Policy 1201
Information Technology Resource Management
Date of Current Revision: April 2012
Responsible Officer: Assistant Vice President for Information Technology
1. PURPOSE
In conjunction with JMU Policies 1212 (Information Technology Infrastructure, Architecture and Ongoing Operations) and 1213 (Information Technology Project Management), this policy establishes general requirements and responsibilities associated with the management and use of computing and telecommunications resources and services at James Madison University.
2. AUTHORITY
The president gives the Assistant Vice President for Information Technology responsibility for university policies and procedures for acquisition, implementation, documentation and use of information technology resources and for meeting its compliance obligations. Information Technology (IT) also provides and manages a variety of computing facilities and services for the university.
3. DEFINITIONS
Workstations:
Generally synonymous with personal computers, desktop computers or microcomputers, but can refer to any kind of small computer such as a Windows PC or Macintosh.
Shared Central Computers:
Computers managed centrally by IT that house applications shared by university users such as email and HRMS.
Network:
A system of hardware and software that transmit and receive any combination of voice, video and/or data; Includes the network operating system, various client and server machines, the cables connecting them and all supporting hardware in between such as bridges, routers and switches.
End User Computing:
Computing activities and resources intended primarily to support the needs of the department or unit developing or purchasing the application. EUC applications typically reside on workstations. EUC applications used to conduct university business must be adequately documented and secured in order to ensure continuity of service or operations. An EUC application may be developed in-house or purchased as a turnkey package from a commercial vendor.
Access Control:
Access control is the ability to allow or deny use of a certain resource by a particular entity. Access control mechanisms are necessary to management of physical and/or digital resources.
4. APPLICABILITY
This policy applies to all data and information technology resources owned, operated or contracted by James Madison University.
5. POLICY
James Madison University provides a wide range of information technology resources including workstations, shared central computers; voice, data and video networks; electronic services; specialized facilities and data repositories. These resources are available to enable scholarship, research, service and administrative support functions of the university and are supplemented by an appropriate mix of consulting, training, maintenance and support services.
Misuse of the university's information technology resources is a serious offense. Misuses include, but are not limited to, improperly using university data, equipment, software or other resources; accessing university computers with stolen or illegitimate user identification; and compromising the security or performance of shared computer or communication systems. Specific requirements related to appropriate use are outlined in Policy 1207 (Appropriate Use of Technology Resources).
6. PROCEDURES
More detailed requirements, instructions and procedures for use of the university's information technology resources are specified in JMU Computing Standardsestablished and maintained by IT at http://www.jmu.edu/computing/standards.
All users of university information technology resources are required to adhere to these standards as well as other university policies related to information technology.
7. RESPONSIBILITIES
7.1 General Responsibilities
Information Technology
IT has overall responsibility for ensuring that effective information technology resource management takes place within the university. Establishing and implementing plans, policies, and practices that guide, protect and direct the university's information resource investment and assure the confidentiality, availability, integrity and effective use of these resources by the university community are central to this effort.
To address specific academic needs IT works cooperatively with the Educational Technologies (ET) unit of Academic Affairs' Libraries and Educational Technologies division. IT also seeks advice through a variety of standing and ad-hoc groups. Committees and advisory groups are convened to address specific issues or the needs of a particular constituent group. Such groups are generally composed of key stakeholders/users of information technology who advise on matters related to instructional, research and administrative applications of technology. They may also participate in major information technology policy decisions, provide input to long range plans or make suggestions on service improvement.
Individual Responsibility
Individual division heads, deans, academic/administrative unit heads and faculty, staff and students provide input and share responsibility for effective information technology resource management. Their responsibilities include those directed by university policy or procedure and those that generally assure a secure and effective technology environment for themselves and others.
7.2 Specific Responsibilities
7.2.1 Acquisition:
University departments must contact IT and complete a Project Initiation Questionnaire prior to soliciting acquisition, development or enhancement of technology systems. See Policy 1202 (Information Systems Implementation and Project Management) at http://www.jmu.edu/JMUpolicy/1202.shtml for additional detail.
IT will assist university departments in performing a business impact analysis to examine development or acquisition alternatives, selection and implementation requirements and life cycle planning. Specific considerations such as installation and configuration of hardware, software and services, security practices, telecommunication requirements and operational responsibilities will be discussed. IT will also assist in identifying and evaluating compatibility issues, compliance obligations and requirements for project documentation and implementation. While specific processes depend on the scope and complexity of the project, general requirements for initiation, classification and management of computing projects are outlined in Policy 1202 (Information Systems Implementation and Project Management). In addition, specific procedures are outlined in JMU Computing Standards.
Requests for information technology resources for externally funded projects or university-sponsored programs will be submitted through the appropriate department head, dean and senior vice president. IT will review these requests and the costs for necessary computer/communication services may be assigned in accordance with university accounting regulations.
7.2.2 Security:
IT is responsible for establishing and maintaining the physical security of the central computing facilities (including shared file servers managed by IT), the university's communications network and data for which IT is the custodian. These responsibilities are more fully detailed in Policy 1204 (Information Security).
Division heads, deans and academic/administrative unit heads through their staff are responsible for the availability, confidentiality and integrity of data and software stored on individual workstations, servers or shared central computers to the extent they have access and/or operational control. This responsibility includes ensuring backup of key software systems and data on individual workstations or file servers. They may also include account management and/or data stewardship responsibilities that have been specifically assigned.
7.2.3 Access Control:
The university provides access to its non-public computing resources for the exclusive use of students, faculty, staff and certain other constituents for the purposes of advancing educational pursuits and certain administrative support functions.
IT is responsible for instituting and monitoring appropriate access control measures for shared central computer systems including centrally managed administrative and academic computers, shared file servers and other systems for which it has system administration responsibilities.
With the written approval of the appropriate division head, dean, or academic/administrative unit head, access control responsibilities for private file server volumes may be delegated to individual workgroup managers.
Access to central computing systems is granted by the issuance of individual user credentials and usage restrictions as appropriate. In addition to these general access controls, compliance with procedures for granting access to particular software applications or data sets is also required. Data managers are assigned to approve access to certain data domains, databases and/or applications. These data managers are responsible for assuring that requests for data/system use are in keeping with assigned responsibilities and university data access provisions. IT is responsible for implementing data access as approved by the appropriate data manager(s).
Individual users assume responsibility for the appropriate and ethical use of the systems and data to which they have access. See the university policies on Information Security (Policy 1204) University Data Stewardship (Policy 1205) and Appropriate Use of Information Technology Resources (Policy 1207) for more detail.
7.2.4 Systems Development and Maintenance:
IT provides systems analysis and programming services to support the university's administrative and academic purposes. These services include the design, programming, documentation, testing and enhancement of computer systems for a variety of service functions (e.g. financial accounting, student records administration, payroll processing.) as requested by university departments. IT and the initiating department will review a cost/benefit analysis of requested enhancements to assure appropriate utilization of university resources.
7.2.5 Systems Administration and Operations:
IT is responsible for providing environmental control and systems support for central software application systems and computing/communications components to meet the various administrative and academic needs of the university. Specific tasks include capacity and production planning, operational control, security monitoring and system administration for a variety of standard and ad-hoc production environments.
IT is responsible for providing direction to members of the university community regarding safe and responsible use of technology resources and the responsibilities users have for protecting and efficiently using such resources at JMU. The responsibilities are more fully detailed in Policy 1207 (Appropriate Use of Information Technology Resources) and Policy 1204 (Information Security).
7.2.6 Telecommunications and Network Access:
In cooperation with the university's Telecommunications Department, IT delivers voice, data and video services by designing, installing and maintaining the campus network infrastructure, including both cabled and wireless components. IT also works with Telecom to provide access to information, systems and services at other sites by providing inter-network connectivity, satellite transfer and other forms of voice/data/video access.
8. SANCTIONS
Sanctions will be commensurate with the severity and/or frequency of the offense and may include termination of employment or expulsion. In addition, violators may be subject to criminal and/or civil action.
9. EXCLUSIONS
Exclusions may be approved by the Assistant Vice President for Information Technology to accommodate special needs or circumstances in support of the university's mission and that do not compromise the access or rights of other students, faculty and staff.
10. INTERPRETATION
The authority to interpret this policy rests with the president and is generally delegated to the Assistant Vice President for Information Technology.
Previous version: September, 2010
Approved by the President: April, 2002
Index Terms
IT
PC
Personal computing
Resource Management
Networks
Systems
Security
