IT Leaders celebrate FY21 achievements and more

    September 3, 2020

    The Leadership Team met on August 26 to discuss the following projects and updates:

    Balanced Scorecard: Progress and Next Steps

    Karen Polhemus congratulated IT colleagues for successfully completing 11 balanced scorecard initiatives (three were moved to FY21), including:

    • All financial results not within 2% of budget (by category) reviewed monthly at Senior Leadership Team (SLT) meetings
    • Publish a 2-click service catalog and central services description
    • Define a plan for remediation of duplicate or obsolete services/applications
    • Adopt and integrate a minimum of six architecture standards
    • Deploy updated processes for gating, change control, incident, and major incident management
    • Establish framework for the Yale IT Academy and launch two curriculums
    • Identify balanced scorecard, Diversity & Inclusion, and Information Security risk expectations
    • Prepare/launch a multi-touch “awareness” campaign to make expectations around balanced scorecard, Diversity & Inclusion (D&I), and Information Security (IS) risk visible
    • Service definition and SLA established and piloted
    • Define service classification and standards
    • Introduce service catalog and operational budgets to IT Governance Chairs

    At the meeting, SLT members shared updates on their draft charters for FY21 objectives, and sought feedback from IT leaders on In-scope and Deliverable items. If you have feedback, please provide it to the SLT member leading the initiative by September 9. In September, the SLT will meet to review the objectives and feedback, and recalibrate, as needed.

    Yale Hub Student Portal

    Tim Hinckley and Tedd Darash shared an update on the Yale Hub Student Portal, which recently launched and has since earned 42,000 page views.

    The Hub provides Yale College, the Graduate School, and professional schools with a consolidated student experience, which is personalized, customizable, extensible by student population, mobile-friendly, and more.

    To facilitate the development of the Hub:

    • Students were engaged through focus groups facilitated by IT’s user experience team, design reviews were conducted in Bass Café, preferred capabilities were identified and prioritized, feasibility and sizing exercises were performed, user interface designs and modules were developed, and a survey was sent to name the site.
    • Stakeholders were consulted as part of the development of the Hub, including: Dean Chun, Dean Cooley, the Registrar’s Office, Yale College, the Graduate School, the Student Technology Collaborative, Office of International Students and Scholars, Yale Hospitality, and more.
    • Training was conducted for SASS and others on the chosen technology—ReactJS and GraphQL.

    Next steps include gathering additional feedback from students in late September, completing priority modules in backlog, repointing sis.yale.edu to yub.yale.edu, and establishing regular release cadence for new features and content. Some of these changes were slowed down due to COVID, to minimize the number of changes students needed to manage while returning to campus.

    Incident Process: Review and Maturity

    Chris Lago and Sarah Beardsley shared an update on how the Incident Management process is currently being performed, gaps and pain points they’ve identified, and how they are approaching process maturity levels.

    As part of this process, they identified stakeholders, conducted process mapping workshops, and performed maturity self-assessments. Maturity assessments, which are on a scale of 1-5 (with 1 representing the initial level and 5 being the optimal level), will form the baseline for future state recommendations.

    Their findings identified that the process is fragmented, delivers inconsistent results, introduces misunderstandings, and lacks governance. Additionally, training is not broadly available, it’s only available within units or teams.

    They have outlined a series of concrete recommendations to improve the process. Moving ahead, Sarah shared that Bob Haig has taken on the role of Incident Process Manager, in addition to his other responsibilities, and will be working with her to develop a unified Incident Management process, in partnership with stakeholders across all groups.

    Minimum Security Standards (MSS) Roadshow Launch

    Jessica Zaczek introduced the MSS Roadshow and asked Wendy Battles to review their awareness strategy.

    The MSS roadshow will start with ITS and expand to the entire campus. MSS offers multiple benefits including flexibility, sound operational practices, and a risk-based security program. Wendy reminded us that “Security is everyone’s responsibility” and will be helping ITS staff understand how MSS relates to their work, so that they will take the appropriate actions. They are supporting staff in understanding their role through the Roadshow, which includes:

    • MSS 101: Building the Foundation - Learn how the MMS applies to you and your role in keeping Yale secure
    • MSS 201: Classifying the System - Learn how to classify Yale IT Systems and how classification is part of a risk-based security program
    • MSS 301: Understanding the MSS - Learn how to interpret the MSS so that you can apply it to the systems you support

    Wendy shared tips on keeping MSS fun and successful, including: set the expectation that security is part of your team’s job, maintain momentum to connect MSS to your work, connect your team to MSS and your mission, endorse MSS enthusiastically by engaging your directs in the promotion it (consider friendly competition and other tactics to reinforce the message).

    Ask John Anything

    How, if at all, is Yale partnering with local universities on their approach to testing and bringing students back to campus? 

    It’s difficult to compare because Yale is in a unique position to support a high level of testing, create appropriate space for isolation, make programmatic changes to de-densify its campus, and other changes to support students’ return to campus.

    Will there continue to be a level of data monitoring on core services, etc.?

    Yes, we will continue to monitor the data, such as VPN usage, access control logs, compliance tracking, and other reporting to support the executive team with classifying the University’s overall status.

    John closed with sharing his thanks for everyone’s hard work and suggested that managers support their teams in taking breaks and identifying down time, as well as opportunities to “park” projects that are not time-bound or critical to supporting the return to campus effort.

    The next leadership team meeting will be held on September 30.