330 likes | 558 Views
Tier 3 IT Management Methodology at VCU. Technology Advisory Council May 6, 2008. Tier 3 IT Management Methodology at VCU. Agenda Overview of Tier 3 management requirements Review VCU’s planned IT management methodology Focus on project management and Project Management Office
E N D
Tier 3 IT Management Methodology at VCU Technology Advisory Council May 6, 2008
Tier 3 IT Management Methodology at VCU • Agenda • Overview of Tier 3 management requirements • Review VCU’s planned IT management methodology • Focus on project management and Project Management Office • Discussion, Q&A
Tier 3 IT Management Methodology at VCU • The General Assembly passed, and the Governor signed, legislation authorizing VCU on July 1 to join UVa, Va Tech, and W & M as Tier 3 institutions under the Restructured Higher Education Financial and Administrative Operations Act.
Tier 3 IT Management Methodology at VCU • What does Tier 3 mean to VCU? Greater autonomy and control in: • Capitol outlay and acquisition and disposition of real property • Leasing • Procurement and surplus property • Finance and accounting • HR • Information Technology
Tier 3 IT Management Methodology at VCU • Tier 3 VCU Information Technology • Exempt from VITA and ITIB regulations • Full responsibility for strategic planning, budgeting and investments • Management of all projects, IV&V of all projects • Management of infrastructure, architecture, ongoing operations, and security • Responsible for IT audits
Tier 3 IT Management Methodology at VCU • To meet provisions of our agreement with the Commonwealth, VCU must develop our own policies and practices focused on four areas of IT management: • Security • Infrastructure, architecture, ongoing operations • Accessibility • Project management and auditing
Security • Security • VCU Information Security Management Program Components • Risk Management • IT Security Roles and Responsibilities • Business Impact Analysis • It System and Data Sensitivity Classification • IT System Inventory and Definition • Risk Assessment • It Security Audits • IT Contingency Planning • Continuity of Operations Planning • IT Disaster Recovery Planning • IT System and Data Backup and Restoration • IT Systems Security • IT System Hardening • IT Systems Interoperability Security • Malicious Code Protection • IT Systems Development Life Cycle Security
Security • Logical Access Control • Account management • Password Management • Remote Access • Data Protection • Data Storage Media Protection • Encryption • Facilities Security • Personnel Security • Access Determination and Control • IT Security Awareness and Training • Acceptable Use • Threat Management • Threat Detection • Incident Handling • IT Security Monitoring and Logging • IT Asset Management • IT Asset Control • Software License Management • Configuration Management and Change Control
Security • Steve Werby, VCU’s new ISO will be leading the effort to insure our security management policies and processes are compliant with Tier 3. • Security is all-engaging - the TAC and every member of the University’s IT community has a role to play. • Being our own watchdog means need for greater diligence (and perhaps stricter controls) as the scrutiny will be greater should any security breach occur.
Infrastructure, Architecture, Ongoing Operations • The major objectives of infrastructure management at the University include: • Optimizing utilization of all technology assets • Lowering operating costs • Maximizing availability of service • Improving IT risk management • Improving productivity for service support • Improving organizational agility • Maximizing asset useful life • Improving the ability to monitor and manage change • Improving the ability to plan and budget for asset replacement • Ensuring financial records reflect the true picture of assets
Infrastructure, Architecture, Ongoing Operations • Enterprise Architecture (EA) is a method or framework for developing, implementing, and revising organization-focused Information Technology (IT) guidance. • The resulting guidance describes how the University can best use technology and proven practices to improve the way it does business. • OTS’s EA will rely on the University’s IT governance model (roles and responsibilities), business and technical inputs, and knowledge of how the academic, administrative, and research missions use technology to develop explicit policies, standards, and guidelines for information technology use.
Infrastructure, Architecture, Ongoing Operations • VCU’s enterprise architecture process will be guided by answering such basic questions as: • Is the current architecture supporting the mission of and adding value to the University? • How might an architecture be modified so that it adds more value to the University? • Based on what we know about what the University wants to accomplish in the future, will the current architecture support or hinder that?
Infrastructure, Architecture, Ongoing Operations • Ongoing operations will primarily work from documented processes and procedures and are concerned with a number of specific sub-processes, such as: • Output Management • Job Scheduling • Backup and Restore • Network Monitoring/Management • System Monitoring/Management • Database Monitoring/Management • Storage Monitoring/Management
Infrastructure, Architecture, Ongoing Operations • Ultimately, operations management is responsible for: • A stable, secure infrastructure • A current, up to date Operational Documentation Library • A log of all operational problem events • Maintenance of operational monitoring and management tools. • Operational procedures
Accessibility • Barrier-free accessibility to information technology involves the capability for people to utilize methods other than visual-only terminal screens and Web browsers. • These would include screen readers or other devices. • The goal of VCU’s Accessibility Management is to provide unhindered access to information technology for all members of the University community.
Project Management and Auditing • Project management and auditing components: • Strategic planning • Project Management • Project Portfolio Management (PPM) • Auditing
Project Management and Auditing • Strategic Planning • A systematic method used to set broad direction with specific goals for managing information technology and supporting delivery of IT services to customers. • The IT strategic plan must support and add value to the University’s strategic plan. • IT projects and assets are seen as long-term investments. That forms the foundation for selecting, controlling, and evaluating technology investments as part of a business-driven technology portfolio.
Project Management and Auditing • Strategic Planning – Who, How and When • CIO • University leaders in academics, administration, and research • Process and schedule are TBD but will be open and collaborative
Project Management and Auditing • Project Management • The application of knowledge, skills, tool, and techniques to meet or exceed stakeholder needs and expectations.
Project Management and Auditing • What is a PMO? • The Project Management Office (PMO) provides services to ensure accepted standards and best practices are followed to manage project cost, schedule, risk, and performance. • The PMO is the source of information, guidance and metrics on the practice of project management and execution.
Project Management and Auditing • Why does VCU need a PMO? • Growth in the number and complexity of IT projects • Insure best practices are being followed • Provide for improved governance of project submission, selection, and prioritization • More effective communications to project stakeholders • Establish a consolidated repository of project information • Provide services to insure Tier 3 requirements are met
Project Management and Auditing • VCU’s PMO will emphasize: • Project support and mutual success • Proven processes, standards, methodologies • Training • Projects are people, process, tools – change only one at a time • Secure executive sponsorship before making any changes
Project Management and Auditing • Universities with successful PMOs evaluated by VCU: • University of North Carolina • George Mason University • UVA • William and Mary • Va Tech
Project Management and Auditing • PMO basic guidelines • Projects should be evaluated and grouped by like characteristics (scope, cost, risk, return) • Each grouping should have appropriate project management requirements • PMO will NOT actually manage projects • Must balance need for better project performance with overhead associated with achieving it
Project Management and Auditing • PMO implementation at VCU • Establish foundation • Evaluate successful University PMOs; define our mission, goals and objectives; coordinate our strategy for Tier 3; develop a communications plan • Startup • Capture a consistent set of project metrics for budget, schedule, resources; develop analytics based on those metrics; complete Tier 3 policies for BOV approval and processes for VP approval.
Project Management and Auditing 3. Rollout • Establish best practices for project proposal, planning, execution and control; focus on improving project performance and developing staff with a minimum of additional processes and paperwork • Improve and expand • Establish goals and objectives of portfolio management; implement practices to enable measurement and evaluation of IT investments; identify and expand our most successful methods, practices, procedures
6 / 01 / 2008 PMO Office startup complete July 1, 20 09 December 08 PMO PMO fully Rollout functional 8/31/08 complete IT Management for Tier 3 Develped OTS project management framework development Project management best practices development P r o j e c t m a n a g e m e n t t r a i n i n g 4 / 1 / 2008 8 / 31 /2008 10 / 1 / 2008 1 / 1 / 2009 2 / 1 / 2008 7/01 / / 09 PMO Major Milestones PMO Office startup begins
Project Management and Auditing • Project Portfolio Management (PPM) is a term used to describe treating projects as part of an overall IT investment portfolio. PPM seeks to shift away from one-off, ad hoc approaches to a project management methodology with a set of values, techniques and technologies that enable visibility, standardization, measurement and process improvement.
Project Management and Auditing • How does PPM work? • As in funds management, a project portfolio seeks an optimum mix to maximize return and minimize risk • Projects are evaluated based on their contribution to the University’s goals and objectives, and their value to the IT Strategic Plan, relative to their cost and risk • Projects with the highest return/risk ratio are top priority
Project Management and Auditing • What is needed for PPM? • IT governance: a representative body that evaluates the return and risk of projects and identifies those to be undertaken • Project Management Office: to standardize proposals and enable the best practices to follow in managing selected projects • Information: • on the risk and return of proposed projects • on the progress, status, changes to and return on selected projects
Project Management and Auditing • Auditing • “The University must provide for audits of IT strategic planning, expenditure reporting, budgeting, project management, infrastructure, architecture, ongoing operations, and security, by the University’s Internal Audit Department and the Auditor of Public Accounts.” • Specifics are TBD
Summary • VCU becomes a Tier 3 institution on July 1 • Freedom from State controls creates a requirement for increased internal controls • OTS will be working with University business and technical units to develop IT policies and processes for BOV approval in August • Required IT management policies & processes: • Security • Infrastructure, architecture, ongoing operations • Accessibility • Project management and auditing
Questions, comments, discussion Thanks for your attention and interest! James Thomas Director of VCU Project Management Office jcthomas@vcu.edu 8-9954