June 2023 Agenda
Opening
1. Administrative Announcements
2. Executive ITGC Updates [Craig Woolley]
Action
3. Approval of the Minutes from the Meeting held on May 3, 2023
4. Discussion and Vote on LSU A&M IT Security Policies (Revision Plan and Current
Status)
Resolution: IT Governance Council acknowledges the need to establish new policies
for IT and Information Security to ensure that requirements of PM-36 and security
best practices are codified in LSUAM University policies. Therefore, IT Governance
Council approves the draft policies and standards presented to the Council by LSU
ITS. The Council shall provide this recommendation to the LSU Office of Academic Affairs
for the 14 policies to enter the university's overall review and approval process.
Information/Discussion
5. ITS Customer Service Satisfaction Survey Results [Craig Woolley]
6. Moodle 4.1 Upgrade [Kappie Mumphrey]
7. ITS ITGC Project List/Teams Telephony/Campus Addressing [Katie Bouey]
Wrap-Up
8. Information sharing/Announcements [All]
9. Suggested agenda items for future meetings, including ITS topics of interest [All]
10. Next steps/Follow-up items [Chair]
June 2023 Minutes
2. Executive ITGC Updates
Craig announced that the Strategic IT Committee of the EITGC has been meeting regularly and are discussing the application inventory every campus will be doing. He added that they will be reinvigorating action items from the IT Governance audit.
3. Meeting Minutes Approval
May meeting minutes were approved with no revision. Motion to approve by Tommy Smith; seconded by Craig Woolley.
4. Discussion and Vote on LSU A&M IT Security Policies
Craig Woolley informed the Council that the Ad-hoc Faculty Senate IT committee, founded
in April, has had 16 meetings to review the policies, resulting in changes to several
of the fourteen policies. He added that these meetings were in addition to feedback
from subcommittees, faculty and other groups.
Parampreet Singh commended the committee for achieving so much in a short amount of
time.
Sumit Jain, ITS, gave an overview of the changes to the IT Security policies and associate
standards based on feedback from the Ad Hoc Faculty Senate IT committee. Policy Statement
(PS) 120 on Information Security Program added language addressing the need to define
an exceptions process for all policies and standards including the appeals process
for exceptions that are denied. A section was also added that highlighted what may
result from non-compliance with any of the policies and standards, including blocking
of network access of either the IT asset and/or the user. PS 120 Standard 4 on Policy
Management was updated to reflect that before a policy or standard is brought to the
IT Governance Council for approval, it will be reviewed by the Department IT Subcommittee,
the Research Technology Subcommittee, and the Ad-hoc Faculty Senate IT Committee.
Sumit stated that language added that if an exception request is denied, the submitter
of the request can appeal the decision to the panel of Chair and/or a designee of
the three reviewing subcommittees.
For PS-121 on Acceptable Use, Sumit stated informed the Council that a statement concerning
data created on LSUAM information systems becoming property of the University was
removed due to it being addressed in other University policies, bylaws, and sections.
A section was added stating that any request for usage activity review must be requested
in writing by General Counsel, Human Resources, Internal Audit, Student Advocacy &
Accountability, or LSU Police. Sumit added that a modification to the definition of
communication services was made to PS 121 Standard 3 on Applications Acceptable Use,
which excludes services provided by cellular, landline, or Voice over IP (VoIP), or
by the associated device vendor. Sumit also stated that several pre-approved exceptions
to the software acquisition process were added such as software that is bundled with
hardware or an Operating System, as well as freeware used for non-administrative academic
purposes in an individual non-instructional setting such as research.
PS-126 on Encryption was updated to state that all University-owned user endpoints
such as laptops and desktops must be encrypted using whole disk encryption. Sumit
added that if this encryption is not feasible due to a technical or hardware limitation,
then appropriate compensating controls must be implemented to secure private or confidential
data that may be on that asset.
Craig highlighted that a lot of time was spent on the software acquisition piece to
make it as efficient and easy as possible on the user. He added that an agreement
was signed and sent to the Provost and to the Faculty Senate President stating the
plan for the IT Security Policies. The remaining policies will also be updated based
on feedback from various groups, voted on by the IT Governance Council, and sent to
Academic Affairs for approval. Craig added that the IT Security policies are dynamic
documents which may be changed based on technology or cybersecurity trends.
Sumit stated that the goal is to have the fourteen policies approved by Academic Affairs
and signed by the President prior to June 30th. He added that an index and GROK article
will be created for these policies.
There was a brief discussion concerning how the software acquisition process relates
to Procurement and Workday. Craig stated that ITS will need to work with Procurement
on how to process acquisition of preapproved software.
Voting Item
Resolution: IT Governance Council acknowledges the need to establish new policies
for IT and Information Security to ensure that requirements of PM-36 and security
best practices are codified in LSUAM University policies. Therefore, IT Governance
Council approves the draft policies and standards presented to the Council by LSU
ITS. The Council shall provide this recommendation to the LSU Office of Academic Affairs
for the 14 policies to enter the university's overall review and approval process.
| Council Member | Vote |
| Sandi Gillilan | Yes |
| Tommy Smith | Yes |
| Alex Basse | Absent |
| Andy Maverick | Yes (via proxy) |
| Bret Colllier | No vote |
| Chad Brackin | Yes (via proxy) |
| Elahe Russell | Yes (via proxy) |
| Matthew LaBorde | No vote |
| Mo Carney | Yes |
| Julie Perkins | Yes |
| Melanie Thornton | Yes |
| Peter Trentacoste | Absent |
| Rudy Hirschheim | Yes |
The Chair thanked Sumit for all his work on the IT Security policies. She also thanked Craig, Dr. Singh, and the various groups that helped shape the policies. Craig also thanked Sumit and Dr. Singh.
5. ITS Customer Service Satisfaction Survey Results
Craig Woolley presented the results of the 2022 ITS Customer Satisfaction Survey. The Qualtrics survey was sent directly to faculty and staff listed in Workday and it received 297 responses made up of 41% faculty and 59% staff. It contained 19 questions which resulted in 406 comments and 86% overall satisfaction. He stated that satisfaction on all questions asked went up compared to last year, with overall satisfaction going up five points. Craig shared some of the positive comments as well as negative comments. He added that he focuses more on the negative results since they show areas with potential to improve. Craig stated that overall customer satisfaction has risen 16% in three years and his goal is to reach the mid-90s.
6. Moodle 4.1 Upgrade
Kappie Mumphrey shared that the Academic Technology Team had been planning a Moodle 4.1 upgrade during the normal upgrade window in May after finals, but due to constraints with the hosting partner, that upgrade would have to be moved up to Christmas break. She added the new upgrade window would not affect winter session courses.
7. ITS ITGC Project List
Katie Bouey, ITS, gave an update on the Identity Access Management (IAM) project, stating that LSU is in the final process of selection, with procurement taking place in the beginning of fiscal year 2024. Katie also gave a brief update on the Campus Readdressing Project, stating that ITS has met with the United States Postal Service (USPS) to provide necessary documentation. She stated that ITS has stressed the importance of the changes from an e-911 and emergency standpoint and added that they are formulating a backup plan if the changes are not pushed forward. There was a brief discussion concerning addresses of buildings being listed incorrectly and how it relates to Google and the USPS.
8. Information Sharing/Announcements
Sandy Gillilan announced that this is her last meeting as Chair and that the duties
of the Chair would be passed to Tommy Smith. She added that Stephen Beck would replace
her as the Academic Affairs representative and would also serve as Vice-Chair. Craig
and Tommy both shared their appreciation for all the work Sandy has done during her
time as Chair of the IT Governance Council.