Document 12045154

advertisement
Information Technology Services (ITS) External Review ITS Management Response October 25, 2010 ITS’ management response to the external review of services is presented in two sections:
• Section 1, below, is our response to the report as a whole.
• Section 2, starting on page 10, is our response to each of the 27 recommendations.
We thank the reviewers for their diligent work, their quick understanding of the university’s
IT environment and their insightful observations and recommendations. We appreciate that
their report challenges ITS as well as the university community to think differently about
strategic issues such as IT governance, funding and leadership as well as ways in which we
can improve IT service quality and/or reduce costs
ITS thanks the Provost and Vice-President Academic for undertaking the external review
and the CIO for his support for the review. We compliment the Assistant Provost
(Institutional Planning and Assessment) for handling the many logistics around the review
especially during a period in which the office was short-staffed.
ITS also thanks university leadership and our community for participating in the review. We
look forward to working with the CIO, stakeholders and the university executive on the
appropriate implementation of the recommendations.
1. ITS Management Response to External Review ITS is pleased with the report’s positive assessment of our services and our alignment with
university goals. Some of the positive comments include the following:
• “We were impressed with the many and significant accomplishments of ITS”
• “the CIO and ITS Director […] were frequently singled out as valued colleagues in our
interviews with campus stakeholders”
• “Several people commented on very positive improvements within ITS during the past
5 years”
The reviewers’ acknowledgement of the increasingly critical role of IT and ITS in achieving
the university’s strategic goals is particularly noteworthy. They state:
• “We believe that it is of increasingly critical importance that the UofS more clearly
position and support information technology strategy and the service functions of
University’s central unit, ITS, as strategic enablers whose primary purpose is to ensure
the achievement of the University’s overall strategic objectives.”
While the report identifies areas for improvement, the recommendations are for continuous
improvement rather than radical change.
• “the general tenor of this review report is developmental (improving through greater
adherence to standard/best practice) and not turn-around (which would imply the ITS
organization and the institution are at odds, requiring more radical action).”
ITS is also pleased that the review recognized the negative impact of the current distribution
of ITS employees in 22 buildings: “This appears to be an excessive level of resource
ITS Management Response to External Review Report
Page 1 of 17
fragmentation and almost certainly has negative effects on productivity, communication,
operational effectiveness and, probably most important, staff morale”.
ITS agrees with the eight strategic issues identified in the report as needing institutional
attention: IT Governance, IT Leadership, IT Funding, Enterprise Systems, Service Culture,
IT Standards and Service Offerings, IT Security, and IT Metrics. As with any strategic issue,
we note that these issues will not be resolved quickly or without significant effort, time and
resources.
For the past five years, EDUCAUSE surveys have identified five of the issues noted by the
review (IT Governance, IT Leadership, IT Funding, Enterprise Systems and IT Security)
among the top 10 strategic IT-related issues facing North American universities. Thus, it is
not a surprise that the review identified these as issues at our university.
The report highlights three of the strategic issues as “prerequisites – or at the very least, corequisites” to improvements in IT service delivery: IT Governance, IT Leadership and IT
Funding. We agree that these issues are important and propose that they be considered corequisites.
ITS agrees, in principle, with the 27 recommendations for improvement identified in the
report. However, we note:
• When considered collectively, the report’s recommendations signal a stronger central
role in IT governance and in IT service delivery. The direction to greater centralization
is also evident in the recommendations from efficiency studies recently completed at
Canadian universities. If the university does not accept this direction, implementing
many of the recommendations will be difficult and may not be effective.
While ITS believes there are opportunities for efficiencies by using a shared service
model for some IT services, we do not believe that a totally centralized IT environment
would best serve the university’s needs. We look forward to dialogue with colleges
and units regarding the appropriate roles and responsibilities for IT across campus.
• University resources are constrained and must be focused on implementing the
recommendations that provide the greatest benefit. This will determine which, and to
what extent, the recommendations are implemented.
• The report states that ITS will require additional resources to undertake some of the
recommendations. The university may determine that it is more strategic to invest
resources in other areas of the university than in these recommendations.
ITS’ response to the specific 27 recommendations follows in section 2 of this document. ITS
has also defined the actions it will undertake over the next six months to begin addressing
some of the report’s findings and recommendations. Those actions are outlined in section
1.1 ITS Action Plan.
The report makes three important observations regarding IT funding that are not articulated
directly in the recommendations. The observations relate to the “problematic” nature of
some IT expenditures, the need for a new funding model for core IT services, and the
university’s total IT expenditures (budget). ITS’ response to these three observations is
found in section 1.2 “Problematic” IT Expenditures, section 1.3 New Model For The
Delivery of Core IT Services and section 1.4 Total IT Expenditures (Funding).
The reviewers state that the CIO’s role at major American research universities extends to
teaching, learning, research and administration. They also state that the U of S’ job profile
for the CIO and AVP (ICT) position is consistent with this role.
ITS Management Response to External Review Report
Page 2 of 17
While reviewers recognized the CIO’s role in these areas, the review focused primarily on
administrative enterprise systems and core IT (infrastructure) services while being almost
silent on the application of IT in teaching, learning and research. Likewise the report did not
mention the IT training or IT support requirements of students, instructors, researchers and
staff.
In our response, ITS has assumed that the underlying principles and recommendations in the
report apply equally to the IT services that support teaching, learning and research as they
do to administrative systems. In the same manner, we assume that the IT services that
support teaching and learning (often called e-learning) as well as research would be
considered core IT services.
The CIO and ITS would therefore be responsible for providing and supporting the core
information technologies used in e-learning (e.g. Blackboard, PAWS course tools) and in
research (e.g. high performance computing) as is the case in other universities. However,
another unit or units outside of ITS would be responsible for the scholarship and pedagogy
of e-learning.
The report contains some minor inaccuracies regarding the details of the university’s IT
environment. For example, it states that the university does not have any IT standards and
that ITS charges fees for “phone services, email services, annual service fees for network
connections”; these statements are not totally accurate1. These inaccuracies are not
surprising given the short time the reviewers spent on campus and may represent
misconceptions held by some members of the community. While the inaccuracies overstate
the extent of some problems and overstate the benefits of some recommendations, ITS does
not believe they are material to the quality of the overall recommendations.
Some of the report’s recommendations are directed to the university executive. We
encourage senior executive leadership action and support to:
• approve and communicate the governance structure for IT at the University of
Saskatchewan. More than 12 of the review’s recommendations address IT governance
directly or depend on IT governance. It is important the university define which IT
decisions are considered institutional and which are considered local, as well as the
authority and accountability of deans, administrative unit heads, ITS and the CIO in
IT-related decisions.
ITS looks forward to providing input and participating in the discussions regarding an
IT governance structure. In the past, ITS has used a governance structure similar to the
one currently in use at the University of Illinois and outlined in Appendix A of the
report (figure 2) and is familiar with IT governance structures used at other
universities.
• provide additional funds where necessary to implement recommendations.
Recommendations 5, 10, 11, 12, 21, 22 and 23 call for more services to be centrally
delivered. The report noted the need for additional funding to implement some of those
recommendations.
• change the funding model so that core IT services are provided and funded centrally so
colleges and administrative units do not have to develop multiple systems and/or
services to address similar business needs. ITS recognizes that the U of S will be
1
IT standards are not communicated well; this can give the impression that the university does not have any
standards. ITS does not charge for basic phone service. ITS does not charge for email; we do charge for the
Exchange calendar/email service. ITS does not charge an annual fee for network connections.
ITS Management Response to External Review Report
Page 3 of 17
challenged, like other North American universities, to secure the funds needed to
deliver new core services as the university’s dependence on IT in teaching, learning,
research and administration grows.
• ensure that ITS is provided with the appropriate space to support its increasingly
critical and strategic role, as noted by the review, in helping the university achieve its
strategic goals. This role is not always reflected in discussions with respect to space.
1.1 ITS Action Plan (Next Six Months) ITS has defined the actions it will undertake over the next six months to begin addressing
some of the report’s findings and recommendations. A few of the actions will be completed
within this time period; other actions relate to continuous improvement and will be
undertaken over a longer period. While the number of actions defined is long, it should be
noted that ITS identified some of those actions prior to and during our self study, and that
we have already started work on some of the actions. ITS will:
• review, in consultation with colleges and administrative units, how IT services are
currently being delivered with the goal of improving service quality and/or reducing
cost (for example, reducing or eliminating the “problematic” IT expenditures and
duplicate IT services noted by the review). Some examples of recent service
rationalizations are outlined in section 1.2.
The Service and Process Enhancement Project, currently underway, may also provide
additional insight regarding the opportunities for quality and efficiency improvements
in university-wide IT processes.
• define, in consultation with stakeholders, core IT services that should be funded
centrally and provided to all students, instructors, researchers and staff. ITS will start
implementing the new core IT services identified, as resources permit.
(recommendation 11)
• expand ITS’ and the university’s use of the shared services model for the delivery of
IT services, as appropriate. (recommendation 4)
• publish and communicate the current IT standards and procurement contracts. ITS will
also consult with campus IT support staff and other stakeholders on a regular basis to
evolve both based on changing university needs and as well as changes in technology.
(recommendation 20)
• develop and present a proposal, for CIO and university executive approval, to
implement a campus-wide e-calendaring service that is integrated with email and that
has no user fees (late 2010 or early 2011). (recommendation 21)
• bring to the executive’s attention opportunities for more software site licenses along
with the business case to do so. The business case for a campus-wide site license for
Microsoft desktop productivity software will be presented in late 2010 or early 2011.
(recommendation 22)
ITS will also communicate the software licenses that are in place today and continue
investigating software license agreements that will meet changing university needs.
• continue improving the metrics and benchmarks ITS uses and adopt the TechQual
instrument for assessing the quality of technology services from the perspective of
students, faculty and staff. (recommendations 25, 26)
• develop and implement a communications plan to ensure that stakeholders and ITS
employees are aware of ITS’ plans, the linkage between those plans and university
priorities, the challenges facing the university relating to the application of IT, as well
ITS Management Response to External Review Report
Page 4 of 17
as ITS’ services, metrics, and contributions towards the university’s success.
(recommendation 27)
• continue to implement aspects of the ITIL IT service management (ITSM) framework
within ITS (as resources permit) focusing on the best practices that will return the
greatest benefit to the university. ITS will also continue to pursue opportunities to
partner with other units in their use of an ITSM. (recommendation 17)
• continue adoption of cloud computing including Software as a Service where it is costeffective to do so. ITS will also continue to expand use of server virtualization when
the application software will operate in such an environment. (recommendation 16)
• pilot the customer relationship manager role with a stakeholder group and gradually
add this role to other stakeholder groups. (recommendations 18, 19)
ITS will also work with the CIO and executive, as appropriate, to help address the report’s
recommendations relating to IT governance. As mentioned previously, ITS has experience
and knowledge in this area and looks forward to participating in the discussions relating to
IT governance.
1.2 “Problematic” IT Expenditures The report states that some of the university’s IT expenditures are “problematic”. The
primary example of problematic expenditures is the development of multiple systems and IT
services that address “marginally different needs”.
ITS agrees with the report that the development of multiple systems and IT services that
address “marginally different needs” is “wasteful”.
ITS will continue to work with colleges, administrative units and the executive to reduce the
number of such systems and to avoid the development of new systems and IT services that
address similar business needs. Some examples of recent service rationalizations (and
collaborations) are outlined below.
• The College of Arts and Sciences has agreed (June 2010) to use the campus email
service and to discontinue providing its own service once ITS implements a
replacement technology for its current email service2.
ITS is working with IT staff in Arts and Sciences and other colleges to select the
technology that will be used for the new email and e-calendaring service. These
discussions will be extended to define a new shared services model for email.
• The department of Computer Science discontinued using its Central Authentication
Service (CAS) in favour of the campus CAS supported by ITS (August 2010).
• Edwards School of Business has agreed (September 2010) to use the campus Exchange
integrated calendar and email service instead of operating its own service when ITS
establishes it as a core service (without user fees).
• EMAP and ITS have developed a shared services model for supporting podcasting,
lecture capture/playback, web and videoconferencing technologies used by instructors
for teaching (August 2010). Discussions are underway to extend that model to all
technologies used in classrooms.
2
It makes sense for the college to wait for ITS to implement the new email system before switching so faculty
and staff will not have to learn two new email systems in a short time period; ITS’ current email system will
be replaced in the next year.
ITS Management Response to External Review Report
Page 5 of 17
• ITS will provide end-user support, using a shared services model, for the specialized
software that will be used in the interdisciplinary Experimental Decision Laboratory
that is being planned at the university.
• Several colleges and administrative units have agreed to use the same system ITS uses
for problem tracking rather than acquiring their own systems. ITS’ system supports the
ITSM framework recommended in the report. System implementation in units outside
of ITS will start in fall 2010.
The report states that the development of multiple systems and IT services that address
marginally different needs is a “symptom of a lack of effective IT governance” (for
example, the student information system for the College of Law and multiple CV
management systems). Effective IT governance would determine whether a college’s or
administrative unit’s needs are “marginally different”. The university would be able to
reduce IT expenditures by not permitting colleges and other units to implement local
solutions when their business needs could be largely met by an institutional service.
The report identifies three other issues that are problematic: lack of IT standards, the
absence of a campus-wide electronic calendaring service and not enough software site
licenses. ITS’ detailed response to the three recommendations (20, 21, 22) relating to these
issues is found in section 2 of this document. ITS’ action plan (above) also addresses all
three issues.
The Service and Process Enhancement Project, currently underway, may also provide
further insight regarding opportunities for quality and/or efficiency improvements in
university-wide IT processes. ITS is engaged with PricewaterhouseCoopers in their work
and looks forward to their recommendations.
1.3 New Model For The Delivery of Core IT Services The report recommends that the core IT services required by students, instructors,
researchers and staff be funded centrally and be provided by ITS. ITS agrees.
The central provisioning and funding of core services will also help avoid, or at least
significantly reduce, the development of multiple systems and IT services that address
similar business needs. Colleges and administrative units would generally not develop local
solutions if core campus services that met their teaching and learning, research and
administrative needs were available.
While the report cites the student information system for Law as “wasteful”, this system is
also an example of colleges and administrative units having to develop their own solutions
when the campus solution does not meet their needs and when resources are not available
centrally to add the missing functionality into the campus system. This and similar systems
in Medicine, WCVM and Graduate Studies and Research provide functionality that is not
available in the university’s student information system (SiRIUS). Colleges and
administrative units also develop local solutions when core IT services are not available or
do not meet their needs in areas other than the student information system.
ITS notes that it is extremely important that core IT services address emerging business
needs in a timely manner because once a local solution is in place, the cost for a college or
administrative unit to convert to a newly developed institutional solution is often
significantly higher than the cost of continuing to operate their local solution. Local
solutions can thus prevail for many years after an institutional solution is made available.
ITS Management Response to External Review Report
Page 6 of 17
The report recognizes that ITS would require additional resources to deliver more core IT
services (recommendations 10 and 11). ITS agrees with this assessment. New IT-based
services cannot be delivered and supported without additional funds in the same manner that
new buildings cannot be constructed and maintained without additional funds.
The report suggests a “reallocation of (IT) budget to ITS from other units” as a means to
provide the additional resources required to deliver core IT services centrally. ITS believes
that such a reallocation would be insufficient to deliver, at an institutional level, all services
that are currently provided locally3. Additional central funds would therefore have to be
allocated to implement the proposed model for the delivery of core IT services.
ITS understands the challenge that the reallocation of additional university funds towards
the central delivery of core services brings, especially given current enrolment and budget
projections. However, if the university does not allocate sufficient funds towards the
provision of core IT services centrally:
• colleges and administrative units will continue to develop multiple local solutions.
This has occurred in the past in the area of email and portal. It is happening today in
wireless network access and may soon happen with collaborative workspace software
(e.g. SharePoint). We continue to be at risk in all unmet IT service areas including elearning, workflow and document management.
• the university will continue to have an IT environment that (according to the report)
favours “local optimization at the expense of the global good”, that does not permit
easy sharing of data, that creates disparate levels of service across the university, that
increases the university’s risk relating to IT security and that results in the “wasteful”
use of resources through the development of multiple IT systems and services” that
perform similar functions.
1.4 Total IT Expenditures (Funding) ITS believes that the U of S’ current level of IT funding is insufficient to implement all of
the report’s recommendations4 and to deliver the emerging IT-based services being
requested by students, instructors, researchers, staff, colleges and administrative units.
IT funding has been identified most often as the top strategic issue relating to IT in North
American universities for the last 10 years (annual EDUCAUSE surveys). Since campuswide IT expenditures at the U of S are comparable to those of other universities, the U of S
faces the same challenges as other universities in maintaining existing services and
delivering new services that depend upon IT.
3
Some local services require only a small fraction of a FTE for operations. It would be difficult for colleges
and administrative units to reallocate that fraction of an FTE to ITS.
Once a local IT service is developed, colleges and administrative units allocate few resources towards its
operation and evolution. Those resources would be insufficient to develop an institutional service to replace
the local solutions. This would be especially true if a only small number of units have implemented local
solutions and the enterprise solution must serve all campus units (the cost to develop a new system or service
is significantly higher than the cost to maintain a local solution).
The cost for a college or administrative unit to convert from a local solution to the use of an institutional
service can be significant. In most some cases, it will take colleges and administrative units several years to
realize a ROI from the change to an institutional service. Resources may not be available for reallocation
until units realize the ROI.
4
For example, to provide a campus-wide e-calendaring service, to provide more site-licensed software and to
hire the additional staff recommended for the Office of the CIO.
ITS Management Response to External Review Report
Page 7 of 17
The funding challenge at the U of S is evident by the backlog of projects that require
additional investment in IT to complete, as well as the list of emerging projects that do not
have a funding source. Some of those projects are outlined in Figure 1 below. Even after
stating that total U of S IT expenditures are “not out of line with other universities”, the
report recommends additional investment in the creation of at least three new positions in
the office of the CIO (Security Officer, Enterprise Architect and Project Management
Office).
The university will continue to become more dependent upon IT in everything it does. IT is
essential to the operation of any university; the effective application of IT in teaching,
learning, research and administration is strategic to the university’s success (and some
argue, even its future). This will result in a demand for more services that depend on IT. The
university will have to increase its investment in IT to address this demand as it has done in
the past (university IT expenditures have doubled in the last decade).
ITS recognizes that increasing the university’s investment in IT will be challenging given
the current enrolment and budget projections. However, the university must make additional
investment in IT to take advantage of the contributions that IT makes towards the
university’s strategic goals and long-term success, To ensure university investments in IT
are aligned with the needs, priorities and resources of the institution, the university’s IT
governance structure must be connected to PCIP.
Figure 1: Partial list of current and emerging projects that rely upon IT and that do not
have the funds required for completion. Note: while these projects are often
labeled as IT projects, they are actually teaching, learning, research and service
delivery projects that require IT.
Projects Requiring Funding to Complete
• Provide academic advising and degree audit
tools to help students and their advisors
negotiate the university’s curriculum
requirements (Degreeworks).
• Reduce the time employees spend scheduling
meetings (provide and support a university
electronic calendaring service).
• Provide and support new technologies used
for teaching and learning (e.g. lecture capture
and review; web and video conferencing,
online exams).
• Complete development of a tool to obtain
student feedback on teaching quality and
effectiveness (SEEQ).
• Enable students, instructors, researchers and
staff to access course information, email,
calendars and other university and Internet
services using laptop computers and other
mobile devices from anywhere on campus
(wireless network project).
• Support university research that requires high
performance computing. (The operating
funds secured for the WestGrid project are
insufficient for the project’s five-year life.)
Emerging University Needs
• Expand services to students and staff on mobile
devices (iUsask evolution).
• Replace/upgrade the system used to admit
graduate students and to help graduate chairs,
secretaries and faculty supervisors track students’
program progress (Graduate Student Information
System project).
• Develop tools to track and report on the use of
copyrighted material in courses (may be required
to ensure that the U of S is in compliance with
new regulations proposed by Access Copyright).
• Support online collaboration. Several units are
interested in using SharePoint, a leading
candidate in this area. If a campus-wide service
is not provided soon, units will establish their
own (multiple) services.
• Implement an Access Control Security System to
provide secure electronic access to doors and to
improve video surveillance in key campus areas.
Project will require enhancement of the campus
network and the university’s identification and
access management system.
• Reduce the university’s risk of service
disruption, litigation and damage to reputation
ITS Management Response to External Review Report
Page 8 of 17
that may result from IT security breaches, the
distribution of illegal or copyright-protected
material using U of S IT facilities, and the
disclosure of confidential or personal
information.
• Implement and support an online research
administration system to help the Office of Vice
President (Research) and university manage
research grants and contracts.
• Reduce the university’s risk related to internal
and external events that may significantly disrupt
normal operations and improve the university’s
ability to resume operations should such an event
occur (business resiliency and continuity
planning). Since IT is a critical component of
almost all university activities, additional
investment in IT will be required to reduce the
university’s risk and improve its recovery
capabilities.
ITS Management Response to External Review Report
Page 9 of 17
2. Detailed Response to External Review Recommendations 2.1. IT Governance R1. Create a formal IT governance structure to develop policies and procedures, monitor
and enforce the policies, approve and prioritize work, promote informal discussions,
and arbitrate disagreements.
R2. Develop governance practices that clearly differentiate and assign responsibility for
governance, service delivery and departmental roles.
R3. Set as a goal that the governance model will leverage the information assets of the
UofS, reduce expenditures and improve operations.
More than 15 of the review’s recommendations are directly related to IT governance or
depend on IT governance. The university’s IT governance structure must be understood and
widely accepted before many of the recommendations can be implemented.
ITS supports a review and revision of the current IT governance structure and looks forward
to participating in that process. The revised governance structure should:
• ensure an appropriate campus-wide perspective in decisions related to IT;
• ensure strong linkages between IT governance and overall university governance
(i.e., PCIP, Council, Deans Council, Board of Governors);
• clarify the role and authority of the CIO, ITS, colleges and administrative units with
respect to decisions relating to IT.
The report’s recommendations signal a stronger central role in decisions relating to IT. It is
not clear if the report’s direction aligns with the University of Saskatchewan’s governance
structure in terms of the balance between centralized and decentralized decision making.
While ITS believes there are opportunities for efficiencies by using a shared service model
for some IT services, we do not believe that a totally centralized IT environment would best
serve the university’s needs. We look forward to dialogue with colleges and units regarding
the appropriate roles and responsibilities for IT across campus.
R4. Develop a shared service model that contains the elements of price transparency,
service culture, good business process, standardization, continuous improvement and
responsiveness.
The shared services model is an evolution of the federated model for IT service delivery that
is currently in place at the university. ITS is using the shared services model for some
services. In consultation with stakeholders, ITS will formally develop the model and apply it
to other IT services as appropriate.
R5. Determine a process to recognize innovative solutions that solve problems at a local
level and systematically promote them to university-level shared services.
ITS supports this recommendation. Some recent examples of local innovative solutions that
are now being used to meet institutional needs include the SEEQ survey tool, iUsask and the
Matterhorn lecture capture system.
The process of promoting a local solution must consider any costs that will be required to
enhance the local solution to meet campus needs as well as the cost to operate, support and
evolve the solution at the institutional level. The enhancements may include use of
institutional (not local) data stores and enterprise (not departmental) business processes.
ITS Management Response to External Review Report
Page 10 of 17
2.2. IT Leadership R6. Communicate and reinforce the CIO’s role at UofS, highlighting the institution-wide
strategic and operational mandate of the position.
R7. Explicitly empower the CIO to propose policies and standards, set priorities, allocate
resources, and ensure accountability for major IT campus investments in information
technology, systems, and services.
R8. Hold the CIO accountable for the judicious exercise of this level of authority and the
major deliverables of the IT strategy.
R9. Immediately create a position profile for the ITS Director.
To clarify the ambiguity that appears to be present regarding the role of the CIO, the
university should validate the job profile of the CIO (including authority and
accountabilities) and communicate it to campus as recommended in the report.
The ITS Director will work with the CIO and HRD to develop a job profile for the Director
position.
While a number of IT planning documents exist, the reviewers heard from variety of campus
stakeholders that the institution needs a campus IT strategy. ITS has also heard statements
that suggest that some members of the community feel the university needs an overarching
strategy and plan for IT, and that in the absence of one, they perceive IT as a series of
unconnected projects and funding requests.
ITS recognizes that it needs to take a more active leadership role in the planning of IT
services on campus. ITS will continue improving the communication of its plans, the linkage
between those plans and university priorities, its metrics, challenges and contributions
towards the university’s success. ITS will also consult more broadly with the community
regarding their IT needs.
ITS proposes that it be considered a ‘planning entity’ for the Third Integrated Plan. This
would provide ITS an opportunity to inform the campus community about our plans and to
become better informed about other units’ plans.
R10. Establish institution-wide roles in the following areas, each reporting directly to the
CIO:
a. Enterprise Architecture
b. Project Management
c. IT Security
Recommendation 10a is closely related to recommendations 13, 14, and 15. ITS suggests
that a decision on the Enterprise Architect position be made after the governance structure
for administrative systems is defined (recommendations 13, 14).
ITS suggests that a decision regarding the establishment of a Project Management Office
(recommendation 10b) be deferred until a decision is made regarding the CIO’s role in the
area of administrative enterprise systems (recommendation 15) and discussions of
appropriate governance have developed sufficiently to define the role of that office.
ITS supports the creation of a new senior position with responsibility for IT security and
reporting to the CIO. Since recommendations 23 and 24 relate to IT security, a more
complete response regarding recommendation 10c is found there.
ITS Management Response to External Review Report
Page 11 of 17
2.3 IT Funding R11. The University should identify a core set of IT services that are to be provided to all
faculty and staff. These should not be subject to fees but rather should be funded
centrally through ITS. As a minimum, these should include local phone service (and
perhaps a base amount for long distance service), voice mail, email and calendaring
service, and access to the internet.
ITS supports this recommendation and believes that, if implemented, it can quickly and
significantly improve IT services on campus and contribute towards clarifying the
university’s IT governance structure.
We believe that the best way to avoid or at least dramatically reduce the development of
multiple systems and IT services is to provide core IT services centrally. If those services
were available centrally, colleges and administrative units would not have to invest in
multiple, local solutions to meet their business needs.
We note however that the review states that ITS will require funds to implement this
recommendation.
R12. The University should consider implementing an institutional desktop roll-over
program, where workstations (or laptops if that is the platform used) are replaced on a
regular cycle. This program should be centrally funded and managed through ITS.
ITS believes it is worthwhile to consider an institutional desktop rollover program.
ITS is prepared to work with stakeholders to determine the cost and benefit of such a
program and how it might be funded. This information and a recommendation of whether to
proceed with implementation or not will be presented to the executive for consideration and
approval.
The desktop program for new faculty and the faculty desktop replacement program are good
starting points for discussions around an institutional program.
2.4 (Administrative) Enterprise Systems R13. Vest authority for enterprise system planning, implementation, operation and support
with the CIO, in partnership with identifiable business owners.
R14. Consolidate enterprise systems technical staff resources within ITS.
R15. Charge the Enterprise Architect (see Recommendation 10a) with developing
architectural roadmaps for the major systems, including standards and products that
will ensure business agility a reasonable cost. We hope it goes without saying that
these roadmaps should be developed in consultation with business owners and endusers.
Recommendations 13 and 14 are statements of IT governance with respect to administrative
systems. Administrative systems typically include the student (SiRIUS), finance (UniFi),
HR/Payroll (About-Us) and alumni/fund-raising (U-Friend) systems. At some universities,
they may also include systems used by facilities management, the library, research
administration, classroom scheduling and others.
ITS encourages the university to resolve the governance issues relating to administrative
systems. We look forward to participating in discussions regarding their resolution.
ITS Management Response to External Review Report
Page 12 of 17
These recommendations reflect the roles of the CIO and ITS at most North American
universities. It would be rare to find a CIO position or central IT unit at another university
that does not have responsibility for enterprise administrative systems. We also note that a
portion of the proposed governance model is already in place; many of the enterprise
systems technical staff are ITS employees.
We suggest that a decision on the Enterprise Architect position be made after the
governance structure for administrative systems is defined.
Because the U of S uses three different technologies for its four administrative systems
instead of one technology, the U of S would not realize all of the benefits outlined in the
review from implementing these recommendations, benefits that would be attained at other
universities that use only one technology.
R16. Look for opportunities to partner with other institutions or firms in provisioning
Software as a Service (SaaS) as an alternative to operating all systems locally. The
SaaS could enhance service levels, would provide greater cost predictability, and
should act as a mechanism to refocus management attention to innovation in other
domains.
ITS and other campus units are already using SaaS, and cloud computing in general, to
deliver services where it is cost-effective to do so.
Using SaaS for the university’s administrative systems is not cost-effective today (based on
the experience at another university, we estimate that the U of S cost to use SaaS would be
double that of providing the service ourselves). Discussions between the U of S and the
University of Regina have also concluded that operating separate systems at each institution
would be more cost-effective than using a shared services model between the two
universities (due to different business models and customizations).
SaaS and cloud computing also make it more difficult for the university to address data
privacy and data ownership because other organizations and legal jurisdictions are involved.
ITS will continue to look for opportunities to use SaaS and cloud computing. While we
don’t expect SaaS will be cost-effective for administrative systems during the next two to
three years, we expect to use SaaS and/or cloud computing for other IT services. For
example, ITS is currently evaluating the use of Live@edu and Google for email.
2.5 Service Culture R17. The CIO should engage the appropriate campus stakeholders in planning, resourcing,
and implementing an IT service management framework, with initial emphasis on the
service support disciplines. The framework should be adopted throughout ITS. The
standards and toolsets should be made readily available to other IT units across
campus.
ITS will support the CIO in planning, resourcing and implementing an IT service
management (ITSM) framework for the university. Implementing an ITSM framework
within ITS or across all campus IT groups will be costly in terms of software, staff training,
consulting and staff time (it is akin to ISO certification).
ITS adopted ITIL as its ITSM framework. Software that supports some of the ITIL service
management processes has been purchased and implemented throughout ITS. Discussions
are underway with colleges and administrative units who also want to use this software.
ITS Management Response to External Review Report
Page 13 of 17
ITS will continue to implement ITIL5, as resources permit, focusing first on the best
practices that will provide the largest benefit to the university in terms of improved service
quality, improved service alignment and efficiency. ITS will also continue to pursue
opportunities to partner with other units in their use of an ITSM
Further implementation of ITIL will require the purchase of additional software modules to
support more ITIL processes, additional staff training regarding ITIL and staff time to
implement the ITIL processes. Given resource constraints (implementing an ITIL process
requires significant staff time and staff are busy in IT service delivery and support), IT
departments at other universities implement additional ITIL processes over a two- to threeyear time period. ITS will adopt the same strategy.
R18. In concert with the roll-out of an IT service management framework, define the role of
Service Manager within ITS and pilot its use with a cohesive set of stakeholders. The
business owners of enterprise systems might be a good group to work with in this pilot.
R19. Refine the Service Manager role based on experiences with the pilot, and gradually add
these roles to other stakeholder groups as a continuing complement to best practices
followed in the IT service management framework.
The report seems to use the terms relationship manager and service manager
interchangeably. We believe that term relationship manager is more appropriate for the role
described in the report. Therefore, we use that term in our response.
ITS has implemented aspects of the relationship manager role in some client areas.
However, we have not formally defined or supported this role well.
ITS will pilot the role of relationship manager with a stakeholder group. This role will be
extended to other stakeholders based on the lessons learned (including cost benefit) from the
pilot project.
2.6 IT Standards and Service Offerings R20. Vest the authority for campus-wide IT standards with the CIO. Distributed IT units
should be expected to adhere to established standards and should be actively
consulted in the creation and development of standards.
ITS supports this recommendation and will assist the CIO in developing and promoting
campus-wide IT standards.
We note that standardization may sometimes be in conflict with other institutional priorities
such as budget reduction, and as a result, standards are not followed. To cut costs, colleges,
departments and administrative units may resort to buying the cheapest equipment available.
This reduces their purchase cost (local optimization) but may not address the global good
(lower support costs due to standardization).
Executive support will be required to address this issue. Support may include policies or
incentives to support standardization. The faculty desktop computer programs provide
5
ITIL is the most commonly used IT service management framework in North America as well as in other
countries. This comprehensive framework provides best practices for improving (approximately 25)
processes related to IT Service Strategy, Service Design, Service Transition, Service Operation and
Continual Service Operation. Organizations are encouraged to implement this framework by starting with
the processes whose improvement would provide the largest benefit to the organization.
ITS Management Response to External Review Report
Page 14 of 17
incentives to colleges to purchase standard computer configurations. This standardization is
supported because it serves the best interest of both colleges and the university.
We note the following should be considered when defining IT standards:
• Standards must support the university’s diverse needs in teaching, learning, research
and administrative activities. Standards that establish a single choice for one product
will rarely meet university needs.
The foremost example of this is desktop computing where selecting only the Windows
(or the Macintosh) platform as the campus standard would not effectively meet
university needs. Even accepting these two platforms as standards, no single model
would meet the needs of administrative support staff and researchers in different
disciplines.
• Standards must allow opportunity for innovation. This is especially important in
hardware and software related to teaching and research. Without this flexibility, for
example, the university would not have the iUsask mobile application.
• The university is involved in collaborative projects and initiatives with other
organizations. We will often have to follow their standards rather of our own in order
to be successful in those endeavours.
• Complying with standards will increase costs to the colleges, departments or
researchers who will have to upgrade or change their technology to adhere to the
standards.
R21. Develop a plan and implement full enterprise email, calendaring and associated
services for all employees of the UofS. Baseline services should not be subject to
charge-backs, but end-users should also have the option to pay for enhanced services.
ITS agrees with the recommendation and is investigating a number of options for a campuswide calendaring and email service. A proposal regarding the preferred solution will be
presented to the CIO and university executive for consideration and approval in fall 2010.
Initial estimates indicate that regardless of which option is selected, additional central funds
will be required to cover the incremental cost of providing this service (without user fees).
R22. Define a more comprehensive program for software site licensing that ensures endusers have access to the productivity tools they need at a cost that is reasonable for the
institution to bear.
Where it is cost-effective for each unit, colleges, administrative units and ITS have
participated in site software site licenses.
ITS supports a more comprehensive software site licensing program – in other words,
making more software available to faculty and staff in colleges and administrative units
without a user fee (as a core IT service). To do so would however increase the university’s
total cost of software and would require additional central funds.
A case in point is the Microsoft Campus Agreement. A campus-wide site standard license
would cost the university approximately $350,000 per year (the enterprise license would
cost approximately $400,000). Under the current model, colleges and departments are
paying about $180,000 annually through user fees; another approximately $50,000 is being
spent yearly on Microsoft desktop licenses outside of this agreement. The annual
incremental cost to provide a campus-wide license would be approximately $120,000
($170,000 for the enterprise license) if all units that are now paying for these licenses
ITS Management Response to External Review Report
Page 15 of 17
reallocated that budget towards a campus-wide license. However, units may not want to
transfer their budget towards an institutional solution (campus-wide license) if others will be
able to use the campus solution without any budget transfer; units may also not want to
transfer their budget because of a concern that their needs may not be met by the central
solution in the long-term.
The above example demonstrates that the university is getting the best value for its IT
investments (from a license cost optimization perspective). On the other hand, the
calculation above does not include other benefits that would accrue to the university from a
campus-wide Microsoft license for everyone. For example:
• Units that currently do not subscribe to the Microsoft agreement, and individuals
within those units, would spend less time looking for alternative sources for licenses;
• Colleges and administrative units would spend less time (therefore cost) supporting
multiple software versions;
• There would be fewer interoperability problems as everyone would have access to the
same software version;
• Faculty and staff would not have to make do with software that may not support their
job functions in the best way;
• It would be simpler and less expensive incrementally to deliver new core services
(e.g. collaborative workspaces, Exchange) that depend on everyone having a
Microsoft desktop software license.
ITS will:
• publish the software license options that are available to the campus and continue
investigating new software license agreements that will meet the university’s needs
most cost-effectively.
• bring to the executive’s attention opportunities for more software site licenses along
with the business case to do so. The business case for a campus-wide site license for
Microsoft desktop productivity software will be presented by early 2011.
We also propose that the university fund a software license coordinator within ITS. Such a
position is common at many universities. This position would save the community time
investigating, negotiating and managing software contracts.
2.7 IT Security R23. Create a senior level role of Information Security Officer (or other appropriate title as
seen fit) with full-time responsibility for IT security at the UofS. The ISO should be a
direct report to the CIO.
R24. Charge the ISO with developing an IT security framework for the campus, in concert
with other IT units and key stakeholders. The framework should clearly identify the
risk/benefit trade-offs that are relevant to the UofS so as to guide appropriate resource
allocation.
ITS:
• supports the creation of an Information Security Officer position reporting to the CIO.
While IT security is one of the responsibilities of IT support staff in ITS, colleges and
administrative units as well as of all IT users (students, instructors, researchers and
staff), it is currently not the full-time responsibility of anyone.
ITS Management Response to External Review Report
Page 16 of 17
• supports the development and maintenance of a campus IT security framework, by
the Information Security Officer in consultation with key stakeholders that balances
IT security risk with institutional cost and ease of access to IT services by students,
instructors, researchers and staff.
The creation of an Information Security Officer position and a campus IT security
framework alone will not significantly reduce the university’s risks related to IT. Additional
staff will be required in ITS, colleges and administrative units to implement additional IT
security measures for the services they provide.
2.8 IT Metrics R25. Implement a set of standard performance metrics and measures that include the
operational, customer service and strategic performance aspects of IT.
R26. Integrate the performance measurement into the IT governance structure, project and
portfolio management, IT funding, enterprise systems, service culture and IT security.
ITS agrees with the need for IT-related performance metrics. We will:
• continue improving the metrics ITS uses as part of the Planning Parameters and the
Integrated Planning process as well as our internal planning and reporting processes.
• adopt the TechQual instrument for objectively assessing the quality of technology
services from the perspective of students, faculty and staff. Like LibQual is for library
services, TechQual is used in many North American universities and thus will
provide us benchmark data. The TechQual survey will be administered annually.
• continue to participate in the EDUCAUSE Core Data Survey and the planned
CUCCIO (Canadian Council of University CIOs) surveys.
R27. Develop a formal communication plan to ensure that the appropriate internal and
external constituents are receiving the information and are compelled to act on the
information.
ITS will develop and implement a communications plan to ensure that:
• stakeholders are aware of ITS’ plans as well as the university’s needs and issues
relating to IT;
• users and potential users of IT services – including students, instructors, researchers
and staff – have the information they need to choose, use and benefit from these
services;
• ITS employees are aware of major activities across all ITS workgroups and the
campus.
ITS Management Response to External Review Report
Page 17 of 17
Download