Report of the

In reviewing the implementation, operation, and utilization of Information Technology (IT) on the UMES campus, the Committee determined that there were insufficient written policies/procedures to ensure safe, secure, and effective IT systems. Therefore, the Committee has spent the 2004-2005 academic year identifying what existing policies/procedures it could, as well as areas in which policies/procedures do not exist but should. This included a review of the work of the Technology Infrastructure Sub-Committee of the UMES Strategic Planning Committee conducted during the 2003-2004 academic year. This report lists the policies/procedures that the Committee was able to identify, as well as its recommendations for policies/procedures which should be developed. These policies/procedures should be developed and implemented campus-wide.

The Committee suggests this be accomplished by continuing action by the Committee in cooperation with the cognizant offices around the campus in the coming academic year. These policies would then be presented to the Senate for approval and the Administration for implementation.

Policy: First and foremost, there should be a policy on how to make IT policy. This should address identifying the need for a new policy, policy formulation, documentation, recordation, notification, and distribution. In addition, there is a need to define and differentiate between “instructional technology” which is peculiar to the teaching function, such as training in the use of WebCT, and “information technology” which is a broader area including all systems for the transmission, processing, and analysis of information. It is likely that Instructional Technology functions would reside in the Academic Division rather than the Information Technology office.

Acceptable Use: There should be a comprehensive acceptable use policy applicable to all members of the UMES community, including administration, faculty, staff, and students. This policy should be an expansion of the “Policy and Guidelines for the Acceptable Use of Computing Resources and Information Technology of the University of Maryland Eastern Shore” developed by the IT Department. Dissemination of such policies via emails such as that of February 8 (Subj: Non-University Business Software) is not effective unless there is a single source for all policies which is complete, current, and accessible. Additional issues which should be addressed include:

Hardware

What hardware not provided by UMES may be brought on campus
Notification to new students as to this policy
Written procedures for getting non-UMES systems hooked up to the network
Virus/spyware protection requirements
Supported network interface cards (NICS)
Setup of non-UMES hardware (responsibilities and procedures)
Media Access Control (MAC) address registry

Supported Software Applications – allowable, provided, and prohibited

Student-provided/developed software
Music downloading (“peer-to-peer”) applications
On-line gaming and gambling
Desktop business applications (e.g., Microsoft Office)
Faculty/research/specialty applications including plagiarism detection systems/software

Guidelines for ethical and legal use of IT on campus

Balance between rights to use personally-owned PC’s vs. use of the UMES backbone via personally-owned systems
Inappropriate material such as pornography
Use of UMES systems for non-UMES purposes
Plagiarism issues

Email policies

Sending of spam
Bulk email messages
Appropriate use of campus-wide broadcast capability
Email box size (capacity)

Training: There should be a policy covering IT training for all members of the campus community. This policy should cover:

Initial training for new employees/students
Initial training for new systems
Recurrent training for returning faculty/students
Training (initial and recurrent) for IT personnel

Troubleshooting/repair personnel
Help Desk personnel
Training for those who train the rest of the campus

Instructional technology training for students and faculty

Classroom systems
Distance learning such as WebCT and IVN

Resources for training

Funding
Equipping
Staffing

In particular, there appears to be a strong need for training of faculty in remote access of the system including server files, email, PeopleSoft, library resources, etc. This includes what can and cannot be done from off-campus, and how to do what can be done. In particular, the committee sees a need to dedicate time during faculty opening activities week for initial training for new faculty in all systems and recurrent training for returning faculty in new or changed systems as well as any necessary refresher training on old systems.

Systems Planning and Implementation: There should be a policy and procedures for the implementation of new hardware and software systems, including requirements identification, monitoring of development, plans for testing and training prior to activation, and backup plans in event of problems or delays in implementation, as well as integration of IT systems in new or renovated facilities. This should also include ongoing review of systems to determine and prioritize the need for changes or replacement.

IT integration should be part of the building planning process for new or renovated facilities. This includes coordination between users and IT staff, as well as the participation of IT representatives in the building planning working group to ensure adequate IT infrastructure (e.g., internet access and instructional technology wiring in classrooms) is built in to the facility during its construction. In addition, training for users of these systems must be part of the plan for moving in to new or renovated facilities.

One particular issue is that major systems alterations or implementations should not occur during a regular semester. Such changes should occur during winter/summer, allowing the faculty to be trained during the Opening Activities week in August or the Winter term when they have time available. There should be a formal system for making constructive suggestions and requesting system changes, including means of making requests, prioritizing, review, decision-making, and tracking the status and documenting the disposition of requests. There should also be a formal policy on qualification and training of IT support personnel.

Support: There should be written policies and procedures for the provision of technical support to users including the operation of the Help Desk, service calls, etc. One particular issue to be addressed is giving users notice of when service calls will be made. The current system does not give the user any idea when the technician will come, which often results in the user not being present when the technician arrives, and that wastes the time of both parties. Another issue is the perception among users that technical support is not readily available on a timely basis; this issue should be addressed through education and development of appropriate policies and procedures to prioritize work requests as well as establishment of means to provide on-the-spot IT assistance for classes meeting in the evenings, especially since many of those classes meet only once a week, and IT systems problems can wipe out a full week of class time.

If possible, there should also be a system of loaner equipment when equipment is removed for repair. There is a related question of whether IT inventory control policies are adequate, since there does not seem to be any “chain of custody” documentation of the removal for repair and replacement of equipment. In addition, there should be telephones (secured as necessary to prevent theft or pilferage) in each IT-equipped classroom to facilitate the obtaining of technical support so the user can be at the equipment while talking to the Help Desk.

Finally, there is a perceived need for campus-wide policies regarding the maintenance of IT equipment. In many cases, individual departments are making their own arrangements for maintenance, which has the potential for systems disintegration and loss of economies of scale, whether it involves bulbs for PC projectors or repair of VCR’s or DVD players. Equipment maintenance may be better managed on a more centralized basis.

Network: Issues that should be addressed include file transfer, passwords, local networking (primarily wireless networks in the residence halls) including switches, hubs, and wireless.

Organization: The current structure in which three different departments are responsible for different aspects of IT under the direction of one office that supervises a dozen other agencies without a single, dedicated official with oversight of all IT issues appears to violate the organizational principles of span of control and homogeneous assignment. This results in some confusion around the campus as to which agency is responsible for what, as well as creating the possibility of unnecessary competition between the agencies for scarce resources before a single authority whose time and attention are spread very thinly. The committee recommends examining the organization of the IT agencies. Possibilities include but are not limited to either one department with a single director reporting to the VP-Admin, or three separate agencies reporting to a single IT manager who reports to the VP-Admin.

On-line Classes: There should be policies discussing the IT aspects of web-based and other distance learning classes requiring IT to conduct classes. This includes requiring backup plans in event of IT malfunctions, especially when the course involves off-site students who cannot travel to the campus.

Access: There is a need for specific policies on access to the UMES system for alumni, and departed students/staff/faculty. This would include limitation or cut-off of privileges, removal of files, etc. The committee recognizes the value to the Institutional Development Office of permitting alumni to retain “umes.edu” email addresses, but this must be balanced against the value of limited server resources.

Respectfully submitted,

Ronald B. Levy, Chair