Technology Committee MEETING MINUTES – 2/1/2013 Attendees: Lee Anderson, Wade Hampton, Peter Miller, John Molt, Amanda Sagan, Jeffrey Wallace, Chris Winslow Guests: Beverly Bavaro for Cal Anderson Discussion: a. Status of projects funded by Technology Fee carryover account: These ‘shovel-ready’ projects were approved by the Technology committee to provide among other things: a 25% contingency fund, software licensing for the facultychose Canvas learning management system, and improve the classroom teaching environment by upgrading the multimedia teaching lecterns, adding room controllers for the multimedia equipment, and upgrading the DE video conference rooms. b. Document imaging at TMCC: Peter Miller gave an overview. • Currently student records and financial aid data are being scanned and stored in our core system • New document image client (Unity) has been installed and pushed to the college as a whole so that if needed, employees will have access. • Although transcripts are imaged, the next focus is transcript and transfer credit equivalency processing. A button will be made available in PeopleSoft that would retrieve student transcripts from the document imaging system • Workflow processing for security approval sheets and contracts also in the works; other paper intensive processes such as Grade Change will eventually be reviewed. Over time, existing processes will be phased in to Workflow when appropriate to create more efficiency and effectiveness for the college and support staff. • c. Once document imaging processes are fully defined, then future training will be developed around it. Information security procedures review. Feedback requested on the following security procedures that were developed by the college’s security officer, the NSHE security officer, and technology professionals from the IT department: • • TMCC-owned computers connected to the administrative network will automatically have a screen lock enabled after 30 minutes of inactivity. Committee members suggest reducing this to 10 minutes. Shortened (‘tiny’) URLs are discouraged from use since they hide the real URL. Beverly Bavaro investigated if hoving over the URL would reveal the real URL. This is only true if the shortened URL was created on the tinyurl.com site. Since there are multiple sites available to create shortened URLs there’s no way to enforce this. Therefore the original statement stands. Due to time constraints, committee members are asked to provide feedback on the following proposed procedures by Feb 8, 2013: • FERPA uses vague language such as “reasonable methods” to safeguard information and is purposely nonspecific regarding the use of technology methods and standards. FERPA does not provide information on the use of e-mail and the Family Privacy Compliance Office (FPCO) has yet to provide any official direction for the FERPA compliant use of e-mail. As such, we must apply a set of reasonable guidelines that should be followed when communicating FERPA related information over E-mail. • If there is a need to transmit a file with Personally Identifiable Information (PII) to another TMCC employee, use the Secure Information Transfer System (SITS) accessible via the TMCC Citrix system. https://citrixweb.tmcc.edu/Citrix/XenApp/site/default.aspx Page 1 of 2; Technology Committee Meeting Minutes 2/1/2013 Rev.: 2/4/2013 TMCC is an EEO/AA (equal opportunity/affirmative action) institution and does not discriminate on the basis of sex, age, race, color, religion, physical or mental disability, creed, national origin, veteran status, sexual orientation, genetic information, gender identity, or gender expression in the programs or activities which it operates. • • • • No personally identifiable information (PII) should be included in the subject line of any e-mail, screen shots, IM or “chat”. If a subject line contains a Social Security Number or NSHE ID number, then a violation of FERPA has occurred. Social Security Numbers should never be sent via email. • The NSHE ID, and student name can be sent within the body of an email and as an attachment. • E-mails containing FERPA related information may only be sent to the “official” NSHE or Institution e-mail address of the authorized recipient (nshe.nevada.edu, unr.edu, unlv.edu, tmcc.edu, washoeschools.net etc.). FERPA related e-mail may not be sent or forwarded to a personal address such as one associated with Gmail, Hotmail, or Yahoo. Emails containing FERPA related information must be deleted when the task/subject is completed. • Do not email or publicly post grades. An unauthorized release of grades to someone who is not a school official, can result in the institution being found to be in violation of FERPA. • All e-mail must include a disclaimer or tagline: “The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persona or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.” TMCC-owned mobile devices will have a screen password enforced; personal mobile devices that access TMCC data should have a screen password enabled. NOTE: The only type of password that is enforceable is a PIN or password only; face unlock/swipe type passwords are not considered secure for enterprise. Technology for detecting fingerprint screen passwords is not available. Backups of data created in the Google Apps for Education environment on the tmcc.edu administrative network will be made from the creation of the data and is available as long as the data storage quota is not exceeded. VPN/Remote Access: If anyone is provided remote access to your TMCC-owned resource for valid, businessrelated purposes, users are responsible for ensuring PII or sensitive information is not exposed. d. An issue related to Part-time Faculty access to PeopleSoft was discussed and will be researched by John Molt. e. Next Meeting: Mar 1, 2013, SIER 201. Focus on Administrative Computing topics – namely RAP technology requests, IT restructure. Page 2 of 2; Technology Committee Meeting Minutes 2/1/2013 Rev.: 2/4/2013 TMCC is an EEO/AA (equal opportunity/affirmative action) institution and does not discriminate on the basis of sex, age, race, color, religion, physical or mental disability, creed, national origin, veteran status, sexual orientation, genetic information, gender identity, or gender expression in the programs or activities which it operates.