Committee meeting - August 22, 2013

Meltem Kurtman
Acting Secretary to the Committee
August 29, 2013

Present:

Dave Wallace (Chair), Meltem Kurtman (Secretary), Bob Hicks, Dawn Keenan, Dave Kibble, Robyn Landers, Bill Ince, Paul Miskovsky, Carl Nagel, Jason Testart

Regrets:

Bill Baer, Bruce Campbell, Andrea Chappell, Marko Dumancic, Erick Engelke, Terry Stewart


Agenda

  1. Chair’s remarks (Dave Wallace, Chair) [1:30pm-1:40pm]
  2. Approval of the minutes of the meeting of August 8, 2013 and business arising [1:40pm-1:50pm]
  3. Privacy and Security Impact Assessment (PSIA) (Jason Testart) [1:50-2:10pm]
  4. IT Strategy, Enterprise Architecture, and Organize for Success update (Andrea Chappell, Dave Wallace, Bob Hicks) [2:10-2:20pm]
  5. Updates (2:20-2:40pm; Various)
    • Email (Bruce Campbell)
    • Active Directory (Bruce Campbell)
    • Green IT (Marko Dumancic)
    • IT security (Jason Testart)
    • Campus Firewall Project (Bruce Campbell)
    • Student Printing (Bill Baer)
  6. Other business (2:40-3:00pm)
  7. Next Computing Technology and Services Committee (CTSC) meeting
    [Will be held Thursday, September 5, 2013, at 1:30 p.m., in Mathematics & Computing building (MC) 2018A.]

Chair's remarks (Dave Wallace)

Preparations are underway for the next term to progress on the IT Strategic Plan. In particular, Andrea Chappell and Dave Kibble will work on the Governance piece of the IT Strategic Plan. An Administration Information Management Committee is starting; it will be chaired by Logan Atkinson and Dave Wallace.

Approval of the minutes of the meeting of August 8, 2012, and business arising

The minutes of the meeting of August 8, 2013 were approved as distributed.

Privacy & Security Impact Assessment (PSIA) (Jason Testart)

Testart distributed a document prior to the meeting and talked about the following:

  • The purpose of PSIA
  • Which projects in the future would require a PSIA
  • Roles
  • Getting Started

A lot of the drivers for this project were the cloud. We are now seeing other projects where we need to do PSIA. An example of this is a certain researcher who has to be compliant by a set of requirements. A lot of this is coming out in the last couple of years. Researchers did not do this themselves. A major benefit of this exercise is that if the information is documented, it puts everyone on the same page. This is a plus for the federated model of IT. Emails present a particular issue. Education is a big part of this. What is private information? IT people are Stewards of information. PSIA points out issues and what to do about them.

Comment and discussion

  • Collecting data for one thing and using it for something else could be problematic.
  • The nature of the project will dictate how far we test it for security. If you are dealing with public data, then you do not need to make it extremely secure.
  • Are there things project people can do ahead of time so that when they get to Karen Jack, it would be a matter of confirmation? Can see a problem with funneling when a lot of projects get underway.
    • That would depend on the project and the area. A certain area might have documentation already and use that; or it may be a small area and they have to start from scratch.
    • Once we do a few of these, we will be in a better position to advise people on how to do the security test.
    • People will need help to complete the forms. Suggestion was made to have a staff member, from Dave Kibble’s group, brought up to speed and help with PSIA.
  • Every project should have a documented plan so that when questions are asked people can be referred to that specific Section of the plan.
  • Suggestion was made to start collecting examples.
  • Comment was made that the beginning of this document looks like it is only for IT, but farther down in the document it talks about Researchers.
    • Testart noted the comment and will make the necessary revision.
  • The timeline of the PSIA is over the next few weeks. It will be implemented in the fall.
  • Testart will report back on the status of the PSIA project in early October, with Online Expense forms and the Student Portal as examples.

IT Strategic Plan and Organize for Success update (Dave Wallace, Dave Kibble)

There will be an audit in which Deloitte will review the approach used and the results from the University’s IT Strategic Plan Project. They will interview about fifteen people. The focus will be on the effectiveness of the activities undertaken for the development and ongoing maintenance of the IT Strategic Plan and provide input into an approach to maintaining a sustainable plan in the future.

The Daily Bulletin reported an update on the Organize for Success. Things are running on schedule. Wallace had meetings with Carlos Mendes and Gail Spencer, representatives from the University of Waterloo Staff Association (UWSA).

There is a workshop scheduled for this Monday for IST management to discuss both of the above in relation to Information Systems & Technology (IST) annual plan for 2013/14.

Updates

Email (Dave Wallace for Bruce Campbell)

More memory was added to servers to improve the performance of the mail services; testing continues.

Active Directory (Dave Wallace for Bruce Campbell)

AD Consolidation project is on schedule.

Green IT (Marko Dumancic)

No report as Marko is away on vacation.

IT security (Jason Testart)

Desire2Learn (D2L) had issues updating Central Authentication System (CAS); spent some time on this. Want to enable some features. Single sign on is the direction we want to take.

Campus Firewall (Dave Wallace for Bruce Campbell)

Bruce Campbell is working on this.

Student Printing (Bob Hicks for Bill Baer)

A vendor has been selected. Hicks will share more information by email.

Other business

Risk Management Framework (Dave Wallace)

The University is developing a risk management framework.

Excellence Canada (Dave Wallace)

The University has chosen Excellence Canada, as a result of the Staff Lifecycle initiative led by Bruce Mitchell and Terry McMahon. Excellence Canada is a progressive quality assurance network. There are four levels. Overall it builds continuity in an organization. Dave Kibble will assist Dave Wallace in starting this project which will be handed off to an Academic Support Group in the future. For now, IST is leading the initial stage at the request of the Vice President (VP), Academic and Provost.

Disaster Recovery (Paul Miskovsky)

Science had a near-flood in their computer room (which includes Shared Hierarchical Academic Research Computing Network (SHARCNET) servers, Science and IST servers) when a storm drain flooded earlier this summer. More recently, there was a major failure of the air conditioning chillers. Miskovsky, working with Plant Operations, was able to stabilize the temperature at 35 degrees Celsius. When such incidents happen, people must be notified. We need to have a strategy to communicate with people in real time. Miskovsky asked for a contact name in IST in case of such emergencies in the future. A follow-up with Bruce Campbell will be done next week.


Next meeting

The next meeting will be held on September 5, 2013, at 1:30pm, in MC 2018A.