Duane, Elisha, Greg – thank you for your historical perspectives (which provides context to those of us who are new, or newish to UNM) and for the discussion of opportunities that are ahead of us. I look forward to continuing the discussion of approaches that are available to the UNM community.

Will equity adjustments need to be made to level or raise grade and compensation so that all UNM ITOs are the same?
Would adjustments need to be made for staff under the ITOs?

(Mods – this seemed like it relates to Grace’s question, but I don’t want to hijack the thread, so please move if this needs to be on its own post).

Ryan, thank you for the update on the upcoming standard to be authored collaboratively, that’s a positive development.

Based on follow up comments, the standard appears to pivot more towards security, yet the document as it’s now written seems largely concerned with PC maintenance – would ROI/TCO recommendations and day to day support expectations perhaps live better in another, more general standard that encompasses SPI and non-SPI systems?

• Could an IT Agents or IT UNM meeting be scheduled that discusses dongles, wireless updates, and other plans to secure these systems? It sounds like there are significant changes coming, but I imagine this is the first many of us have heard of them.

• Could we get the definitions for Sensitive and Protected Information (SPI)?

• If a system is not used by students, but also doesn’t access SPI, does this standard apply to it?

• Will these SPI systems need to run WSM images?

• I know this is a recurring theme, but it appears Apple and Linux devices, among many others, would not be allowed to access SPI?

• An Active Directory doesn’t on its own guarantee a secure system – what specific implementations are forthcoming?

o Are there particular group policies or third party software that will be applied to these systems to lock them down? Will something like Software Restriction Policies or Applocker be used, or some other software that allows some software to run, and blocks everything else?

o Those have the potential to block much legitimate academic software used around campus, what testing protocol will be followed prior to software and other enforcements?

o If a department acquires new software and needs it to be unblocked, what is the process, and will there be a chargeback for that request?

• Would users of these SPI systems use one Windows PC to access SPI data, and then have another if they have to travel, do presentations, or if they need to install software as needed?

• What will the communication/change management process look like for these systems? If a group policy or other change blocks legitimate software, breaks printing, or disables an Internet browser for a user, as examples, should a user call C-IT, or their local IT? Will local IT receive prior notification about group policy changes?

o What cost-recovery will apply?

o Will a billing index be required to initiate a ticket?

o What SLAs will apply to support requests in these situations?

• Is an encryption system on the roadmap?

• This reply was modified 7 years, 11 months ago by ccovey01.

Who is Affected by the Standard?

Question – Has this standard been communicated to the approved vendors and manufacturers? It seems like it could affect support expectations, and costs, particularly for leased systems.

Printer Acquisition: Note – First link gets a 404 error.

Printer Equipment Set up and Security: Firmware:
Question – are all approved vendors and manufacturers providing checksum data for verification?

Larger question – if a printer is acquired via the appropriate process under Printer Acquisition, but the vendors or manufacturers don’t provide checksum data or up to date firmware, as examples, what is the audit and remediation process?

• This reply was modified 8 years ago by ccovey01.

TJ,
If a customer does not respond to a request for information in 5 business days, it makes sense to close the ticket – an action which is defined in the SLA. Equally, if an assigned technical team does not respond to a customer’s request, then the customer should see an escalation process – that action is not defined in this SLA, but will benefit everyone with its inclusion. Escalation in this case applies only to no-response situations – we understand fulfillment and resolution can often take longer, and fall within their applicable service SLAs.

Because there will likely be many issues/requests that do *not* have SLAs governing them, this SLA could ensure appropriate response times to avoid potentially orphaned requests. Other SLAs may define their notification processes differently, but customers should have some specific baseline communication process to reference when their request does not fall within a particular SLA. And as all of the new standards and SLAs are built upon the Help Desk and Help.UNM as the gateway for ALL communication – it makes sense for this SLA to define specific, minimum notification limits.

This SLA can work best if it defines appropriate notification to customers, and sensible escalation procedures if the assigned technical team does not respond to customer requests. A benefit of escalation – say there’s a technical issue where teams are simply not getting Help.UNM notifications. If the SLA triggers a direct inquiry to the team and Help Desk personnel automatically, the inquiry would reveal a larger issue with Help.UNM’s messaging functionality. The technical glitch behind a communication breakdown is identified and fixed as a result. Along that line, if the SLA automatically defines escalation and intervention, it also safeguards the relationships that customers, Help Desk, and technical teams share – the SLA can be the ‘bad guy.’

We believe that all UNM customers would benefit from better visibility into who they will work with, and how their requests are being processed, so Law offers the following for the Service Desk SLA review committee:

• Within 1 business day of ticket submission, requestor must receive notification identifying the assigned department (ticket owner)

• The following cycle applies to customer tickets/emails at initiation and at any point after a customer response

-After A business days of no response from UNM IT assigned technician/ticket owner, Help Desk contacts UNM IT assigned technician/ticket owner for update
-After B additional business days of no response, director of assigned UNM IT department contacted by Help Desk for update
-After C days of no response, UNM IT assigned technician/ticket owner and director of assigned UNM IT department receive daily reminders from Help Desk to respond to the ticket
-After D total business days with no response, Incident declared:
— SLA Service Owner contacts UNM IT assigned technician/ticket owner and director of assigned UNM IT department for written response
— Report filed with IT SAC

• All responses – ‘Holds,’ ‘Waiting for Response, ‘Fulfilled,’ ‘Closed due to Resolution’ etc., must provide details explaining the status change for the ticket.

• If customer requests a certain priority, initial ticket response must note actual priority designated, and reason for change from customer request

‘A’ ‘B’ ‘C’ and ‘D’ days we would recommend to be some sensible number for responses.

Thank you – Chad

• This reply was modified 8 years, 1 month ago by ccovey01.

Grandfathering

“Situations that arise from remediation of security risks or non-standard configurations may still incur a charge even if the change is initiated by UNM Networking.“

It looks like this SLA, as it is now written:

• would allow a customer to lose a business to process to a re-configuration

• would not provide any accommodation to the customer if they did not receive prior notification

• and could leave the customer on the look to pay to fix the break (unintended though it was).

I think we all understand that improvements need to be made, and that those will at times lead to breaks – but perhaps this SLA could make it ironclad in such cases that customers will not be charged, particularly if they’ve already experienced a business disruption?

Cost recovery for a customer’s new requests makes sense, that’s only fair. Networking will likely uncover odd, older configurations, undocumented firewall rules, etc., over time. But what is non-standard now was ‘standard’ at the time, and supported customers’ business processes for what may have been decades, even to this day. In which case, those configurations have become in practice part of the core-service.

I don’t have an answer for this dilemma, but I’m wondering if perhaps a committee or IT Agents should develop some grandfather clause for this SLA that fairly balances Networking’s resources with customers and their longstanding business processes, which are dependent on these ‘non-standard’ configurations? One item that could really help smooth acceptance would be a detailed discussion of the prior notification process in those cases.

• This reply was modified 8 years, 1 month ago by ccovey01.

Monthly Fees

“If a department needs firewall service that is customized for their area, they will be charged a monthly charge for the dedicated firewall context”

-In the past, most of us were accustomed to one-time charges for discrete work like a firewall change – what other monthly charges will now be possible? The Service Catalog doesn’t seem to reflect the monthly charge http://it.unm.edu/servicecatalog/asset_list.php?type=2&a_id=136

3.2
– could the wider UNM data owner and data steward community be given notification about this SLA and its discussion process? It’s important for this non-IT community to be able to comment on an SLA that directly impacts their processes, and also to see the seriousness of incidents and the clean up process.