Information Technology Resource Management

Policy 1201
Information Technology Resource Management

Date of Current Revision: November 2016
Primary Responsible Officer: Assistant Vice President for Information Technology

1. PURPOSE

In conjunction with JMU Policy 1212 - Information Technology Infrastructure, Architecture and Ongoing Operations and Policy 1213 - Information Technology Project Management, this policy establishes general requirements and responsibilities associated with the management and use of computing and telecommunications resources and services at the university.

2. AUTHORITY

The Board of Visitors has been authorized by the Commonwealth of Virginia to govern the university. See Code of Virginia§ 23.1-1600. The Board has delegated the authority to manage the university to the president.

3. DEFINITIONS

Access Control:
Access control is the ability to allow or deny use of a certain resource by a particular entity. Access control mechanisms are necessary for management of physical and/or digital resources.

End-User Computing:
Computing activities and resources intended primarily to support the needs of the department or unit developing or purchasing the application. EUC applications typically reside on workstations. EUC applications used to conduct university business must be adequately documented and secured in order to ensure continuity of service or operations. An EUC application may be developed in-house or purchased as a turnkey package from a commercial vendor.

Information Technology (IT):
Refers to the Office of Information Technology at the university.

Network:
A system of hardware and software that transmit and receive any combination of voice, video and/or data, which includes the network operating system, various client and server machines, the cables connecting them, and all supporting hardware in between such as bridges, routers and switches.

Shared Central Computers:
Computers managed centrally by IT that house applications shared by university users such as email and HRMS.

Workstations:
Generally synonymous with personal computers, desktop computers or microcomputers, but can refer to any kind of small computer such as a Windows PC or Macintosh.

4. APPLICABILITY

This policy applies to all data and information technology resources owned, operated or contracted by the university.

5. POLICY

The university provides a wide range of information technology resources, including workstations, shared central computers; voice, data and video networks; electronic services; specialized facilities and data repositories. These resources are available to enable scholarship, research, service and administrative support functions of the university and are supplemented by an appropriate mix of consulting, training, maintenance and support services.

Misuse of the university’s information technology resources is a serious offense. Misuses include, but are not limited to, improperly using university data, equipment, software or other resources; accessing university computers with stolen or illegitimate user identification; and compromising the security or performance of shared computer or communication systems. Specific requirements related to appropriate use are outlined in Policy 1207 - Appropriate Use of Technology Resources.

6. PROCEDURES

More detailed requirements, instructions and procedures for use of the university's information technology resources are specified in JMU Computing Standards, established and maintained by IT.

All users of university information technology resources are required to adhere to these standards, as well as other university policies related to information technology.

7. RESPONSIBILITIES

7.1 General Responsibilities

Information Technology
IT has overall responsibility for ensuring that effective information technology resource management takes place within the university. Establishing and implementing plans, policies, and practices that guide, protect and direct the university's information resource investment and assure the confidentiality, availability, integrity and effective use of these resources by the university community are central to this effort.

To address specific academic needs, IT works cooperatively with the Educational Technologies (ET) unit of Academic Affairs’ Libraries and Educational Technologies division. IT also seeks advice through a variety of standing and ad-hoc groups. Committees and advisory groups are convened to address specific issues or the needs of a particular constituent group. Such groups are generally composed of key stakeholders/users of information technology who advise on matters related to instructional, research and administrative applications of technology. They may also participate in major information technology policy decisions, provide input to long range plans, or make suggestions on service improvement.

Individual Responsibility
Individual vice presidents, deans, associate/assistant vice presidents, academic/administrative unit heads and faculty, staff and students provide input and share responsibility for effective information technology resource management. Their responsibilities include those directed by university policy or procedure and those that generally assure a secure and effective technology environment for themselves and others. 

7.2 Specific Responsibilities

7.2.1 Acquisition:
University departments must contact IT and complete a Project Initiation Questionnaire prior to soliciting acquisition, development or enhancement of technology systems. See Policy 1202 - Information Systems Implementation and Project Management.

IT will assist university departments in performing a business impact analysis to examine development or acquisition alternatives, selection and implementation requirements and life cycle planning. Specific considerations such as installation and configuration of hardware, software and services, security practices, telecommunication requirements and operational responsibilities will be discussed. IT will also assist in identifying and evaluating compatibility issues, compliance obligations and requirements for project documentation and implementation. While specific processes depend on the scope and complexity of the project, general requirements for initiation, classification and management of computing projects are outlined in Policy 1202 - Information Systems Implementation and Project Management. In addition, specific procedures are outlined in JMU Computing Standards.

Requests for information technology resources for externally funded projects or university-sponsored programs will be submitted through the appropriate department head, associate/assistant vice president, dean and vice president. IT will review these requests and the costs for necessary computer/communication services may be assigned in accordance with university accounting regulations.

7.2.2 Security: 
IT is responsible for establishing and maintaining the physical security of the central computing facilities (including shared file servers managed by IT), the university's communications network and data for which IT is the custodian. These responsibilities are more fully detailed in Policy 1204 - Information Security.

Vice presidents, associate/assistant vice presidents, deans and academic/administrative unit heads through their staff are responsible for the availability, confidentiality and integrity of data and software stored on individual workstations, servers or shared central computers to the extent they have access and/or operational control. This responsibility includes ensuring backup of key software systems and data on individual workstations or file servers. They may also include account management and/or data stewardship responsibilities that have been specifically assigned.

7.2.3 Access Control: 
The university provides access to its non-public computing resources for the exclusive use of students, faculty, staff and certain other constituents for the purposes of advancing educational pursuits and certain administrative support functions.

IT is responsible for instituting and monitoring appropriate access control measures for shared central computer systems, including centrally-managed administrative and academic computers, shared file servers and other systems for which it has system administration responsibilities.

With the written approval of the appropriate associate/assistant vice president, dean, or academic/administrative unit head, access control responsibilities for private file server volumes may be delegated to individual workgroup managers.

Access to central computing systems is granted by the issuance of individual user credentials and usage restrictions as appropriate. In addition to these general access controls, compliance with procedures for granting access to particular software applications or data sets is also required. Data managers are assigned to approve access to certain data domains, databases and/or applications. These data managers are responsible for assuring that requests for data/system use are in keeping with assigned responsibilities and university data access provisions. IT is responsible for implementing data access as approved by the appropriate data manager(s).

Individual users assume responsibility for the appropriate and ethical use of the systems and data to which they have access. See Policy 1204 - Information Security, Policy 1205 - Data Stewardship, and Policy 1207 - Appropriate Use of Information Technology Resources for more detail.

7.2.4 Systems Development and Maintenance:
IT provides systems analysis and programming services to support the university's administrative and academic purposes. These services include the design, programming, documentation, testing and enhancement of computer systems for a variety of service functions (e.g. financial accounting, student records administration, payroll processing.) as requested by university departments. IT and the initiating department will review a cost/benefit analysis of requested enhancements to assure appropriate utilization of university resources.

7.2.5 Systems Administration and Operations:
IT is responsible for providing environmental control and systems support for central software application systems and computing/communications components to meet the various administrative and academic needs of the university. Specific tasks include capacity and production planning, operational control, security monitoring and system administration for a variety of standard and ad-hoc production environments.

IT is responsible for providing direction to members of the university community regarding safe and responsible use of technology resources and the responsibilities users have for protecting and efficiently using such resources at JMU. The responsibilities are more fully detailed in Policy 1207 - Appropriate Use of Information Technology Resources and Policy 1204 - Information Security.

7.2.6 Telecommunications and Network Access: 
In cooperation with the university’s Telecommunications Department, IT delivers voice, data and video services by designing, installing and maintaining the campus network infrastructure, including both cabled and wireless components. IT also works with Telecom to provide access to information, systems and services at other sites by providing inter-network connectivity, satellite transfer and other forms of voice/data/video access.

8. SANCTIONS

Sanctions will be commensurate with the severity and/or frequency of the offense and may include termination of employment or expulsion. In addition, violators may be subject to criminal and/or civil action.

9. EXCLUSIONS

Exclusions may be approved by the Assistant Vice President for Information Technology to accommodate special needs or circumstances in support of the university's mission and that do not compromise the access or rights of other students, faculty and staff.

10. INTERPRETATION

The authority to interpret this policy rests with the president and is generally delegated to the Assistant Vice President for Information Technology.

Previous version: October 2014
Approved by the President: April 2002