Office of Learning and Information Technology
CIO Council Meeting
Thursday, July 14, 2005, 8:30-1:00
Reeve Memorial Union Room 201
Attendence: Ed Meachen, Mark Anderson, John Tillman, Chip Eckert, Ann Marie Durso, Elena Pokot, Gary Smith, Leslie Perelman, Jack Duwe, Carrie Regenstein, David Hart, Kathy Pletcher, Doug Wahl, John Berens, Brian Remer, Nancy Crabb, John McCarragher, Dick Cleek.
- Welcome - Dr.Lane Earns, Provost and Vice Chancellor.
- Procurement update – Ruth Anderson (teleconference)
Lori had a baby girl (Audrey)!! Procurement is still missing a director; but plans to backfill for Lori. The Procurement Office is under review. Silver Oaks is close to awarding the first wave of contracts; the second wave is coming soon. IT consultant services extended three months; longer extensions pending. Mandatory IT services contract expected soon. Large contracts (over $1 million or longer than three years) will still go through the RFP process. We will have to clearly document waiver requests resulting in increased administrative costs on campuses. The $200 million statewide procurement savings promise by the Governor is driving these contract changes. Software contract coming soon; we may save a bit on the Microsoft contract. Printer contract also coming soon, but printer purchases are frozen until then. UWS has indicated that this is unacceptable. The Grainger local supplies contract also is problematic.
- Payment Card Security Standards – Jeff Arnold (teleconference)
Business offices are coordinating a security credit card processing review. Compliance is mandatory; validation is optional. Recommending both self assessment validation and third party network security scan ($225 cost). This review requires an adequate firewall on the server handling credit card transactions, not a firewall on the entire network. If you do not process any cardholder information (3rd party does it), you do not need to comply, but a security review is still recommended. All campus external facing IP addresses must be included in any scan. A campus can identify compensating controls in lieu of the recommended control.
Some campuses are currently doing network scans and will adjust accordingly. Campuses should be working towards passing the self assessment and document efforts to do so. Campuses will have much greater problems with business operations and practices that currently utilize credit cards. Many units on campuses collect personal information without the knowledge of the CIOs. Since each campus is unique, a collective system response isn’t feasible. Campuses will report back at the next meeting on their progress.
- Network update – Brian Remer & Ed Meachen
There is very little to update. No meetings are scheduled with DOA staff. Bandwidth issues remain with T1 users (UW Colleges, etc.) due to the BCN delay (pilot now in late September). Seven of the UW Colleges have T1s only and are very problematic for the fall. Dick is pursuing other options. BCN plans to bring up 15-20 sites per day starting in December. The Madison and Superior areas are involved in the pilot. Some sites may pushback from the pilot due to the delay. DOA met yesterday with the ISPs (about six) associated with BCN. DOA laid out a “high level” design for the ISP connectivity. There are still more questions than answers. UWS cannot put in an order for services until we know what’s available.
The BCN governance advisory group is proceeding, independent of DOA; although DOA has a non-voting member. The group will probably have little to do with the BCN roll out, but may be a forum to raise issues. (The next meeting is on July 29th).
We are in negotiation on the issue of the aggregation of bandwidth at the WiscNet pops on the campuses with community area networks and others. Bob Stuessey of DOA will respond back soon.
- Budget discussion – Ed & all
Strategies on what to do with telephony, IT services, printers, general supplies, etc. (telecommunications) will wait until the Governor acts on the budget.
GPR budget reduction projections at this point are about 3% per campus. This does not include the $34 million (another 2.3%) JFC set aside in the current budget proposal. It is uncertain if the Governor can or will veto the set aside. UW System Administration could take a 15% ($1.5 million) cut; most of which would be met by not refilling vacant positions. System wide funds will also be cut $600,000. Classroom and lab mod funds (in campuses base) are protected thus far.
These cuts would necessitate layoffs at many campuses. Most campuses have hiring freezes in place, waiting for the Governor to act. The CBO/Provosts budget working groups will probably recommend a travel reduction, which may affect the CIO group.
- Minimum standards for passwords - Jack & Carrie Regenstein
Increasingly, we are sharing systems that require us to consider our security standards more collectively, and require us to consider raising the minimum security standards. Should we come to some agreement on PW standards system-wide? The group agreed that the CIO Council is the right group to take a leadership security role for shared systems. Developing and implementing policies would be an ongoing process.
The first recommendation is to require: (a) Passwords must be minimally six characters long and include three of these four: 1 uppercase letter, 1 lowercase letter, 1 digit and 1 special character. (b) There are to be no clear-text passwords. [(c) The Urban Legend of the "one-or-two character password" is history.] Campuses could have an equivalent or tighter standard.
A working group of Carrie, Elena, Gary and Ed will bring further recommendations to the group. Some guidelines for frequency of password resets would also be useful. Stricter requirements for critical users may also be considered. Technologies other than passwords will be explored.
- Update on APBS - Ed Meachen & Jack Duwe
The July News Release and Gap Analysis were distributed. Recommendations for each “gap” were listed. UW Madison’s work is still on schedule. Are gaps from the other campuses being met? Issues are being raised by each campus during the APBS campus visits. The Steering Committee is still meeting twice a month.
As a contingency, PeopleSoft HR is being evaluated for functionality and strategic value by a working group that includes Lorie and Tom Scott. Other strategic factors might include adding student payroll, financials and CRM.
On July 27, David Ernst, (10:00 am in Van Hise) will be presenting on the Cal State system. They purchased all from PeopleSoft rather than use best of breed multiple vendors.
The number and scope of interfaces is always an issue. The cost of maintaining these interfaces and future integrations is hard to determine. David Hart noted that Lawson interfaces with PS Student Admin currently do not exist and would have to be developed.
Jack noted the startup of the DOA “IBS” project which will examine the use of ERP systems across state government.
Channel 3 in Madison is airing a piece on the Lawson/APBS project tonight.
- Updates on FirstLogic & E-grade roll out – David Hart
Most campuses are using data cleansing for First Logic, primarily to clean up addresses. The PS v7.6 to PS v8.0 upgrade with First Logic did not go well. First Logic has announced that they probably will not be moving forward with an upgrade for PS v8.9. This could end our relationship with First Logic. David is forming a small working group to explore other options for data cleansing and will have an update next meeting. Exploring an SOA approach may be a strategically good move.
Six campuses asked to be part of the fall rollout for E-grading. Only Whitewater, Milwaukee and Stevens Point will be able to be accommodated at this point. Milwaukee is upgrading to Learn@UW v7.41 soon, so a fourth campus may be added. Oshkosh, Colleges and River Falls are thus next inline. (Madison and Green Bay are already live.) Maintenance of this interface is challenging with the number of D2L patches. We’d like to have D2L improve their testing and roll out (quality control) processes.
- CIO retreat planning – Ed Meachen
It was agreed that a January (12/13th timeframe) retreat (with one or two major discussion issues) would be valuable. A possible theme of an overall system-wide IT vision development exercise was suggested. Planning for the future; assessing IT value; bench marking discussion, ERP strategies, how we use technology in higher ed, etc., might all be part of that vision development. It might also include a visionary speaker or two, e.g., Don Norris, Richard Katz, Peter Alterman, Tom Friedman (“The World is Flat”) or Brian Hawkins. We’d like a person that will help us think “out of the box”.
- Next Meeting: Thursday, August 18, 2005 (ONE WEEK LATER!)
- THANKS and BEST WISHES to our host, John Berens!!
“Secretary for a Day”