IT Advisory Committee September 8, 2016-8:30 a.m. GSC 2605 Attendance: Members Regular Attendees Chad Ballenger x John Kovacevich Andrew Stokes x Lacey Baze x Dan Basile Tom Lyster x David Sweeney x Cheryl Cato x Erick Beck x Adam Mikeal x Ron Szabo x Dee Childs x Andy Bland x Carl McKneely Paul Wellman Scott Honea x Aaron Brender x John Norton Rick Young x Pete Marchbanks Casey Bryan x Kyle Page x Willis Marti Bill Chollett x Ed Pierson x Jeff McCabe Kevin Davis x Vince Riggins x Allison Oslund x Mark Harris x Jim Rosser Jim Snell x Stewart Hutchins Henrik Schmiediche Mark Stone Also in Attendance: Stephen Pampell for Bill Chollett, Josh Kissee, Tom Golson, Jana McDonald, Aaron Rodriguez, Steve Johnson, Taylor Leach, Robert Cheyne, Cynthia Kauder, David Duchscher, Michael Pace, Lon Berquist Minutes Opening Remarks Dee Childs opened the meeting with a few remarks. She is beginning to learn and understand the organization and culture of campus. She will be meeting with the president and provost s council soon for a university strategic planning session. President Young has made comments that he like to significantly
move the needle in terms of improving the university s national reputation. Dee will be working to lower barriers of communication. She will be holding open office hours to meet IT staff. If you would like to communicate with her, you can get on her calendar through contacting Lea Ann Westmoreland. One of the challenges that she sees is that she understands that university enrollment will not be growing significantly soon. This does imply the ability to focus on quality rather than quantity since we don t have to plan for growth. On the other hand, it also means we will not be receiving increased fees from increased enrollment and that we will have to find ways to grow within our current budgets. She is reviewing the findings of several audits and making sure we are in compliance. Item 1: Approval of Minutes (5 minutes) Review and approval of minutes from 7-14-16 meeting. Minutes were approved, with the correction of marking David Sweeney as present. Item 2: IT Trends / Innovative Activity (10 Minutes) Interesting topics from the field; Activity from your unit that would be of interest to the group The team presented a gift to outgoing committee chair Adam Mikeal Dan Basile mentioned that the University of California system has outsourced IT infrastructure for its medical branch to India, and that the contract allows for others within the system to join in. Item 3: Announcements (15 minutes) Update on the changes to Control Catalog/SAPs (Jeff McCabe) This process was more rushed than normal because it was driven by the need to update a SAP because of an audit. The SAP included language on the control catalog. The state is implementing a 3-phase plan. We will be accepting input and making adjustments as we go along. The final process for making updates is still being considered but has not yet been released.
This will lead to changes in the 29. SAPs. Some of the changes are already in place and the SAP pages updated to reflect that, but they will not all be phased out at once. Please contact Jeff if you have questions or want to discuss the control catalog Jeff introduced new staff member Lon Berquist Item 4: Description Recap of ITAC Retreat (20 minutes) Summary of our goals and challenges Discussion on IT Advocacy and the service ladder Before recapping the retreat, Ed made a reminder of the IT Tech Summit. Call for papers ends on September 30. There are a few more vendor sponsor spots open. If you know of a potential sponsor, get in touch with Lacey Baze. Registration should open next week. Lacey also mentioned that the IT Forum will be held on October 5 and that they are finalizing the agenda. Kyle Page recapped the priority topics that we discussed at the retreat. The top three items that we voted on were Risk Management Funding Governance Adam commented that looking further down the list, several of the other items overlapped with Risk Management. Ed Pierson reviewed the IT maturity level graphic that was presented at the retreat. It shows a range of possible levels from ad hoc through strategic partner. It is okay to be at different levels on the chart at different times, and we should not all expect to be at the same level. This is a good tool to take back to your departments to begin a conversation of where our team is on the chart and how we can move upwards. One of the takeaways from the retreat is that messaging is important. Know what are the appropriate questions to ask and language to use. Publish our successes. Consider creating a State of IT document showing where you are now, as well as a running 3-5 year CV. One idea that we should consider would be to rethink our committees web presence. We should leverage the site to share documents, ideas, best practices, joint purchase opportunities, and the like.
Item 5: Accessibility exceptions requests (15 minutes) Update on changes to accessibility guidelines and new exemption request process (Cynthia Kauder) Electronic Information Resource projects are required to be accessible. This includes both locally developed systems as well as purchased software. If a purchased product does not meet accessibility requirements, you must go through a process of requesting and receiving an exception. Cynthia s handout details the process of receiving the exception. This is currently a paper-driven process, but by late Fall should become a Service Now workflow. Business needs are taken into account when evaluating exception requests. Call Cynthia s office if you have questions or need assistance on the process. Item 6: Infoblox Update (20 minutes) Timeline and update on the Infoblox implementation (Michael Pace) The Infoblox project has done a lot of work to date - setting up hosts and groups, setting up hardware and DCP, DNS caching. They have also subscribed to Infoblox s malware protection product. The plan for September is to set up a training environment, publish training videos, and set up the Service Now process. The plan for October to November is to allow campus admins to begin testing with the test environment. Go-live is scheduled for December, with Infobox taking over and NIM being decommissioned. The team will be re-sending the hosts/groups spreadsheet to make sure that all of the entries were added correctly. Cheryl Cato spoke about the process of adding hosts once the system is in place. Adding hosts will be done through approved IT staff, not just everyone with a NetID. Permissions will be based on security - keep the bad guys out, limit who can make updates, but give more exposure to the information that you yourself control.
The focus will largely be within the root tamu.edu domain. If you have a subdomain you will have a larger degree of oversight and control over that content. To improve our security posture, using subdomains will be encouraged for non-public facing systems. Our network is regularly scanned and crawled; we should be exposing only those services that need to actually be public facing.