access not removed
Feedback: General agreement with painpoints.
Our Approach
Found we are unable to make sense of the SIS roles, and why people have the access they
have. Decision to:
 Look at other universities’ guiding priniciples
 Research case studies for controlling access. Best example: Pharmaceuticals / Siemens
case study where they did a business process review (BPR). Using this template, we
validated our processes (E.g. registering for a course, transferring credits) and identified
the people involved so that we could learn what the new SIS needs to do.
Our Achievements
 GRASP and Sauder are already operational.
 Campus Wide Login integrated with the new SIS so we know who is logging in. CWL
supports guiding principle that a person has one account.
 Controlled Access Behavior - use role groups to control what an employee, applicant
and/or student can see and do.
Feedback:
 How does that work? What will that look from a practical sense?
A1: We have created Web pages accessible from a URL (E.g. evision.as.it.ubc.ca).
You enter your CWL to access much like you do to access the current SIS. You do
not need to choose whether you are accessing a faculty or a student area. Instead,
you will be assigned roles based on what you need to do. If you are an employee
you see these areas of eVision, if you are student you see that, if you are both you
see both.
Our Work Progress
 Smart Form (online) is an option but we must consider legal requirement to capture
signature of approver for requests, FIPPA.
 Actor Catalogue – identifies our people, our processes and what tasks they are doing
in the student lifecycle. Actor Catalogue is based on the discussions in workshops.
What are actors? Actors group people at a high level (e.g. the “Dean” actor category
includes Dean, Associate Dean, Assistant Dean, Dean’s delegate etc.).
Feedback:
General discontent with paper form. How will a new online form would actually do
anything to fix the problems people have filling in the form?
 A1: Yes this is true. If a form option is pursued we would engage subject matter
experts to understand the business needs, and use our UX team resources to create
a dynamic form that shows or hides content based responses from the person
completing the form. We do appreciate that using a single form for all of our
scenarios is an imperfect solutio. We are thinking this would be better suited for
exceptions where we cannot know who will need a particular type of access E.g.,
permission to view aboriginal student records, or broad-based admissions
Page 2 of 4
Meeting Minutes & Action Items
reviewers. This is why our primary focus is to automate provisonining to the greatest
extent possible.
Our Future:
Eliminate where possible manual and confusing processes to manage accounts
 Shell Accounts – pre-emptive strike to create (migrate) employee accounts. Shell
account = employee has account in new SIS but no permission to do anything. Can
use employee accounts in SIS to inform us who may need account in new SIS.
 Reports – use HR/SIS information (e.g. create reports to find out which employees
have left the university).
 Account Management - leverage employee details to automatically grant or disable
access (to fullest extent possible).
Feedback:
 Q1: Complexity – Robert raised question on student taking a part-time
employment opportunity or an employee taking a course, how do we handle such
scenarios?
A2: We have validated that we can use rules to further control access to data,
E.g., if you are a TA you cannot change marks on a course you have taken.
Our 8 Guiding Principles
Discussion:
Feedback stats:
Individual Post-its provided with the following input received-1: (1) 2: (1) 3: (1) 4: (0) 5: (1) 6: (1) 7: (1) 8: (0) *9: (0)
1. Ensure the right people, have the right access, to the right information, at the right time.
 Who decides what is “right”?
A1:
 Systems and people both upstream and downstream elements need to be
evaluated
 Define rightness by starting with actors and gradually developing roles over a
period of time and usage pattern
 Define the right people based on the department, units they are employees of
 How do you define access around such multiple roles (E.g., Can a student who is TA
have access to grade roster?)
A2: Limit access based on enrolment history and rules for who may alter grades
 (via email from Stephanie Oldford) System can operationalize but not necessarily
make those judgement calls about who/what/when is right. There is a huge
governance/policy piece of work that needs to be done to make the principles work. It
may also be that I see access to viewing information as separate from processes and
functions that use the information
2. Maintain a single identity for a person in the student information system
 Question the difficulty with managing a single identity
3. Automate provisioning and de-provisioning access, where possible
 Some access may need to be reviewed before we automate.
A1: We can define which system/functional areas will have automated provisoning
and which will need approvals.
Page 3 of 4
Meeting Minutes & Action Items
4. Simplify end-user experience

5. Reduce account management overhead
 Concern around this principle, and it not to be used as a means to reduce payroll.
6. Be transparent and inclusive with partners
 Are we including students in decision making?
A1: We mentioned the student experience survey conducted by UX team as example
of our desire to engage students.
 Who are our partners?
A2: Our intention is to bring all groups involved in learning together into one system
and that our initial thought was that these are our partners. This question has been
raised many times and is may need further discussion/clarification.
7. Adherence to FIPPA and information security policies
 Need to monitor and review use of accounts
8. Monitor and review appropriate use and transaction of student data
 How will we track the student information (access to address, email, grades etc.)
and who can access/report on it?
9. General feedback

Page 4 of 4