Background

IT Governance is a broad concept that is centered on the IT department or environment delivering business value to the enterprise. IT Governance includes the processes that ensure the effective and efficient use of IT in enabling the organization to achieve its goals.

IT Governance works to engage those policies, requirements and resources necessary to ensure the efficient, cost effective approach to the implementation of technology solutions across the campus.  For IT Governance to succeed, the institution acknowledges that it is critical to require attention and support, including staff resources and commitment.

As recommended during our comprehensive IT health assessment, there needs to be executive oversight and guidance to ensure the information technology, allocation of resources, policies and procedures remain aligned with both internal and campus wide strategic objectives

IT Governance Goals and Objectives

• Establish a strategic approach to IT Governance.
• Establish a clear, transparent, and collaborative decision-making process.
• Manage and assess technology assets, requests and infrastructure.
• Establish policies and procedures to formalize IT requests and recommendations.
• Establish criteria for assessment and approval related requests and recommendations.
• Provide structure for IT related requests/assets/technology to be proposed, reviewed, supported, recommended, implemented and communicated.
• Establish an agile and responsive governance process to address changing needs and priorities.
• Streamline decision making and eliminate unnecessary bureaucracy. 

Information and Technology Governance Council

(ITGC)

Purpose/Mission

Responsible for all major IT decision making for Buffalo State College and provides guidance as well as sets IT priorities in harmony with the institution's strategic goals and mission. The Executive Committee provides guidance and oversight in planning, prioritizing, and implementing IT-enabled initiatives to improve the quality and efficiency of the organization’s IT services and resources.

Responsible for strategic guidance of the data governance program, prioritization for data governance projects and initiatives, and final arbiter for decisions that cannot be resolved at a lower level.

The Information and Technology Governance Council receives input from all the Information Technology Governance advisory committees.

Objectives

• Ensure IT infrastructure and services are aligned with academic and administrative direction and priorities, assessing the fit of major new IT initiatives and emergent technologies within the context of Buffalo State’s mission, goals, and priorities.
• Ensure policy exists to establish authority, accountability, and responsibility relating to information and technology.
• Approve and enforce proposed and existing Data, Information and Technology policies across the campus.
• Administer the IT governance framework, establish priorities for advisory committees, and consider recommendations they bring forward.
• Support requests for major IT initiatives, where appropriate, and provide approval for allocating resources for these initiatives.
• Provide direction to prevent, where appropriate, unnecessary redundancy or non-sustainable service implementations and their resulting inefficiencies and risks.
• Ensure overall direction and priorities for IT are in concert with the Campus Strategic Plan.
• Ensure that significant opportunities for leveraging technology are considered and opportunities for integration and collaboration are maximized.

Current Membership

• Jacquelyn L. Malcolm, CIO and VP for Enrollment, Marketing & Communications (Chair)
• Laura Barnum, VP for Finance and Management
• Maryruth Glogowski – AVP, Operations Management
• Ben Christy, Dean, College of Arts and Humanities (2 Year term)
• Timothy W. Gordon, VP for Student Affairs
• Bill Benfanti – AVP Government Relations
• President Student Government Association

Proposed Membership

• Chair (TBD)
• VPFM appointee.
• VP Academic Affairs appointee.
• VP Student Affairs appointee.
• AVP Government Relations
• Deputy CIO, Information Technology
• President Student Government Association
• Senate Representative – Chair and/or Vice Chair

Communication

The Information and Technology Governance Council will communicate with campus stakeholders regarding all incoming and outgoing requests and decisions as needed. As this is an executive level committee with review of potentially confidential information, access to this content will be provided as needed, and recommended by the Governance Council.

An O365 Group and SharePoint site will be created to store and maintain committee documentation, policies and meeting minutes.

Recommended Meeting Frequency

Given the need to address questions regarding prioritization of IT resources including the review and approval of technology purchases, Information and Technology Governance Council meetings are required monthly at a minimum, as requests for IT resources are submitted on a consistent basis.

Process

Scope of review

• Proposals and recommendations submitted by Governance Advisory Committees.
• Policies and Procedures.
• Priorities and resource allocation.

Intake process for requesting committee review

• Agenda items will be identified and reported using electronic collection method.  (TBD)
• Other items may be identified during periodic committee meetings/discussions.
• Committee review may be required to address urgent or mission critical items as necessary.

Deliverables

• Approval of recommended policies and procedures as defined and provided by the various advisory committees.
• Defined priorities and strategic approaches to respond to needs identified by the governance advisory committees and align with campus mission, goals and objectives.
• Approval and/or recommended approaches to proposed technology implementations and strategic initiatives.

Information Security Advisory Committee

(ISAC)

Formerly the Infrastructure & Data Security Advisory Committee

Purpose/Mission

The Information Security Advisory Committee (ISAC) advises the campus community on issues of security, privacy, and risk reduction. The committee provides oversight and sets priorities for information technology, data and security infrastructure.

The committee reviews policies and recommends direction to ensure that the campus security strategy is delivered with campus-wide input and direction that includes priorities, policies, and programs that are approved, are understood and acted upon at the schools and department levels across campus.

The committee is also the principal advisory body regarding security policies and is responsible for recommending measures to protect the confidentiality, integrity and availability of Buffalo State’s information technology resources and data. 

Objectives

• Make recommendations regarding a comprehensive information security program that is designed to coordinate and facilitate the delivery of information security best practices and services distributed throughout the Campus.
• Collaborate with campus constituents and information technology resource owners who are responsible for the development and oversight of a secure IT environment that accommodates emerging technologies, maintains regulatory compliance and minimizes Buffalo State’s information security risk exposure.
• Evaluate proposed technology solutions submitted for potential campus implementation.
• Contribute thoughts and analysis on the technology and services being used to advance IT security.
• Develop guidelines and best practices for security in response to security events that have or may have an impact on the campus community.

Current Membership

• Tom Killian - Director, Information Technology Network and Telecommunications Infrastructure (co-chair)
• Melissa Miskiewicz – Interim IT Information Security Officer
• Rock Doyle – Assistant Vice President, Weigel Health Center
• John Rellinger – Assistant Director, Advancement Services
• Jamie Warnes – Assistant Director of Personnel Operations
• Jeffrey Hammer – Radiation Safety Officer
• Carolynn Krupp - Director, Information Technology Planning and Operations

Proposed Membership

• Chair (TBD)
• Director, Information Technology, Networking & Telecommunication Infrastructure
• IT security appointee
• Representative: Weigel Health Center
• Representative: Human Resource Management
• Representative: Institutional Research
• Representative: Information Technology, Enterprise Systems
• Technology Communications Officer

Communication

The Information Security Advisory Committee will engage in regular communication with campus stakeholders regarding all incoming and outgoing requests and decisions. Periodic submissions to the Daily Bulletin and other communication mediums to alert and inform campus constituents of security updates, concerns and alerts may be required. This will include collection and management of all related documentation and accessibility to this content.An O365 Group and SharePoint site will be created to store and maintain committee documentation, policies and meeting minutes.

Recommended Meeting Frequency

Meetings should be conducted quarterly at a minimum. This will ensure IT security priorities are addressed, reviewed and implemented on a regular basis.  Additional meetings can be requested by the chair of the Information Security Advisory Committee as necessary, to address any items presenting a security risk, concern or policy modification.

Process

Scope of review

• Security controls, procedures, policies and best practices.
• Risks, breach, compliance and regulation questions and/or concerns.
• The application and integration of technology with respect to security, risk and compliance.
• Incident response questions and concerns.

Intake process for requesting committee review

• Requests will be submitted using the existing TeamDynamix ticketing system.
• Other items may be identified during periodic committee meetings/discussions.
• Committee review may be required to address urgent or mission critical items as necessary.

Deliverables

• Recommended policies and procedures to respond to campus requirements.
• Periodic communication of security bulletins, best practices, incident responses.
• Strategic approaches and procedural responses to risk management, passive and active prevention methods and security violations.
• Recommendations on proposed technology with respect to security impact, resource, support and compliance requirements.

Educational Technology Advisory Committee

(ETAC)

Purpose/Mission

The Educational Technology Advisory Committee is an Information Technology Governance advisory committee which provides oversight and sets priorities for the use of educational technologies that support the teaching and learning environments at Buffalo State College.

The committee makes recommendations regarding priorities for investment while assessing the overall benefits and impact on the student learning experience.

This committee supports the efforts of and serves in an advisory role to the Director of the Instructional Design and Training department.

The committee gathers information about how educational technology can enhance instruction, evaluates that information, and makes recommendations to the Information and Technology Governance Council for review and approval.

Objectives

• Review requests and feedback regarding proposed educational and research technologies to the Information and Technology Governance Council (ITCG).
• Prioritize and make recommendations to the ITCG regarding campus-wide academic projects and service initiatives.
• Review and develop short- and long-term objectives to support teaching and learning using existing and proposed technology resources.
• Advise and direct the process of identifying and assessing technology that impacts instruction and provide advice on how Buffalo State should prepare to support instructional technology in the future.

Current Membership

• Meghan Pereira - Director, IT Instructional Design & Training
• Ken Fujiuchi – Butler Library
• Sarah Reid – Facilities Planner
• Jorg Schnier - Art and Design Department
• Julie Henry – Chair and Associate Professor, Elementary Education and Reading
• Neil Mazur - Chair of CIS
• Kelly Frothingham - Geology
• Student Government Association Representative
• Carolynn Krupp - Director, Information Technology Planning and Operations

Proposed Membership

• Chair (TBD)
• Educational Technology Specialist
• IT Representative – IT Team Leads appointee
• Head of Information Commons, Butler Library
• Campus Planner
• Senate Representative – Chair of Instruction and Resources
• Senate Representative (optional) – Chair of Standards for Students
• Graduate School appointee
• Associate Deans
• Representative – Student Government Association

Communication

The Educational Technology Advisory Committee will report periodically on the status of committee activities, decisions and recommendations. A focus on instructional technology, policy and procedures will be included in these communiques. Management of all related content and accessibility to this content will be provided.

An O365 Group and SharePoint site will be created to store and maintain committee documentation, policies and meeting minutes.

Recommended Meeting Frequency

Meetings should be conducted Monthly at a minimum. This will ensure recommended modifications and proposed enterprise solutions can be reviewed and assessed on a regular basis.  Additional meetings can be requested by the chair of the Enterprise Applications Advisory Committee as necessary, to address any urgent issues that are presented outside of the regularly review cycle.

Process

Scope of review

• Educational and research technology requests.
• Priority questions/concerns regarding academic projects and initiatives.
• Instructional technology processes and implementations, delivery models, and learning experience.
• Learning spaces, environment design, development and implementation.
• Instructional support, faculty development, course design, learning outcomes, delivery models.

Intake process for requesting committee review

• Requests will be submitted using the existing TeamDynamix ticketing system.
• Other items may be identified during periodic committee meetings/discussions.
• Committee review may be required by the Director of Instructional Design to address and urgent and/or outstanding issues.

Deliverables

• Recommendations regarding the application, resources and training requirements necessary to support specific instructional technology requests.
• A defined set of priorities and/or objectives based on campus impact, requirements and cost benefit analysis for projects and initiatives.
• Recommendations and guidance on process, delivery, implementation and learning experiences.
• Recommendations on design, development and implementation of learning spaces and physical resources across that campus.
• Recommendations and strategic support on instructional support requirements, faculty development needs, course design, learning outcomes and other proposed solutions.

 

Enterprise Applications Advisory Committee

(EAAC)

Formerly the Administrative Technology Advisory Committee

Purpose/Mission

The Enterprise Applications Advisory Committee is an Information Technology Governance advisory committee which provides oversight and sets priorities for the development and integration of the Institution's enterprise systems.

The committee gathers information about how information systems may enhance business processes and makes recommendations to the Information and Technology Governance Council.

The EAAC is responsible for advising information technology’s leadership in evaluating enterprise applications needs across campus. It identifies gaps, recommends solutions, and suggests processes and practices.

Objectives

• Review and recommend educational and research technologies requests to the Information and Technology Governance Council.
• Establish and approve priorities for Enterprise Systems’ (ES) ongoing operations, enhancements, and new initiatives to assure alignment with campus strategic goals and business needs when necessary.
• Consider and discuss potential impact of enterprise system changes on faculty, staff, and students including related processes.
• Assess technology requirements and potential impact on standards and policies.
• Resolve escalation issues identified by functional, departmental and administration areas.

Current Membership

• Rita Zientek – Interim Dean, School of the Professions (co-chair)
• Connie Cooke – Director, Financial Aid Office
• Kelly D'Aloisio - Director, Financial Management
• Michelle Hockett – Assoc for Institutional Research
• Imon Hossain – Programmer/Analyst, Residential Experience
• Lydia Kawaler – Manager, Personnel Operations
• Carolynn Krupp - Director, IT Strategic Planning and Operations
• Nigel Marriner – Registrar
• Jayme Riter – Interim Director, Student Accounts
• Brendan Rooney - Director, Enterprise Systems
• Student Government Association Representative
• Tim Walsh – AVP, Marketing and Communications
• Aimee Woznick - Director, Academic Commons

Proposed Membership

• Chair - TBD
• Academic Affairs (Dean Level Preferred) Representative
• Student Affairs Representatives (up to 2)
• Financial Aid Representative
• Office of the Registrar Representative
• Marketing and Communications Representative
• Finance and Management Representatives (up to 2)
• Admissions Representatives (up to 2)
• Institutional Research Representative
• IT Representative – PMO – Information Technology
• IT Representative – IT Team Leads appointee
• Brendan Rooney – Director, Enterprise Systems
• Student Government Association Representative
• Senate Representative – Chair of Budget Staff & Allocations Committee

Communication

The Enterprise Applications Advisory Committee will report on the status of committee activities, decisions, and recommendations to campus stakeholders.  As this committee will review and make recommendations regarding enterprise systems resources and requirements, communication of such will be provided as needed. Content included in these communiques will outline the request, potential impact, and recommended strategy for the proposed implementation. Management of all related content and accessibility to this content will be provided. An O365 Group and SharePoint site will be created to store and maintain committee documentation, policies and meeting minutes.

Recommended Meeting Frequency

To establish a consistent and effective review cycle, meetings should be conducted monthly at a minimum. This will ensure recommended modifications and proposed enterprise solutions can be reviewed and assessed on a regular basis.  Additional meetings can be requested by the chair of the Enterprise Applications Advisory Committee as necessary, to address any urgent items that are presented outside of the regular review cycle.

Process

Scope of review

• Priority and resource allocation items will be reviewed and approved.
• Enterprise/administrative technology usage and the impact of such will be reviewed. This includes but is not limited to, requests regarding proposed modifications, upgrades, enhancements, maintenance and support.
• Policy concerns and the application of policies and procedures will be reviewed.
• Items regarding administrative system initiatives will be reviewed.
• Data integration and access requirements, including applicable security measures will be reviewed.

Intake process for requesting committee review

• Requests will be submitted using the existing TeamDynamix ticketing system.
• Other items may be identified during periodic committee meetings/discussions.
• Enterprise systems team members will present items for review during committee meetings.

Deliverables

• Resolution and approval of priorities to address issues/questions on appropriate resource allocation and urgencies.
• Resolution of escalation issues identified by functional departments and campus stakeholders.
• Provide recommendations on strategic approaches necessary address questions on design, development and implementation of proposed technology solutions.

 

Data Governance Committee (DGC)

Purpose/Mission

The Data Governance Committee is responsible for the development of a comprehensive framework that focus on policy making for enterprise information.  It provides a strategic framework for organizing, aligning and establishing objectives and policies for enterprise information.

Data governance is the collection of practices and processes used to manage college data assets.  The structure is an opportunity to foster a collaborative and inclusive culture around institutional data. The data governance structure/model will continue to mature or exist as a living document.

Definition

Data governance aligns information need with college strategy, while data management is diverse, tools-focused, information management function that enables the tactical, day-to-day execution of data governance policies.

Goals/Objectives

The goal is to build strong trust in institutional data

• Transparent, inclusive processes
• Shared data responsibilities
• Proactive data validation
• Consistent definitions, naming and support
• Identify, prioritize, track and resolve critical data issues.
• Establish clear accountability of campus-defined data elements.
• Facilitate standardized data element coding schemas, where feasible and within scope.

Current Membership

• Curtis Brickhouse – Director, Student Affairs Operations
• Yves Gachette – Director, Institutional Research
• Melissa Miszkiewicz- Technology Communications Officer
• Jacquelyn L. Malcolm, CIO and VP for Enrollment, Marketing and Communications (ex-officio)
• Nigel Marriner - Registrar
• Kelly Frothingham – Interim Associate Dean, College of Natural and Social Sciences
• Jill Powell – Sr. Assistant to VP of Finance and Management
• William Benfanti – AVP for Government Relations
• John Rellinger – Assistant Director for Advancement Services

Proposed Membership

Functional Executive

Senior executive responsible for data and domains within their organization who responds to high-level data issues such as a data breac

Membership

• Member of Information and Technology Governance Council (ITGC)
• Technology Communications Officer
• Appointees identified by ITGC

Domain Stewards

Takes a strategic, cross-functional view of domain data for the benefit of the enterprise, promotes data governance within the unit's business processes, resolves intra-domain conflicts and escalates to the ITGC when necessary, responsible for approving or delegating the approval of data access requests.

• Membership [Directors & Midlevel Managers]

Operational Data Stewards (TBD)

Responsible for data quality audits and fixes as well as data quality triage and resolution, serves as the primary subject matter expert on unit data, facilitates development of metadata for data assets.

• Membership [Enterprise Data & Superusers]

Communication

The Data Governance Committee will report on the status of committee activities, decisions and recommendations to campus stakeholders as necessary per committee meetings. Content provided in this communication should contain updates to data policies, data management and procedures. Management of all related content and accessibility to this content will be provided.

• Establish Guiding Principles for Data Governance (to be approved by the Cabinet Level)
• An O365 Group and SharePoint site will be created to store and maintain committee documentation and meeting minutes. Maintains a dictionary of key institutional data based on the recommendations of the Domain Data Steward Committee.
• A Website will be created under the Information Technology website to communicate organizational structure, established policies and guidelines for data governance. The site will list committees and groups charges and memberships.
• Review and reports on the performance of the overall data governance initiative on an annual basis and provides a full briefing to the CIO and the Provost.
• New/Revised and approved data governance committee policies will be communicated through the College Bulletin

Recommended Meeting Frequency

Data Governance Committee meetings should be conducted quarterly at a minimum. This will ensure Data Governance policies and procedures are reviewed, addressed and implemented on a regular basis.  Additional meetings can be requested by the chair of the Data Governance Committee as necessary to address any proposed additions, modifications and removal of campus data structures and/or data policy modifications.

Process

Scope of review

• Issues surrounding data violations and security risks will be reviewed by the Functional Executives.  Recommendations on mitigation strategies will be submitted to the ITGC for approval and implementation. 
• Software/enterprise solutions will be assessed to evaluate adherence to campus data policies and procedures.  (Initial review initiated by questions provided appendix A).
• Questions on data privacy, usage, access and implementation will be identified by the Operational Stewards, reviewed by the Domain Stewards and escalated to ITGC as necessary.
• These committees WILL NOT provide recommendations as to how to proceed with the potential purchase/acquisition of any proposed software/enterprise solution.

Intake process for requesting committee review

• A form to request a review of necessary topics/items will be available in TeamDynamix to collect information for the Domain Stewards to review when necessary.
• Most items/topics will be reviewed and resolved at the Domain Steward and the Operational Data Steward level.
• Operational items will escalate to Domain Data Steward and Domain Steward can escalate to Information and Technology Governance Council when required.

Deliverables

• Recommendations on data risk management and data breach responses will be submitted to ITGC for review.
• Recommendations on new software/application usability – A proposed questionnaire will be available to sponsors or designee to complete on data management and privacy. 
• Recommendations for policy development, review and modification will be provided to the Information and Technology Governance Council for approval.
• Recommendations on storage classifications per SUNY Buffalo State Data Risk Classification Policy, all college data must be classified into one of three categories and protected using the appropriate security measures consistent with the minimum standards for the classification category. These guidelines provide direction regarding the storage and transmittal of campus data as specified in the Data Risk Classification Policy.