Duke ITAC - May 17, 2001 Minutes

DUKE ITAC - May, 17 2001 Minutes


May, 17 2001

Attending: Ed Anapol, Pakis Bessias, John Board, Ken Hirsh (for Dick Danner), Edward Gomes (for David Ferriero), Jr., Ed Gomes, Patrick Halpin, Donna Hewitt, David Jamieson-Drake, Ken Knoerr, Betty Leydon, Andy Keck (for Roger Loyd), Melissa Mills, Caroline Nisbet, George Oberlander, Lynne O'Brien, Mike Pickett, Rafael Rodriguez, Robert Wolpert Guests: Tony Zanfardino, Chris Cramer, Billy Herndon, Ginny Cake, Debbie Deyulia, Dave Kirby

Review of Minutes and Announcements:

  • Minutes of May 3, 2001 were approved.

  • Voice Over IP (VoIP)- The Pratt School of Engineering is doing a VoIP trial with Cisco and OIT. The existing ISDN phones will be working along side the system. There are plans to conduct a similar trial in the Medical Center.

  • Faculty input into academic technology efforts- Peter Lange is in the process of getting feedback from faculty who are not IT experts regarding the technology initiatives that are underway. Focus groups will be formed with a mix of persons - IT experts as well as non-IT experts. A letter from Peter Burian and Mike Pickett has been sent to the Deans and chairmen requesting volunteers.

  • Perkins Library staff addition- Paul Conway from Yale University will join Duke in August to serve as Director of Information Technology Services for the libraries.

  • CIO Search: It was announced that a search committee has been formed. Several ITAC members are on the committee as well as others - about 10 people. ITAC will be kept informed of the process.

Human Resources Security Update:

    1. Transfer of data (how we allow vendors access to data)

    3. Protection of data
    • SSN

    • Birth Date

    • Unlisted addresses and phone numbers

    • Workmen's compensation information, etc.
    • All information relating to a person (all human information) should be considered sensitive (SS#, birth date, home address, phone number, etc.)

    • Duke should have a set of guidelines (rules?) regarding how we will transport private or sensitive data electronically. HIPAA regulations that govern privacy, security, and electronic transaction standards for health care information should receive major consideration.

    • Duke should pick 3 to 5 methods of transporting electronic data which we consider to be secure and are willing to implement (these should be reviewed yearly).

    • Vendors maintaining Duke systems containing sensitive data should access those systems securely (methods to be determined and reviewed yearly).
  • Chris Cramer Reporting on the general concerns, he related that much of the employee data kept by HR is either confidential or considered private by a particular employee, including:

    Duke must share much of this data with its vendors and business partners. Currently, most of this data is transported to our vendors in an insecure fashion, for example FTP, e-mail, web.

    Some of the systems on which this data resides are maintained by outside vendors who sometimes use insecure methods to access these systems, such as Telnet or PC Anywhere. Our vendors currently have no reason to want to use secure transport mechanisms. Each vendor has its own desired method of transmission. There are some suppliers (ex. those that deal with our benefits) that need core data to do business. There is an issue of how they treat the data once they get it. A list of vendors with whom we share personal data is being compiled - about 65 to 70 vendors.

    Another question: is data being shared "downstream" to other vendors? It was acknowledged that if a vendor has a contract with Duke, the data needs to be secure and private. In view of the fact that there is no stated policy dealing with these issues, some recommendations were stated:

    Two primary things are at stake:

    It was suggested that information be obtained from other comparable universities as to how they deal with privacy of data, etc.

    The next step is to develop a proposal with guidelines and alternatives that senior administrators can support.

    At the next ITAC meeting we will discuss the issue further and appoint a committee to develop a proposal.

Helpdesk supported software & hardware-list & process

    1. The list needs updating every 2-3 months.

    3. New apps need to receive a 'high level of support' before becoming wide-spread because that is when support is often needed the most.

    5. Devise a 3-column software list:
      • recommended,
      • supported,
      • not supported
    7. Devise an academic software list

    9. Support all of Microsoft Office applications (including Access).
  • Software--
    Ginny Cake
    distributed a list of "Supported Software for MAC and PC" and described the indications regarding the levels of support. There was discussion about input into the evaluation of software and support. Representatives across the University and health care system will be giving input into the evaluation of software and support.

    These suggestions were offered by members of ITAC:

    The group that made recommendations about hardware disbanded. It was suggested that information be made available that would point people to sources related to needs. The importance of communicating minimum recommendations was suggested.

    A proposal dealing with hardware will be forthcoming.

Report from IVY+ and Common Solutions Group

    • Considering outsourcing payroll using the ASP model
    • Conducting a VoIP pilot using Cisco Call Manager
    • Moving systems from VMS to Solaris
    • Rolling out an LDAP server this fall
    • 85% of the campus has wireless access
    • Conducting a 'market pricing initiative'
    • Using Oracle
    • Implementing electronic catalog for procurement
    • Getting a new provost who is technically oriented
    • Also getting a new CFO
    • Have a People Soft student system and will have an HR payroll system
    • 2002 Getting a student portal this fall using Blue Martini
    • Outsourcing student loans
    • President has resigned.
    • Exploring and purchasing space in Manhattan
    • Contracted to do Distance Learning and considering offering Columbia degrees remotely
    • They are dumping Novell
    • Building a grade school on campus
    • Using People Soft
    • Conducting VoIP trial
    • Phil Long is the new CIO
    • The school has a "web farm" -- web hosting for departments (fee based)
    • Completed a 3-year project to put up firewalls
    • Building an open courseware system that is self sustaining and free
    • Going through an SAP upgrade for their HR payroll
    • 95% of their purchase orders are electronic
    • Some administrators will be leaving and Betty will be starting
    • People Soft to be initiated with HR next month
    • Using Blackboard (enterprise)
    • New provost and new governance system
    • Distance learning -- 'eCornell'
    • New president
    • No new CIO yet
    • Shut down modem pool this year
    • New president
    • Using Blackboard
    • Outsourced internal audit
  • Mike Pickett gave a report on some of the projects, initiatives, etc. of several universities.



    University of Pennsylvania--









Common Solutions Group meetings

    • Videoconferencing
    • Microsoft NetMeeting
    • VoIP
    • Cisco Call Manager
    • Security
    • Educause higher education PKI bridge
  • Issues dealt with: