Skip to Content

ITPG Meeting Notes 2012-11-15

Printer-friendly versionPrinter-friendly version


John Ajao, Michael Colee, Bill Doering, Doug Drury, Ann Dundon, Bill Koseluk, Dan Lloyd, Elise Meyer, Steve Miley, Bruce Miller, Tom Putnam, Andy Satomi, Kevin Schmidt, Chris Sneathen, Jamie Sonsini, and Heidi Straub

ITPG Meeting Thursday, November 15, 2012 Agenda (Draft)

Informational Items

We celebrated the passage of proposition 30.

Meeting Notes from our last meeting, July 19, 2012 are still in draft form and available for review.

1. CIO Report - Tom Putnam

We are getting our first look at applications for our CISO position today.  The job is open until filled.

Audit is doing an examination of main frame applications to see that we have identified them all. In addition to looking at lists, they are running yet another survey of application usage.  They are working on a draft survey, that will be out soon.  When you respond, don't just say "student system", please be specific about what you are using to get class rosters.

UC Systemwide to do survey of our organizational climate.  Their goal is to determine whether UC is a secure and comfortable place to work.  Each campus will be doing their own version.  The survey will be sent to everyone with an email address on January 23.  The email message will include "Answer the CALL".  This is a legitimate survey. UCOP has hired Rankin & Associates to do the analysis.  It is a long survey so there will be the ability to do the survey in phases.  More information about this effort is available at  There are incentives to complete the survey.

Student Affairs Conversion:  They will still be running jcl jobs to get data out of the system.  An existing user noted that he uses tn3270 to connect to ccnh and then to Star1.  They are doing training now.  There is a go/no go decision date in December.  The current plan is to convert between Christmas and New Year's.  If they are not ready, then the next opportunity is probably summer.  Talk to Student Affairs for more information.  Instructors must turn grades in on time (by 12/19/2012), because they won't be able to do it after and that will impact financial aid.

2. CISO Report – Kevin Schmidt

There was a recent thread about cloud services on the CSF list.  A lot of people would like to use the cloud, and the challenge is that it isn't as easy as saying cloud is good, but you have to prepared to make certain investments, degree of effort up front, look at particular provider and service, look at contractual requirements.  There may be modified agreements via UCOP, some signed for the whole UC and others for just a particular campus.  Can we leverage existing contracts or start from scratch?  There are some contract issues: 1) No indemnification clauses, and 2) depending on data put into cloud, the contract needs to include appendix DS (data security), i.e., this includes language addressing subcontractors in other countries, and investigating breach situations.  How do you intend to use that service provider: different information has different level of permissions, is your intended use compatible with the service.  What are the ongoing care and feeding needs?  Do they need support request conduit or directory integration?  Keep in mind.  A cloud solution may be appropriate.

Members asked: Is there campus policy or guidance on how to go through this?  How can I go through this and be successful with this?

What service do you want to use, how you want to use it, and what is the data?  Kevin would be happy to work with that, and then go through Business Services.

Can we develop best practices?  If someone wants to use Dropbox, can one go to contracts?  They may not be able address FERPA or other use cases.  Can we develop an FAQ?  What issues need to be identified and documented up front?

Basic steps can be identified.  Maybe a flow chart.  Some data sources have their own restrictions, e.g., federal data.  Google Analytics is an example that has a 3rd party indemnification clause.  What is the campus take on Dropbox?  Berkeley is using via Internet 2.  Several campuses have licensed google apps.  Joe Sabado has asked whether it can be extended to UCSB.

As part of FIS, they developed an RFP that addressed outsourcing, maybe one can use that language.  To find it, look on purchasing website.  Try to provide RFP style checklist for cloud services.  The hosting location may also be an issue.  No military data can reside out of country.  Identify factors that need to be identified.  Any documents should be passed by CISO.

An FYI regarding data security plans in order to access research data.  There is often an explicit requirement from the granting agency that there is a data security plan signed off by the CISO.  Kevin has the boilerplate for such a data security plan.  In includes items like, the data can only be on a specific computer, that has no network access, full disk encryption, and physical security of media.  It can be difficult to implement.  And it gets refined for different agencies.  One specified either having a 24 hour guard or monitored alarm of the office, and we asked whether we could use full disk encryption to mitigate that requirement.  We want to try to implement a repeatable cost effective method, and have a single data security plan that explains it.  There are probably a dozen grants that need this.

Jonelle Miller did a training session on PCI for 60 attendees.  It included procedures and required accounts.  .net is an authorized vendor for a single item shopping cart.  Jonelle says to talk to her about your specific situation and she will help you find a solution.

3. Subcommittee Reports

Web Standards and Content Working Group (WSG):

They continue to meet monthly.  Aaron Martin is heading up an effort to do the first extensive remodel and update of The Web Guide since 2008.  At their February meeting they will vote on new leadership.  They will continue as if nothing is going on.  They just had their first workshop on PCI, and they have three more planned for the year.  Possible topics include jquery, HTML, Drupal theming or responsive mobility.

ITPG Communications - Ann Dundon

The group wants to continue to offer as means of communication for whatever comes down the road.  There was discussion about investigating getting access to the most informative talks from UCCSC 2012 at UC Berkeley.  And we discussed the OIST Drupal hosting service.

Identity Management Subcommittee (IdM)

Refer to the web site for current information.

Campus Calendaring/Email (Connect) – Jamie Sonsini

In July 2012, the ITB recommended that the campus should move forward with Office 365, and that OIST will serve as the anchor department for this service.

Jamie presented the powerpoint "Connect - An Update for ITPG".

If you will be involved with supporting Connect for your department, please contact Jamie to be subscribed to the ConnectTech-L mailing list.

Connect accounts will have the address "".  Some accounts will be "All-In", which includes both email and calendaring, others will just have calendaring, and still others will be migrated to their department exchange servers for calendaring.

They will be using CalMover to help with migrations, which was also used by UCI.  Migration should happen over a single weekend

There are several groups associated with this effort, the Connect Governance Group and the Connect Technical Coordination Group.  There have been weekly meetings of the Service Support Group.  There is currently a version 0.9 service description.  For issues, start with the Service Support Group (Administrative Services, OIST & Student Affairs), if technical go to the Technical Coordination Group, if policy, such as, do student employees get Connect accounts, go to the Governance Group.

Office365 is very different from Oracle Calendar, e.g., there are no email reminders.  Recurring meetings are also different.  Moving the students off of the old umail system onto Office365 is underway.  There were  2000 accounts converted as of last night.

PMO Project Reports – Matt Erickson

They have 4 projects underway: FIS, Procurement Gateway, UCPath and Kronos.

FIS: They are doing fit gap sessions.

Gateway: They are getting departments onto the system and providing training.

UCPath: They are working on the conversion to Biweekly Pay.  Transition applications are due 1/10/2013.  There will be a memo going out soon regarding the UCPath center in Riverside.  Maria Ayllon is the PM for UCPath and Kronos.

Kronos: Some departments will begin using it in November.  They will link timekeepers up with mentors.  There will be a training schedule for December adoptees, flyers will be going out, and the website will be going up.  They will be starting an Enews letter.

Discussion Items

1. IT Forums: Near term--obtain and share information on current activities/concerns of campus IT - Doug Drury

Last August Administrative Services hosted a forum to have an open discussion and have Administrative Services communicate things about their IT projects and get feedback.  78 people attended.  The idea is to have these quarterly.  It is time for the next one.  Doug offered to solicit agenda topics, e.g., ITOE status.    This is an opportunity for ITPG to get plugged back into decision process.  Email suggestions by 11/26.  Plan on 20-25 minutes per item.

2. Future of ITPG

  a. IT OE Recommendation - IT Council

  b. ITPG in relation to IT Council

     i. Campus IT coordination/communications functions

     ii. ITPG subcommittees status

3. Annual holiday IT gathering will be December 20th @ 3:00.

4.    Member announcements

ITPG-Nov15.pptx228.78 KB