June 2023 Agenda

Opening 

1. Administrative Announcements    

2. Executive ITGC Updates [Craig Woolley] 
 

Action 

3. Approval of the Minutes from the Meeting held on May 3, 2023 

4. Discussion and Vote on LSU A&M IT Security Policies (Revision Plan and Current Status) 
Resolution: IT Governance Council acknowledges the need to establish new policies for IT and Information Security to ensure that requirements of PM-36 and security best practices are codified in LSUAM University policies. Therefore, IT Governance Council approves the draft policies and standards presented to the Council by LSU ITS. The Council shall provide this recommendation to the LSU Office of Academic Affairs for the 14 policies to enter the university's overall review and approval process. 
 

Information/Discussion 

5. ITS Customer Service Satisfaction Survey Results [Craig Woolley] 

6. Moodle 4.1 Upgrade [Kappie Mumphrey]  

7. ITS ITGC Project List/Teams Telephony/Campus Addressing [Katie Bouey] 

 
Wrap-Up 

8. Information sharing/Announcements [All] 

9. Suggested agenda items for future meetings, including ITS topics of interest [All] 

10. Next steps/Follow-up items [Chair] 

 

June 2023 Minutes

2. Executive ITGC Updates 

Craig announced that the Strategic IT Committee of the EITGC has been meeting regularly and are discussing the application inventory every campus will be doing. He added that they will be reinvigorating action items from the IT Governance audit.

 

3. Meeting Minutes Approval 

May meeting minutes were approved with no revision. Motion to approve by Tommy Smith; seconded by Craig Woolley. 

 
4. Discussion and Vote on LSU A&M IT Security Policies 

Craig Woolley informed the Council that the Ad-hoc Faculty Senate IT committee, founded in April, has had 16 meetings to review the policies, resulting in changes to several of the fourteen policies. He added that these meetings were in addition to feedback from subcommittees, faculty and other groups. 
 
Parampreet Singh commended the committee for achieving so much in a short amount of time.  
Sumit Jain, ITS, gave an overview of the changes to the IT Security policies and associate standards based on feedback from the Ad Hoc Faculty Senate IT committee. Policy Statement (PS) 120 on Information Security Program added language addressing the need to define an exceptions process for all policies and standards including the appeals process for exceptions that are denied. A section was also added that highlighted what may result from non-compliance with any of the policies and standards, including blocking of network access of either the IT asset and/or the user. PS 120 Standard 4 on Policy Management was updated to reflect that before a policy or standard is brought to the IT Governance Council for approval, it will be reviewed by the Department IT Subcommittee, the Research Technology Subcommittee, and the Ad-hoc Faculty Senate IT Committee. Sumit stated that language added that if an exception request is denied, the submitter of the request can appeal the decision to the panel of Chair and/or a designee of the three reviewing subcommittees.  
 
For PS-121 on Acceptable Use, Sumit stated informed the Council that a statement concerning data created on LSUAM information systems becoming property of the University was removed due to it being addressed in other University policies, bylaws, and sections. A section was added stating that any request for usage activity review must be requested in writing by General Counsel, Human Resources, Internal Audit, Student Advocacy & Accountability, or LSU Police. Sumit added that a modification to the definition of communication services was made to PS 121 Standard 3 on Applications Acceptable Use, which excludes services provided by cellular, landline, or Voice over IP (VoIP), or by the associated device vendor. Sumit also stated that several pre-approved exceptions to the software acquisition process were added such as software that is bundled with hardware or an Operating System, as well as freeware used for non-administrative academic purposes in an individual non-instructional setting such as research. 
 
PS-126 on Encryption was updated to state that all University-owned user endpoints such as laptops and desktops must be encrypted using whole disk encryption. Sumit added that if this encryption is not feasible due to a technical or hardware limitation, then appropriate compensating controls must be implemented to secure private or confidential data that may be on that asset. 
Craig highlighted that a lot of time was spent on the software acquisition piece to make it as efficient and easy as possible on the user. He added that an agreement was signed and sent to the Provost and to the Faculty Senate President stating the plan for the IT Security Policies. The remaining policies will also be updated based on feedback from various groups, voted on by the IT Governance Council, and sent to Academic Affairs for approval. Craig added that the IT Security policies are dynamic documents which may be changed based on technology or cybersecurity trends. 
 
Sumit stated that the goal is to have the fourteen policies approved by Academic Affairs and signed by the President prior to June 30th. He added that an index and GROK article will be created for these policies.  
 
There was a brief discussion concerning how the software acquisition process relates to Procurement and Workday. Craig stated that ITS will need to work with Procurement on how to process acquisition of preapproved software. 
 
Voting Item 
Resolution: IT Governance Council acknowledges the need to establish new policies for IT and Information Security to ensure that requirements of PM-36 and security best practices are codified in LSUAM University policies. Therefore, IT Governance Council approves the draft policies and standards presented to the Council by LSU ITS. The Council shall provide this recommendation to the LSU Office of Academic Affairs for the 14 policies to enter the university's overall review and approval process. 

Council Member Vote
Sandi Gillilan Yes
Tommy Smith Yes
Alex Basse Absent
Andy Maverick Yes (via proxy)
Bret Colllier No vote
Chad Brackin Yes (via proxy)
Elahe Russell Yes (via proxy)
Matthew LaBorde No vote
Mo Carney Yes
Julie Perkins Yes
Melanie Thornton Yes
Peter Trentacoste Absent
Rudy Hirschheim Yes

 

The Chair thanked Sumit for all his work on the IT Security policies. She also thanked Craig, Dr. Singh, and the various groups that helped shape the policies. Craig also thanked Sumit and Dr. Singh. 

 
5. ITS Customer Service Satisfaction Survey Results 

Craig Woolley presented the results of the 2022 ITS Customer Satisfaction Survey. The Qualtrics survey was sent directly to faculty and staff listed in Workday and it received 297 responses made up of 41% faculty and 59% staff. It contained 19 questions which resulted in 406 comments and 86% overall satisfaction. He stated that satisfaction on all questions asked went up compared to last year, with overall satisfaction going up five points. Craig shared some of the positive comments as well as negative comments. He added that he focuses more on the negative results since they show areas with potential to improve. Craig stated that overall customer satisfaction has risen 16% in three years and his goal is to reach the mid-90s. 


6. Moodle 4.1 Upgrade 

Kappie Mumphrey shared that the Academic Technology Team had been planning a Moodle 4.1 upgrade during the normal upgrade window in May after finals, but due to constraints with the hosting partner, that upgrade would have to be moved up to Christmas break. She added the new upgrade window would not affect winter session courses. 

 
7. ITS ITGC Project List 

Katie Bouey, ITS, gave an update on the Identity Access Management (IAM) project, stating that LSU is in the final process of selection, with procurement taking place in the beginning of fiscal year 2024. Katie also gave a brief update on the Campus Readdressing Project, stating that ITS has met with the United States Postal Service (USPS) to provide necessary documentation. She stated that ITS has stressed the importance of the changes from an e-911 and emergency standpoint and added that they are formulating a backup plan if the changes are not pushed forward. There was a brief discussion concerning addresses of buildings being listed incorrectly and how it relates to Google and the USPS. 

 
8. Information Sharing/Announcements 
Sandy Gillilan announced that this is her last meeting as Chair and that the duties of the Chair would be passed to Tommy Smith. She added that Stephen Beck would replace her as the Academic Affairs representative and would also serve as Vice-Chair. Craig and Tommy both shared their appreciation for all the work Sandy has done during her time as Chair of the IT Governance Council.