• IT Governance Structure
  • ITGC
  • CIO Group
  • ASAC
  • AISB
• RFC Process

Minutes: CIO Group

December 20, 2007

ATTENDEES: Randy Lopez; Jon Showstack; Opinder Bawa; Karen Butter; Heidi Schmidt

GUEST: Carl Tianen

ABSENT: Larry Lotenero; David Rein

__________________________________________________________________

IAM

Randy Lopez reported on the first Identity & Access Management (IAM) Steering Committee meeting, held December 5. Karen Butter requested a copy of the meeting minutes, which Heidi Schmidt will provide. There was a brief discussion about phasing, timelines and resources.

        ACTION ITEM: Heidi will arrange for IAM Steering Committee meeting minutes (also available on the IAM SharePoint site) to be routinely distributed to the CIO Group.

Policies

Security Policies

Jon Showstack confirmed the two security policies presented to the CIO Group in October were approved. Heidi Schmidt asked if the policies were distributed for public comment prior to being presented to the CIO Group and Randy Lopez stated they were.

        PROPOSED: For policies involving infrastructure and architecture, the CIO Group will be the ratifying body. The IT Governance Committee will be informed of CIO Group decisions. 

The IT Governance Committee will inform the CIO Group if it has significant concerns about policies approved by the CIO Group. Randy said he would present this proposed process to the IT Governance Committee in January. 

Password Standard

Carl Tianen presented details (attached) of the password standard agreed upon by OAAIS, the School of Medicine and the Medical Center. OAAIS will implement the standard for the Campus Active Directory domain. The Medical Center will implement the standard where possible – some legacy systems will not support it.

        ACTION ITEM: In January, OAAIS will issue messages to Exchange subscribers and Admin-L indicating OAAIS, the School of Medicine and the Medical Center have agreed on a single password standard. The messages will provide a link to updated information about the password standard on the OAAIS web site.

        ACTION ITEM: Heidi will ask Kraig Kluba to determine the technical implications of switching from the original 90-day password aging process to 180-day aging.

Governance

Randy will distribute a diagram of the proposed governance structure to the CIO Group before the January IT Governance Committee meeting. Further discussion of IT governance was deferred due to time constraints.

Other Items

Karen described problems the Library has encountered in implementing proximity card access for the student computing labs. Randy suggested they continue the discussion off-line.

Adjournment

Recorder: H. A. Jah