Forum Replies Created
-
AuthorPosts
-
ccovey01Participant
Duane, Elisha, Greg – thank you for your historical perspectives (which provides context to those of us who are new, or newish to UNM) and for the discussion of opportunities that are ahead of us. I look forward to continuing the discussion of approaches that are available to the UNM community.
ccovey01ParticipantCommunication, collaboration, and controls: The October 11th Town Hall panel noted that there have been recent improvements between their units and Central IT as far as two-way communication, and collaboration on projects. The work seemed to be department initiated, mutually directed, and not enforced. So, a good foundation is forming there.
The Q&A noted significant issues with the dual reporting line itself, and I also fear that if we focus too much on that, we could lose momentum on the two areas that improved during the summer – communication and collaboration. Communication and collaboration are generating wins, the dual-reporting could halt that progress. Particularly with departments that have established, functional IT units.
While the dual reporting might on its face create some new channels of communication, one could anticipate that a forced implementation could also create or re-inforce backchannel communications. So for the greater good of the Efficiencies and Effectiveness effort, perhaps we put the dual-reporting (a Control) on the backburner, and front-end changes we can make to improve Communication and Collaboration. Once those are healthy, UNM may have eliminated the need to enforce a control, or at least its implementation will be less disruptive.I believe the collective question at the town hall was ‘what do we want to do here?’ and what I heard throughout was ‘improve communications.’ If we focus on communication, collaboration will follow, and then whatever other large structural and governance changes UNM chooses to make will be easier to implement, because at that point, UNM will know itself better than it does presently. If we do need to pivot for something like an economic downturn, or to adopt a major new technology, the organization will be in alignment, change is easier.
Dual-reporting seems out of alignment with the communication/collaboration relationships that UNM is re-developing, as it’s ultimately a control, and if enforced as one of the first deliverables, it won’t have – within a faculty-governed institution – a durable foundation. As we saw at the Q&A, internal pressures are beginning to form, and will become difficult for us as staff to manage.Duane and Brian have attended an intimidating number of meetings for this effort, which is seriously commendable and shows the power of communication, and its importance to this campus. In that spirit, if we first find ways to create and maintain long term communication at UNM, that sets the stage for the success of anything else that follows, which is why adding a separate left navigation topic to the discuss site, and maybe even tasking a committee to improve communication (and maintain it), could pave the way for other successes. As a campus, we could use the Discuss site Communication topic to propose technologies, processes, meetings, anything that re-starts conversations that have gone dormant over the years.
The larger issue that dual reporting invokes, and it’s one which every University struggles with, is how to implement controls within an academic-lead environment that has its own constantly changing demands and expectations? Faculty have protections of tenure, but with that the expectation to teach and produce research; academic units have their own individual accreditation demands; there’s NIH, NSF, general grant coordination; libraries and clinics have very specific requirements, the list is long. The dual reporting in effect creates staff-administered governance and controls over academic departmental operations. The pros/cons of academic governance are another conversation – the first-order problem is that dual reporting makes staff (the ITOs and IT units) in some part the enforcers of academic governance. That puts anyone untenured, like IT staff, in a no-win situation when asked to control the academic side of a faculty-governed institution.
- This reply was modified 8 years, 2 months ago by darruti.
ccovey01ParticipantWill equity adjustments need to be made to level or raise grade and compensation so that all UNM ITOs are the same?
Would adjustments need to be made for staff under the ITOs?(Mods – this seemed like it relates to Grace’s question, but I don’t want to hijack the thread, so please move if this needs to be on its own post).
ccovey01ParticipantContinuing with potential SPI configurations:
* will a multi-factor authentication system be in place to support these systems?
* will these systems have location tracking software like Computrace? If so, who will purchase and support any additional multi-factor and location tracking hardware or software packages?ccovey01ParticipantRyan, thank you for the update on the upcoming standard to be authored collaboratively, that’s a positive development.
Based on follow up comments, the standard appears to pivot more towards security, yet the document as it’s now written seems largely concerned with PC maintenance – would ROI/TCO recommendations and day to day support expectations perhaps live better in another, more general standard that encompasses SPI and non-SPI systems?
• Could an IT Agents or IT UNM meeting be scheduled that discusses dongles, wireless updates, and other plans to secure these systems? It sounds like there are significant changes coming, but I imagine this is the first many of us have heard of them.
• Could we get the definitions for Sensitive and Protected Information (SPI)?
• If a system is not used by students, but also doesn’t access SPI, does this standard apply to it?
• Will these SPI systems need to run WSM images?
• I know this is a recurring theme, but it appears Apple and Linux devices, among many others, would not be allowed to access SPI?
• An Active Directory doesn’t on its own guarantee a secure system – what specific implementations are forthcoming?
o Are there particular group policies or third party software that will be applied to these systems to lock them down? Will something like Software Restriction Policies or Applocker be used, or some other software that allows some software to run, and blocks everything else?
o Those have the potential to block much legitimate academic software used around campus, what testing protocol will be followed prior to software and other enforcements?
o If a department acquires new software and needs it to be unblocked, what is the process, and will there be a chargeback for that request?
• Would users of these SPI systems use one Windows PC to access SPI data, and then have another if they have to travel, do presentations, or if they need to install software as needed?
• What will the communication/change management process look like for these systems? If a group policy or other change blocks legitimate software, breaks printing, or disables an Internet browser for a user, as examples, should a user call C-IT, or their local IT? Will local IT receive prior notification about group policy changes?
o What cost-recovery will apply?
o Will a billing index be required to initiate a ticket?
o What SLAs will apply to support requests in these situations?
• Is an encryption system on the roadmap?
- This reply was modified 8 years, 7 months ago by ccovey01.
ccovey01ParticipantDuane,
Thank you for your responses to all of the threads and comments.As additional direction is provided, could we submit this for consideration and revision of the Compliance section?
It appears that by policy, Internal Audit and the UNM Compliance office are solely responsible for audits and compliance: http://policy.unm.edu/regents-policies/section-7/7-2.html
This policy would appear to limit the scope of the current Compliance sections.
Putting aside current policy, there are operational complications that cause me the most concern. Having three separate units each with the ability to independently make compliance and audit determinations introduces the risk of confusion and delay, which will arise as ownership is hashed out among them. I suspect that such re-articulation of ownership will occur with many subsequent audits. Resource and scheduling conflicts likely result too as units (that have not regularly conducted sanctioned audits) are now expected to support audits. All of these will delay compliance efforts.
With ownership up for grabs, multiple units may see an audit as ‘theirs,’ which leads to contention, and delay again, as that gets worked out. And given a negative budget climate, I could see one unit attempting to transfer ownership of an audit to another unit in order to avoid the time commitment and cost required to conduct the audit. This observation is meant only as a general note and not as a comment on any particular UNM unit – it’s natural, when responsibility is not clearly assigned and there is a time or cost downside, for anyone to sidestep or transfer that ownership.
To avoid this potential for contention, miscommunication, and delay, perhaps the Standard language should limit the auditing department to one neutral entity: Internal Audit.
Internal Audit is the most independent, experienced, and resourced department UNM has for auditing, so it would make sense for them to serve as the clearinghouse for audit intake, fact-finding, and determination. As discussed at IT-Agents this week, our larger goal is to reduce operational inefficiencies and minimize communication issues – resolving the number of potential auditing bodies from three to one would align with this, and ultimately minimize risk for everyone.
ccovey01ParticipantWho is Affected by the Standard?
Question – Has this standard been communicated to the approved vendors and manufacturers? It seems like it could affect support expectations, and costs, particularly for leased systems.
Printer Acquisition: Note – First link gets a 404 error.
Printer Equipment Set up and Security: Firmware:
Question – are all approved vendors and manufacturers providing checksum data for verification?Larger question – if a printer is acquired via the appropriate process under Printer Acquisition, but the vendors or manufacturers don’t provide checksum data or up to date firmware, as examples, what is the audit and remediation process?
- This reply was modified 8 years, 9 months ago by ccovey01.
ccovey01ParticipantEquipment Set up, Integration, and Security:
Question – does this apply to Macs, Unix, and Windows Embedded systems, among others, that they be joined to the UNM domain?
Usage:
Question – same as above, all clients have to authenticate to the UNM domain?
- This reply was modified 8 years, 9 months ago by ccovey01.
ccovey01ParticipantTJ,
If a customer does not respond to a request for information in 5 business days, it makes sense to close the ticket – an action which is defined in the SLA. Equally, if an assigned technical team does not respond to a customer’s request, then the customer should see an escalation process – that action is not defined in this SLA, but will benefit everyone with its inclusion. Escalation in this case applies only to no-response situations – we understand fulfillment and resolution can often take longer, and fall within their applicable service SLAs.Because there will likely be many issues/requests that do *not* have SLAs governing them, this SLA could ensure appropriate response times to avoid potentially orphaned requests. Other SLAs may define their notification processes differently, but customers should have some specific baseline communication process to reference when their request does not fall within a particular SLA. And as all of the new standards and SLAs are built upon the Help Desk and Help.UNM as the gateway for ALL communication – it makes sense for this SLA to define specific, minimum notification limits.
This SLA can work best if it defines appropriate notification to customers, and sensible escalation procedures if the assigned technical team does not respond to customer requests. A benefit of escalation – say there’s a technical issue where teams are simply not getting Help.UNM notifications. If the SLA triggers a direct inquiry to the team and Help Desk personnel automatically, the inquiry would reveal a larger issue with Help.UNM’s messaging functionality. The technical glitch behind a communication breakdown is identified and fixed as a result. Along that line, if the SLA automatically defines escalation and intervention, it also safeguards the relationships that customers, Help Desk, and technical teams share – the SLA can be the ‘bad guy.’
We believe that all UNM customers would benefit from better visibility into who they will work with, and how their requests are being processed, so Law offers the following for the Service Desk SLA review committee:
• Within 1 business day of ticket submission, requestor must receive notification identifying the assigned department (ticket owner)
• The following cycle applies to customer tickets/emails at initiation and at any point after a customer response
-After A business days of no response from UNM IT assigned technician/ticket owner, Help Desk contacts UNM IT assigned technician/ticket owner for update
-After B additional business days of no response, director of assigned UNM IT department contacted by Help Desk for update
-After C days of no response, UNM IT assigned technician/ticket owner and director of assigned UNM IT department receive daily reminders from Help Desk to respond to the ticket
-After D total business days with no response, Incident declared:
— SLA Service Owner contacts UNM IT assigned technician/ticket owner and director of assigned UNM IT department for written response
— Report filed with IT SAC• All responses – ‘Holds,’ ‘Waiting for Response, ‘Fulfilled,’ ‘Closed due to Resolution’ etc., must provide details explaining the status change for the ticket.
• If customer requests a certain priority, initial ticket response must note actual priority designated, and reason for change from customer request
‘A’ ‘B’ ‘C’ and ‘D’ days we would recommend to be some sensible number for responses.
Thank you – Chad
- This reply was modified 8 years, 9 months ago by ccovey01.
ccovey01ParticipantTJ,
Is there another SLA or document that will detail “assigning tasks to teams” ? In particular, expected response times, escalation, and customer notification.We understand things can happen regarding assigned tasks (someone’s on vacation, tickets gets misrouted), but we have encountered situations where we take pains to use Help.UNM, keep all of our requests or replies in Help.UNM, and do not receive any response from assigned technical teams for weeks.
As customers, we’d like to have some visibility into what we can expect from the assigned technical teams in terms of response. As noted above, we’d be fine if we got a response like ‘we are researching the issue’ or ‘the assigned technician is out, he or she will get back to you next week.’ But our experience with many requests in Help.UNM is no response from the assigned team – no emails, no calls.
And of course thank you for your previous detailed response,
Chad- This reply was modified 8 years, 9 months ago by ccovey01.
ccovey01ParticipantGrandfathering
“Situations that arise from remediation of security risks or non-standard configurations may still incur a charge even if the change is initiated by UNM Networking.“
It looks like this SLA, as it is now written:
• would allow a customer to lose a business to process to a re-configuration
• would not provide any accommodation to the customer if they did not receive prior notification
• and could leave the customer on the look to pay to fix the break (unintended though it was).
I think we all understand that improvements need to be made, and that those will at times lead to breaks – but perhaps this SLA could make it ironclad in such cases that customers will not be charged, particularly if they’ve already experienced a business disruption?
Cost recovery for a customer’s new requests makes sense, that’s only fair. Networking will likely uncover odd, older configurations, undocumented firewall rules, etc., over time. But what is non-standard now was ‘standard’ at the time, and supported customers’ business processes for what may have been decades, even to this day. In which case, those configurations have become in practice part of the core-service.
I don’t have an answer for this dilemma, but I’m wondering if perhaps a committee or IT Agents should develop some grandfather clause for this SLA that fairly balances Networking’s resources with customers and their longstanding business processes, which are dependent on these ‘non-standard’ configurations? One item that could really help smooth acceptance would be a detailed discussion of the prior notification process in those cases.
- This reply was modified 8 years, 9 months ago by ccovey01.
ccovey01ParticipantDNG
Sean, not sure what DNG is? I couldn’t find it in the catalog
http://it.unm.edu/servicecatalog/results.html?q=DNGccovey01ParticipantMonthly Fees
“If a department needs firewall service that is customized for their area, they will be charged a monthly charge for the dedicated firewall context”
-In the past, most of us were accustomed to one-time charges for discrete work like a firewall change – what other monthly charges will now be possible? The Service Catalog doesn’t seem to reflect the monthly charge http://it.unm.edu/servicecatalog/asset_list.php?type=2&a_id=136
ccovey01ParticipantCharge for Network Access
Sean, thank you for the detailed responses.
-“We would like to point out that while you are not currently charged for ‘network access, that is subject to change”
This seems to allude to some significant changes coming along – would it be possible to schedule meetings with IT UNM and IT Agents to provide a roadmap for these changes?
ccovey01Participant3.2
– could the wider UNM data owner and data steward community be given notification about this SLA and its discussion process? It’s important for this non-IT community to be able to comment on an SLA that directly impacts their processes, and also to see the seriousness of incidents and the clean up process. -
AuthorPosts