UIT Makes Progress on Multi-Year Initiatives
University IT (UIT) set out to tackle a host of important milestones during performance year 2016 (PY16), which extended from May 2015 to April 2016.
“University IT staff expended tremendous effort and made great strides towards furthering its strategic goals this year,” said Randy Livingston, Vice President for Business Affairs. “While the progress was significant, we didn’t accomplish everything we set out to do and are eager to make additional progress in the coming year.”
UIT's highest priority initiatives during PY16 were:
- Email and Calendar Implementation (Office 365)
- IT Service Management Program (Remedy Replacement)
- Integrated Identity and Access Management
- Oracle Upgrade
- Information Security and Privacy
These programs impacted significant portions of the campus community. We recognize and thank our partners across the campus for their continued support and contributions towards implementing these important priorities.
Details of progress made in PY16 for each of these initiatives — which for many includes work that spans multiple years — are outlined below.
Email and calendar
This project completed the migration of more than 40,000 faculty, staff, and student email and calendar accounts to Office 365 in the cloud. The September 2015 University IT Newsletter provides additional details about the results of the implementation.
IT service management program
This program aims to significantly improve our clients' end-to-end experience with our services through a series of service management initiatives that span multiple years.
The March 2016 University IT Newsletter highlights this project’s progress including work to redesign the service catalog, to define business requirements for the new system, and to establish the implementation roadmap. The most up-to-date information about the project and its plans are available on the ServiceNow website.
Integrated identity and access management
This initiative aims to upgrade and modernize Stanford’s identity and access management systems and services. In particular, it focuses on accounts sponsorship and web authentication, known by many around campus as WebAuth.
The accounts sponsorship deliverables this past year included updates to the eligibility requirements for sponsored accounts and the sponsorship process with respect to access to network assets and licensed content; and the implementation of system controls to enforce new requirements. The results also included a new approach and project plan to update the web authentication infrastructure.
This initiative aims to upgrade to the latest version 12.2.4 of Oracle e-Business suite. While primarily a technical upgrade, this project will also explore what additional improvements upgrading the software can make.
The initial, completed phases focused on analyzing how best to leverage the new functionality of the version upgrade to meet Stanford’s needs. The implementation phase of the project was deferred from performance year 2016 to 2017.
Information security and privacy
This initiative consists of eight subgoals, which together aim to improve the university’s posture with respect to information security risk.
These subgoals and their completion status during PY16 are as follows:
- Implement endpoint encryption — exceeded this year’s 67 percent completion milestone; deployed enhanced Endpoint Compliance Management System and My Devices portal; compliance outreach continues
- Deploy Microsoft anti-malware in place of Sophos — made SCEP and EMET tools available and automatically converted all Sophos installations where possible
- Validate merchant compliance with credit card information standards — validated that Stanford merchants comply with Payment Card Industry Data Security Standards (PCI DSS) version 3.1 and provide infrastructure and recommendations to support that compliance
- Promulgate server and application security minimum security standards — deployed and promoted supporting information security services, but did not achieve adoption targets; compliance goals to focus on High Risk systems and data in year ahead
- Complete Windows 2003 server remediation — wherever possible, upgraded servers running Windows 2003 server to a later operating system
- Delivered Information Security Academy — 409 of 800 eligible IT staff completed training, which was offered multiple times during the year
- Enhance information security end user educational videos — updated new hire security video; work on additional security videos in progress
- Update and publish Admin Guide memo for Computer and Network Security — under continued discussion between the Faculty Committee on IT Privacy and the Office of the General Counsel
The bigger picture
University IT’s priority goals are part of a bigger picture. As one of the major organizations within Business Affairs, University IT is responsible for leading about one-third of the principal Business Affairs initiatives each year. These initiatives support the Business Affairs vision to ensure the university’s administration is seamless and efficient to enable and support teaching, learning and research.
To get a sense of how University IT goals plug into Business Affairs initiatives, view a complete list of the performance year 2016 principal initiatives of Business Affairs.