Purpose
To ensure that information systems at WMU are effectively integrated, that those systems are effectively used across organizational boundaries, and to support evidence-based decision making at the University.
Scope
This policy applies to the purchase of information software and hardware using University funds, including the general fund, designated funds, grant and donor funds, and any other funds for which the University and its various sub-units are accountable. The policy defines different levels of review and control, depending on the type of information system contemplated for purchase.
Policy statement
The University seeks to maximize effectiveness in the use of funds spent for information systems by distinguishing different types of systems, the level of review required for those types of information systems and the role of various offices in that review. Specifically, the policy distinguishes between enterprise systems, enterprise support systems, departmental support systems, and infrastructure systems. These types of systems are defined below, along with the approval process required for each.
Enterprise systems
Enterprise systems are those which manage the data for core business functions of the University, which require integration or which have significant integration potential with other systems, and which must be managed and maintained effectively for the University to thrive. Examples of these systems are the Banner Student Information System, the Banner Operational Data Store, the Banner Enterprise Data Warehouse, the PeopleSoft HR and Financial Systems, the elearning system, the development and alumni system, the University email collaboration system, the time-keeping system, the institutional reporting system, the imaging system, the e-commerce system, customer relationship management systems, strategic planning systems and the emergency alert system. Enterprise systems may be hosted by WMU or they may be hosted externally (cloud-based).
Acquisition and replacement of these systems requires approval from the Office of Information Technology executive advisory board or an appropriate subcommittee of that body, which functions as the data governance executive sponsors. In addition, IT should be involved at all stages of selection of these systems, from problem definition through RFP, vendor review, vendor selection, contract negotiation, change management and implementation. WMU-hosted enterprise systems will be hosted by IT in the computing center and will be incorporated into disaster recovery and data backup systems. IT will manage the exchange of data between WMU-hosted enterprise systems and any cloud-based enterprise system, in collaboration with functional user offices. Change management for these systems will be controlled by collaborative change management committees. These systems are subject to the University's information security policies, as set by the security committee and as implemented by change management committees.
Enterprise support systems
Enterprise support systems are those that are integrated with the enterprise systems to perform specific functions, but which are not, by themselves, enterprise systems. Examples include FSA-Atlas for reporting data on international students to the federal servicer, DegreeWorks advising and planning system, and the Docufide electronic transcript system.
Acquisition or replacement of these systems require notice to the Office of Information Technology executive advisory board. The board may require full review by a board subcommittee, especially where the integration potential is high. IT should be involved at the stage of vendor selection and subsequent stages. Most enterprise support systems will be maintained by IT and will be managed by the relevant change control committee.
Departmental support systems
These are systems that principally support one department or one function and which require minimal integration (usually only one-way with enterprise systems or enterprise support systems). Examples include MediaSite Live for video streaming, PeopleAdmin job system, Pinnacle telecommunications billing system, Roomview classroom scheduling system and the SPSS statistical software.
Acquisition and replacement of these systems require collaboration among offices that use the systems. Office of Information Technology involvement should begin no later than product review and contract approval.
Infrastructure systems
Infrastructure systems are software platforms largely managed by the Office of Information Technology in collaboration with appropriate technical staff in other units. These systems support information technology operations and ensure stability and security, but are not directly involved in delivering services to faculty, staff, students, alumni, donors, or other stakeholders. Examples include support for Oracle and SQL database systems, data backup systems, IP network and firewall systems, voice-over-Internet systems, security monitoring systems, computer lab management systems, job scheduling systems, address verification systems, and anti-virus protection systems.
Acquisition and replacement of these systems require collaboration among the technical staff who use the systems across campus. The Office of Information Technology will manage the problem definition, proposal solicitation, product review, product selection, contract negotiation, and implementation, in collaboration with other offices and change control committees as appropriate.
Information security
Information security is an issue that must be carefully considered in all of the types of systems described above, but particularly for all systems that manage, store, or transmit confidential-restricted information, as defined in the University's information security policies. Responsibility for information security rests on all those who use an information system and is regularly monitored and reviewed by IT.
Many systems hold data that are subject to compliance requirements, including HIPPA, FERPA, GLBA, HSIRB, and PCI requirements. The University has identified specific individuals who are responsible for compliance in these areas and who must be involved in system purchase and management decisions as required.
Document action
Approved: Office of Information Technology Executive Advisory Board, Sept. 2013