First Reading of IT Investment Policy

 

Background

 

The university, at every level, recognizes the need to manage technology efficiently.  The Board of regents recognized the need for information technology oversight for the system through approval of the Chief Information Technology Officer policy (P02.02.07) in April, 2003.

 

The university system, like every higher education system, is a distributed operation.  However, the infrastructure of information technology to facilitate the university mission crosses all boundaries in the system.  One security hole from one computer can be a threat to the entire system.  The university will never have complete homogeneity of software applications, not should it.  At the same time there is a management cost to pay with multiple applications that provide essentially the same functions.  There can be incompatibilities with multiple applications that are installed without sufficient consideration of existing technology infrastructure.

 

Often, contracts for software or services are entered into without regard to:

 

·  how it may impact the overall university IT architecture;

·  what other systems may already be in place that may provide the same functions;

·  how the system will be maintained after the initial capital investment or external funding is consumed;

·  whether the new system or service meets established university standards.

 

For the most part these investments are made and contracts entered into for good purposes and with no intent to circumvent existing procedures or systems.  The procurement offices make sure these contracts are within the boundaries of all procurement law and regulation and try to coordinate when possible with central IT offices at the campus or system level.  The system wide CITO office has worked with general counsel’s office to make sure all significant IT contracts are reviewed by both offices prior to signing; however, this is a voluntary effort and wholly dependent on the current individuals in place across the system.  It is a not infrequent occurrence for one department or campus or MAU to make a software purchase and after the fact ask if any other units might be interested in making use of the application.  That discussion needs to take place before a contract is signed, in fact, before the RFP is let, so there can be a full examination of a possible consolidated contract providing potential cost savings in the license and on-going support, not to mention advantages of adhering to a standard.

 

The procurement process does monitor purchases but may not be aware of the impact of particular information technology acquisitions on existing IT systems or services.  Generally campuses try to monitor these IT investments as do the MAUs as does the statewide office, but the procedures are not uniform and there is no overall policy or regulation that requires such oversight. 

 

The CITO policy implies such oversight but does not clearly state it.  The wording of the draft policy for IT investment clarifies the need for review and approval of IT purchases.  It does not prescribe how that should take place, but places responsibility for it in the office of the CITO.  As a practical matter, in most cases, this would be delegated to the appropriate level for action and allow each campus and major academic unit to adopt best practices that fit its environment so long as those are consistent with overall university IT standards.

 

The draft policy also addresses the need for academic and research departments to acquire information technology to meet special, unique needs for their instruction or research needs. 

 

The draft policy language would add two sentences to the Chief Information Technology Officer policy (P02.02.07). 

 

 

 The CITO shall make sure procedures are in place at the appropriate level for suitable review and approval of investments in information systems and contracts for information and telecommunications services to ensure that investments are aligned with board approved strategic plans.  Review and approval should be balanced with reasonable latitude for information technology acquisitions to meet unique research and academic needs.