Work has been done and progress has been made in developing a plan and strategy that is identifying and will recommend an infrastructure(s) for storing, managing, and accessing research data. This plan and strategy includes using cloud-based service providers. CITS has worked diligently with Strategic Sourcing and Acquisition Services to establish contracts with Microsoft Corporation (Azure Cloud Infrastructure); Oracle Corporation (Oracle Infrastructure and Platform as a Service); and Amazon (Amazon Web Infrastructure Services). These contracts are the building blocks needed to leverage cloud infrastructure services for storing, managing, and accessing research data. The plan and strategy will be finalized in FY 2019, which will include the use of cloud-based services and on-campus computing infrastructure resources and services.

Background and Rationale

• Data are the lifeblood of research.
• Federal agencies regard data as a commodity to be obtained, stored securely, managed, made accessible, and used as an essential part of the grant submission and publication processes.
• Research data management policy and strategy needed at UMB.

Operational Approach

• Universitywide team developed a research data management policy that was approved in May 2017.
• A second Universitywide team is being formed that will discuss strategies and recommend an IT infrastructure(s) for storing, managing, and accessing research data.

Implementation Status

Universitywide team developed a research data management policy that was approved in May 2017.

Next Steps

Another Universitywide team will discuss strategies and recommend an IT infrastructure(s) for storing, managing, and accessing research data. 

A comprehensive and overarching policy for research data management was developed and approved, which includes the elements of data acquisition, custody, retention, access, security, and the transfer of data. The next step this coming year is the formation of a working group that would make a recommendation(s) regarding the preferred IT infrastructure(s) for storing, managing, and accessing research data.

A University team led by M.J. Tooey and composed of IT Stakeholders Committee members, faculty, and staff developed a draft research data management policy. The draft policy was reviewed by many people, including research faculty, associate deans for research, etc. The policy had a final review by the Policy Oversight group and the Executive Cabinet and was approved as a UMB policy and signed by President Perman on May 4, 2017. The policy can be found here.

Health science and human service research generates large quantities of data.  Federal agencies such as the NSF and NIH increasingly look at data as a commodity to be obtained, described, managed, secured, curated, archived, made accessible and used as an essential part of the grant submission and publication processes. Failure to comply with data requirements from these agencies could result in denial of initial funding or renewal of funding.  A cohesive and coherent research data management policy and strategy needs to be developed and institutionally adopted at UMB.

Current Status:

Initiative objectives include:

1A Establishing a high-level University team to identify issues upon which to base a

comprehensive University-wide data management policy and plan.

A University task force was formed; membership is comprised of:  M.J. Tooey, HS/HSL, Convener; Julie Doherty, Human Research Protections Office; Jay Magaziner, School of Medicine; Arthur Rose, Office of the General Counsel; Peter Swaan, School of Pharmacy; Kate Tracy, School of Medicine; and Allison Watkins, Office of Accountability and Compliance.

1B Developing a comprehensive and overarching policy for research data management.  The

following were necessary to accomplish this goal:

• Reviewing and understanding current relevant funding agency requirements for data management;
• Reviewing policies from other institutions to determine best practices in policies related to research data management;
• Analyzing trends in growth and future advances of research data management;
• Developing and recommending a University-wide research data management policy.

In the summer of 2015, the Research Data Management taskforce began the work of developing a policy providing a general statement regarding the collection, storage, use, and reuse of research data. A draft statement was developed after review of government and other academic institutional policies. It was reviewed extensively by the task force during the first quarter of 2016. The draft was shared with the IT Stakeholder Committee at the April 2016 meeting.  Additional modifications to the policy have been made since spring 2016 based on feedback from the community of researchers and research deans, and the Chief Academic and Research Officer and Senior Vice President.

Next Steps:

Next steps include a final review and approval of the draft policy by the UMB Policy Committee and the Executive Cabinet.

Health science and human service research generates large quantities of data.  Federal agencies such as the NSF and NIH increasingly look at data as a commodity to be obtained, described, managed, secured, curated, archived, made accessible and used as an essential part of the grant submission and publication processes. Failure to comply with data requirements from these agencies could result in denial of initial funding or renewal of funding.  A cohesive and coherent research data management policy and strategy needs to be developed and institutionally adopted at UMB.

Current Status:

Initiative objectives include:

1A Establishing a high-level University team to identify issues upon which to base a

comprehensive University-wide data management policy and plan.

A University task force was formed; membership is comprised of:  M.J. Tooey, HS/HSL, Convener; Julie Doherty, Human Research Protections Office; Jay Magaziner, School of Medicine; Arthur Rose, Office of the General Counsel; Peter Swaan, School of Pharmacy; Kate Tracy, School of Medicine; and Allison Watkins, Office of Accountability and Compliance.

1B Developing a comprehensive and overarching policy for research data management.  The

following were necessary to accomplish this goal:

• Reviewing and understanding current relevant funding agency requirements for data management;
• Reviewing policies from other institutions to determine best practices in policies related to research data management;
• Analyzing trends in growth and future advances of research data management;
• Developing and recommending a University-wide research data management policy.

In the summer of 2015, the Research Data Management taskforce began the work of developing a policy providing a general statement regarding the collection, storage, use, and reuse of research data. A draft statement was developed after review of government and other academic institutional policies. It was reviewed extensively by the task force during the first quarter of 2016. The draft was shared with the IT Stakeholder Committee at the April 2016 meeting.  Additional modifications to the policy have been made since spring 2016 based on feedback from the community of researchers and research deans.

Next Steps:

Next steps include a final review and approval of the draft policy by the UMB Policy Committee and the Executive Cabinet.

Strategy

Data are the lifeblood of research. Federal Agencies increasingly look at data as a commodity to be obtained, described, managed, secured, curated, archived, made accessible and used as an essential part of the grant submission and publication processes.  A data management policy and strategy needs to be developed at UMB.

Initiative Objectives

1. A university-wide team will develop a data management policy and plan which includes the acquisition, custody, storage, retention, access management and security as well as transfer of research data, data analytics and reporting.
2. A data management team will recommend an infrastructure for storing, managing, and accessing data.

Current Status

The Research Data Management Policy Statement Work Group has developed a first draft of a policy for review.

Objective One: Research Data Management Policy Development

1A     Establish a high-level university team to identify issues upon which to base a comprehensive, University-wide data management policy and plan.

1B    Develop a comprehensive and overarching policy for data management.  The following are necessary to accomplish this goal:

• Review and understand current relevant funding agency requirements for data management;
• Review policies from other institutions to determine best practices in policies related to data management;
• Analyze trends in growth and future advances of data management;
• Develop and recommend university-wide data management policies; and
• Elements of this plan would include but not be limited to the acquisition, custody, retention, access, security, and transfer of research data.
• The Data Management Policy Statement Work Group has met twice this fall.
• The project work plan and scope has been reviewed and relevant documents/articles shared, including policies from other institutions.
• Skip Rose offered to write the policy due to his familiarity with UMB policies.  He has reviewed policies from other institutions, identified key elements for inclusion, and listed additional questions needing to be answered, primarily by the IRB.
• Alison Watkins will be looking at other groups at UMB that might have relevant policies.
• We have determined this will take longer than we originally thought to complete; additional time will be needed.
• Our next meeting is scheduled for January 8^th and Julie Doherty of the IRB will be in attendance to answer some of our IRB questions. She may be asked to join the group.

The Data Management Policy group will have its first meeting on Friday, September 18, at 1:00.

Members of the group include:

Jay Magaziner

Skip Rose

Peter Swaan

M.J. Tooey - Convener

Kate Tracy

Alison Watkins

For the first meeting we will review the plan and discuss the task at hand.  Relevant documents and articles will be shared with the group. 

Tasks:

1. Discuss the project and scope
2. Figure out how to identify what already exists or is being developed regarding data at UMB that can be linked to our document.
3. Write policy
4. Goal – completion by December

Dr. Jarrell has asked that we keep Jon-Mark Hirshon’s work regarding ethics and data in mind as we move forward.  Kate Tracy serves on both groups and will keep us informed.

Data are the lifeblood of research. Health science and human service research generates large quantities of data.  Federal agencies such as the NSF and NIH increasingly look at data as a commodity to be obtained, described, managed, secured, curated, archived, made accessible and used as an essential part of the grant submission and publication processes. Failure to comply with data requirements from these agencies could result in denial of initial funding or renewal of funding.  A cohesive and coherent data management policy and strategy needs to be developed, centralized, and institutionally accepted at UMB.

The university policy will be developed first.  There could be some overlap in the completion of the two objectives.  A project timeline with milestones for completion will be developed and presented for approval.  With university commitment to the projects and with regular committee and subcommittee meetings, the project should take two-three years.

The Data Management Policy group had its first meeting on Friday, September 18, at 1:00.

Objective One: Data Management Policy Development

1A Establish a high-level university team to identify issues upon which to base a comprehensive,  University-wide data management policy and plan.

1B Develop a comprehensive and overarching policy for data management.  The following are necessary to accomplish this goal:

• Review and understand current relevant funding agency requirements for data management;
• Review policies from other institutions to determine best practices in policies related to data management;
• Analyze trends in growth and future advances of data management;
• Develop and recommend university-wide data management policies; and
• Elements of this plan would include but not be limited to the acquisition, custody, retention, access, security, and transfer of research data.

Objective Two:  Building on the data management policy, recommend infrastructure(s) for storing, managing and accessing data. 

This would require a different team than Objective One requiring expertise in data storage and access including the identification of technical and legal issues.  This team would be composed of representatives from CITS, IT departments in schools and major units, the HS/HSL, the Research Harbor, and the CHIB.

Objective Two includes:

• Discover and recommend a variety of appropriate options for data storage and management for the UMB research community. These options could include local data storage, national repositories, and “Cloud” storage (e.g. Box.com, Dropbox, Microsoft OneDrive, Amazon Web Services, etc.), which comply with government and legal guidelines and the UMB data management policy for data storage and access and which are easy to use by the UMB community of scientists and educators.
• Make a recommendation regarding the inclusion of UMMC/UMMS in a shared data management vision for UMB.
• Investigate potential for an MPower project identifying the pros and cons of creating a shared data storage infrastructure between UMB and UMCP.  Consider the addition of Johns Hopkins and the involvement of BioMaryland.
• Identify and recommend local data management support projects such as data management plan writing, training, and the Research HARBOR portal.
• Recommend strategies for an aggregated approach to access to datasets available nationally and locally.
• Recommend the infrastructure necessary to provide oversight and sustain high-level data management compliance with federal regulations for security and confidentiality.
• Insure compliance with national mandates and provide secure access to data.
• Identify personnel and infrastructure costs and develop a cost proposal associated with recommended strategies.

This project requires the following:

• High-level university and school-based support for the project;
• Appointment of the appropriate development and implementation teams;
• Financial support for site visits to universities who have implemented data management systems;
• Marketing and education support for policy compliance;
• Information regarding data management options at UMB; and
• Funding for implementation and sustainability of the project.

As part of the IT Stakeholder Initiative “Expanding Resources for Faculty Teaching and Learning with Technology and Enhancing Skills of Faculty and Providing Tools to Incorporate Technology in Teaching,” a committee of faculty with representation from each of the UMB schools has been meeting regularly during FY 2018 to share information and discuss strategies related to professional development and the innovative uses of technology in teaching. An event titled “Teaching with Technology: Engaging Students” was held May 24, 2018, for the purpose of expanding interest and building faculty expertise in teaching with technology. The keynote speaker was M.J. Bishop, director of the William E. Kirwan Center for Academic Innovation and Director of the University System of Maryland’s Center for Academic Innovation, who kicked off the day-long event. Presentations and discussions of effective methods for teaching online courses/classes were included in the program.

The faculty committee, which is a sub-group of the UMB IT Stakeholder Committee, has prepared a report of recommendations identifying strategies for professional development and the promotion of innovative uses of technology in teaching and scholarship within and across schools and programs. Their recommendations are:

1. Seek resources to sustain an Annual UMB Teaching with Technology Conference.
2. Leverage and promote professional development activities that are occurring in the schools, e.g. Nursing, Social Work, and Pharmacy have notable initiatives in professional development. These sessions are typically sparsely attended, yet highly valued.
3. Establish a campus website dedicated to Teaching with Technology. It would offer a platform for sharing innovative uses of technology at UMB; the dissemination of information about educational offerings and initiatives occurring in individual UMB schools; and enhance the communication of teaching with technology resources to all UMB schools. Likewise, a library of “how-to” resources (e.g., videos and other media) could allow for easy online access when a centralized Center for Educational Initiatives is not available. 
4. Establish a centralized campus Center for Educational Initiatives to conserve valuable technology faculty and staff resources. Ideally, this center also might serve as a “drop-in” consultation resource for faculty and staff. This center would be interprofessional and allow for greater faculty/technology staff interaction and sharing of expertise. Resources for instructional design as well as resources for regular webinars and other learning experiences would need to be available to make such a center viable. Regularly scheduled lunchtime table talks at this center would provide an opportunity for informal learning experiences for faculty and staff and could easily be expanded to include UMB students.
5. At the level of UMB schools, encourage greater emphasis on faculty-IT staff interaction as well as visibility of scholarly work. The faculty committee encourages greater recognition of scholarly work involving aspects of teaching with technology as well as multiple aspects of teaching and learning. For example, such accomplishments should receive greater recognition in school and campus publications. 
6. Encourage UMB schools to incorporate scholarly work related to teaching with technology into their APT criteria so that such activities become visible and valuable contributions within schools and across UMB. 

Status

Next Steps

Implementation Status

Faculty representing each of the UMB schools have been meeting to share information and discuss strategies related to the use of technology in teaching.

Next Steps

A workshop is scheduled for May 24, 2018 for the purpose of expanding interest and building faculty expertise in teaching with technology. Presentations and discussions of effective methods for teaching online courses/classes will be included in the workshop program.

A group of faculty representing all of the UMB schools has been meeting monthly to share information and discuss strategies related to the use of technology in teaching. The group is planning a daylong workshop in spring 2018 for the purpose of expanding interest and building faculty expertise in teaching with technology. Presentations and discussions of effective methods for teaching online courses/classes would be included in the workshop program.  

A group of faculty from UMB schools has been meeting on a regular basis, and members are: Louise S. Jenkins, School of Nursing, group leader; Kathleen Buckley, School of Nursing; Nancy Lowitt, School of Medicine; Kathryn Collins, School of Social Work; James Craig, School of Dentistry; Karen Czapansky, School of Law; Andrew Coop, School of Pharmacy; Larissa Odessky, Graduate School; and Oksana Mishler, School of Dentistry for the Faculty Senate. The group is examining strategies to disseminate information campuswide related to the use of technology in teaching. It also is exploring the idea of offering an online workshop to expand interest and build faculty expertise in teaching with technology.

This initiative seeks to enhance the skills of faculty so that they can effectively use and incorporate technology in their teaching.  It is also seeking to advance inter-professional education by engaging an inter-professional group of faculty on teaching with technology.

Current Status:

A group of faculty from UMB Schools have been meeting to discuss “expanding resources for education using technology.”  There are currently eight faculty meeting on a regular basis, and they are:  Louise S. Jenkins, School of Nursing, Group Leader;  Kathleen Buckley, School of Nursing; Nancy Lowitt, School of Medicine; Kathryn Collins, School of Social Work; James Craig, School of Dentistry; Karen Czapansky, School of Law; Andrew Coop, School of Pharmacy; and Oksana Mishler, School of Dentistry for the Faculty Senate.

The goal of the initiative is to build on existing resources to further support excellence in education on the UMB campus beginning with the following objectives:

• Increase faculty awareness and use of available technology on campus to effectively impact teaching and learning;
• Expand opportunities to increase faculty input into availability of technology resources and resource implementation across campus;
• Identify strategies for ongoing professional development (e.g., workshops, mentoring, conferences) of UMB faculty related to their teaching roles, particularly in the area of increasing innovative and effective use of technology in teaching and learning;
• Obtain seed money for funding of teaching innovation using technology in a competitive manner;
• Develop and hold an annual UMB Teaching with Technology day celebrating excellence and innovation.

Projected Timeline:

From the meetings held last academic year and this fall, the group has learned a great deal about what is happening within each of the UMB schools related to teaching and learning with technology, and is in the process of exploring how the aforementioned objectives can be addressed.  The group is in the process of selecting targeted activities and will begin working on them in this academic year. 

This initiative seeks to enhance the skills of faculty so that they can effectively use and incorporate technology in their teaching.  It is also seeking to advance inter-professional education by engaging an inter-professional group of faculty on teaching with technology.

Current Status:

A group of faculty from UMB Schools have been meeting to discuss “expanding resources for education using technology.”  There are currently seven faculty meeting on a regular basis (the group met four times during the past year).  The individuals who have been participating in these group meetings are: Louise S. Jenkins, School of Nursing, Group Leader;  Kathleen Buckley, School of Nursing; Nancy Lowitt, School of Medicine; Kathryn Collins, School of Social Work; James Craig, School of Dentistry; Karen Czapansky, School of Law; and Oksana Mishler, School of Dentistry for the Faculty Senate.

The goal of the initiative is to build on existing resources to further support excellence in education on the UMB campus beginning with the following objectives:

• Increase faculty awareness and use of available technology on campus to effectively impact teaching and learning;
• Expand opportunities to increase faculty input into availability of technology resources and resource implementation across campus;
• Identify strategies for ongoing professional development (e.g., workshops, mentoring, conferences) of UMB faculty related to their teaching roles, particularly in the area of increasing innovative and effective use of technology in teaching and learning;
• Obtain seed money for funding of teaching innovation using technology in a competitive manner;
• Develop and hold an annual UMB Teaching with Technology day celebrating excellence and innovation.

Projected Timeline:

From the four meetings this past academic year, the group has learned a great deal about what is happening within each of the UMB schools related to teaching and learning with technology, and is in the process of exploring how the aforementioned objectives can be addressed.  The group expects to be able to select targeted activities and begin working on them in fall 2016. 

An Advisory Committee is in the process of being formed.  Some members of this developing committee met in December to review and discuss the objectives contained in the initiative proposal.  They are very excited at the possibilities of what they, and other faculty members, might accomplish as outlined by the initiative objectives.  The full committee will meet monthly and will be discussing plans for achieving initiative objectives and moving forward with activities that will further support excellence in education on the UMB campus.”

The UMB Mission Statement includes “using state-of-the-art technological support” in educating students to become leaders.  The UMB Strategic Plan further seeks to “increase training opportunities to facilitate enhanced work performance, faculty and staff satisfaction, and workforce development.”  Enhancing the skills of faculty to use and incorporate technology in teaching is consistent with both of these principles. Our campus initiative on interprofessional education and collaboration can be advanced with opportunities to engage an interprofessional group of faculty on teaching with technology. Furthermore, it is recognized today that innovation in teaching is bound to involve the use of technology in a significant way.  Therefore, teaching with technology is the guiding principle for this proposal.

Schools on the UMB campus vary in the types of instructional technology, frequency of use, and how such technology is incorporated into education. There is a need for basic and advanced educational instruction in how to use technology in teaching, for new faculty, those desiring more in-depth learning, and faculty who wish to conduct research on education.  Since teaching is an integral role of most UMB faculty, this project has potential for campus-wide impact and a renewed valuing of the science, art, and practice of teaching in preparing students on our campus.

This project should be ongoing and should be led by the schools’ representatives on the Advisory board in collaboration with the Institute for Educators.  Identification of sources for funding of the Institute’s role in coordinating this proposal to address the increased scope and responsibilities is needed.  Appropriate strategies and budgetary allocations could be identified to begin in FY-2016 or later, as budgetary constraints permit.

The goal of this initiative is to build on existing resources to further support excellence in education on the UMB campus beginning with the following objectives:

• Increase faculty awareness and use of available technology on campus to effectively impact teaching and learning;
• Expand opportunities to increase faculty input into availability of technology resources and resource implementation across campus;
• Identify strategies for ongoing professional development (e.g., workshops, mentoring, conferences) of UMB faculty related to their teaching roles, particularly in the area of increasing innovative and effective use of technology in teaching and learning;
• Dedicate seed money for funding of teaching innovation using technology in a competitive manner; and
• Develop an annual UMB Teaching with Technology day celebrating excellence and innovation.

Criteria for success would be the extent to which the above objectives are achieved during the project.

The Institute for Educators, a UMB approved Institute at the School of Nursing, offers an existing structure focused on the preparation and ongoing development of faculty.  It is ideally positioned to facilitate achievement of the objectives of this proposed initiative. This would involve the formation of an Advisory Group made up of a representative from each UMB School, an ex-officio member from the Faculty Senate, and input from IT staff.  Appropriate changes to its organizational structure would be needed to assure the inclusion of broad expertise and adequate staffing.  Having a centralized resource for teaching with technology available to faculty allows the dissemination of best practices, fast promotion of cutting edge technologies and avoidance of duplication of efforts in different schools.

This initiative will require support and recognition campus-wide.  Appropriate planning is necessary to assure eventual incorporation into faculty development.  Annual events, such as recognition of recipients receiving awards and grants, should receive appropriate coverage and emphasis.

CITS is partnering with Administration and Finance to develop and implement Oracle’s Cloud Financials, Planning and Budgeting, and Analytics solutions. These modern cloud applications are based on best practices and will provide a platform for improving business processes and enhancing our ability to make data-driven decisions. The project consists of four iterative design, configuration, and validation phases to incrementally develop a final solution that will be rolled out to the campus in May 2019. As the Quantum project approaches the third iterative phase, the project team is actively engaging UMB schools and departments to participate validating the solution.

Quantum Project Timeline

Status

Next Steps

Quantum Financial System Project

Implementation Status

Project implementation underway. Activities include: module testing and fit-gap analysis; security review; requirements traceability Matrix tracking; Chart of Accounts validation; data conversion strategy, and conversion data mapping; technical architecture planning; reporting requirements — revalidation; integration review/design.

Change management/communication/training activities also are underway; a town hall is scheduled for Jan. 22 from 1:30 p.m. to 3 p.m. at the SMC Campus Center.

Next Steps

Continue to work the Project Plan to achieve key project deliverables, which are: replacing current PeopleSoft Financial System with Oracle “cloud” (SaaS) system; deliver new tools for enterprise analytics and reporting.

The project is currently targeted for completion in October 2018.

The contract with Oracle was completed and signed in June. The project implementation is fully underway, with project completion targeted for October 2018.

There was an extensive review of acceptable products (an RFP was developed and responses were received from two vendors). Ratings of the written responses that were submitted by the two vendors were completed in December 2016. Vendor demonstrations were held in January 2017. The Oracle SaaS financial system was selected and a recommendation for purchasing this product was made to the University System of Maryland (USM) Board of Regents. A presentation was made to the board's finance committee, which approved the recommendation and submitted it to the full board. The USM Board of Regents and the State of Maryland Board of Public Works voted to approve the purchase of the Oracle SaaS financial system. The contract was signed in June 2017. The project implementation is starting in earnest in July 2017.

A new, contemporary cloud-based financial system is being selected and implemented that will streamline financial processes, increase operational efficiency, improve application usability, enable data analytic capabilities, and enhance reporting.  It will establish a new strategic approach to financial data analysis to support and enhance decision-making via an updated financial system.

Current Status:

UMB procured consultant expertise to help with the development of a request for proposal (RFP) for a new hosted financial system.

Information was collected from individuals in schools and central departments regarding functional and technical requirements as well as business process requirements.  The information collected from members of the UMB community, and in particular, from those individuals who work with the financial system on a daily basis, was included in the completed RFP.

The RFP was officially published and made available on the UMB Procurement Services eBid Board on Friday, October 27, 2016.

Projected Timeline:

Responses to the RFP are due on December 5, 2016.  A review of RFP responses and vendor demonstrations will be held in December 2016 and January 2017, with product and implementation services selection targeted for February 2017.    

A new, contemporary cloud-based financial system is being selected and implemented that will streamline financial processes, increase operational efficiency, improve application usability, enable data analytic capabilities, and enhance reporting.  It will establish a new strategic approach to financial data analysis to support and enhance decision-making via an updated financial system.

Current Status:

At the present time, UMB has procured consultant expertise to help with the development of a request for proposal (RFP) for a new hosted financial system.

The consultants are helping collect input from individuals in schools and central departments regarding functional and technical requirements as well as with business process requirements.  The information collected from members of the UMB community, and in particular, from those individuals who work with the financial system on a daily basis, will be included in the RFP.

Projected Timeline:

We anticipate the completion and submittal of the RFP to potential vendors in October 2016.  A review of RFP responses and vendor demonstrations will be held during fall, 2016, with product and implementation services selection targeted for early calendar year 2017.    

Over the past several years, the University of Maryland, Baltimore has been gradually embracing cloud computing as a cost effective, flexible way to deliver increasing levels of computing functionality, performance and capacity to the campus community at reduced costs. The University now has over thirty services that are delivered and maintained by cloud vendors.

Today, cloud solutions have grown in number and have matured to be better options than most solutions that need to be installed and maintained on-premises.  UMB, like other institutions of higher education and private companies, is aware of this transformation and is now looking at cloud solutions as a possible first option.  The University System of Maryland is promoting the use of cloud computing in its E&E 2.0 report titled “Enhancing the Effectiveness & Efficiency of the University System of Maryland”.

We are at point in time where the costs of maintaining our existing infrastructure, combined with the increasing IT service demands from faculty, students and administrators, place us at a crossroads where we must transform our operations in order to meet University academic and operations requirements.  

UMB’s Oracle/PeopleSoft Financial application has been in production since March 2006.  While the system has served the campus well for over ten years, the version of the application has become outdated and vendor support for the security of the application is expected to end in the first quarter of calendar year 2018.  In addition, the application was built using early web-based technologies and these technologies don’t offer modern user interfaces and have limited compatibility with contemporary mobile/tablet based platforms and other integrated services.  The University needs to move forward to gather system requirements for the replacement of the current financial system. 

At the present time, UMB is in the process of acquiring consultant assistance and expertise to help with the development of a request for proposal (RFP) for a new cloud financial system.  We anticipate having the consultant on-board by mid to late May, 2016 to help with developing functional and technical requirements as well as with business process requirements that will be included in the RFP.  We anticipate the completion and submittal of the RFP to potential vendors by July/August, 2016.  At the same time, a RFP for implementation services will be sent to consultant vendors with expertise in implementing a cloud financial solution. 

A review of RFP responses and vendor demonstrations will be held during late summer/fall, 2016, with product and implementation services selection targeted for October/ November, 2016. 

A formal organizational change management process will also be undertaken to ensure that the organization is ready, willing and able to adopt new processes and tools.  This requires an organized messaging process which includes a great deal of communication at all levels of the campus community focusing on best practices rather than customized ones. Active communication with business leaders across the institution, and partnering with them to discuss new processes, will make them receptive to the new features that a cloud financial system provides. Financial services personnel in central offices, schools and departments need to understand what is changing, why it is changing, the expected benefits and express support for the change.  Institutions that have selected cloud financial solutions are making a significant change in mindset away from the mentality of customized software.  A focused and effective change management process will result in positive collaboration with end-users and it will make sure that the University gets what it needs from a new financial system.

The first phase of the project also includes developing the project team, defining roles and responsibilities of project team members, review of project objectives, and defining criteria for success.  A scoping analysis will determine and define what activities are expected to be performed as part of this project. At the conclusion of this first phase and before beginning implementation, a project plan including the project scope, required project resources, and timeline with milestones for completion will be developed and communicated.    

Activities completed, underway and planned for the first phase of this initiative:

Meetings have been held with UMB personnel and Oracle Corp. representatives to discuss a process for collecting information regarding the current state of the financial system and finding opportunities for improvement with a new system.  On December 15 and 16, 2015, a team of Oracle representatives and Ciber Corp. consultants will be visiting UMB to have discussions and discovery sessions for the purpose of gaining an understanding of goals and current processes as well as documenting any current pain points, challenges and needs. 

The day long sessions on December 15 will be with central department functional staff, key school financial management personnel, and central IT staff.  The sessions will be question and answer discussions regarding the components of the existing system (grants management; accounts payable; fixed assets; core accounting; budget; procurement; and financial reporting), current processes in place, and challenges/workarounds.  On December 16, there will be an executive interview session with the senior vice president and a session with IT staff only to discuss technical dependencies and integration requirements.  The question and answer discussions with technical staff will include the topics of upgrading and patching the system, security and access management, customizations to meet integration requirements, production and development environments, etc.

The expectations and anticipated outcomes from these sessions include a findings report that will include:  an executive summary; background information of current best practices; an analysis of the information and data collected; a possible future state; and high level costs and benefits of a future state.

The next steps for this financial system initiative include: conducting these discovery sessions; reviewing and discussing the outcome report and recommendations; and sharing and discussing any information and data collected that were not included in the consultant report.

Once this “insight” discovery program is completed, the first phase of the project will continue with a business requirements review and development of use case scenarios so that we can begin evaluating financial system solutions that would best align with UMB business needs. An investigation of available financial system products will be undertaken to determine best fit with university business needs and project objectives, cost of products, and the ability of products to integrate into the UMB functional and technical environment.

Theme seven of the UMB Strategic Plan is to “create an enduring and responsible financial model for the university” and goal number two of this theme is to “develop an infrastructure to enable the university to operate efficiently and seamlessly.”  This proposal is to upgrade the financial tracking and reporting system and to establish a new strategic approach to financial data analysis that supports and enhances decision-making.  Upgrading the financial system and supporting technologies to a modern solution will allow UMB to streamline financial processes to increase operational efficiency, offer a modern user interface that improves application usability, and provide enhanced reporting. 

The introduction of a contemporary reporting solution, as part of the financial system upgrade project, will allow managers and executives to review strategic financial highlights and trends as well as investigate the details for a comprehensive understanding of financial performance. Data analytics are embedded in contemporary financial systems, allowing for financial information to be presented via queries, reports, dashboards, charts and graphs to aid daily decision making.

Project planning, administration and scoping analysis is targeted to begin in FY 2016. The first phase includes developing the project team, defining roles and responsibilities of project team members, review of project objectives, and defining criteria for success.  An investigation of available financial system products will be undertaken to determine best fit with university business needs and project objectives, cost of products, and the ability of products to integrate into the UMB functional and technical environment.  The scoping analysis will determine and define what activities are expected to be performed as part of this project. At the conclusion of this phase, a project plan including the project scope, required project resources, and timeline with milestones for completion will be developed and presented for approval.    

The first phase will also include developing the project team, defining roles and responsibilities of project team members, review of project objectives, and defining criteria for success.  A scoping analysis will determine and define what activities are expected to be performed as part of this project. At the conclusion of this first phase, a project plan including the project scope, required project resources, and timeline with milestones for completion will be developed and presented for approval.   

The second phase, the project preparation phase will include the preparation of the technology infrastructure, acquiring access to the software, a review of business processes, evaluation of customizations and configurations, and functional and technical staff training. 

The third phase of the project is implementation. This phase includes: design and configuration of the software; data conversion – if a new software product is implemented; development of the reporting solution; testing; campus communications; end user training; and, moving the system into production. 

With university commitment to the project and with the proper allocation of resources, it is anticipated that the project could be completed in FY 2017. 

The objectives of the financial system upgrade initiative are to:

• Provide access to new functionality in a financial software application that can help keep UMB well-positioned to meet university business objectives;
• Allow UMB to receive the highest levels of vendor product support for the application and the underlying technology tools supporting the application. 
• Improve services through changed business processes and contemporary technology;
• Provide an improved user interface to financial and grants information; and

The objectives for enhanced financial reporting, as part of the upgrade, are to:

• Provide for on-line queries, and summary or detailed data analyses;
• Allow for financial reports to be generated anytime, anywhere and on any device;
• Allow for self-service reports to be prepared in multiple formats; 
• Provide visualization tools that provide graphical representation of financial data;
• Provide visibility into spending at any budget level or time interval; and
• Improve insight for decision-making with dashboards that deliver financial information.

Critical project success factors include:

• Application functionality that meets critical university business needs;
• Business and workflow processes which increase operational efficiency;
• Interfaces with relevant internal and external systems that work successfully; and
• A system that provides embedded analytics and enhanced reporting capabilities.

Critical project implementation requirements include:

• Active executive sponsorship with a "published scope” for the project;
• A defined project structure;
• Adequate resources to achieve the project goals and objectives;
• Prioritization of desired functionality and reporting needs;
• An empowered, cohesive, and motivated project team focused on success and strong project management principles;
• Concrete and measurable critical success factors at the project level and for each module;
• Clear and frequent communications (to internal customers, university departments);
• End user and business process owner involvement (software configuration, business process decisions, testing, training); and
• Testing and review by process owners before putting the system into production.

The Information Security Collaborative (ISC) includes participation from IT leaders, information security professionals, and other IT professionals from CITS, all UMB schools, FPI, and UMMS. There is consensus among the individuals participating in the Collaborative that an enterprise-wide approach to information security is absolutely necessary. It is important that an Information Security Program that adheres to federal, state, USM, and other mandatory security rules, requirements, and guidelines to protect the confidentiality, integrity, and availability of data.

During FY 2018, the participants of the ISC shared operational policies, practices, and procedures that resulted in effective information security and the protection of information assets, protected health information, and patient and employee personal information. The ISC working group (which comprises about 40 individuals and is chaired by the UMB Information Security Officer and information security officers from the SOM/FPI and UMMS) coordinated activities that responded to information security vulnerabilities that cross operational intersections.

The FY 2018 Information Security Collaborative report identified key actions taken during the year, which were to assess the security of public facing systems and address any found vulnerability with these systems. The actions included:

• Undertaking a multi-layered security assessments that utilized both third-party scans and scans conducted by the CITS Office of Security & Compliance.
  • A third-party assessment included UMB’s participation in the Dorkbot Project, which is administered at the University of Texas. This project launched continuous scans during the year from outside of UMB to public-facing web servers at UMB. The scans searched for vulnerabilities in web logic code that could introduce a security vulnerability(s).
  • Another third-party assessment included using the ShadowServer resource. The ShadowServer scan is another scan from outside UMB to public facing systems at UMB, and it provided feedback when a public-facing system had a weak SSL cipher configuration that could be vulnerable to viruses and malware. The ShadowServer service assisted in identifying and mitigating the SSL Poodle vulnerability. 
  • Internal UMB scans also were performed by the CITS Office of Security and Compliance. Scans of all UMB public-facing systems were run regularly to assess and test SSL configurations, and any system with a weak configuration was identified and addressed.  

In addition to undertaking multi-layered security assessments, ongoing everyday IT security work was undertaken this past year, and it cannot be overlooked and overstated. For example, the intrusion prevention system is monitored closely because there are over 20 million daily attempts to get unauthorized access to the UMB network and to machines connected to the network. The campus system for email delivery, anti-spam, and anti-virus also is monitored continuously since about 80 percent of all incoming email is identified as some type of security threat and must be blocked. Collaborating and sharing IT security information and potential threats across the enterprise is what makes the ISC so successful and strong. 

Status

Next Steps

Deliver security awareness training software/content to UMB community

Implementation Status

UMB is complying with federal and state requirements for systems and data security, implementing technology, policies and practices to comply with the USM IT Security Standards; and following NIST IT security recommended best practices. IT leaders across UMB are working together to strengthen the IT security program by implementing measures to strengthen the security of personally identifiable information; introducing multi-factor authentication; and complying with the payment card industry standards that are required for processing credit card transactions. 

Next Steps

Security awareness and training programs are being developed and will be provided to the UMB community.

UMB only had two IT recommendations in the final audit report prepared by the Office of Legislative Audits. We have complied with the findings by implementing the recommended technology, and we have been phasing in new technology as it becomes available from vendors to address issues and strengthen network security. Major progress has been made in implementing new processes and technologies across the University to comply with the USM IT Security Standards, version 4.0. Additional measures are being implemented to strengthen the security of personally identifiable information (PII). A plan has been developed and is in the process of being implemented to enhance security by introducing multi-factor authentication (MFA). MFA will be initially deployed for the HR and Financial applications and for off-campus access to Microsoft Office 365. In addition, a critically important plan for complying with the payment card industry (PCI) standards and requirements has been developed and is being implemented.  Compliance with PCI standards is required for processing credit card transactions at UMB.

Significant progress has been made in achieving compliance with the USM IT Security Standards and completing the recommendations made by the Office of Legislative Audits, USM, and SB & Company auditors. Policies, procedures, and/or new technologies have been implemented to address any gap between current operations and the new requirements. Additional measures are being implemented to strengthen the security of personally identifiable information (PII). The Information Security Collaborative Working Group has been meeting monthly to share information and tighten security controls, where necessary. Improvements in security since the initiation of the IT Security Collaborative have been measurable. The number of vulnerabilities found in systems has significantly declined. Great work is occurring with monthly scanning and patching of systems. The latest cyber threat called WannaCry was a nonissue for UMB. An extra layer of security at the cross-section between the internet and the campus network is helping block attacks and preventing threats from affecting the University.

Information Security is most effective when it is an integral part of the enterprise culture, IT architecture and support services, and academic and business processes.  In an effort to strengthen the IT security program, IT leaders in CITS, UMB Schools, and across the UM Medicine IT Network have established an information security collaborative which focuses on enterprise planning and the strategic use of IT security technologies and resources. The Security Collaborative ensures the effective application of appropriate technologies and staff resources to meet the demands of the security program, as well as the effective use of shared information to strategically plan and respond to IT security threats.  Each entity is acquiring and implementing IT security technologies and working together to assess, identify, and address security risks and vulnerabilities, which is a fundamental requirement for the Collaborative and for the information security program to be successful.

Achievements and Current Status:

Significant progress was made in achieving compliance with version 3.0 of the USM IT Security Standards that were approved by the Board of Regents.  In fiscal year 2016, policies, procedures, and/or technologies were implemented to address any gaps between current operations and the new requirements.

A six-month long Office of Legislative IT Audit was performed this past year.  The outcome was a very good audit, with the OLA Discussion Notes and Final Report indicating only low risk and minor IT security items to be addressed.  There are no repeat items from the last Office of Legislative IT Audit.

There were three additional IT audits performed this past year by the USM internal auditors and the SB & Co. auditors.  These three IT audits also resulted in excellent audit reports.  

In addition, the Information Security Collaborative Working Group has been meeting on a regular basis to share information and to tighten security controls, where necessary.  Improvements in security since the initiation of the IT Security Collaborative have been measurable. 

• In order to comply with an audit requirement and to ensure that sensitive data are rendered unrecoverable, a policy for the disposal of media containing data was created and approved.
• A product called IdentityFinder was implemented, which locates sensitive data that are stored on school and department IT equipment, e.g., computers and servers.
• Scans of publicly available systems and servers are being performed on a regular basis to make sure that systems and servers are in compliance with IT security requirements. 
• A uniform vulnerability identification and remediation plan has been created and is being used by entities in the Collaborative.

This past year also included a very successful day long Cybersecurity Symposium that helped raise information security awareness.  A cyber security awareness campaign and mandatory training is being offered to individuals in UMB schools and departments and in FPI.

Projected Timeline:

Assessing, identifying and addressing security risks or vulnerabilities as well as working on planned initiative activities will continue in FY 2017.  Compliance with the developing version 4.0 of the USM IT Security Standards as well as new State, Federal and NIST information security standards will be achieved in FY 2017.  Sharing of risk assessment information across the Collaborative and undertaking cyber security work that protects UMB data hosted by Collaborative entities will continue to be a daily activity. 

Information Security is most effective when it is an integral part of the enterprise culture, IT architecture and support services, and academic and business processes.  In an effort to strengthen the IT security program, IT leaders in CITS, UMB Schools, and across the UM Medicine IT Network have established an information security collaborative which focuses on enterprise planning and the strategic use of IT security technologies and resources. The Security Collaborative ensures the effective application of appropriate technologies and staff resources to meet the demands of the security program, as well as the effective use of shared information to strategically plan and respond to IT security threats.  Each entity is acquiring and implementing IT security technologies and working together to assess, identify, and address security risks and vulnerabilities, which is a fundamental requirement for the Collaborative and for the information security program to be successful.

Achievements and Current Status:

Significant progress was made in achieving compliance with version 3.0 of the USM IT Security Standards that were approved by the Board of Regents.  In fiscal year 2016, policies, procedures, and/or technologies were implemented to address any gaps between current operations and the new requirements.

A six-month long Office of Legislative IT Audit was performed this past year.  The outcome was a very good audit, with the OLA Discussion Notes and Final Report indicating only low risk and minor IT security items to be addressed.  There are no repeat items from the last Office of Legislative IT Audit.

There were three additional IT audits performed this past year by the USM internal auditors and the SB & Co. auditors.  These three IT audits also resulted in excellent audit reports.  

In addition, the Information Security Collaborative Working Group has been meeting on a regular basis to share information and to tighten security controls, where necessary.  Improvements in security since the initiation of the IT Security Collaborative have been measurable.

This past year also included a very successful day long Cybersecurity Symposium that helped raise information security awareness.

Projected Timeline:

Assessing, identifying and addressing security risks or vulnerabilities as well as working on the other currently planned initiative activities will continue in FY 2017.  Compliance with the developing version 4.0 of the USM IT Security Standards as well as new State, Federal and NIST information security standards will be achieved in FY 2017.  Cyber security work that protects UMB data will continue to be a daily activity. 

On April 8, 2016, a very successful Cyber Security Symposium was held in the SMC Campus Center.  Approximately 150 individuals were in attendance and they represented schools and departments in UMB, UMMS, and FPI; the USM System office; other USM colleges and universities; institutions and hospitals in the region; and even the Office of the President of the United States.  It was a full day of excellent keynote speakers, panel sessions, and presenters that provided many perspectives and a great deal of information regarding the challenges of operating online, and at the same time, being mindful of online predators and cyber security best practices.  It was a great way of continuing our efforts with cyber security education and awareness.

While it wasn’t a cyber event, the individuals and organizations who participate in the Collaborative responded quickly and collaboratively to address the crisis with the fire in FPI’s Professional Building.  Under the leadership of Chuck Henck, a team of individuals that serve on the Information Security Working Group and beyond, immediately began addressing a very difficult and complex situation. Within just a few days, almost all IT services were operational again.  

The Information Security Collaborative Working Group has been discussing and working on the following items:

CITS has increased the number of licenses for both the NESSUS Security Center as well as for IdentityFinder.  These additional licenses have allowed for additional scanning coverage, which will reach all areas of UMB.  The areas that could not afford to purchase scanning hardware and software can now scan for network vulnerabilities and search for unprotected personal identifiable information.

UMB has joined the Multistate – Information Sharing and Analysis Center (MS-ISAC).  The MS-ISAC provides real-time network monitoring, threat analysis, and early warning notifications through their 24x7 cybersecurity operations center. They continually develop and distribute strategic, tactical and operational intelligenceto provide timely, actionable information to their members. 

The members of the Working Group quickly addressed an announced vulnerability.  The DROWN vulnerability that was propagating on the Internet was mitigated for all vulnerable systems at UMB within two days of the announcement. 

A coordinated effort between UMMS, FPI, SOM and CITS was undertaken to scan all printers.  A “hacktivist” sent racially motivated pictures to printers that were open to the world which affected hundreds of universities.  There was only one printer found on campus that was vulnerable and it was not susceptible to the attack, but as a safeguard, firewall rules were modified to protect the printer from the Internet. 

Security assessments have been initiated in the School of Law and in the School of Dentistry, with other school and department assessments being planned.  The assessments will help schools and departments in their efforts to apply security best practices and comply with the USM Security Standards. 

Lastly, UMB recently received the Office of Legislative Audit IT discussion note findings, and we were very pleased to have received notes for items that are low risk and which are minor IT security items.  There are no repeat items from the last Office of Legislative Audit. 

The Information Security Collaborative Working Group (ISCG), which has representation from all entities in the UMB and the UM Medicine IT Network, have been meeting monthly to discuss critical information security activities.  The group is using a formal, collaborative and practical approach to implementing information security best practices and technologies, and aligning information security priorities and strategies across the enterprise. 

The ISCG has recently discussed and addressed the following important information security items:

• Hard Drive Disposal – keeping documentation for the disposal of hard drives when systems are retired; documentation requires the hard drive serial number to be matched up with the system that was retired.
• System Inventory – keeping an inventory of systems connected to the network in each school and department.   
• Vulnerability Scans – conducting vulnerability scans of all school and department systems that are connected to the network; checking for any vulnerability and for any unwanted device that is connected to the network.
• IdentityFinder – using this product to locate sensitive data on computers and servers; expanding the reach of this system to include users in schools and departments who are authorized to access SSN’s in the student system. 
• User Access Control – limiting user access control and removing administrative rights on workstations, unless an exception request is made.
• PII – having IT security administrators in schools and departments help determine where PII might be located within individual schools and departments.
• Malware – sharing issues with malware and communicating with members of the ISCG and other IT Leaders so that everyone is aware of malware issues, activity and removal.

The State of Maryland Legislative information security (IS) audit is still underway and should be completed by the end of January, 2016.  There are daily requests for information made by the fiscal, general IT and network auditors.  CITS staff are fully engaged and meet with the Legislative IS auditors almost daily to review requests for information and provide clarification on any item.  To-date, the auditors have not mentioned any significant IT audit finding.

The Information Security Collaborative Working Group, which has representation from all entities in the UMB and the UM Medicine IT Network, recently completed an Information Security Matrix that documents the security tools and technologies used by each entity.  Follow-up meetings have been scheduled with the representative(s) from each entity to discuss gaps in the implementation and use of security tools as well as to discuss information security best practices. 

The information security working group is completing critical information security work at an enterprise-wide level.  They are using a formal, collaborative and practical approach to implementing information security best practices and technologies, and aligning information security priorities and strategies across the enterprise.  

The UMB policy regarding cloud computing for confidential or regulated data was finalized by the Policy Oversight Workgroup and signed by President Perman.  This policy received input from a large number of individuals, including from members of the information security collaborative.  It was also reviewed by the Deans and Vice Presidents.

Information security related activities have focused on securing personally identifiable information (PII).  The enhanced security of PII included changing business processes, limiting access to authorized individuals, and masking and encrypting data being stored in enterprise systems.

Sensitive data stored in central file servers have also been encrypted.  A product called IdentityFinder has been implemented which helps in locating any PII on computers.  If any sensitive data are found on computers, they are moved to a secure encrypted file server to protect the data from unauthorized access and use. 

All systems in CITS and Central Offices are being scanned monthly for vulnerabilities.  Systems identified with any security vulnerability are prioritized and mitigated.

Changes to the network infrastructure have been completed in accordance with the USM IT Security Standards.  Critical systems have been placed in secure network “vlans” and direct access to these critical servers must be via a VPN connection and multi-factor authentication. 

Other audit related activities have included the review of previous findings and a gap analysis of the USM IT Security Standards.  Policies have been reviewed, created and updated, as necessary.  User access control reviews have been completed for the financial and student systems in accordance with Office of Legislative Audit requirements.

Information Security is most effective when it is an integral part of the enterprise culture, IT architecture and support services, and academic and business processes.  As IT security permeates every Strategic Plan goal and tactic, this initiative supports every Theme identified in the UMB Strategic Plan.  In an effort to strengthen the IT security program, IT leaders in CITS, UMB Schools, and the UM Medicine IT Network have established an information security collaborative which focuses on enterprise planning and the strategic use of IT security technologies and resources. The Security Collaborative ensures the effective application of appropriate technologies and staff resources to meet the demands of the security program, as well as the effective use of shared information to strategically plan and respond to IT security threats.  Each entity is acquiring and implementing IT security technologies and working together to assess, identify, and address security risks and vulnerabilities, which is a fundamental requirement for the Collaborative and for the information security program to be successful. 

This structure and enterprise collaboration is critical since the cyber security environment has rapidly evolved with a significant increase in pervasive threats.

• There are now over fifteen million attempts made every day to get unauthorized access to the UMB network, systems and computers. 
• Millions of email messages sent every week to UMB email addresses are SPAM.
• Phishing attempts have increased, are sophisticated, and look authentic.  These social engineering attacks can capture sensitive data such as PII and PHI.
• The largest numbers of security breaches in higher education are from malware and spyware that infect vulnerable computers and mobile devices. 
• The numbers of ransomware threats have significantly increased.  This type of malware infects computers, encrypts files on hard drives, and locks machines so that they can’t be used.
• According to Symantec Corporation’s 2014 Internet Security Threat Report, the number of targeted attacks on an institution’s IT security grew by 42% in the past year. 
• The Ponemon Institute Data Breach Study reported that as of June 2014, cybercrime losses have exceeded 400 billion dollars, and in August 2014, the FBI notified healthcare organizations that they are being specifically targeted.
• Advanced, persistent cyber security threats will continue to target UMB.

In addition to cyber security threats, there are security compliance regulations and standards that the Campus must follow, including the Board of Regents approved USM IT Security Standards, version 3.0; the State of Maryland Department of Information Technology (DoIT) Information Security policy, version 3.1; the National Institute of Standards and Technology (NIST) information security related standards and guidelines; the Health Insurance Portability and Accountability Act (HIPAA) regulations; and the Federal Information Security Management Act (FISMA) regulations.

Significant progress has been made with enterprise planning, using a strategic approach to acquiring and implementing IT security technologies, effectively applying IT staff resources, using information from analyses and reports to strategically respond to IT security threats, and achieving compliance with version 3.0 of the USM IT Security Standards that was released in June 2014, as well as with the other regulations referenced above.  In fiscal year 2015, new policies and procedures have been created and new technologies have been implemented to strengthen the IT security program and address gaps between current operations and any new IT security requirements. 

Assessing, identifying program priorities and addressing security risks or vulnerabilities are ongoing activities of FY2017.   Cyber security work that protects UMB data will continue to be a daily activity. 

The Affiliated Information Security Collaborative initiative was created, approved by executive leadership, and initiated in spring 2014.  An Information Security Working Group, comprised of individuals from each entity, has been meeting on a regular basis to review the security posture of each organization, share program priorities and evaluate the combined IT systems and infrastructure which represent the affiliated enterprise.  The objectives of the initiative are to:

• Collaboratively assess, identify, and address information security risks and vulnerabilities;
• Define common areas of risk as they relate to information security at appropriate operational intersections;
• Collaboratively plan, implement and share information relating to security strategies, processes and practices that adhere to local, state, and federal regulatory rules and requirements in order to avoid duplication of effort;
• Share technology platforms and information security knowledge among technology professionals in order to broaden knowledge and expertise;
• Continue improving and strengthening information security policies, practices, and solutions;
• Proactively scan networks, servers and computers for social security numbers and other sensitive data, review processes and procedures, and remediate any discovered issue; and
• Promote cyber security awareness and educate the University community regarding best practices for protecting personal information and University data.  Individuals need to understand cyber security risks and their responsibility to protect digital assets and systems essential to each organization.    

The two key success indicators for this initiative are: 1) taking an enterprise approach to information security, which means active participation, resource commitment and prioritization by each entity represented in the security collaborative; and, 2) make IT security a priority and not just an activity that individuals work on as time permits or in response to a security event. 

The growing number of cyber threats and pressures of complying with new information security standards and requirements have meant a greater amount of staff time devoted to cyber security work.  The pervasive nature of cyber threats and compliance requirements impact virtually all IT staff and their work across the technology spectrum of networks, servers, software, databases, computers, mobile devices and other technologies.

The Information Security Collaborative Working Group, which has representation from all entities in the UMB and the UM Medicine IT Network, recently completed an Information Security Matrix that documents the security tools and technologies used by each entity.  Follow-up meetings have been scheduled with the representative(s) from each entity to discuss gaps in the implementation and use of security tools as well as to discuss information security best practices. 

The information security working group is completing critical information security work at an enterprise-wide level.  They are using a formal, collaborative and practical approach to implementing information security best practices and technologies, and aligning information security priorities and strategies across the enterprise.  

The UMB policy regarding cloud computing for confidential or regulated data was finalized by the Policy Oversight Workgroup and signed by President Perman.  This policy received input from a large number of individuals, including from members of the information security collaborative.  It was also reviewed by the Deans and Vice Presidents.

Information security related activities have focused on securing personally identifiable information (PII).  The enhanced security of PII included changing business processes, limiting access to authorized individuals, and masking and encrypting data being stored in enterprise systems.

Sensitive data stored in central file servers have also been encrypted.  A product called IdentityFinder has been implemented which helps in locating any PII on computers.  If any sensitive data are found on computers, they are moved to a secure encrypted file server to protect the data from unauthorized access and use. 

All systems in CITS and Central Offices are being scanned monthly for vulnerabilities.  Systems identified with any security vulnerability are prioritized and mitigated.

Changes to the network infrastructure have been completed in accordance with the USM IT Security Standards.  Critical systems have been placed in secure network “vlans” and direct access to these critical servers must be via a VPN connection and multi-factor authentication. 

Other audit related activities have included the review of previous findings and a gap analysis of the USM IT Security Standards.  Policies have been reviewed, created and updated, as necessary.  User access control reviews have been completed for the financial and student systems in accordance with Office of Legislative Audit requirements.

A major IT accomplishment has occurred with the implementation and use of a common ID across the University. This was THE key IT request in the first UMB Strategic Plan. Today, there are 7,365 faculty, staff, and affiliates, and 5,630 students that are using a common ID, such that their UserIDs and Passwords are linked and automatically synchronizing across UMB. This means that only one UserID/Password is needed for faculty, staff, and students to get access to UMID applications, email, and computer workstations. 

Status

Next Steps

Implementation Status

A common University ID for accessing systems is being used by all central departments as well as by the HS/HSL, SSW, SOP, SOD, SOL, and SON.

Next Steps

Project will be completed by early calendar year 2018, which will allow individuals the ability to use a common ID and password to gain authorized access to systems and applications hosted by CITS, SOM, or any other UMB school or department.

A common University ID for accessing systems is being used by all central departments as well as the School of Social Work, School of Pharmacy, School of Dentistry, School of Law, and School of Nursing. The identity management project with the School of Medicine will be completed by the end of calendar year 2017 that will allow individuals the ability to use a common ID to access applications hosted by each respective entity.     

The implementation of the UMID for Workstation/Email Access project for campus users has been completed for all central departments as well as for the School of Social Work, School of Pharmacy, School of Dentistry, and School of Law. The UMID for Workstation/Email Access for the School of Nursing will be completed by summer 2017 and the federated identity management project with the School of Medicine will be completed by the end of calendar year 2017. Federated identity management will give individuals the ability to use a common ID, the UMID and an ID issued by the University of Maryland medicine IT network (SOM and FPI) to access applications hosted by each respective entity.

Federated identity management will allow individuals the ability to use either the UMID or an ID issued by the entities in the UM Medicine IT network (SOM, FPI, UMMS) to access systems.

Current Status:

A federated architecture has been designed so that the identities that exist in each of the major directories can access applications and resources within any of the respective organizations.  The design allows an individual to use their UMID or UM Medicine IT network credentials to access applications and resources across UMB, whether inside or outside of their local computing environments.

Projected Timelines:

The implementation of the “UMID for Workstation/Email Access” project for campus users, the directory/email system consolidation projects within the SOM, and the connection of the campus directory to the SOM directory will be completed by spring 2017.  The FPI directory federation evaluation phase and planning discussions with the UMMS will begin in early calendar year 2017.

Federated identity management will allow individuals the ability to use either the UMID or an ID issued by the entities in the UM Medicine IT network to access systems.

Current Status:

A federated architecture has been designed so that the identities that exist in each of the major directories at UMB (Campus, SOM, and FPI) can access applications and resources within any of the respective member organizations.  The design allows a customer to use their UMID or local directory credentials to access applications and resources across UMB, whether inside or outside of their local computing environments.

Projected Timelines:

The implementation of the “UMID for Workstation/Email Access” project for campus users, the directory/email system consolidation projects within the SOM, and the connection of the campus directory to the SOM directory will be completed by spring 2017.  The FPI directory federation evaluation phase and planning discussions with the UMMS will begin in early calendar year 2017.

The planning phase of this project, i.e., to design a federated management approach for authenticating to UMB information systems is complete.  Through the combined efforts of UMB, SOM, and FPI, the technical architecture has been designed and agreed upon.  The result is a versatile and flexible framework that will ultimately allow users from any of the respective organizations to access applications and resources in the private UMB Cloud using a common set of credentials. 

There are two key projects underway that are part of this project’s implementation.  These projects are the “UMID for Workstation/Email Access” project for campus users and the directory/email system consolidation projects within the SOM.  The diagram on the next page shows the architecture of this project, and the connection between the Campus Identity Management System, the UMB Active Directory Forest, and the formation of the comprehensive SOM Active Directory Forest, respectively.

Deliverables

-        Universal Password and Shared, interchangeable Usernames

• Multiple usernames can be used – Campus (UMID) or UM Medicine IT Network IDs can be used to access any application in the federated environment.
• Bi-directional password sync’ing between connected accounts

-        Account Provisioning/Decommissioning between systems

-        Data exchange (demographic, email).

Architecture

A federated architecture has been designed so that the identities that exist in each of the major directories at UMB (Campus, SOM, FPI, and UMMS) can access applications and resources within any of the respective member organizations.  This federated identity management environment will be similar to many of the commercial cloud offerings, such as Microsoft’s Office 365.  The member organization directory will serve as the source of identity into this shared environment.  Further, the design allows a user to use their UMID or local directory credentials in the UM Medicine IT Network to access applications and resources across UMB, whether inside or outside of their local computing environments.

Timeline

-        Summer 2015

• Planning and Architecture Design – [COMPLETED]

-        Fall 2015 – Spring 2016

• Deploy architecture foundation– [COMPLETED]
• Connect UMB Directory (UMID for Workstation/Email Access Project)– [IN PROGRESS]
  • Central Administration rollout has started and anticipated completion in Summer 2016
• Connect SOM Directory
  • Consolidate Directory/Email Systems within SOM – [IN PROGRESS]

-        Summer 2016 – Fall 2016

• Connect UMB Directory (UMID for Workstation/Email Access Project)
  • Schools’ rollout
• Connect SOM Directory
  • Engage consultants to assist with and expedite the work getting completed
  • Establish Service Level Agreement

-        Fall 2016

• FPI directory federation phase begins

The planning phase of this project, i.e., to design a federated management approach for authenticating to UMB information systems is nearing completion.  Through the combined efforts of UMB, SOM, and FPI, the technical architecture has been designed and agreed upon.  The result is a versatile and flexible framework that will ultimately allow users from any of the respective organizations to access applications and resources in the private UMB Cloud using a common set of credentials.

Deliverables

-          Universal Password and Shared, interchangeable Usernames

• Multiple usernames can be used – Campus (UMID) or UM Medicine IT Network IDs can be used to access any application in the federated environment.
• Bi-directional password sync’ing between connected accounts

-          Account Provisioning/Decommissioning between systems

-          Data exchange (demographic, email).

Architecture

A federated architecture has been designed so that the identities that exist in each of the major directories at UMB (Campus, SOM, FPI, and UMMS) can access applications and resources within any of the respective member organizations.  This federated identity management environment will be similar to many of the commercial cloud offerings, such as Microsoft’s Office 365.  The member organization directory will serve as the source of identity into this shared environment.  Further, the design allows a user to use their UMID or local directory credentials in the UM Medicine IT Network to access applications and resources across UMB, whether inside or outside of their local computing environments.

Timeline

-          Summer 2015

• Planning and Architecture Design – [COMPLETED]

-          Fall 2015 – Spring 2016

• Deploy architecture foundation
  • Anticipated completion by the end of calendar year 2015.
• Connect UMB Directory
  • Pilots underway
  • Central Administration rollout planned to start by end of January 2016

-          Spring – Summer 2016

• Connect SOM Directory
  • Begin Pilot
  • Engage consultants to assist with and expedite the work getting completed
  • Establish Service Level Agreement

-          Fall 2016

• FPI directory federation phase begins

The planning phase of this project, i.e., to design a federated management approach for authenticating to UMB information systems is well underway.  The development of the architecture is a current work in progress and it is being designed through the collaborative efforts of individuals in CITS, SOM, and FPI.  The result will be a versatile and flexible framework that will ultimately allow users across UMB and the UM Medicine Network to access applications and resources using a common set of credentials.

Deliverables

• Universal Password and Shared, interchangeable Usernames

• Multiple usernames can be used – Campus (UMID) or UM Medicine Network IDs can be used to access any application in the federated environment.
• Bi-directional password sync’ing between connected accounts.

• Account Provisioning/Decommissioning between systems.
• Data exchange (demographic, email).

Architecture

A federated architecture is being designed so that the identities that exist in each of the major directories at UMB (Campus, SOM, FPI, and UMMS) can access applications and resources within any of the respective member organizations.  This federated identity management environment will be similar to many of the commercial cloud offerings, such as Microsoft’s Office 365.  The member organization directory will serve as the source of identity into this shared environment.  Further, the design will allow a user to use their UMID or directory credentials in the UM Medicine IT Network to access applications and resources across UMB, whether inside or outside of their local computing environments.

Timeline

• Summer 2015
  • Planning and Architecture Design
• Fall 2015 – Spring 2016
  • Deploy architecture foundation
  • Connect UMB Directory
• Spring – Summer 2016
  • Connect SOM Directory
• Fall 2016
  • Connect FPI Directory
• TBD
  • Connect UMMS Directory

There are numerous information systems used across UMB; many require a unique login ID and password. This situation results in difficulty accessing applications and systems as a result of:

• Many IDs and passwords to remember;
• Confusion as to which IDs and passwords are associated with which systems:
• Insecure ways of storing the passwords;
• Password reset schedules that are out of synch across systems or entities; and
• Frustration with password management applications that enforce a policy that prevents the reuse of previously used, but forgotten, passwords.

The planning phase of this project, i.e., to design a federated management approach for authenticating to UMB information systems is well underway.  The development of the architecture is a current work in progress and it is being designed through the collaborative efforts of individuals in CITS, SOM, and FPI.  The result will be a versatile and flexible framework that will ultimately allow users across UMB and the UM Medicine Network to access applications and resources using a common set of credentials.

Deliverables

• Universal Password and Shared, interchangeable Usernames
  • Multiple usernames can be used – Campus (UMID) or UM Medicine Network IDs can be used to access any application in the federated environment.
  • Bi-directional password sync’ing between connected accounts.
• Account Provisioning/Decommissioning between systems.
• Data exchange (demographic, email).

Architecture

A federated architecture is being designed so that the identities that exist in each of the major directories at UMB (Campus, SOM, FPI, and UMMS) can access applications and resources within any of the respective member organizations.  This federated identity management environment will be similar to many of the commercial cloud offerings, such as Microsoft’s Office 365.  The member organization directory will serve as the source of identity into this shared environment.  Further, the design will allow a user to use their UMID or directory credentials in the UM Medicine IT Network to access applications and resources across UMB, whether inside or outside of their local computing environments.

The federation of existing computer systems and resources began in FY 2014 and is anticipated to continue through FY 2016.  Efforts to integrate systems into this federated model will continue and apply to new systems which are developed or purchased. 

Summer 2015

• Planning and Architecture Design

Fall 2015 – Spring 2016

• Deploy architecture foundation
• Connect UMB Directory

Spring – Summer 2016

• Connect SOM Directory

Fall 2016

• Connect FPI Directory

TBD

• Connect UMMS Directory

A UMB federated identity management environment will allow individuals to use the UMID or an ID issued by the UM Medicine IT network to access systems and resources.  Significant progress has already been made to date:

• A cross-organizational team from entities across the affiliated enterprise has been developing implementation plans and strategies regarding a federated identity management solution.
• Almost all enterprise applications and systems managed by CITS have been configured to use the UMID, and many school and department applications and systems also use the UMID for authentication.  CITS has also reconfigured nearly 100 Web applications to permit login using the UMID. 
• Connections across networks have been established to permit wireless access to the Internet and internally hosted resources (through the Eduroam network), using any of the following network IDs:  UMID, SOM, FPI, and many of the individual clinical departments in the SOM.
• Access to file and data storage via the UMID or the SOM ID has been established for UMB researchers.

Key benefits and positive outcomes achieved by the continuation of this initiative include:

• Fewer IDs assigned to each employee and student;
• Efficient network account creation and maintenance;
• Improved security because network credentials created by one entity are trusted by federated partners;
• Improved security by reducing the creation of duplicate accounts that remain dormant as employees transfer between departments, move from one employing entity to another, or leave the UMB enterprise altogether; and
• Less frustration by employees and students in getting access to applications, systems and information resources that are available to them in the affiliated enterprise.

Each participating entity (CITS, UMB Schools, SOM, FPI, UMMS), has agreed that the Federated Identity Management model is a strategic initiative.  Each participating identity provider has committed to use existing personnel to federate systems and resources to complete this initiative.

In the past year, the deployment of Microsoft Office 365 was completed. Employees and students have been issued a Microsoft Office 365 account. In addition, a campus-wide Working Group, with representation from each UMB school, reviewed the many communication/collaboration tools being used across UMB and investigated the possible acquisition and implementation of a new communication and collaboration tool(s). The goal for the group was to recommend a communication/collaboration tool that could be deployed throughout UMB. The assessment of existing tools used at UMB, as well as any new technology, included reviewing best features, best uses, costs of the tools, and any gaps in what was currently licensed and available. The group’s final recommendation was the Cisco Collaboration Platform, which is new to UMB and includes many telephony and unified communication advancements as well as contemporary on-demand WebEx web conferencing and videoconferencing capabilities. An agreement with Cisco has been reached and these new Cisco communication and collaboration tools will be deployed throughout UMB in Fiscal Year 2019.

Implementation Status

Next Steps

Implementation Status

All central administrative units, as well as the HS/HSL, SOP, SSW, SOD, SOL, and the SON, are up and running with Office 365. SOM implementation is almost complete, with only three departments left to be migrated; complete by the end of calendar year 2017.

Next Steps

Individual and group training sessions are being offered to help use the available features and functionality (OneDrive, Skype, etc.). Students are being added to the Microsoft Office 365 platform for all schools.

Microsoft Office 365 (O365) for Education is providing the entire University of Maryland, Baltimore enterprise a common suite of essential business applications. It has consolidated email systems, enhanced opportunities for employees to access work-related documents from any device and from any location, provided document sharing/collaboration and web/video conferencing functionality, and reduced the server and backup costs to support the UMB electronic communication environment. As of August 2017, all central administrative units as well as the HS/HSL, SOP, SSW, SOD, SOL, and SON are up and running with Office 365. The SOM implementation is almost complete, with only three departments in the final phase of being completed: OBGYN, Pediatrics, and Emergency Medicine.  Individual and group training sessions are being offered to acclimate users to Office 365 and help them use the available features and functionality, e.g., OneDrive, Skype, SharePoint.

Microsoft Office 365 (O365) for Education is providing the entire University of Maryland, Baltimore enterprise a common suite of essential business applications. It is consolidating email systems, enhancing opportunities for employees to access work-related documents from any device and from any location, providing document sharing/collaboration and web/video conferencing functionality, and reducing the server and backup costs to support the UMB electronic communication environment. As of June 2017, all central administrative units as well as the HS/HSL, SOP, SSW, SOD, SOL are up and running with Office 365. The SOM and the SON implementations are in progress and will be completed by the end of Summer 2017.

Microsoft Office 365 (O365) for Education is providing the University of Maryland, Baltimore a common suite of essential business applications.  A standardized set of communication tools is being deployed throughout UMB and to many of the University’s affiliates.  

The Microsoft for Education cloud-based solution provides contemporary communications features and functionality in a collaborative infrastructure. The core applications provided by Office 365 for education are:

• OneDrive for Business (Individual file storage with 1 terabyte of space per person)
• Skype for Business (Web/Video conferencing and instant messaging)
• SharePoint Online (Team Sites for document sharing and collaboration)
• Office Online (A web based version of Word, Excel, PowerPoint and more for quick viewing and editing documents on computers without locally installed Office apps)
• Office 365 Pro Plus (Office on all of your devices. Up to 5 installs for computers and mobile devices)
• Exchange Online (Email with 50 gigabytes of mailbox storage and unlimited capacity to store email archives)

Current Status:

The Office 365 core applications are being distributed to end users with little or no effect on current business procedures and normal day to day operations.  Prior to deploying Office 365, school and administrative department computers are being upgraded to newer versions of the office productivity suite -- Microsoft Office 2013 or Office 2016 which include Microsoft Word, Excel, Powerpoint, and Outlook.  

Significant progress has been made with this initiative, including the completion of the following tasks:

• Microsoft agreement executed; including approval from Microsoft to include the University’s affiliates under the Education license agreement.  This decision allows, for example, the clinical departments to assign a MS O365 license to their non-University workforce members. 
• Acquired a Business Associates Agreement from Microsoft; completed a security compliance review and obtained security compliance documents from Microsoft;
• Completed the connection to the Microsoft Azure cloud infrastructure to support Office 365;
• Office 365 deployment strategies by school and department were finalized;
• Training resources have been prepared and are available;
• Completed a successful pilot;
• Deployment of Office 365 is currently underway.

Projected Timeline:

The entire project to implement Microsoft Office 365 has been completed for the central administrative departments.  UMB schools and academic departments will be completely finished by the end of spring/early summer 2017.  The migration of FPI accounts to Office 365 will be completed in FY 2018. 

Microsoft Office 365 (O365) for Education is providing the University of Maryland, Baltimore a common suite of essential business applications.  A standardized set of communication tools is being deployed throughout UMB and to many of the University’s affiliates.  

The Microsoft for Education cloud-based solution provides contemporary communications features and functionality in a collaborative infrastructure. The core applications provided by Office 365 for education are:

• OneDrive for Business (Individual file storage with 1 terabyte of space per person)
• Skype for Business (Web/Video conferencing and instant messaging)
• SharePoint Online (Team Sites for document sharing and collaboration)
• Office Online (A web based version of Word, Excel, PowerPoint and more for quick viewing and editing documents on computers without locally installed Office apps)
• Office 365 Pro Plus (Office on all of your devices. Up to 5 installs for computers and mobile devices)
• Exchange Online (Email with 50 gigabytes of mailbox storage and unlimited capacity to store email archives)

Current Status:

The Office 365 core applications are being distributed to end users without affecting current business procedures and normal day to day operations.  Prior to deploying Office 365, school and administrative department computers are being upgraded to newer versions of the office productivity suite -- Microsoft Office 2013 or Office 2016 which include Microsoft Word, Excel, Powerpoint, and Outlook.  

Significant progress has been made with this initiative, including the completion of the following tasks:

• Microsoft agreement executed; including approval from Microsoft to include the University’s affiliates under the Education license agreement.  This decision allows, for example, the clinical departments to assign a MS O365 license to their non-University workforce members. 
• Acquired a Business Associates Agreement from Microsoft; completed a security compliance review and obtained security compliance documents from Microsoft;
• Completed the connection to the Microsoft Azure cloud infrastructure to support Office 365;
• Office 365 deployment strategies by school and department were finalized;
• Training resources have been prepared and are available;
• Completed a successful pilot;
• Deployment of Office 365 is currently underway.

Projected Timeline:

The entire project to implement Microsoft Office 365 has been completed for the central administrative departments.  UMB schools and academic departments will be completely finished by the end of spring/early summer 2017.

Microsoft Office 365 (O365) for Education will provide the University of Maryland, Baltimore a common suite of essential business applications.  A standardized set of communication tools will be available to the entire campus and the UM Medicine IT Network.

The Microsoft for Education cloud-based solution provides contemporary communications features and functionality in a collaborative infrastructure. The core applications provided by Office 365 for education are:

• OneDrive for Business (Individual file storage with 1 terabyte of space per person)
• Skype for Business (Web/Video conferencing and instant messaging)
• SharePoint Online (Team Sites for document sharing and collaboration)
• Office Online (A web based version of Word, Excel, PowerPoint and more for quick viewing and editing documents on computers without locally installed Office apps)
• Office 365 Pro Plus (Office on all of your devices. Up to 5 installs for computers and mobile devices)
• Exchange Online (Email with 50 gigabytes of capacity)

Current Roadmap:

The Office 365 production implementation brings with it a huge amount of change.

Office 365 will be brought online and setup in a way that core applications can be distributed to end users without affecting current business procedures and normal day to day operations.

Office 365 core applications can be deployed independently or in combination with each other.  A deployment strategy that fits with the needs of each school and department will be deployed.

October – December 2015

• CITS and SOM worked with consultants to implement the production ADFS and hybrid infrastructure to support Office 365.
  • Discuss planning, discovery and design  - Completed
  • Obtain approval of design by Security Compliance – Completed
  • Setup  Office 365 production tenant – Completed
  • Procure virtual servers in Azure – Completed
  • Single sign-on capability – Completed
  • Prepare an on premise Active Directory infrastructure for hybrid environment – Completed
  • Prepare the on premise Exchange infrastructure for O365 – Completed
  • Setup and configure Azure, ADFS and DirSync – Completed
    • Establish MS Security Groups and Access Control Logging – Completed
    • Implement firewall rules and DNS changes – Completed
    • Resolve current LAW domain controller issue – Completed
• Perform system “health checks” for the MS Azure infrastructure – Completed
• Perform operating system patching, install Anti-virus, implement backup processes and alert notifications on Azure infrastructure – Completed
• Discuss the design and security for SharePoint – Completed
  • Create draft design for SharePoint site collections (Publishing vs Collaboration subsites) – Completed
  • Discuss draft design and obtain feedback from Pilot users – Completed
• Setup and Test Exchange email – Completed
• Enable Skype Online – Completed
• Meetings with Individual schools and departments- In progress
  • Discuss ADFS and cloud based domain controllers – Completed
  • Discuss production design with Training, Help Desk and Desktop pilot users –  Completed
  • Discuss testing plans for core applications – Completed
  • Production Office 365 environment available for Pilot users
    • Setup accounts for Training, Helpdesk and Desktop groups as well as for other pilot users in the production tenant – Completed

December – January 2016

• CITS to begin the production Pilot. This Pilot will include IT departments from each school/department as well as CITS Training, Helpdesk and Desktop staff. – In progress
• SOM to start migrating mailboxes on the @SOM email system. – Completed
  • Activate licenses for core applications in production.  –  Completed
  • Work with the Office of Communications (CITS and SOM) to create initial web page branding. – Completed for CITS; SOM has some material but will point our customers to CITS’ web site. 
  • Create web page with training materials and FAQs.   (URL: www.umaryland.edu/office365) - Completed
  • Test on premise automated Microsoft Office 2013 upgrade rollout – Completed
  • Evaluate and test core applications  - In progress
  • Develop and plan for end user training  - In progress
  • Evaluate and test other features beyond the core applications (Such as Video, Delve, etc.) – In progress
  • Develop a deployment plan than fits the needs of each school  – In progress for CITS; SOM’s deployment plan is Complete

February – April 2016

• Resolve technical/network related issues and installed security related agents to Azure cloud based infrastructure  – Completed
• Work with consultants to create framework for SharePoint. – Completed.
• CITS and SOM migration begins for core products based on school and department deployment strategy
  • Deployment of Office 2013 completed for CITS.  Deployment in A&F and AA is underway. – In progress
  • SOM’s deployment of Office 2013 is in progress
  • Conduct internal meetings via Skype for Business to test functionality. –Completed.
  • Integrate the implementation of the UMID for Workstation/Email Access project with the O365 project (unify/link directory accounts – Enterprise and Active Directory) – CITS.   – In progress
  • Wrap up consultant engagement for the infrastructure and initial deployment of Office 365. In progress
  • Begin the technical discussions for SON migration to campus Active Directory, followed by Office 365 deployment. – In progress
  • Begin the technical discussions with SOD and SOL to discuss Office 365 enabling and mailbox migration, based on Office 2013/2016 deployment within the school. – In progress

May – December 2016

• Proceed with the enabling of Office 365 and the email migration component of O365 project.
• Continue working with SON and their consultants on the Active Directory migration and O365 migration tasks.
• SOM begins migration of department email systems to SOM email system in O365. 

The Office 365 production implementation brings with it a huge amount of change.

Office 365 will be brought online and setup in a way that core applications can be distributed to end users without affecting current business procedures and normal day to day operations.

Office 365 core applications can be deployed independently or in combination with each other.  A deployment strategy that fits with the needs of each school and department will be deployed.

June – September 2015 (Tasks completed; CITS and SOM)

• Finalize campus MEEC Microsoft agreement.  Obtain product license keys for Office 365 production tenant.
• Finalize Microsoft/Internet2 contract for Active Directory Federation Services (ADFS).
• Finalize Statement of Work for a consultant contract.
• Work with the Training group to obtain information for FAQs, informational web pages, etc.
• Investigate the Office 2013 desktop software for compatibility issues with enterprise applications.
• Obtain software to aid in managing O365 accounts.  Install and test software.
• Continue testing features and functionality in lab environment.
• Continue CITS and SOM collaboration with technical strategy, issues and resolutions.

October – December 2015

• CITS and SOM working with consultants to implement the production ADFS and hybrid infrastructure to support Office 365.
  • Discuss planning, discovery and design  - Completed
  • Obtain approval of design by Security Compliance – Completed
  • Setup  Office 365 production tenant – Completed
  • Procure virtual servers in Azure – Completed
  • Single sign-on capability – Completed
  • Prepare an on premise Active Directory infrastructure for hybrid environment – Finalizing
  • Prepare the on premise Exchange infrastructure for O365 – In progress
  • Setup and configure Azure, ADFS and DirSync – Finalizing
    • Establish MS Security Groups and Access Control Logging – Completed
    • Implement firewall rules and DNS changes – Finalizing
    • Resolve current LAW domain controller issue – In progress
• Perform system “health checks” for the MS Azure infrastructure – Finalizing
• Perform operating system patching, install Anti-virus, implement backup processes and alert notifications on Azure infrastructure – Finalizing
• Discuss the design and security for SharePoint – In progress
  • Create draft design for SharePoint site collections (Publishing vs Collaboration subsites) – In progress
  • Discuss draft design and obtain feedback from Pilot users – Not started
• Setup and Test Exchange email – Not started for CITS; Underway for the SOM
• Enable Skype Online – In progress
• Meetings with Individual schools and departments- In progress
  • Discuss ADFS and cloud based domain controllers – Completed
  • Discuss production design with Training, Help Desk and Desktop pilot users – In progress
  • Discuss testing plans for core applications – In progress
  • Production Office 365 environment available for Pilot users
    • Setup accounts for Training, Helpdesk and Desktop groups as well as for other pilot users in the production tenant – In progress

December – January 2016

• CITS to begin the production Pilot. This Pilot will include IT departments from each school/department as well as CITS Training, Helpdesk and Desktop staff.
• SOM to start migrating mailboxes on the @SOM email system.
  • Activate licenses for core applications in production.  –  Completed
  • Work with the Office of Communications (CITS and SOM) to create initial web page branding. – In progress
  • Test on-premise automated Microsoft Office 2013 upgrade rollout – In progress
  • Evaluate and test core applications  - In progress
  • Develop and plan for end user training  - In progress
  • Evaluate and test other features beyond the core applications (Such as Video, Delve, etc.) – Not started
  • Develop a deployment plan than fits the needs of each school  – Not started

February – December 2016

• CITS and SOM migration begins for core products based on school and department deployment strategy

Microsoft Office 365 (O365) for Education will provide the University of Maryland, Baltimore a common suite of essential business applications.  A standardized set of tools will be available to the entire campus and the UM Medicine IT Network.

The Microsoft for Education cloud-based solution provides desired features and functionality in a contemporary communications and collaborative infrastructure. The core applications provided by Office 365 for education will be:

• OneDrive for Business (Individual file storage with 1 terabyte of space per person).
• Skype for Business (Web/Video conferencing and instant messaging).
• SharePoint Online (Team Sites for document sharing and collaboration).
• Office Online (A web based version of Word, Excel, PowerPoint and more for quick viewing and editing documents on computers without locally installed Office apps).
• Office 365 Pro Plus (Office on all of your devices. Up to 5 installs for computers and mobile devices).
• Exchange Online (Email with 50 gigabytes of capacity).

Roadmap/Timeline:

The Office 365 implementation brings with it a huge amount of change.  Office 365 will be brought online and setup in a way that core applications can be distributed to end users without affecting current business procedures and normal day to day operations.

Office 365 core applications can be deployed independently or in combination with each other.

A deployment strategy will be used that meets the needs of each school and department.

Summer/Fall 2015

• Finalize campus MEEC Microsoft agreement.  Obtain product license keys for Office 365 production tenant.
• Review and finalize Business Associates Agreement with Microsoft.
• Finalize Statement of Work and contract with Office 365 consultants.
• Finalize Microsoft/Internet2 contract for Active Directory Federation Services (ADFS).
• Work with the Training group to obtain information for FAQs, informational web pages, etc.
• Start investigating the Office 2013 desktop software for compatibility issues with enterprise applications.
• Obtain software to aid in managing O365 accounts.  Install and test software.
• Continue testing features and functionality in the lab environment.
• Continue collaboration with School of Medicine and FPI on technical strategy, issues and solutions.

Fall 2015

• CITS and SOM to work with consultants on standing up the production hybrid infrastructure to support Office 365 with single sign-on.
• The production Office 365 environment will be brought online and available for the Pilot Phase.
• Meetings with individual schools and departments will occur to discuss the roll-out.
• The Production Pilot Phase will begin. This Pilot will include IT departments from each school/department.
  • Evaluate and test core applications.
  • Evaluate and test other features beyond the core applications.
  • Develop and plan for end user training.
  • Develop a deployment plan than fits the needs of each entity.

Fall 2015/Spring 2016

• Migration of the core products will occur.

Spring 2016/Fall 2016

• Proceed with and complete the email migration component of the O365 project.
  • Work with each school and department to migrate emailboxes to the Office 365 cloud service.

Faculty and staff need to communicate and collaborate in a timely and productive fashion, locally on-campus as well as remotely.  Hardware, software and support costs are increasing in order to keep up with the services to which the users are becoming accustomed. Microsoft Office 365 will dramatically change the way UMB manages electronic communications and collaboration services.  This strategic shift to a new service delivery model will reduce the number of email systems and collaboration software currently used on campus and provides an essential suite of business applications.  The shift to a “Cloud” Services provider is a significant directional change for the UMB IT service providers and to the UMB community.

Communication is a core business requirement and email is a primary means of communication.  UMB personnel also rely on email to manage projects, document conversations, receive workflow notifications from critical enterprise applications and external sponsors, and for other business purposes.  The demands on the enterprise to support the electronic communications environment have increased as the dependence on and use of email has grown.  Email needs to always available; fast, full-featured, and accessible from any device.  Our faculty and staff need to easily find email addresses of others in the community, schedule meetings using shared calendars, build and manage distribution lists, and be assured that email is safe, secure, and delivered to the email recipient(s). 

The CITS organization alone spent over $400,000 for the current email infrastructure and the SOM is facing an email expansion and hardware refresh expense that is estimated to exceed $500,000.  Secure, cloud-based solutions can obviate the need for some of the expense currently incurred for an on-campus email infrastructure. UMB and the UM Medicine IT Network can acquire improved and more secure electronic communications functionality through an external service provider at a much lower cost than what is expended today.     

Microsoft Office 365 Education is an external “cloud-based” system that will provide email, document sharing/collaboration, and web/video conferencing at a price point that is significantly less than what it currently costs to host these services on site.  In addition, Microsoft Office 365 for Education offers components that are not currently feasible with an on-site solution – larger mailbox sizes, instant messaging, and collaborative file storage space for faculty and staff.  It also has seamless integration between Microsoft productivity tools, e.g., spreadsheets, presentation software, document creation, calendaring, web conferencing, document sharing and storage.  This secure cloud-based solution will reduce on-site hardware acquisition and support costs for servers and data storage currently maintained by UMB and the entities in the UM Medicine IT Network.   

The investigation phase of Microsoft Office Education began in FY 2015.  IT staff in CITS, the SOM and FPI analyzed the Office 365 components and created test environments.  Information regarding Office 365 is being shared with School IT leaders and staff.  The planning and preparation phase for this initiative is targeted to begin in the second quarter of 2015 and it will include documenting implementation details, working with consultants to prepare the technical environment, and developing a training and support plan.  

The Office 365 implementation brings with it a huge amount of change.  Office 365 will be brought online and setup in a way that core applications can be distributed to end users without affecting current business procedures and normal day to day operations.

Office 365 core applications can be deployed independently or in combination with each other.

A deployment strategy will be used that meets the needs of each school and department.

Summer/Fall 2015

• Finalize campus MEEC Microsoft agreement.  Obtain product license keys for Office 365 production tenant.
• Review and finalize Business Associates Agreement with Microsoft.
• Finalize Statement of Work and contract with Office 365 consultants.
• Finalize Microsoft/Internet2 contract for Active Directory Federation Services (ADFS).
• Work with the Training group to obtain information for FAQs, informational web pages, etc.
• Start investigating the Office 2013 desktop software for compatibility issues with enterprise applications.
• Obtain software to aid in managing O365 accounts.  Install and test software.
• Continue testing features and functionality in the lab environment.
• Continue collaboration with School of Medicine and FPI on technical strategy, issues and solutions.

Fall 2015

• CITS and SOM to work with consultants on standing up the production hybrid infrastructure to support Office 365 with single sign-on.
• The production Office 365 environment will be brought online and available for the Pilot Phase.
• Meetings with individual schools and departments will occur to discuss the roll-out.
• The Production Pilot Phase will begin. This Pilot will include IT departments from each school/department.
  • Evaluate and test core applications.
  • Evaluate and test other features beyond the core applications.
  • Develop and plan for end user training.
  • Develop a deployment plan than fits the needs of each entity.

Fall 2015/Spring 2016

• Migration of the core products will occur.

Spring 2016/Fall 2016

• Proceed with and complete the email migration component of the O365 project.
  • Work with each school and department to migrate emailboxes to the Office 365 cloud service.

The Microsoft for Education cloud-based solution provides desired features and functionality in a contemporary communications and collaborative infrastructure. The initiative objective is to successfully deliver the following Microsoft Office 365 offerings to faculty and staff:  

• Email (50 gigabytes mailbox capacity)
• Calendaring via Exchange Online
• Document sharing/collaboration via SharePoint
• Web/Video conferencing and instant messaging via Lync
• File storage via OneDrive (currently 1 terabyte per person; moving to unlimited capacity)
• Office online (Word, Excel, PowerPoint and more) via Office cloud

A shared collaborative incident management (helpdesk ticketing) application has been implemented to improve the customer experience. It is aligning the distributed helpdesk units and provides each group the tools and ability to leverage the resources of one another. There are 10 different support units that have adopted the common incident management system, and they are coordinating their support operations. More than 40,000 incidents have been recorded in Fiscal Year 2018 using this common system.

Below are the FY 2018 statistics:

Tickets:

In addition, through an assessment of service indicators and current operations, new opportunities for strengthening the service were identified and implemented. The UMB schools participated in this assessment, and based on their input and feedback, the Campus IT Helpdesk operations have been expanded.

During this past year, two NPower interns were hired. NPower is a local company aimed at providing professional IT opportunities to veterans and individuals in underserved communities. After their internships expired, these individuals were hired as full-time contingent employees. These additional resources allowed the Campus IT Helpdesk to start having full walk-in and call-in hours on the weekends (previously only email and voicemail options were available).  They also allowed the IT Helpdesk to answer almost all incoming calls. This has helped strengthen the responsiveness of the Helpdesk by improving the percentage of calls answered from 27 percent to 87 percent.  Before they were hired, some calls would go into voicemail because the call volume was too large for the existing staff to answer them.

Additional new opportunities and actions for strengthening service include extending the weekday coverage from 5:30 p.m. to 7 p.m., and supplementing some of the other IT support units’ operations in the schools. Lastly, a major upgrade is being planned for the common incident management system for early fall 2018. This new version of the incident management system will provide enhanced reporting capabilities, greater flexibility for the IT support groups to make customizations specific to their operations, and a much more intuitive interface for end users to enter and track helpdesk tickets.

Project Status

 Next Steps

Project Status

As of October 2017, the following unit help desk operations are live with this shared application: CITS, SOP, SON, SOD, SSW, SOL, the SOM Office of Medical Education, and the Institute of Human Virology (IHV). 

Next Steps

The SOM’s Office of Information Services is currently customizing and implementing this shared application for use by all SOM departments.

All schools and departments will be using this shared help desk ticketing application in early calendar year 2018.

A shared collaborative incident management (help desk ticketing) application has been implemented that aligns the distributed help desk units and provides each group the tools and ability to leverage the resources of one another. The UMB community no longer needs to supply redundant information when an issue requires the assistance of a help operation other than the one that they initially consulted. As of August 2017, the following unit help desk operations are live with this shared application: CITS, SOP, SON, SOD, SSW, SOL, the SOM Office of Medical Education, the Institute for Human Virology (IHV), and the SOM central Information Services department. Planning for implementation in other SOM departments and across FPI is underway.    

A shared help desk ticketing application is being implemented for use by all help desk operations throughout the enterprise. As of June 2017, the following help desk service providers are live with this shared application: CITS, SOP, SON, SOD, SSW, SOL, the SOM Office of Medical Education, the Institute for Human Virology (IHV), and the SOM IS department. Implementation in other SOM departments and across FPI are proving to be a more complex configuration and will require additional planning and work during Summer 2017.

The implementation is underway for a common, collaborative incident management system that aligns the distributed helpdesk units and provides each group the tools and ability to leverage the resources of one another.  The Helpdesk Steering Committee, formed in June 2015, is made up of representatives from each of the various helpdesks across the University and FPI and has been meeting regularly since its inception.  This committee has been providing the operational direction for the planning and implementation of this initiative. 

Current Status:

To date, CITS, SON, and the SOP, and have successfully implemented the new shared system.

Projected Timeline:

The implementation for the SOM Information Services department, SOL, SSW, and SOD will be completed this fall/winter 2016.  The implementations for FPI and the SOM clinical departments are in the planning stage and will be completed in spring/summer 2017.    

The implementation is underway for a common, collaborative incident management system that aligns the distributed helpdesk units and provides each group the tools and ability to leverage the resources of one another.  The Helpdesk Steering Committee, formed in June 2015, is made up of representatives from each of the various helpdesks across the University and FPI and has been meeting regularly since its inception.  This committee has been providing the operational direction for the planning and implementation of this initiative. 

Current Status:

To date, CITS, SON, SOP, and the SOM Information Services department have successfully implemented the new shared system.

Projected Timeline:

The implementation for the SOL, SSW, and SOD will be completed this fall 2016.  The implementations for FPI and the SOM clinical departments are in the planning stage and will be completed in spring/summer 2017.    

The implementation is underway for a collaborative solution that aligns the distributed helpdesk units and provides each group the tools and ability to leverage the resources of one another.  The Helpdesk Steering Committee, made up of representatives from each of the various helpdesks across the University and FPI, has been meeting multiple times each month since its inception in June 2015.  This committee has been providing the operational direction for the planning and implementation of this initiative.  Throughout the fall semester, CITS, SON, and SOP all successfully implemented the new shared Incident Management System. 

The SOM IS Department is actively working on their implementation and all other schools and units have been engaged and in the planning stages of their adoption.  At the beginning of April 2016, a software engineer was brought onsite for an all-day technical discussion and training on how the shared Incident Management System could be used to better integrate each individual school and department helpdesk operation.  This session was very productive and had representation from the SOD, SOL, SOM – IS Department; SOM – Department of Medicine, SOM – Medical Education, SON, SOP, SSW, and CITS.

Project Plan Summary

-        Installation – Summer 2015 – [COMPLETE]

• Server OS/Software and database
• Authentication and user import/sync
• Define/Assign security roles/permissions

-        Planning/Design  – Summer to Fall 2015 – [COMPLETE]

• Requirements Assessment and Analysis (define scope and core requirements of system)
• Technical Analysis (security, authentication, identity management, system architecture)
• Usability Analysis (how customers/technicians/supervisors will interact with the system)
• Operational Analysis (support unit workflows, how support units interoperate, escalation procedures, how incidents will be categorized)
• Reporting/Metrics/Analytics Planning

-        Configuration – Summer to Fall 2015– [COMPLETE]

• Item category/type definitions (Global and unit-specific)
• Establish organizational units (tasks to be completed per support unit)
  • Define support teams
  • Create SLAs and workflows
• Branding/Form design:  customer requests

-        Implementation – Fall 2015 to Fall 2016

• Phases
  • Phase 1
    • Define transition/adoption plan (per support unit as applicable)
    • Train technicians on new system
    • Cut-over of existing processes/communication (email, website, phone, etc.)
    • Phase 2
      • Align outlying support practices that aren’t currently captured in ticketing system to new system (shadow systems/processes, support email addresses, etc.)
      • Plan/build FAQ and knowledge base
      • Future Phases
        • Analyze adoption of other service aspects (request fulfillment, inventory/asset management, change/configuration management, knowledge management, etc.) – additional project phases to be established and scheduled as applicable
• Schedule of Phased Roll-out
  • Fall 2015
    • CITS, SOP, SON – [COMPLETE]
    • Winter 2016 – Spring 2016
      • SOM – IS Dept – actively working on migration, expected completion by Summer 2016 – [In Progress]
      • Summer – 2016
        • SOD is actively planning their migration and anticipate starting the migration in May 2016 with completion in Summer 2016 – [In Progress]
      • Summer 2016 – Fall 2016
        • Other support units - SOL, SSW, SOM – Dept of Medicine, SOM – Medical Education, FPI (specific roll-out dates TBD)

The implementation is underway for a collaborative solution that aligns the distributed helpdesk units and provides each group the tools and ability to leverage the resources of one another.  The Helpdesk Steering Committee, made up of representatives from each of the various helpdesks across the University and FPI, has been meeting multiple times each month since its inception in June, 2015.  This committee has been providing the operational direction for the planning and implementation of this initiative.  Throughout the fall semester, CITS, SON, and SOP have been implementing the new shared Incident Management System.  Both CITS and SOP anticipate being fully migrated to the new system by the end of 2015.  The SON is still actively working on migrating their support operations to this system and the SOD and SOM are in the early planning stages of their migration.

Project Plan Summary

-          Installation – Summer 2015 – [COMPLETED]

• Server OS/Software and database
• Authentication and user import/sync
• Define/Assign security roles/permissions

-          Planning/Design  – Summer to Fall 2015 – [On track to completed by end of 2015]

• Requirements Assessment and Analysis (define scope and core requirements of system)
• Technical Analysis (security, authentication, identity management, system architecture)
• Usability Analysis (how customers/technicians/supervisors will interact with the system)
• Operational Analysis (support unit workflows, how support units interoperate, escalation procedures, how incidents will be categorized)
• Reporting/Metrics/Analytics Planning

-          Configuration – Summer to Fall 2015– [On track to completed by end of 2015]

• Item category/type definitions (Global and unit-specific)
• Establish organizational units (tasks to be completed per support unit)
  • Define support teams
  • Create SLAs and workflows
• Branding/Form design:  customer requests

-          Implementation Phases – Fall 2015 to Fall 2016

• Phase 1
  • Define transition/adoption plan (per support unit as applicable)
  • Train technicians on new system
  • Cut-over of existing processes/communication (email, website, phone, etc.)
• Phase 2
  • Align outlying support practices that aren’t currently captured in ticketing system to new system (shadow systems/processes, support email addresses, etc.)
  • Plan/build FAQ and knowledge base
• Future Phases
  • Analyze adoption of other service aspects (request fulfillment, inventory/asset management, change/configuration management, knowledge management, etc.) – additional project phases to be established and scheduled as applicable
• Schedule of Phased Roll-out
  • Fall 2015
    • CITS, SOP, SON transition/adoption – [CITS and SOP on track to be fully implemented by end of 2015, SON to finish implementation early 2016]
    • Winter 2016 – Spring 2016
      • SOD, SOM transition/adoption – [SOD/SOM in early stages of planning and on track to begin migration in early 2016]
      • Spring – Fall 2016
        • Remaining support units - SOL, SSW, FPI (specific roll-out dates TBD)

The planning and implementation is underway for a collaborative solution that aligns the distributed helpdesk units and provides each group with the tools and capabilities to leverage combined resources.  As a first step, the Helpdesk Steering Committee was formed with representatives from each of the various helpdesks across the University and FPI.  The committee provides the forum for the support units to discuss, plan, and coordinate the implementation of a unified incident management system.  The first deliverable of the Helpdesk Steering Committee is the evaluation, selection and implementation of a common unified incident management system to track support issues across the UMB community. 

The committee established core requirements (shown below) to evaluate the various solutions available.  Using these criteria, the evaluation and selection process was completed successfully with input from all support units across UMB.  Novell’s Service Desk offering was chosen as the best fit in meeting the combined and diverse operational, budgetary, and integration needs of the community. 

Incident Management System Core Requirements

The following items have been identified as key functional, technical and financial requirements of the system selected:

• No significant increase in cost or additional FTE staff.
• The time to market needed to be aggressive as many units have an immediate need for an incident management system.
• Ability to differentiate between different departments/organizations.
• Easy access and routing between each organization.
• Ability to submit a ticket via email and web (potentially mobile app).
• Ability for support staff to view/manage tickets via mobile, web, and/or client.
• Ability to track support staff time in managing tickets.
• Granular security for cross-school/department viewing of tickets.
• Supports authentication to multiple directories.
• Knowledge base capacity to enable self-help and/or for use by a HD support staff.
• System provides feedback loop for customers/users.
• Robust reporting that allows for distributed and aggregated reports. 
• Customer information handling - ability to feed data from multiple sources.

Incident Management System Implementation Roadmap/Timeline

• Summer 2015
  • Software evaluation and selection
  • Software base deployment
• Fall 2015
  • CITS, SOP, SON (Sept.-Nov.)
  • SOD (Nov.-Dec.)
• Spring – Fall 2016
  • UM Medicine IT Network
  • Remaining support units – SOL and SSW

UMB’s helpdesks operate in a challenging environment characterized by high institutional and technological diversity.  Helpdesk services are currently offered by CITS, HS/HSL, FPI, UMMS, SOM, SOD, SOL, SON, SOP, SSW, and many departments.  The result is a lack of coordination, ambiguity regarding which help desk to call, which help desk should take ownership of a problem, and an inconsistent user experience.  Many entities on campus requiring helpdesk support have their own applications, and with the rise of “bring your own device, or BYOD”, helpdesks are also expected to deal with a wide range of devices. This underlying diversity is a microcosm of the UMB IT environment: multiple IT departments, a wide variety of applications, and a wide variety of devices to support.

One of the challenges confronting students, faculty and staff is that when a problem occurs it is not clear who is responsible for resolving the issue. The issue may be local to the unit itself, may be a campus-level problem that only CITS can resolve, or may require a coordinated and combined effort on the part of both the local and central IT help desks.  In this environment, coordination and training are essential tools for managing complexity. A Helpdesk Steering Committee with representatives from the helpdesks across campus would enable better knowledge diffusion and standardization of policies across the helpdesks. A shared helpdesk ticketing application, used by all helpdesks, would insulate users from dealing with IT complexity, conserve staff time, and enable better global analytics. Coordinated training resources would both improve overall helpdesk staff knowledge and facilitate seamless hand-off between helpdesks.

Summer 2015

• Software evaluation and selection
• Software base deployment

Fall 2015

• CITS, SOP, SON (Sept.-Nov.)
• SOD (Nov.-Dec.)

Spring – Fall 2016

• UM Medicine IT Network
• Remaining support units – SOL and SSW

A Helpdesk Steering Committee would be convened with representatives from each helpdesk and the two major library reference desks (which also have significant front-line support responsibilities):

• CITS
• Medicine
• Dentistry
• Nursing
• Graduate
• Pharmacy
• HS/HS Library
• Social Work
• Law
• FPI
• Law Library
• UMMS

The agenda would be set by the representatives and would focus on information-sharing, coordination of initiatives, and formulation of overall plans. Most of the work could be carried out electronically. Recommendations, such as the sharing of best practices, could be implemented unilaterally by individual helpdesks. It could also make recommendations to the UMB IT Stakeholder Committee about unified training opportunities for helpdesk staff, optimal use of helpdesk resources, and the potential creation of a lab for helpdesk staff to gain hands-on experience with new devices and applications.

A shared ticketing application should replace the current separate ticketing systems used by the individual helpdesks.  The helpdesks would retain their separate identities and missions, but when a ticket required attention from a helpdesk other than the one that was initially contacted, it would be reassigned to the new helpdesk, rather than requiring the creation of a separate, new ticket for the other helpdesk.  Thus, responsibility for a ticket could be passed among helpdesks as needed, but the associated information would remain within one system of record. Benefits of a shared application include:

• All information in a ticket would be retained when it was assigned to a new helpdesk, reducing the risk of losing valuable context;
• Users would no longer need to supply redundant information when an issue required the assistance of a helpdesk other than the one they initially consulted;
• The ticket would provide a point of coordination and an easy mechanism for information sharing when multiple helpdesks must work together to pinpoint an issue whose source is not immediately localizable to one system or another;
• Better analytics for tracking effectiveness and resource allocation across helpdesks; and
• Reduced cost from paying for one, rather than many, helpdesk applications.

Additional initiatives proposed by the Helpdesk Steering Committee will be evaluated by the UMB IT Stakeholder Committee as they arise.

• Collaboratively assess, identify, and report on any information security risk or vulnerability;
• Define common areas of risk as they relate to information security at appropriate operational intersections;
• Share information security strategies, processes and practices that adhere to local, state, and federal regulatory rules and requirements in order to avoid duplication of effort;
• Share technology platforms and information security knowledge among technology professionals in order to broaden knowledge and expertise;
• Collaborate on the improvement and strengthening of information security policies, practices, and solutions, and ensure coverage across the enterprise;
• Develop a global communication strategy to promote and expand information security awareness across the UMB affiliated enterprise.

• Assistance to Campus Legal and HR Offices with forensic investigations.
• Assist campus with incident response
• Working with CITS Datacomm for implementation of new border firewalls
• Oversee destruction of hard drives containing sensitive information before disposal or recycling
• Creating Classification Schema that ensures all data is stored with an appropriate level of security
• Assisting Schools  and Departments in meeting HIPAA, FISMA, and PCI/DSS requirements
• Building a robust information security program,
• Preparing for future reporting and audit requirements,
• Responding to audit findings and improving the overall security posture of the University.

• Replacing machines running the Microsoft XP operating system. This operating system is no longer supported by Microsoft and security updates are no longer available. Machines running the XP operating system are vulnerable to many exploits.
• Changing password expiration dates:
• USM security program requirements include a 90 day password expiration for any “highly privileged user”, who are individuals who have IT roles and job classifications, and can make changes to servers and systems as well as functional users with elevated access privileges in critical systems.
• All other (General) users will now only have to change their passwords once per year.
• Requiring highly privileged users to access central enterprise systems via a secure Virtual Private Network (VPN) which means accessing systems from on or off campus.
• Requiring highly privileged users to use multi-factor authentications to access central enterprise servers and systems. This involves using an ID and password and then a pin number that will be supplied to the user.
• Restricting administrative rights to University computers which are used to access central enterprise systems, i.e., the ability to download software to University owned machines that access central systems will only be granted to Highly Privileged Users (IT personnel).

UMB has made a significant transition over the last several years to a common username and password [UMID] for web applications and campus services.  One of the remaining steps in this common ID initiative includes how users log into their workstations and the network.  The ultimate goal is for users to be able to use a single ID, whether it is the UMID, a SOM ID, a Hospital ID, or an FPI ID for authentication into all campuses' electronic resources in which they have privileges.

Targeted Time Period:

This is a multi-year project that encompasses multiple directories and authentication systems spread across all the University schools and departments. The first phase of this project for the School of Public Health was completed in late Fall 2014. The next phase will unify the Enterprise Directory with the campus Active Directory used by persons in the Campus domain.  Subsequent phases will include the creation of a federated identity management environment and includes the School of Medicine, other Campus units not in the Campus domain, UMMS, and FPI.

Groups Participating in the Project:

Directory Services, Infrastructure Services, IT Help Desk, and various School/Dept technical staff. SOM, UMMS, FPI technical staff will join as the phases for their federated IDs begin.

Future Enhancements:

• Implementation within the Campus domain will enable federating campus sites with the directories of the School of Medicine, FPI, UMMS, and any other directories managed by members of the UMB Community.
• This will allow all faculty, staff, and students to use one ID to access any system, desktop, or function to which they are entitled that is provided by any of the entities of the UMB Community. 
• This will be a very large project that will take a while to complete.

Benefits to Campus/Link to Strategic Plan:

• Expand the use of a single ID for a more simplified, enriched electronic experience for UMB information technology users.

The Campus Network Core Switches, both primary and secondary, are currently located in Howard Hall.  This project will move the secondary/redundant core to the 620 W. Lexington Street building to ensure network availability in the case of a disaster.

Targeted Time Period: This project is currently in the Planning Phase with fiber cable installations scheduled to begin in Summer 2016.

Primary Deliverables: Network redundancy so that the campus could absorb a disaster at a network core site without end users losing access to the campus network or the commercial or research Internet.

Groups Participating in the Project: CITS' Data Communications office will be working with Facilities management on HVAC capacity planning.  Outside vendors will provide electrical upgrades and assistance in providing and installing fiber cable. Eventually CITS will coordinate the network equipment move with all campus schools and departments.

Benefits to Campus/Link to the Strategic Plan:

• Quick disaster recovery in the event of a fire, flood, or power outage at Howard Hall.

A number of web application development projects, in support of children's health and welfare, were completed in December 2015. These included online management systems for the JUDY program, SEFEL. and ECMHC. Additionally, the SEFEL Community Page was added to their website to include forms for joining the mailing list and a widget to allow Pinterest posting to the SEFEL Community Board. The CHP Web Suite Section was updated to include access to the SEFEL OMS and Judy OMS releases, as well as links to enable contact with the CHP Team.

CITS' custom web development team is creating a number of web-based applications for the School of Social Work's Institute for Innovation and Implementation in support of their research in best practices for interventions for children in need and in support of the professionals in the field. Some of the applications under development:

Virtual Training Center:

This provides a platform from which training can be offered.  There is a class registration system, content delivery mechanisms, personal profile/history per student, and certificate of completion and CEU capabilities.  Originally developed for one group within the Institute, it has been enhanced to add other groups as well as units outside of the Institute including:

• Child Welfare Academy
• School of Social Work
• School of Social Work Continuing Education
• SEEK Program
• SEFEL
• Maryland Department of Juvenile Justice
• Psychiatry

National Technical Assistance and Reporting System:

This system will provide state-of-the-art, evidenced-based methods for best practice interventions for children and families experiencing specific problems. The application will allow tracking and reporting  on categories of interventions.

Early Childhood Mental Health Outcomes Monitoring System:

This system provides a means of measuring the success rates of different interventions for children with mental health problems.

Early Identification of Risk (EIR):

For children attempts to determine how to identify socio-emotionally at-risk children at an earlier age (infants & toddlers) by screening both the parents and the child for adverse childhood experiences. This is a follow on to the Adverse Childhood Experiences (ACEs) study initiated by Harvard.  The School of Social Work, Institute for Innovation and Implementation is a study participant. CITS staff are developing a secure web-based portal in which to deposit and analyze data.

SEFEL:

The Maryland Social Emotional Foundations for Early Learning provides resources to parents, families, trainers, coaches, teachers, and caregivers for evidence based training, story telling, and tools to prepare children for early learning opportunities.

The campus is replacing the legacy telephone service and the small key systems with the contemporary Cisco Call Manager.  This is a fundamental change in the underlying technology and will provide many new features on campus phones while saving money.

Targeted Time Period: This is an ongoing project involving all campus buildings and departments. Thus far, 3,374 VoIP phones have been installed out of a targeted 6,345.  Telecommunications has increased the targeted number of installations to be 1,000 per year. The entire project will be completed in FY 2017.

Groups Participating in the Project: CITS' Data Communications office is working with all campus schools, departments, and some non-campus affiliates including off-site locations. Primary Deliverables: This will replace 95% of the traditional analog and digital phones on campus with a secure, feature rich, integrated system.

Benefits to Campus/Link with the Strategic Plan:

• Provides costs savings to the physical plant for voice communications (i.e., copper)
• Provides new features for end users (e.g., Campus Directory access from the phone and easy conferencing)
• Enhanced location based 911/711 reporting
• Provides a foundation for new collaboration technologies

The Campus Network Refresh project is a phased approach to replacing end-of-life network equipment with standardized equipment across the campus.  The plan is to first gradually replace equipment that is no longer supported by the vendor and then move towards standardizing on the same equipment at each location based on functionality.

Targeted Time Period: The project implementation began in FY15 with equipment purchases and installations as part of the normal network device refreshment calendar. FY16 implementation has started.

Primary Deliverables: Standard network equipment across the campus, which will increase critical equipment availability and reduce cost.

Groups Participating in the Project: The CITS Data Communications office is working with all campus schools, departments, and our Cisco sales support and engineering team.

Benefits to Campus/Link with the Strategic Plan:

• Vendor supported hardware campus-wide
• Only necessary to maintain a single supply of spare equipment that can be shared across campus
• Critical equipment uptime increases
• Better support resulting from network engineers having a thorough knowledge of all equipment
• Cost savings by maintaining one spare inventory supply
• An equipment refresh cycle for the campus that better enables predicting future campus network equipment costs

CITS is currently engaged in many high priority projects.  It is important to let the various campus constituencies know our progress in completing these projects and how the projects support the UMB Strategic Plan. CITS communications also helps prepare and distribute vital information to the campus about threats, new tools, or time critical issues.

Targeted Time Period: This is an ongoing process using various media to contact multiple audiences.  Updates to this page will be made weekly or bi-weekly depending upon the project.

Primary Deliverables: Faculty, students, and staff knowledgeable about and supportive of CITS' initiatives.  Information will be delivered via The Elm, eBoards, eBlasts, Campus IT Alerts, E-mail Distribution Lists, IT News, the Portal, branding, and digital signage

Groups Participating in CITS Communications: Enterprise Training Group, IT Help Desk, Windows Administration, the Web Development Team, Communications and Public Affairs, Dental School Office of Information Technology

Benefits to Campus/Link to Strategic Plan:

• Users know what electronic tools and systems are available to apply to their operational problems and to assist in meeting strategic goals.
• Supporting collaboration and communications initiatives in the Strategic Plan.

The student information management system is being upgraded to the newest version and two new modules are being added to the system. Degree Works is currently being implemented by the SON, and it provides user-friendly, web-based academic advising and degree audit tools that will help students and their advisors negotiate curriculum requirements. A Customer Relations Management (CRM) module is currently being implemented for the Graduate School. It supports the entire recruiting and admissions life cycle. The key feature is a web presence that improves communication with prospective students. A personalized web experience for each prospective student can be created so that content can be easily sent to them and a relationship can be established.

The implementation of a new product called My Mediasite allows faculty to prepare, record and upload/publish their lectures (video and audio) from their own computers from an on-campus or off-campus location. Before My Mediasite, the recording of faculty lectures was done only in a classroom. These primary or supplemental lectures/instructional content can then be sent electronically by faculty to the students in their classes via the Blackboard course management system. 

AcademicWorks is a new system being implemented to enhance the awarding of scholarships to eligible students. The primary goal of the AcademicWorks system is to combine the various sources of information for awarding and stewarding scholarships in one place and make the information accessible to the pertinent parties, including students, donors, fundraisers, and scholarship managers. Donors will learn about the recipients of their gifts and that their contributions are making a difference.       

This working group will assess the many communication/collaboration tools being used across UMB and make a recommendation(s) regarding a UMB standard(s).

This working group will assess and recommend baseline standards to support interprofessional education as well as to support faculty, administrators, and staff who would like to provide instruction or give a presentation using technology in a room without needing in-depth training.

This working group will review the current UMB Administrative Data Retention Policy, make recommended changes based on best practices and regulations, and identify next steps to ensure current and future compliance.