Processes (P)

7P6 Ensuring the Effectiveness of the Information System(s) and Related Processes

The Technology Management Team provides oversight of significant technology decisions impacting users across campus. This group has successfully provided guidance for the use of technology in teaching spaces on campus, the deployment of enhanced network services, the development of help desk support services, and the acquisition and deployment of the SunGard SCT Banner integrated Enterprise Resource Planning (ERP) system, including integrated portal software and a content management system.

Technology staff performs third-party hardware and software system upgrades in conjunction with the respective hardware or software vendor. Vendors thoroughly test upgrades prior to releasing the hardware or software for installation. Hardware and software contracts exist for major hardware and third-party software components. After installations, the Information Technology Services department (ITS) works closely with the affected offices to assure that changes work accurately, that system performance is optimal, and that training is available for staff.

When approached ITS staff develops in-house software for departments. Unit testing of software modifications occurs in a test environment that either replicates the production instance of the software and data or with test data that resides within the production instance of the software and data.

The integrity and reliability of information and data is a high priority. The Data Standards Committee defines, documents, reviews, and makes changes to the Banner Gold Data Standards manual. The Reporting Strategies Committee addresses information output. This committee uses the Reporting Strategies Analysis manual to document acceptable methods of reporting.

The confidentiality and security of electronic and printed information is a high priority. The Gramm, Leach, Bliley Act (GLBA) of 1999 required a plan to protect confidential information related to customers and employees. A safeguard policy regarding GLBA was implemented in 2003. Training of employees, including student employees, is required each year by GLBA. Western no longer uses social security numbers for identification. Employees abide by the Federal Rights and Privacy Act (FERPA) as well as the Health Insurance Portability and Accountability Act (HIPAA).

Western uses several measures to protect information systems. Computer systems are located in a locked room accessible to authorized personnel only. A full back-up and recovery plan protects data and programs. A full-scale disaster recovery plan has been implemented, and application and data systems are password-protected. The network provides secure connectivity through the use of Secured Socket Layer (SSL) encryption. The network is protected with a bandwidth management device, a firewall, and an anti-spam/anti-virus network appliance.