- This topic has 22 replies, 11 voices, and was last updated 8 years, 9 months ago by darruti.
-
AuthorPosts
-
-
February 26, 2016 at 12:30 pm #333aswancerParticipant
Email and Calendaring SLA
Attachments:
-
February 29, 2016 at 7:49 am #358erooneyParticipant
– Should title of SLA be “O365 Services” or similar? Email and calendaring does not fully encompass all of the services available in O365 unless there will be separate SLAs for IM and OneDrive for Business.
2.1.1.1:
– Is the baseline level of service departments are expected to provide the material provided in the FastInfo documentation?
– IT Agent participation is at Banner Level 3 org. A Level 3 org can have multiple representatives, but that requires approval by the CIO per http://cio.unm.edu/agents/role.html. Should language be adjusted to reflect end-users or departmental IT working with their Level 3 rep?
– Should there be different bullet points depending on the type of support relationship the department has with UNM IT? Some departments have Tier 2 support and some do not?
– Should self-service docs also be added as an end-user responsibility in 2.1.1.2?2.1.1.2:
– Seems like users checking email and frequency is out of scope for SLA and not something UNM IT (or any IT dept) should have to worry about. That is an HR and employee performance issue?
– Should this also be a requirement of departmental IT? Business-related communications and information should not be forwarded off site and we will not assist folks forwarding emails to non-UNM accounts?2.1.2:
– Are there specific timelines that can be included in the SLA for this separation process and when work-product/email disappears? Same timelines as those listed in NetID SLA?
– For bullet item 4, should that also include personal, non-UNM devices? Is setting up the Outlook client on my home PC or personal smartphone akin to forwarding sensitive emails to non-UNM accounts?
– Is it appropriate to provide a time line for provisioning of service when an employee starts?
– Are instant messages (IMs) treated the same as emails with respect to retention?Eugene
-
March 11, 2016 at 4:06 pm #494zurnKeymaster
Hi Rooney,
Thanks to you and everyone else for their questions and thoughtful suggestions on this. I’ll try to answer each one below beginning with “IT Response” so we can keep track.– Should title of SLA be “O365 Services” or similar? Email and calendaring does not fully encompass all of the services available in O365 unless there will be separate SLAs for IM and OneDrive for Business.
IT Response: We actually debated this several times both in the SLA meetings and in many Service Catalog meetings related to this. I think at some point we may need to collapse these, but initially we wanted to treat email and calendaring separately given the significant reliance on the service, time constraints, the need to focus on email service specifics, and the desire to keep the SLA to a manageable size. But good to hear that you and others are with us in thinking about these services as related.2.1.1.1:
– Is the baseline level of service departments are expected to provide the material provided in the FastInfo documentation?
IT Response: Yes, but there may be internal Fastinfo answers used for triage and troubleshooting that might be shared as well.– IT Agent participation is at Banner Level 3 org. A Level 3 org can have multiple representatives, but that requires approval by the CIO per http://cio.unm.edu/agents/role.html. Should language be adjusted to reflect end-users or departmental IT working with their Level 3 rep?
IT Response: This is a good point and personally I didn’t remember this about the Agent role—I think your suggestion is a good one.– Should there be different bullet points depending on the type of support relationship the department has with UNM IT? Some departments have Tier 2 support and some do not?
IT Response: Possibly, if I understand you right that might help to delineate further what we’re getting at there. I’m told there was a great discussion at IT agents regarding how to appropriately reference IT support provided by departments. The agreements committee is looking at this issue from the perspective of standard language in the SLAs, at least as a starting point. We will forward this suggestion to that group.– Should self-service docs also be added as an end-user responsibility in 2.1.1.2?
IT Response: Good catch: we had it there at one point and it fell out in one iteration or another. Thanks!2.1.1.2:
– Seems like users checking email and frequency is out of scope for SLA and not something UNM IT (or any IT dept) should have to worry about. That is an HR and employee performance issue?
IT Response: We wondered about that as well and had added it in relation to the Student policy that has language to that effect and the related boundary in 2.1.2 regarding forwarding. We tend to agree and will reconsider this point.– Should this also be a requirement of departmental IT? Business-related communications and information should not be forwarded off site and we will not assist folks forwarding emails to non-UNM accounts?
IT Response: That’s a great suggestion as well—that helps us address the fact that we don’t have an official UNM Policy on Employee use of email and at least puts all of us (UNM IT and Dept IT) in alignment on that issue.2.1.2:
– Are there specific timelines that can be included in the SLA for this separation process and when work-product/email disappears? Same timelines as those listed in NetID SLA?
IT Response: Great idea. And yes, they are more or less the same timelines that follow the NetID, but with a few specific notes on email. So this could refer to the other SLA/Service and add additional information.– For bullet item 4, should that also include personal, non-UNM devices? Is setting up the Outlook client on my home PC or personal smartphone akin to forwarding sensitive emails to non-UNM accounts?
IT Response: That’s a really great question, and it might be more than one question! That is, I hear both a support question and a security question in there. Either way, it breaks down across student/employee lines, of course, since at one end of the spectrum our core users don’t have anything *but* personal devices. However, with both questions with regard to employees are a different matter, and we should give those points additional thought. Were you suggesting we say something along the lines of “Support is not available to employees for personal devices”?– Is it appropriate to provide a time line for provisioning of service when an employee starts?
IT Response: Could be, and makes sense to include that as related to the first item about de-provisioning. Again—basically the same as NetID, but with specifics to email.– Are instant messages (IMs) treated the same as emails with respect to retention?
IT Response: Yes—IF you have Skype for Business saving your conversation history. We are not retaining those outside the user-driven settings.
-
-
March 3, 2016 at 11:36 am #405brewerParticipant
Backup and recovery of lost email is not mentioned. Is this to included as a service?
-
March 21, 2016 at 11:26 am #551darrutiParticipant
Posting for Steve Spence: Good point, Dann, we will add the appropriate language and point to the fast info article https://unm.custhelp.com/app/answers/detail/a_id/6672/ . It is now a self-service function. We don’t have the ability to restore beyond the information listed in the article.
-
-
March 4, 2016 at 9:03 am #414cdeanParticipant
Law reserves the right to create a customized SLA specific to our needs with mutually-agreed upon consequences for both Law and UNM IT.
Cyndi Johnson-
March 11, 2016 at 3:01 pm #493darrutiParticipant
Hi Cyndi. Thanks for bringing this up. I’ve moved the topic to the process section as it likely applies to many different SLAs. Please see my thoughts there: http://discuss.unm.edu/document/department-specific-sla/.
-
-
March 4, 2016 at 4:24 pm #427ayoderParticipant
Will we see a separate SLA for OneDrive? Or is that considered part of O365/E-mail because of its integration in the catalog?
2 Fees associated with this service are not listed in the Service Catalog
2.1.1.1 Internet Explorer is listed as a compatible browser but is not supported in other Enterprise SLAs published as part of this review. (A-Z Directory)
2.1.1.2 Why do users have to login through myUNM? Why can’t they go directly to lobomail.unm.edu?
2.1.2 “UNM Information Technologies will NEVER intentionally request user credentials in an email” Can the word intentionally be taken out?
9 Really like this section going into detail about the available reports. Can we see this level of detail integrated to other forthcoming SLAs?
-
March 21, 2016 at 11:40 am #556darrutiParticipant
Posting for Steve Spence:
SLA for OneDrive – Andrew, see the response I gave earlier to Rooney’s similar question. We’re considering OneDrive a separate service at this point so we’ll likely have a separate SLA for that eventually.
Fees – Good point: I think that line was boilerplate and we didn’t edit it specific to this service. It’s generic and covers it even if there is no fee.
IE Limitation – The limitation on IE has been removed from A to Z. It now states “Directory listing is accessible by current vendor supported browsers delivered with the OS (operating system).”
MyUNM vs. direct access – Good – we will adjust.
“Intentionally” – If and when we can identify the appropriate controls to prevent this from happening, we would like to do it. As it stands we are making a best effort to avoid sending links that require authentication in official communications but are also reliant on educating end users to never act on such requests.
Available Reports – Thanks! We will pass that on the Agreements committee.
-
-
March 5, 2016 at 11:39 am #437patrickbParticipant
The 50GB base email limit may be restrictive for people who have used email for long periods of time (e.g. a number of CS faculty and staff have been archiving email for potentially multiple decades). Having to use multiple archival processes to work around this would be problematic.
-
March 21, 2016 at 11:27 am #552darrutiParticipant
Posting for Steve Spence: The online archiving feature in Exchange can be expanded for a fee, but we don’t have the mechanism set up to take advantage of that yet, so we won’t put it in the SLA for now. We will at some point in the future. This is pretty similar to other providers. In terms of the multiple methods, it depends on how your users are supported today and what local archives they have deployed (be it Thunderbird, MacMail, Outlook, etc.). In any case those are already stored locally and those can remain right where they are.
-
-
March 5, 2016 at 11:41 am #438patrickbParticipant
CS has found keeping email accounts (or at least a forwarding system) for students who graduated successfully helps preserve relationships with alumni and aids them in professional development. It may be worth considering such a policy for lobomail in general.
-
March 21, 2016 at 11:28 am #553darrutiParticipant
Posting for Steve Spence: Great point—we agree and have seen other schools allow students to keep their original email address “for life,” and we have the option of doing that in our current system. There are discussions to that effect, but no firm decision has been made. The Alumni Association does have a forwarding service, but it’s not related to your original email address. In any case, it’s a matter of coordinating that policy with them and other areas to make it true across the board. At the same time, there might be ways of addressing it by using guest ID status for departments that wanted to maintain them.
-
-
March 7, 2016 at 9:35 am #441cdeanParticipant
Patrick, Law has the same concerns about email archives but not specifically to the email limit. Our faculty also have email archives (both in .pst and online, as we are an Exchange shop) that span decades. My concern is more about who is responsible for migrating/importing/organizing the multiple archive files. Each faculty member has their own method for organizing their archive files. Some archive based on calendar year, some on academic year, some on email age, etc. They will absolutely want the same organization no matter what the email system. They won’t be happy if archives are actually just folders in their inbox. Some even store their older .pst archives on CD…available but not part of their mailbox.
Law provides our graduates with a permanent @alumni.law.unm.edu email account for the same reasons you state. Since our email environment is mature (Exchange 5.0 installation in 1998 or 1999 but VMS mail before that), we believe our needs are specific to our current use and are working on generating a law-specific SLA.
-
March 21, 2016 at 11:30 am #554darrutiParticipant
Posting for Steve Spence: If those archives are in PST format they should be able to be preserved as-is. But if they are “online” archives, we’ll have to discuss options for migrating or maintaining them long term and determine an agreement on how those will be handled.
-
-
March 8, 2016 at 10:53 am #464downloadParticipant
The limitations on email storage and, especially, attachment size seem problematic to me!
-
March 21, 2016 at 11:32 am #555darrutiParticipant
Posting for Steve Spence: I’m assuming you mean they aren’t enough… Actually both of these are now adjustable, but the additional online storage comes with a per-user cost. We only just became aware of the message-size configuration options and are evaluating options and impact, so I don’t think we can include them in this iteration of the SLA.
-
-
March 11, 2016 at 10:05 am #487elishaParticipant
2.1.1.1
“Supported by Microsoft BAA (Business Associates Agreement) on FERPA and HIPAA compliance;” – Does this mean it is approved as a location (OneDrive) or transfer tool (email) for FERPA and HIPAA data?I’m not sure why this is part of the e-mail SLA: “Ensure participation in IT Agents ”
2.1.1.2
It seems like the description of support resources would be better in a support section than an “End User Requirements” section.
Similarly, granting access to the calendar, seems more like a feature than an end user requirement.
2.1.2
“For security reasons, messages with certain file types attached will not be delivered. See this list for
more information;” It would be helpful if the user received a message of non-delivery. I had some issues a while back with an HR form that quietly failed to deliver whenever I sent a message with it as an attachment.“Integration with systems and applications are not covered by this service SLA.” Especially if this SLA also includes OneDrive and possibly Sharepoint, it would be helpful to know where to look/start for conversations about integration.
8 Unless the plan is to start billing for e-mail and calendaring, this section may not be that relevant to this SLA.
-
March 21, 2016 at 11:55 am #557darrutiParticipant
Posting for Steve Spence:
Microsoft BAA – This means (generally) that Microsoft’s offerings are technically able to be compliant with the information types identified in the BAA; however, there are two elements that always need to be enforced in addition to any vendor BAA – that the institutions operational controls are defined, in place, and enforced, and that the appropriate technical controls are defined, in place, and enforced. While Microsoft’s solutions can meet technically meet those requirements defined in the BAA, UNM’s Data Owners are working with the Information Security and Privacy Office (ISPO) to clarify and codify the technical and operational controls. At the current time, the process is to request approval and authorization from the UNM Data Owner, who will review a specific request, review operational controls, and work with the ISPO to ensure that the appropriate technical controls are defined, in place, and enforced. There is more information at http://data.unm.edu and more information will be forthcoming at that location as it is developed.
IT Agents – I think the intention here was to make sure the local IT support was aware of all of the avenues of communication that we typically use to inform the IT community of changes and support issues. We’ve changed the language to clarify that in the last version.
Support Resources – I see what you mean, but I don’t see an appropriate section in the current document—but it doesn’t mean we shouldn’t create one. This might be another one where it needs to be in alignment with other SLA’s, so I’ll bring it back to the IT Agreements committee.
Calendar – True, but we’re really saying “Do not share your calendar details with everyone unless you really intend to.” We’ve changed the language in the final version to reflect that message.
Attachments – Agreed—I’ve had some issues obtaining data from vendor for the same reason. We can look into that and if we’re successful we could add that as a point in the SLA, but in general I’m not sure we should get into that level of detail regarding how we’re executing a point.
Integration – It doesn’t cover OneDrive/Sharepoint (just FYI) but it’s still a valid question since there are ways of doing Exchange integrations. But again, I’m not sure the SLA is the place for that level of detail, but perhaps the Service Catalog?
Billing – Good point! This is a standard template language. We will share this comment back with the committee.
-
-
March 11, 2016 at 6:09 pm #496susierParticipant
CARC Systems comment: There should be some verbiage to cover cases where (for security and other reasons), a unit is not using these services (e.g. email or calendaring); no charges should be incurred.
-
March 23, 2016 at 1:38 pm #565darrutiParticipant
Thanks Susan. In cases where a service is elective, charges are only incurred when a decision is made to use the service. For enterprise services, the working definition is that the service is to be offered exclusively via a central entity, although as of this moment there has not been a directive to exclusively use those services classified by KSA as enterprise. Funding implications on enterprise services and/or the financial impact of possible exceptions to utilize enterprise services are not defined as of yet. The example of baseline email in particular does not have a charge – it is provided to campus without a pass through of cost based on usage (in our existing model).
-
-
March 11, 2016 at 6:11 pm #498susierParticipant
CARC Systems comment:
Under 2.1.1 (very) strong passwords are explicitly forbidden. Why artificially limit passwords to 20 characters?
-
March 23, 2016 at 1:39 pm #566darrutiParticipant
Posting for Steve Spence: This may require further research, but as this service depends upon the underlying NetID service it is also beholden to the same limitations. I will be paraphrasing, but as I recall there was a process of developing a “password standard” some years ago and that group developed the standards documented here: https://unm.custhelp.com/app/answers/detail/a_id/3559. Various parameters in the password were limited to the capabilities of the various systems that would be using the NetId and password for authentication outside of CAS.
- This reply was modified 8 years, 9 months ago by darruti.
-
-
-
AuthorPosts
- The topic ‘Email and Calendaring SLA’ is closed to new replies.