INFORMATION COMMUNICATION SYSTEMS
OVERVIEW AND OPERATING CONTEXT
The Information Communication Systems (ICS) division is the central Information
Technology Services division of the University of Johannesburg tasked with
Planning, Implementation and Support of core IT systems within the university.
ICS is driven by a vision to be an IT services provider of choice for all of UJ’s
communities and a credible partner in the delivery of the university’s strategic goals.
Embedded in ICS’s vision is a mission to make sound IT investment decisions that
are aligned to the university’s strategic direction, provide leadership in the effective
and efficient use of IT within UJ, ensure a reliable and secure IT service across all
UJ’s campuses while maintaining a motivated and highly skilled workforce that is
able to address UJ’s current and future IT needs.
The ICS Division consists of the following portfolios: - Technology Architecture and
Planning; Solutions Delivery; Enterprise Systems Management; IT Operations and
Infrastructure Support; Network and Telephony; IT Service Delivery; Information
Security; and IT Portfolio Management.
Technology Architecture and Planning
Technology Architecture and Planning involves the design and maintenance of UJ’s
long term IT roadmap. This also includes Consulting with university communities to
recommend fit for purpose IT solutions, Piloting new technology innovations and
Project managing the deployment of such solutions.
Solutions Delivery
Solutions Delivery involves the development and integrations of new IT software
applications and the enhancement of existing IT solutions. This also includes the
development of solutions that run on the latest mobile devices such as iPads,
Android and Blackberry.
Enterprise Systems Management
Enterprise Systems Management deploy and maintain
systems namely :- Oracle eBusiness Suite, ITS Student
HEDA Information Management System. These systems
functionality such as HR, Finance, Procurement, Payroll
Management.
UJ’s enterprise core IT
Information System and
provide core operational
and Student Information
IT Operations and Infrastructure
IT Operations and Infrastructure services support and maintain UJ’s vast Microsoft
Windows server infrastructure and also provide collaboration services through the
MS Exchange email system and the Sharepoint web based repository. This also
involves securing, backing up and restoring these systems as prescribed in ICS’s
standard operating procedures.
Network and Telephony
Network and Telephony services maintain the IT network backbone that
criss-crosses across UJ’s four campuses providing seamless connectivity to every
inhabitant of the university. This also involves the provision of WiFi connectivity to
the Libraries, Lecture venues, Student residences and selected Open areas of the
university.
Network and Telephony is also responsible for managing the Telephone
Management System which routes in access of 1.2 million calls per month.
IT Service Delivery
IT Service Delivery has four service arms namely:- Help Desk, Desktop Support,
Computer Labs and Audio Visual Unit. The Help Desk provides the interface and a
single point of contact between ICS and the rest of its users. Desktop Support is
tasked with supporting and maintaining user laptop and desktop systems. Computer
Labs provides desktop support for student computing. The Audio Visual Unit installs
and services teaching aids such as overhead projectors, motorised screens and
lecturer microphones
Information Security
Information Security mitigates risks involved in using IT by raising awareness on IT
related risks, defining relevant policies to secure information assets, conducting
assurance on the adoption of such policies and responding to audit findings that
relate to information security
IT Portfolio Management
IT Portfolio Management handles all ICS administrative tasks on behalf of the
Executive Director; this includes the management of software licences, provision of
secretarial services, managing the ICS asset register.
FOCUS AND TARGETS
Three strategic goals are applicable to the ICS portfolio namely:- Sustained
excellence in service delivery, Equivalence of all campuses and Resources that
enable UJ’s fitness for purpose.
To position itself to deliver on the above strategic thrusts ICS developed and
adopted a new organizational structure based on best practice IT principles.
Management job descriptions and key performance areas were revised and
performance contracts modified to align with the new organization structure.
PERFORMANCE
Following are key achievements attained through the refocusing of ICS into a service
oriented division:Technology Architecture and Planning
The network architecture was simplified to allow for quick troubleshooting and ease
of
maintenance,
this
has increased
network
availability to
99%.
EduRoam was implemented allowing UJ personnel free and seamless WiFi access
when visiting participating universities in South Africa.
Solutions Delivery
The introduction of a Business Analyst role has allowed for proper analysis and
capturing of user requirements enabling delivery of fit-for-purpose systems. The UJ
MobiSite built in collaborations with an external vendor (ITS) has greatly simplified
the handling of online applications making UJ a first in this regard. The Marks
Administration system (MAMS) was delivered to the delight of the academic
community
Enterprise Systems
The 98% systems availability target was exceeded on all core systems (Oracle, ITS,
HEDA) making interruptions due to system unavailability non-existent.
The newly updated Oracle Release 12 system went live in October with added
functionality, improved performance and advanced security features.
Network and Telephony
To achieve equivalence; access to resources must be provided equally to all 4
campuses. To address a network connectivity problem that had been prevalent at
the Soweto Campus for a long time because on an unreliable connection going via
Baragwanath hospital, a bypass was commissioned which has returned stability of
the Soweto campus connection to 100%. The greatest success for 2012 has
however been the rollout of WiFi covering all 4 libraries, 26% of all lecture venues,
communal areas in all student residences and selected open areas in all campuses.
WiFi rollout has enabled UJ’s ubiquitous connectivity strategy and established a
foundation for the implementation of eLearning services. The availability of WiFi
connectivity also implies less congestion at the computer labs as students are now
able to connect their WiFi enabled devices from the many hotspot areas across UJ.
The extension of the Telephone Management System allowing the call centre to
move from 8 seats to 50 seats and the implementation of PC based phones
contributed immensely to the success of the adopted no walk-ins strategy.
IT Operations and Infrastructure
100% availability was achieved for all collaboration systems (Email, Calendar,
Sharepoint) exceeding the 98% target. A virus free target was maintained on all
critical systems. Response times to user issues were excellent.
IT Service Delivery
Weekly service review meetings were introduced to assess IT service delivery
performance and to take immediate corrective actions where required, these are
chaired by the Service Delivery manager and involve all ICS departmental heads.
A maximum of two hour response time was achieved on all logged calls.
Incidents not fully resolved and carried over have been managed down to an
average of one a day for each of the 4 campuses resulting in improved user
perceptions. Student computer labs have met the 98% availability targets.
The transition of the printing service to Konica Minolta was well managed with limited
disruption.
Information Security
A Change Advisory Board was introduced to manage all system changes going into
the production environment; this resulted in a disciplined approach to system
changes and an improvement in system stability. Disaster recovery processes were
adopted and successful tested for all critical systems. An email archiving solution
was implemented which allows for a 5 year retention history of all UJ emails. A
desktop archival solution was implemented which allows for automated backup of
selected Desktop/Laptop files.
Processes implemented have ensured a secure IT operating environment with 0%
loss of critical data.
Financial Management
ICS has stayed well within its budget while achieving a major organizational
restructuring which involved the addition of senior posts utilizing internal budget and
not requiring additional funding for this exercise.
The allocated Capital Expenditure budget was fully utilized with 99% of projects
implemented within budget and on time. The operational budget was not exceeded.
POLICY FRAMEWORK AND GOVERNANCE
Policy and Legal Framework
The following policies and regulations are relevant to the ICS environment
 Policy on Purchasing and Replacement of Computing Equipment;
 e-Communication Policy;
 e-Evidence Policy;
 email Legal Notice;
 Information Security Policy
 Protection of Personal Information Act (POPI)
 Promotion of Access to Information Act (PAIA)
Governance
Chapter Five of the King III code of good governance requires that the University of
Johannesburg put in place an IT Governance Framework to address key
management controls. A project has been undertaken to establish such a framework
and to align ICS’s controls and practices with this framework. A draft IT Governance
framework has been developed and is now going through a review process before
adoption. The new ICS organizational structure has been aligned to the COBIT 5 IT
governance principles of Plan, Build, Operate and Manage with each pillar having
specific controls and measurable deliverables.
ITIL principles have also been incorporated into ICS’s management and control
practices resulting in the achievement of a stable and secure IT environment.
The recently promulgated POPI and PAIA acts will require a review of IT systems
and an extensive compliance exercise will need to be undertaken.
RISKS AND MANAGEMENT OF RISKS
ICT is an enabler of many of the University’s core processes, it is therefore
imperative that Risk Management be an important part of ICS’s operations.
Data Centres
Following an extensive audit in 2011 the following risks mitigation measures were
implemented within all the ICS data centres:- Access control with electronic logging,
Clean power with battery/generator backup, Adequate cooling, Fire suppression
system that is tested regularly. ICS’s Information Security department conducts
regular independent data centre control reviews to ensure compliance. ICS
continues to encourage all divisions and faculties of the university to move their IT
systems to ICS’s more secure data centres.
Application of software patches
An audit report tagged some of the IT systems as not reflecting the latest software
patches, this is because ICS only applies patches that are approved by the software
vendor concerned. The recommended software patches were referred to the
vendors concerned (Blackboard, ITS) for approval and will be applied in due course.
A patch management process has been defined which will proactively deal with such
issues.
Change Management
Changing and configuring of systems was tagged as inadequate on the eLearning
environment (Edulink). A change management process used within ICS has been
made available for implementation by the Academic Development and Support
division. ICS will continue to mentor and support this division to ensure successful
implementation and maturing of their change management processes.
Review of activity logs
Review of super user activity logs was tagged as inadequate on the Unix systems.
An audit log review process is being implemented where all changes made by the
Unix super user are matched to the records of the Change Advisory Board to verify
change authorization, the logs will also be filed for future reference.
Inability to recover critical systems
While ICS’s disaster recovery processes are functioning well and are being tested
regularly, an audit concern was expressed regarding the lack of a university wide
business continuity plan. This issue has been taken up with the Chief Risk Officer
and a project is in the process of being initiated from his office to address this audit
finding, ICS will be a participant in this project.
Password complexity
Passwords were tagged as either simple enough to be guessed or were set not to
expire on certain systems. The recommended changes have since been
implemented to strengthen all system passwords.
System vulnerabilities
Database and SQL injection vulnerabilities were identified on supporting systems,
these vulnerabilities have all either been closed per audit recommendation or the
offending system has been switched off as it was used as a test system.
Audit and Risk Log
The Information Security Manager maintains the audit and risk log and constantly
follows up to ensure that highlighted actions are carried out. A risk review committee
comprised of ICS senior management sits on a monthly basis to review the IT risk
log and to follow up on risk mitigations and audit actions.
Filling of critical vacancies
ICS was able to attract good talent and fill most of its critical vacancies. Of note is
the appointment of Enterprise Systems manager, IT Portfolio manager and Business
Analyst. A process has started to fill the Technology Planning and Architecture and
Solution Delivery management positions.
Retention continues to be a challenge as employees are lured by better salaries but
ICS believes that the environment it is offering of excellence, growth and
development will be one of its main attractions.
CONCLUSION
ICS has continued to deliver valuable IT services in 2012, this is confirmed by the
admirable support it continues to receive from its stakeholders. Stability of the IT
environment and service excellence is now the expected standard, innovation and
strategic consulting to see IT adding value to the core business of teaching; learning
and research are now the new targets.
TARGETS AND WAY FORWARD
As part of its refocusing, ICS adopted a five pillar ICT strategy (The Digital Campus)
with the following goals:- Guaranteeing a Fast, Reliable and Secure data network
- Providing ubiquitous connectivity to the community
- Facilitating virtual student engagement
- Proving a searchable online institutional repository
- Delivering IT Service excellence
The Division is on a journey towards the realization of the above goals.
WiFi rollout to the lecture venues has set the scene for a great mobile learning
revolution in the UJ teaching and learning arena. ICS is working with internal and
external stakeholders towards the introduction of technology assisted learning. Key
to this initiative is extending connectivity to outside the borders of the university,
making it easy for student to acquire mobile devices, prescribing of paid and open
source eTextbooks and the integration of open online courseware (Moocs) and
social media as part of a blended learning experience.
A mobile systems development capability is required to support the above
endeavours, ICS is therefore investing in people and skills to build this capability.
ICS continues to invest in ways and means of making the work environment a fun
place to be with the aim of retaining current talent and attracting skilled new comers.