OFFICE OF THE CIO MEMORIAL UNIVERSITY OF NEWFOUNDLAND A PRESENTATION FOR THE IM COMMUNITY

Transcription

1 OFFICE OF THE CIO MEMORIAL UNIVERSITY OF NEWFOUNDLAND A PRESENTATION FOR THE IM COMMUNITY Shelley Smith, Chief Information Officer January 23, 2017

2 OVERVIEW Memorial University of Newfoundland Convergence and an integrated approach Guiding Principles and Strategic Objectives Questions & Discussion

3 MEMORIAL UNIVERSITY AT A GLANCE 18,500 students across four campuses and online St. John s campus Marine Institute (St. John s) Grenfell Campus (Corner Brook) Harlow Campus (UK) Old Harlow, Essex 85,000 alumni throughout the world ~3,000 faculty and staff 450+ online courses Hundreds of researchers partnering with colleagues from around the world

4 MEMORIAL - BRIEFLY Connected to universities across Canada, the US and Europe via research networks ~2,600 students live on Memorial University campuses Decentralized IT environment ~250 IT staff (~130 in CIO Portfolio) ~30 IT units (with between1 and 125 IT staff each) ~15 data centres of varying size and complexity ~30,000 devices connect to the network daily Multiple help desks

5 INFORMATION SERVICES CONVERGENCE Office of the CIO IT Services Network management and security, telecommunications, data centre services, project management, solution delivery, client services, application services, disaster recovery, business continuity Information Management & Protection IM Advisory Services, education and awareness, risk assessments, process definition and improvement, compliance monitoring Information Access & Privacy Access to Information requests, privacy breach management, advisory services (including Privacy Checklists and PIA), education and awareness - Individual roles working together - Separation of duties in a collaborative environment

6 INFORMATION MANAGEMENT AND PROTECTION IM&P Director 5 staff in IM&P Unit Emphasis: Information Management Policy developed and approved Records classification plan and retention schedule Education and awareness Information risk assessments and information protection program in development Reorganization to create separation of duties between operational IT security and information protection and compliance Integration of IM and IP considerations into IT decisions

7 ACCESS AND PRIVACY OVERVIEW access requests processed first six months 65 access requests processed Complex issues related to research, custody and control, intellectual property, etc. Several Memorial University units are custodians under PHIA (clinics, pharmacy) Memorial has both ATIPPA and PHIA Advisory committees with cross-university representation

8 INTEGRATED APPROACH TO SOLUTION DELIVERY Solutions developed or acquired considering the following Security classification determine security controls and access rules privacy checklist and, if required, full PIA (privacy by design) Risk assessment(s) determine level of security testing and system architecture may include Cloud assessment, vulnerability assessment and/or security review IM assessment determine requirement/ability to implement retention schedule determine whether data may have long term value Partnerships with Legal Counsel, Internal Audit, Office of Chief Risk Officer Solutions consider IM, access and privacy compliance, and information protection and security

9 CIO STRATEGIC PRIORITIES GUIDING PRINCIPLES Enable the success of M emorial University Deliver E xceptional service and expert advice Communicate clearly within the M emorial University community Align with O rganizational strategic priorities Provide secure, R eliable and sustainable solutions Collaborate, I nnovate and build strong relationships Be A ccountable and transparent Integrate and promote the Student L ifecycle across all functions U nderstand the business of the University

10 CIO STRATEGIC PRIORITIES STRATEGIC OBJECTIVES STRATEGIC OBJECTIVE #1 Promote and support innovation and the use of technology and best practice to advance the mission and priorities of Memorial University. STRATEGIC OBJECTIVE #2 Establish and sustain an IT governance model for Memorial University that supports effective collaboration and transparency, and enables efficiency and effectiveness across all units and campuses. STRATEGIC OBJECTIVE #3 Develop policies, procedures, standards, education and awareness for managing and protecting information and making it accessible, as appropriate.

11 QUESTIONS AND DISCUSSION