Thanks for the comments.  There has been a significant change to this standard from the original post.  The changes to the new standard emphasize the requirements for UNM owned devices that access sensitive, protected data.  We’ve shortened the security standard from a 200 page FBI document to a two page document vetted by Security.  AN enterprise antivirus/antimalware that is managed is part of security requirements.  If departments choose to use something else for computers accessed only by students, this standard doesn’t apply in that situation. The lifecycle of equipment is a recommendation not a must have.  Operating systems will dictate hardware requirements as they go end of life. 

As for AD authentication, yes there will be necessary hardware- such as dongals, to attach to the wired network.  We are working the AD authentication through wireless so the hardware won’t be necessary at some point.  Joining the colleges domain is the first level of security for those of us who have access to protected, confidential data.  For those those situations that require equipment that communicates to an EOL operating syste and need  to be attached to network – let’s talk.  risk assessment for the potential of data loss would be assessed.  As well as cost to upgrade equipment or related software would be part of that assessment. 

The goal of this standard is to ensure we have appropriate security around different types of data.  For compliance, that has yet to be determined.  At a minimum, devices that do not meet the standard may be denied access to highly confidential, protected data.

UNM IT does have a SLA for manged workstations.  Since this is a supplemental service, the standard is up for review and comment.  It is based on the SLA we provide customers who are part of the managed ws program.  As for antivirus/anti malware, the solution offered by UNM IT is a managed solution that works with Windows, Mac and Linux operating systems.  This is preferable over windows defender that is not managed and only works with a specific OS. UNM IT is working to open up AD ports to the wireless network.  As for grouping devices such as classroom computers, printers, etc – we originally thought it might work that way.  We felt it was better to call out UNM owned workstations as a separate standard because these are the devices that UNM employees would use to access protected data.    This standard, as much as possible, is focusing on preventing data loss through UNM owned devices. Of course, this is just one level of security to keep data protected.  

In regard to compliance, the compliance process is under development.  In my opinion, some of the standards would benefit more from a maturity level assessment of compliance than from a true/false compliance.  Additionally, as security standards are being discussed and developed, people using devices to access protected data will be required to follow appropriate standards.  

Chad — Hi, sorry for not responding earlier to your comments. I am trying to review all comments related to customer service!  Please, at anytime you are not receiving appropriate communication or timely services, feel free to reach out to me.  I will do my best to get things moving!

Chad –

I certainly appreciate the effort you’ve taken to craft this response. You have identified areas for process improvement which I am always open to incorporating into our efforts.

In regard to customers not responding when details are requested, a great majority either have their problem resolved or there is a separate process followed in their department. For example, only the UH Communications group can submit incidents related to phones for hospital customers. UH Communications tries to solve the issue first before calling UNM IT. I would say escalating to department heads for non responsive customer would not add value. I do agree that is appropriate to escalate when UNM IT is unresponsive. For those types of issues, there is an escalation section in the SLA. Here at UNM IT, we are have conversations about response times and communication to the customers. We understand the importance and strive to improve in those areas. Thanks again for your feedback.

Thanks for the comments Chad. In reading the SLA and the section you’ve pointed out, we are referring to functional escalation. Escalation might not be the right word to convey our meaning. This bullet refers to assigning tasks to teams beyond the Service Desk for resolution or fulfillment.
UNM IT is working hard to provide information to the Service Desk in order that they may resolve issues much faster to minimize functional escalation. We are focused on first contact resolution rates – resolving more at the Service Desk. Obviously there are issues the Service Desk cannot resolve and must be assigned (escalated) to a technical team. We will reword that bullet to better reflect what we are trying to achieve.
As for closing tickets after five days, we attempt to contact the customer multiple times – at a minimum two to three times before the ticket is closed. A majority of the time, the customer calls in and doesn’t have enough information or realizes there is an alternative process. They do not call back to say all is well as they are aware tickets are automatically closed. We send emails to inform them that we need more details or ticket will be closed.
We do provide communication to customers when ticket status or priority changes – there is always room for improvement in this area.