This set of principles covers the basics such as IT responsibility, compliance with law, and maximizing benefit to the institution.

Principle 1: Primacy of Principles

  • Statement:
    • These principles of information management apply to all divisions within the University that intend to adopt or build IT components, or wish to connect to, or exchange data with, the core institutional information systems.
  • Rationale:
    • The only way we can provide a consistent and measurable level of quality information to decision-makers is if all divisions abide by the principles.
  • Implications:
    • Without this principle, exclusions, favoritism, and inconsistency would rapidly undermine the management of information.
    • Information management initiatives will not begin until they are examined for compliance with the principles.
    • A conflict with a principle will be resolved by changing the framework of the initiative.

 

Principle 2: Maximize Benefit to the University

  • Statement:
    • Information management decisions are made to provide maximum benefit to the University as a whole.
  • Rationale:
    • This principle embodies “service above self”. Decisions made from a institution-wide perspective have greater long-term value than decisions made from any particular departmental perspective. Maximum return on investment requires information management decisions to adhere to institution-wide drivers and priorities. No minority group will detract from the benefit of the whole. However, this principle will not preclude any minority group from getting its job done.
  • Implications:
    • Achieving maximum institution-wide benefit will require changes in the way we plan and manage information. Technology alone will not bring about this change.
    • There will be situations where some divisions may have to concede their own preferences for the greater benefit of the entire University.
    • Enterprise application development priorities must be established by the entire institution for the entire institution.
    • Applications components should be shared across organizational boundaries.
    • Information management initiatives should be conducted in accordance with the University plan. Individual divisions should pursue information management initiatives which conform to the blueprints and priorities established by the University. We will change the plan as we need to.
    • As needs arise, priorities must be adjusted. A forum with comprehensive divisional representation should make these decisions.

 

Principle 3: Information Management is Everyone’s Concern

  • Statement:
    • All divisions in the University participate in information management decisions needed to accomplish common academic and administrative objectives.
  • Rationale:
    • Information users are the key stakeholders, or clients, in the application of technology to address an academic or administrative need. In order to ensure information management is aligned with the institutional objectives, all divisions in the University should be involved in all aspects of the central information environment. The administrative experts and academic representatives from across the University, and the technical staff responsible for developing and sustaining the information environment, need to come together as a team to jointly define the goals and objectives of IT.
  • Implications:
    • To operate as a team, every stakeholder will need to accept responsibility for developing the information environment
    • Commitment of resources will be required to implement this principle.

 

Principle 4: Business Continuity

  • Statement:
    • Critical University operations are maintained in spite of system interruptions.
  • Rationale:
    • As system operations become more pervasive, we become more dependent on them; therefore, we must consider the reliability of such systems throughout their design and use. Administrative premises throughout the University must be provided with the capability to continue their administrative functions regardless of external events. Hardware failure, natural disasters, and data corruption should not be allowed to disrupt or stop University administrative activities. Critical administrative functions (e.g. payroll) must be capable of operating on alternative information delivery mechanisms.
  • Implications:
    • Dependency on shared system applications mandates that the risks of administrative interruption must be established in advance and managed. Management includes but is not limited to periodic reviews, testing for vulnerability and exposure, or designing mission-critical services to ensure business function continuity through redundant or alternative capabilities.
    • Recoverability, redundancy, and maintainability should be addressed at the time of design.
    • Applications must be assessed for criticality and impact on the University mission, in order to determine what level of continuity is required and what corresponding recovery plan is necessary.

 

Principle 5: Common Use Applications and Services

  • Statement:
    • Development of applications and services used across the University is preferred over the development of similar or duplicative applications which are only provided to a particular division.
  • Rationale:
    • Duplicative capability is expensive and proliferates conflicting data.
  • Implications:
    • Divisions which depend on a capability which does not serve the entire University should consider changing over to the replacement University-wide capability, if one exists.
    • Divisions should carefully consider the costs of developing capabilities for their own use which are duplicative of institution-wide capabilities.
    • Data and information used to support University decision-making will be standardized to a much greater extent than previously. This is because the smaller, divisional capabilities which produce different data (which is not shared among other divisions) can, where possible, be replaced by institution-wide capabilities. The impetus for adding to the set of institution-wide capabilities may well come from a division making a convincing case for the value of the data/information previously produced by its divisional capability, but the resulting capability can become part of the institution-wide system, and the data it produces can be shared across the institution.

 

Principle 6: Service Orientation

  • Statement:
    • The architecture is based on a design of services which mirror real-world administrative and academic activities comprising the University’s processes.
  • Rationale:
    • Service orientation delivers Boundaryless Information Flow™.
  • Implications:
    • Service representation utilizes academic or administrative descriptions to provide context (i.e., process, goal, rule, policy, service interface, and service component) and implements services using service orchestration.
    • Service orientation places unique requirements on the infrastructure, and implementations should use open standards to realize interoperability and location transparency.
    • Implementations are environment-specific; they are constrained or enabled by context and must be described within that context.
    • Strong governance of service representation and implementation is required.
    • A “Litmus Test”, which determines a “good service”, is required.

 

Principle 7: Compliance with Law

  • Statement:
    • University information management processes comply with all relevant laws, policies, and regulations.
  • Rationale:
    • University policy is to abide by laws, policies, and regulations. This will not preclude academic administrative process improvements that lead to changes in policies and regulations.
  • Implications:
    • The University must be mindful to comply with laws, regulations, and external policies regarding the collection, retention, and management of data.
    • Education and access to the rules. Efficiency, need, and common sense are not the only drivers. Changes in the law and changes in regulations may drive changes in our processes or applications.

 

Principle 8: IT Responsibility

  • Statement:
    • The IT organizations (central ITS and Divisional IT departments) are responsible for owning and implementing IT processes and infrastructure that enable solutions to meet user-defined requirements for functionality, service levels, cost, and delivery timing.
  • Rationale:
    • Effectively align expectations with capabilities and costs so that all projects are cost-effective and within acceptable risk thresholds. Efficient and effective solutions have reasonable costs and clear benefits.
  • Implications:
    • A process must be created to prioritize projects.
    • The IT function must define processes to manage University unit expectations.
    • Data, application, and technology models must be created to enable integrated quality solutions and to maximize results.

 

Principle 9: Protection of Intellectual Property

  • Statement:
    • The University’s Intellectual Property (IP) must be protected. This protection must be reflected in the IT architecture, implementation, and governance processes.
  • Rationale:
    • Part of the University’s IP is hosted in the IT domain.
  • Implications:
    • While protection of IP assets is everybody’s business, much of the actual protection is implemented in the IT domain. Even trust in non-IT processes can be managed by IT processes (email, mandatory notes, etc.).
    • A security policy, governing human and IT actors, will be required that can substantially improve protection of IP. This must be capable of both avoiding compromises and reducing liabilities.