Committee Members Present:
Kris Benoit, Michael Callahan, Pedro Cordero, Craig Froehlich, Brian Graham, Elisabeth Greenwood, Adnan Hameed, Bryce Jackson, Larry Jaffe, Joel Lavoie, Tim Neubrander, Fred Okumo, Andrew O’Mara, JP Peters
Committee Members Absent:
Felicia Kendall, Becky Moulton
Others Present:
Joe Alcala, Karla Amaro, Yasmin Brady, Richard Caldwell, David Canova, Thomas Christensen, Michael Constantino, Cisco Espaillat, Jon-Paul Estes, Adiaak Gavarrete, Joel Hartman, Tim Larson, Thierry Lechler, Todd McMahon, Bob Mello, Mike Sink, Fabiana Staton, Alan Stevens, Aaron Streimish, Chris Tellez, Chris Vakhordjian
Minutes
Larry Jaffe called the meeting to order at 10:01am.
Larry asked everyone to review the minutes from the previous meeting.
- Adnan Hameed voted to approve the minutes, Elisabeth Greenwood seconded.
- Everyone agreed on approval of the minutes without any changes.
Mike Sink gave an AVP Update.
- We have an analyst firm that we have identified to give us budgetary information about licensing, subscription for a cloud provider, and implementation of cloud ERP services. Even if we cannot start the project now, we need to plan for how much money to set aside every year so when we are ready to start we have the money available.
- We are about 90% complete with collecting information from the domains that will help provide Microsoft data about our software licenses. We have some renewals that are coming up, so we have to get this finished quickly so we can provide the information for that audit.
- We have been coming up with a proof of concept and coming up with a contract vehicle with which we can use to purchase SnapLogic. We have already started the proof of concept and we are making some good progress with it.
- The networking team staff is being trained right now and they are working on configuration of the network equipment in their lab in OTC. Their commitment is to have that up and running by April, so we are on track to do that. With the network equipment installed at DataSite Orlando, we will be able to start configuring networking components for the hyper-converged infrastructure.
Joel Hartman gave a CIO Update.
- The General Data Protection Regulation (GDPR) of the European Union becomes effective May 25th. If you read the news articles, it is going to affect everything that we do. When individuals come from the European Union countries into UCF to work or study, they will sign a document that says they are here and they will follow our rules while they are here and GDPR does not apply. The opinion is that the European Union cannot inflict its regulations on another independent government. As long as we tell them that a condition of employment or study here at UCF they must follow our rules.
- The NIST project involves protecting our current portfolio of research that involves federal data that is covered by a standard called NIST 800-171 or 800-53. It means that data are on various levels of sensitivity to the federal government, and we have to adhere to these requirements. We have to follow the rules or we will lose the research that we have. The current iteration of our approach to this is that the university will build a dedicated, secure, limited network that will be developed, operated, and managed according to NIST standards. This network will provide service to Research I, Engineering I, and CREOL.
- I am working on two alternatives for getting contractual relationships set up with Amazon web services, similar to what we have set up with Microsoft Azure.
- With regard to Microsoft, we had a team of 14 people go to Microsoft and spend some quality time in their executive briefing center. It has resulted in the decision to form a closer partnership oriented relationship with Microsoft, which will be the framework to take on projects down the road.
Chris Vakhordjian gave a CISO update.
- Joel has approved the purchase of an Intrusion Prevention System (IPS).
- The HIPAA audit was completed. In the initial draft of the audit response, the recommendations were 20 pages long for each area to put policies or procedures in place. We went back to the auditors and they redrafted it so that anything that was consistent policy or procedure related will follow the same standard at each of the seven covered entities.
- We are also trying to build a cluster for a penetration testing environment. It is a MHPE cluster and we will have pen testing tools for student use.
- The Information Security website has been reformed and updated, especially the standards page. I am going to continue to expand the documents.
- Security awareness is going to be made available through HR orientation and we are going to put in a policy to make it mandatory for all employees to complete security awareness.
The IT Professionals subcommittee gave an update on Committee Strategies. At the end of the presentation is a PowerPoint slide discussed during the meeting.
- Tim Neubrander mentioned that one of the charges the committee was given is transparency and how can we increase participation in governance. One of the concerns that was brought up is that we are very focused on just the IT side of things. All of the committees that are in this group are very IT focused and we want to bring in the outside perspective from around UCF. We have updated the target model to show that we are not just going between outside governance and the outside ring. The outside ring consists of the community committees. We want to talk about how we can be more inclusive.
- Level three of the committee strategies is going to be called Service Portfolio Categories. Bryce and Kris have done a lot of research on this topic and have come back to the committee with this recommendation from Educause.
- JP Peters gave an overview of the Service Portfolio. When you are moving from a technology focus to a service focused organization, a service portfolio is your guide. A portfolio is made up of three different areas. The pipeline of the thing we are considering which is things that are coming and new ideas we would like to offer. The existing catalog are the things that are already out there. This includes everything that faculty and staff are currently ordering. The final component is retired services.
- What each item in the service category does is logically group each of the services together. The focus here is coming up with these services, but having the key from the voice of the customer help dictate what those services are.
- Educause recommends 6-10 service categories at most. The 6-10 service categories recommended by Educause and ECAR are administration and business, communication and collaboration, end point computing, infrastructure, IT professional services, research, security, and teaching and learning. Today we are trying to propose this idea and these services as a place where we start building governance around.
MOTION: JP Peters made a motion that level three of the governance model will consist of service categories. The exact service categories will be determined in the future. The motion is just to approve level three as service categories as part of the framework. Bryce Jackson seconded the motion. The group voted 13 FOR and 1 AGAINST the motion. The motion was approved.
- Larry Jaffe asked Alan Stevens and Joe Alcala to join the IT Professionals Subcommittee as the subcommittee discusses the service categories to be used in level three. Larry also asked anyone who wanted to join or attend the IT Pro Subcommittee meetings to let Larry know.
Kris Benoit gave a presentation on Demand Management.
- I am going to talk about demand management through the overall lens of the project management office, and where we see ourselves going.
- To start with, a couple of places we provide value is in understanding the request so we know what we are trying to accomplish.
- For the team and staff level value, a lot of that focuses around resource demand and capacity management as well as actually facilitating collaboration and coordination on projects.
- At the university and community level, we connect prioritization to strategy fulfillment. We make sure we are allowing the business and strategy to lead IT and not the other way around.
- When we talk about the future state, it is really the project intake process. The intake process is going to take a lot of collaboration with other groups, so it is not just the project management office. That includes making sure we have business justifications, evaluations, score projects against the strategic drivers, and defining the functional requirements for the projects. • Right now, the project management office has about 96 projects that are currently in flight. We also have another 250 items on which we are tracking resource time.
- We are talking about our future state with regard to delivery on projects. One of the things that we want to move to is a roadmap model. The road map is going to be one of the key deliveries out of the intake process.
- We are working through the last of the UCF IT teams as far as capturing their resource availability and current commitments. This is allowing teams to better schedule their work and giving them some sense of flexibility. It also allows management to see where there are resource constraints and bottlenecks.
- As far as collaboration and coordination tools, we have our SharePoint site and we will be moving to Project Online. This tool will allow us to do better time estimations, gathering, and tracking.
- Project Online is part of the Office 365 suite so it is very integrated with the other tools that come with the suite. For example, for every project that gets spun up, a OneNote is created along with that project.
Meeting Adjourned at 12:04pm.