Duke ITAC - October 22, 1998 Minutes

DUKE ITAC - October 22, 1998 Minutes


October 22, 1998

Present:Ed Anapol, Landen Bain, Pakis Bessias, Chris Cramer (for John Board), Kevin Cheung, Jim Dronsfield, David Ferriero, Brian Eder( for Nevin Fouts), David Jamieson-Drake, Jason Kreuter, Betty Le Compagnon, Melissa Mills, Kyle Johnson (for Caroline Nisbet), John Oates, Rafael Rodriguez, Leslie Saper, George Orberalnder (for Bill Scarborough), Marion Shepard, John Sigmon, Clark Smith, Robert Wolpert Visitors: Suzanne Maupin, Thomas Black, Charles Register, Kathy Pfeiffer, Ginny Cake, Tom Mann

Review of Minutes & Announcements

- Correction to minutes from John Oates - clarifying that the university website committee will indeed nominate faculty to be on the committee.

IVY Plus CIO Meeting Update

BettyLC: Met in Chicago with counterparts in Ivy+ universities (Duke, Chicago, Stanford, MIT + the ivies). In general, it seems that most of the topics were related to technology but ended up talking about people and process.
  • Topics discussed included:
  • Role of IT in the institution - before, Universities thought IT would transform an institution. Now, they are re-evaluating that idea. Often the expectations of IT are higher than what is deliverable.
  • Support crisis - getting & keeping good IT staff
  • Administrative systems - maintenance & replacements. Two years ago this was a big problem. Since then institutions have decided what to do about administrative systems. Some are modifying and updating rather than replacing. Most places are finding that the main difficulties are the process & politics. At Duke we've setup good processes. To me that's more important than anything else. We also seem to be spending a lot less than most other places.
  • Year2000 - the way people think about this differs from institution to institution. The amount of money Duke is spending is relatively small (not counting what we would have replaced anyway). Most of the problems will not be in high-risk areas. Also discussed security – Duke has had some hacking but no tremendous losses. Other institutions have much larger problems with hacking (network down, loss of data). In many ways security may be more important than y2k.
  • IT governance - has changed over the years. In the "old" days IT support groups made their own decisions. Now our challenge is how do we move forward keeping the existing system but involving everyone as well? We seem to have created a process that works with ITAC
  • Advanced technology - everyone seems to be struggling with it too. Princeton has an 8 person group to study advanced technology & applications. Ira Fukes heads that group that is constantly looking forward. The group writes a lot of customer applications. Examples: they’ve written something so you can telephone a person by name, also wrote their own loan processing software. Princeton is ending up with good systems but they are writing it on their own.
  • Internet2 – The Universities were very interested in this project and were trying to get a handle on the cost. Internet2 group (UCAID) meets annually and has regional meetings, we are working on ways to get cost down by partnerships with corporations.
  • Instructional technology - talked a little bit about that. Even though they are important areas, the pressure seems to come from faculty rather than senior officers. Instructional technology seems to be something that is nice to have, but if you have to choose then it is of a lower priority. Connecting it with the library seems to be the best way to advance instructional technology.

Marion Shepard: Have some other schools tried to setup an ITAC?

BettyLC: They have tried and most have not been successful. They couldn't get people to come to meeting, or get deans to name people to go to meetings.

David Ferriero: Are there any good stories about what doesn't work?

BettyLC: What doesn't work is CIO's trying to dictate standards and pushing responsibility on individual groups. Biggest lesson is to involve the community

Clark Smith: How do other places do departmental support?

BettyLC: It depends on the institution. Have to look at the needs of the University. Level of centralization varies amongst different universities. Universities have felt that there is not one model that is the "right" model.

SISS Financial Aid Update

Kathy Pfeiffer: There are several types of financial aid and support at Duke for students. Each school has a different method for how they mix up support funds from the various sources. Therefore financial aid is multi-layered and very important. Peoplesoft did not understand how complex financial aid is, but they have been learning fast.

To begin with, we tried to identify what was the data in financial aid that had to be there so that the system would work correctly. Then thought about what we would like to see and streamline the data needs. One thing we wanted was if money went through the ledger, then we wanted it to show up in SISS.

In the graduate school, we identified in many cases that transactions were done on paper or simple database and done independently. The challenge in those schools is to convert paper to electronic, and to have schools share information and the system. The financial aid folks in the various schools have worked well together.

One of the biggest challenges for graduate schools is that graduate students get paid, but we did not purchase Peoplesoft payroll module. The challenge is to take care of disbursement and then to work with SAP to develop the kinds of interfaces we need to use SAP or SISS as the point of entry of incomes for graduate students. The other major challenge in graduate school is there is no central financial aid office, it is dispersed among a lot of units. There are 120+ programs that need to be coordinated.

Graduate school will be rolling out SISS with admissions in 1999-2000.

Undergraduate financial aid is more complicated. Undergraduate aid works against 2 premises: (1) what federal government says what students' need are (2) what institution says needs are. Duke aims to contribute 100% of the institutional need. Making the both calculations is very difficult for Peoplesoft. When they initially did it, they only worked with federal need. The challenge at the moment is that none of the other universities (except Northwestern & Duke) are going live this year. We are forming a partnership with Peoplesoft to help them flush out the problems and share information. Peoplesoft has chosen Duke as a beta testing site. We are working closely to fix technical problems

We are going to try to begin to package early admits in November (200 students). This is a good test population. We will run in parallel with the old system to flush out problems. Amongst the beta test & test, we will have a good adequate product for January. It is our hope that all student support at Duke will be on the system within 2 years. The code is Peoplesoft's responsibility to fix.

David Jamieson-Drake: The reason Duke is a beta site is because Kathy was doing the best job in testing Peoplesoft against the real data.

Robert Wolpert: It sounds that long term benefits are exciting, as are short term risks. Do we have a fall back plan?

Kathy Pfeiffer: There is a fallback plan. The requirements for the graduate schools we're pretty sure will work. Fallback plan is paper. In undergrad office the fall back plan is in place - which is readying legacy system to do what it's always done. In January if we do decide to still keep on the legacy system, need to work on complex interface between that system and Peoplesoft. We are hoping that in Nov 16 when we go live with 200 students, and Feb with 3000 students it will work.

Discussion on guidelines for the appropriate use of mailing lists and other institutional data

Tom Black: Last spring ITAC charged sub-task force to look at bulk e-mail policy. The registrar's office administers the bulk e-mail program and passes messages to OIT to disperse.

  • The group will meet and discuss:
  • concern to protect students - don't want it to be wide open so that anyone can request a message
  • make it so that the decision does not rest in the hands of just one person

Robert Wolpert: SISS will make it possible for many people to create bulk e-mail mailing lists.

Tom Black: There is a SISS data confidentially group. Bruce Cunninghman directs that group.

BettyLC: In SISS you would actually have to have the SISS client to be able to do mailing lists. It will not accessible via the web so access is restricted (deans, Directors of Undergraduate Studies).

Marion Shepard: United way has obtained all 30,000 SSN and names of Duke students. We have concerns of corporations asking for confidential data. There is also a concern that if other people have access to this information, they may not know about Duke policies as a whole.

Kyle Johnson: I’ve gotten many requests for such data at Student Affairs.

David Jamieson-Drake: Pretty much all the enterprise systems have personal data in them. It will be confusing to people in departments to keep track of which policy they are to supposed to follow for each individual application. It's important for someone to try to tie everything together. The more coherent and simple the policy is, the better chance that people will follow it.

Melissa Mills: The registrar sent out a memo with the federal law that University cannot give out student data

David Jamieson-Drake: There is also a federal law that once students turns 18, the University should only communicate to them directly.

Clark Smith: As a group we need to recommend communicating rules and guidelines

Robert Wolpert: It’s not clear who should develop these policies

David Ferriero: This isn't a technology problem. This is a people & process problem.

David Jamieson-Drake: It’s not a technology problem but attaches to technology deployment. Now we're training several hundred people with SISS, but we need to provide guidelines on how to use data. SISS needs to know what to tell users - guidelines need to come from someone

John Oates: It's the provost office's responsibility

Dave Ferriero: Don’t we have rules now? We must have setup some kind of regulation.

Tom Black: There are specific rules regarding student information. It is available on web, governed by FERPA. It details what is public information, what is not public, has procedures about how to handle requests. Please read the policy.

Robert Wolpert: Who’s policy is it?

Tom Black: It is the Institution's policy monitored by Registrar. We are required to have this policy by a federal agency

Marion Shepard: It’s been in effect since it’s development by registrar in 1974

BettyLC: Kate Hendricks in Provost office tends to be the person that works with this. Things are so interconnected now. What we've recognized is that we need some kind of institutional way to develop central policies

Tom Black: The consequence is withdrawal of federal funds if we don't comply. Federal agency revises edicts and we revise our policy. This policy does evolve.

David Jamieson-Drake: SISS contains much more than student data. There's a lot of employee & faculty data.

Chris Cramer: Is there a difference or does policy address difference between internal & external use.

Tom Black: It talks about mostly external data

BettyLC: If we could ideally say who should be in charge of this, who should it be? The situation seems to be similar to the Duke website ownership. At Cornell, they hired a lawyer to take this responsibility.

Clark Smith: Have we looked at any other schools that have a medical center and how they deal with this issue?

Landen Bain: There is a Patient Confidentiality Committee that is part of the Medical Records Office.

John Sigmon: It seems to me that it is ultimately an Executive VP or Vice Provost decision. It seems that first step is a memo from Betty saying that it has been discussed and that there are concerns.

Melissa: At one point we had this data committee (Systems integration & coordination committee) that would try to look at the data of different systems. That's a very high level committee.. We may want to suggest or write to that committee that they should think about how to bring together this data

Jim Dronsfield: I get a lot of requests for information and I route it to the appropriate office. There are many offices at Duke who have learned what requests not to handle.

Tom Black: Duke Internal Audit should be engaged in this discussion.

Jason Kreuter: Is it possible that we can have the student be in control of whatever lists they are subscribed to?

BettyLC: There are flags now that are set when students request this.

Kyle Johnson: It’s important that students know what the impact of students requesting that certain information is not shared. We need to inform the student of the impact of this choice.

David Jamieson Drake: Keep in mind that of lot of sharing information is so that people can be more productive. I don't want SISS to be big brother-ish. But don’t want it to seem strict and restrictive.

BettyLC: Responsible use of information is a good term to describe this issue. This is reminiscent of the computer use policy. It is the balance of access & freedom of information and privacy.

Melissa Mills: We don't know what data is going to be available so it's confusing to make decisions about what I wouldn't want available.

Kyle Johnson: where is the information online about current policies?

Tom Black: http://registrar.duke.edu/registrar/release.htm (Family Education rights and privacy acts)

Rafael Rodriguez: We need to understand what policies exist today.

BettyLC: Duke policy manual is online.

Robert Wolpert: Does anyone have any suggestions on how we should proceed

Marion Shepard: Senior officers (president, VP) need to be aware of this issue.

Robert Wolpert: We recommend that Betty bring the issue up with the senior officers.

BettyLC: They can suggest what appropriate bodies need to be involved.

Tom Black: Need to work on not only the formulation of policy, but the coordination of policy.

Other business

No other business.

Meeting was adjourned at 5:30