Review Report Information Solutions & Services (ISS) Finalised: 22/03/2011 Reviewers Mary Crowe, Chief Information & Technology Officer, University College Dublin; Lesley Beddie, Director of University IT, Durham University; John Holohan, Manufacturing Supply Chain IT Manager, HewlettPackard Ireland; Mary Ryan, Director of Academic Administration, Examinations Office, NUI Galway (Cognate); Michael Lang, Lecturer, J.E. Cairnes School of Business & Economics, NUI Galway (Chair & Coordinator). Key Strengths Feedback from customers and users of ISS is predominantly very positive. The staff of ISS are highly skilled, dedicated, innovative and open to change. The definition of a service catalogue and the use of metrics to assess the quality of service delivery has greatly enhanced the level of service provided by ISS. The ISS unit is very supportive of staff as regards professional training, education, and skills development. ISS has a strong collegiate sense of values and is very committed and loyal to serving the needs of the university. The ISS unit is becoming increasingly professional and streamlined in the way it plans and executes its activities. Staff of ISS have a unique and distinct advantage as regards their knowledge of managing projects and processes within NUI Galway and the strong personal bonds they have built with their internal customers. Key Recommendations The following set of 10 major points covers a demanding and wide set of improvements. In order to achieve these, good governance and support from the University will be necessary. It is essential that there must be a coherent and planned/prioritized approach taken over a 3-5 year timeframe to address these issues. 1. There is a need for a clearly articulated university-level ICT Strategy, aligned with the NUI Galway University Strategy and Support Services Strategy, alongside which there should be a well-defined governance process to guide the prioritisation, selection and approval of ICT projects and annual planning. 2. As a matter of urgency, a thorough analysis of ICT systems risk must be conducted within NUI Galway and appropriate steps need to be taken to mitigate high-risk situations; in particular, 3. 4. 5. 6. 7. 8. 9. 10. the concentration of certain skills within individual members of ISS staff has resulted in a precarious dependency which can impede the execution of critical university activities. Senior posts within the ISS are currently not filled on a permanent basis (i.e. Director of ISS, Head of Solutions Group, and Head of Service Delivery Group); this uncertainty of management structures presents a risk to the unit and the university at a time of high expectations and transformative change. We therefore recommend that these senior posts be filled immediately. The difficulties of integrating data between different systems, and the inability of end-users to access information and create their own reports, are major issues which frustrate end-users and place a substantial service request burden on ISS. In order to solve this problem, there must be a well-articulated and documented ICT architecture, both in terms of technical infrastructure and enterprise data. A well-defined ICT architecture is critical in order to be able to build an institutional data warehouse. As regards infrastructural refresh, there is a serious risk to NUI Galway from the lack of planned funding i.e. beyond annual budgeting timeframe. NUI Galway has a major dependence on systems which will be compromised by infrastructure issues unless this is addressed. The ISS group needs to develop a proactive strategic plan in consideration of impending changes and demands arising from government strategy to reform the public sector, the university’s strategic imperative to raise its international profile and reputation, and major planned projects currently on the horizon (e.g. Research System, Institutional Data Warehouse, Academic Simplification Project). ISS will need to address demand on their resources posed by these issues and consider ways to release ISS staff to engage in high-value work that leverages their distinct abilities and privileged knowledge. In particular, the amount of time spent on Level 3 support is a major barrier to innovation. An ICT security education programme needs to be implemented so that all staff of NUI Galway are aware of the university’s policies on data protection and are regularly informed of recommended practices to safeguard the security/integrity of the university’s information assets. Appropriate technical and procedural mechanisms should be put in place to ensure that these policies are complied with. The NUI Galway ICT security policy should have clearly defined roles and responsibilities for information ownership and information security across the university. End-users of ISS services and solutions are not fully clear on who to contact to resolve a particular problem and find that they can get “passed around”. Workflow boundaries need to be defined and communicated so that roles and responsibilities are unambiguous, especially between ISS and related partner units (e.g. CELT, Security Office) and between ISS and principal administrative functions (e.g. Examinations, Admissions, Buildings, Finance, HR). There appears to be a substantial opportunity to reduce the service request workload by enhancing the ways by which end-users can resolve their own issues quickly e.g. self-service, training. We recommend that data collected from the ticketing system and other service quality metrics be analysed to provide direction and action plans for continuous service improvement. ISS need to establish transparent processes by which they interact with their customers and elicit project requests / user needs. As one aspect of this, we suggest that ISS should directly engage with representative user groups as a means of capturing feedback, listening to the “voice of the customer”, and exploring problems/opportunities. Other Recommendations 11. In relation to NUI Galway’s strategic objective to use information and ICT to enable the University and its constituent units to “conduct their work efficiently and effectively”, it is necessary for ISS to enhance its business systems analysis capabilities. The transformative capability of ICT to deliver efficiencies and increase value-added, particularly within collaborative knowledge work environments, should be investigated. 12. A mechanism needs to be put in place whereby service requests that are critical and urgent can be prioritised for immediate action. 13. ISS should use the opportunity to get feedback now from users of the ticketing system on ideas for further improvement and adoption. 14. As requested by some customers of ISS, appropriate “Service Level Agreements” should be put in place. Consideration must be given to the implications of the demand for guaranteed “24/7/365” up-time/support for some systems. 15. Inconsistency over the policy on end-users’ desktop type (i.e. “locked” or “unlocked”), which seems to be a historical legacy of former MIS / Computer Services division, needs to be resolved. End-users whose desktops are locked need to be aware of how to make software installation requests, particularly in urgent situations. 16. We recommend that the good progress already made on identity management be continued and extended so as to simplify access to all systems through elimination of need to have multiple different usernames/passwords. Comments on Review Process The review panel were inside all day, working through lunch. Time set aside for “Review Team Alone” tended to be used to absorb slack, so 30 minutes scheduled “downtime” should be allowed for. The formatting and presentation of the ISS Self Assessment Report could have been better, particularly as regards a number of tables and graphs which were not elaborated upon and presented in a way that was not meaningful to the reviewers. Whilst they responded well to questions and spoke readily about ISS and the services at their meetings with the Review panel, the Students and Academic staff expressed at the beginning that they were unclear about what was expected of them in the meetings. It was also clear that not all members of ISS staff had read the Self-Assessment Report.