Hi Cindy,

I think there are good arguments for and against centralization, and I don’t believe there is a clear “right” answer. On the other hand, I believe both models are entirely capable of success as long as the community is engaged and involved in making it work and has some sense of common purpose. Given the President’s directive to implement the TIG report and the centralized model it recommends, my personal responsibility is to support that initiative in a way that doesn’t compromise the quality we have delivered over the years.

I have enjoyed the connection to purpose that the decentralized model has provided, and have had the pleasure to work in a very supportive environment with many talented staff who are passionate about serving faculty and students. It is these relationships and connection to mission that have made our technical services meaningful, and it is these qualities that we must preserve to the best of our abilities through the transition.

You make good points in calling out the excellent work that collaborative working groups have accomplished over the years. I am optimistic that these restructuring efforts represent a return to that level of shared engagement on initiatives of mutual benefit, and I am appreciative of Duane and Brian for the extraordinary communication and outreach that they are engaged in to steer us in that direction. The model I see proposed, is actually quite similar to the recommendation that college / academic IT managers and directors gave to Ratnakar when he came to campus.

From what I have seen, the School of Law provides excellent service to its constituency, and has devised ways to meet the differentiated service needs of its faculty and staff. I wouldn’t characterize the School of Law as an area full of problems that need fixing. Rather, I believe that the School of Law has significant expertise and specialized knowledge that it can contribute to the larger organization, and I look forward to working with you all in whatever way my initiatives can align with and support yours. Reporting structures aside, the IT Officer model seems designed to create the kind of collaborative community of technical professionals that you cite, and an extension of the good work that the Academic IT group has been involved in over the summer. From that perspective, I am optimistic.

It is certainly a realistic and pragmatic approach for the School of Law to watch and see how these initial efforts go. I also think that there are real benefits that the School of Law can realize through participation (both informal initial collaboration, and perhaps later integration). One of area of benefit that comes to mind is the access to a greater depth of staffing resources. We have all had the occasion when a critical employee is ill, takes another job, or simply wishes to take some extended leave. One benefit I see from the larger organization is more resiliency in the staffing of our services. The other significant benefit I see is more continuity of services across organizational lines, and more awareness of and alignment between central services and distributed support. More awareness of how the services my team manages align with the greater university needs and initiatives is a good thing.

While there is always room for improvement in all of our areas, there is also much more that is right with what we are doing than the TIG report states. With Central IT in particular, I have seen consistent focus on continuous improvement initiatives, with positive results in many areas. As Duane and Brian have said, we have deep technical expertise on campus with very dedicated employees in all areas. I am looking forward to the opportunities for collaboration and growth as we move ahead. We all have much to learn from each other, and I believe faculty, staff, and students will be the beneficiaries if we do this right.

Elisha

Thanks, Aaron. Great points… I agree that reaching out to the survey committee is a good idea.

I agree that this provision is the responsible thing to do, “Replace or upgrade equipment that cannot provide the setup, data protection, user access and security measures identified in the next sections.” Making that a reality will require new funding allocations or budget models in many departments.

Under Equipment Set up, Integration, and Security, I assume “Windows 8,1” should read “Windows 8.1” Are there best practices documents for Windows 7, OS X, or any specific concerns with Linux?

Simpler processes to support devices that do not regularly connect to the UNM network (offsite, out of town) for KMS would be helpful.

This looks like a good revision to me. Thanks for your work on it.

Scope:

Is there a definition of what “significant” means in the context of how this standard applies?

“Examples of projects includes in the scope of this standards are”

should read:

“Examples of projects included in the scope of this standard are”

“Assess Risk Asses” should read “Assess Risk Assess”

Are the numeric rankings a required part of the project documentation?

Many of the projects we work on have an IT component, but are not primarily IT driven. i.e. an academic initiative may require certain IT support, but the larger context of the project includes training and pedagogy support, curriculum design, reporting and compliance, student service planning, etc. Where do those sorts of projects fall as it relates to this standard?

“At a high level, this plan identifies milestones; at a detailed level, it is a complete work break down structure.”

A complete work break down structure may not be possible for projects with iterative development cycles, extended development timelines, complex dependencies, many unknowns, etc.

How is this standard applied to projects with iterative development cycles?

As an aspirational document, this standard is pretty good. However, achieving that level of documentation and process definition within IT and other parts of the university seems like it would require more project management resources than the university currently has, unless this is applied with a very limited scope. Is it useful to have a standard that only addresses very large projects and does not provide guidance on small to medium ones? If this standard is to be applied more broadly, how will UNM address the cases where a project is needed, but project planning and oversight resources are limited? Cancel the project? Obtain project management support from a central entity? Obtain funding to supplement departmental project management resources?

On the artifact side, the document seems heavy on paper artifacts and formal reports. There are many electronic project management tools available (Jira, Redmine, Basecamp, Trello/Slack…) How would departments prove adherence to the standard for artifacts using these tools?

How does this standard relate to the Virtual Classroom standard or any other Standards and SLAs that will involve application administration, acquisition, and/or development?

Is there a size of application and/or level of application exposure that triggers formal adherence to a Development Life Cycle? Are there specific templates or forms required?

I know the standard says that development philosophies are excluded from the scope, but the outlined process indicates a level of linear formality commonly associated with waterfall development rather than agile approaches. that’s not to say that agile methods should not follow the same lifecycle, it’s more a question of what level of formality is expected.

Under Operation and Maintenance, I agree that at least two-weeks’ notice is preferable when outages are involved. However, there should also be a process for handling an Emergency Request for Change. Perhaps Change Management should be referenced.

Disposition or disposal: end user input is always good. How does this provision apply in the case of product end of life or end of support?

Is there a central repository for the minimum artifacts related to the Application Development Lifecycle? Is there an audit process? How will departments be able to proactively tell if their artifacts are meeting the standard?

Under upgrades, large systems are used continuously, which makes this provision unattainable: “Upgrade or refresh hardware and software during breaks in the semester or business cycle, or when an Application is offline so end-users are not negatively impacted.” Change management processes and minimal disruption principles are encouraged in those instances.

An emergency request for change process should apply here, too.

Under Scope, I’m not sure what “Virtual Classroom Equipment Check Out” refers to. 

Under Technology and upgrades, there was some conversation in the Faculty Senate IT Use Committee about this line:

“Ideally, upgrade technology during semester breaks, when environments are offline or in low use, so that
instruction is minimally impacted. Document exceptions and obtain concurrence of faculty instructors
using the technology.”

It is unclear how departments would generally obtain concurrence of all faculty using a large system, and there is not really a representative body that could provide that input. I suggest changing the second sentence to say something more like, “All proposed exceptions should follow established change control processes such as the IT Change Advisory Board, and faculty and students should be notified in advance of proposed exceptions.”

Under Support, this sentence is a little confusing: “Provide information on obtaining permission from the provider to use or access virtual classroom technologies.”

Do you mean to say, “Provide information on how to obtain permission or access to virtual classroom technologies.” 

The last bullet under Support should just say Collaborate, not Collaborates.

2.1 – “Guest account access for contractors, guest lecturers and visiting scholars;” Do service accounts fall under this category? In an effort to provide more security and enforce end user acceptance of unm policy and privacy responsibilities, we have been migrating some services to the use of the NetID as a login credential. In this case, these are non-UNM entities… they are customers of a service that UNM is providing under contract for the state.

2.1.1
“Setup challenge-response security questions and answers” These end up being nonsensical questions for departmental accounts and difficult answers to remember for regular individuals. What’s my favorite food? That pretty much depends on what I’m hungry for. Could users make their own security questions?

8 – What does pricing and billing mean as it relates to Identity Management?