Training and Annual Access Review L1 Apps

30%

Status

In Process [In Process]

30% complete, updated on Wed 5/1/24 10:08 AM by Vikram Chidambarasundaram

Changed Percent Complete from 25% to 30%.
Completed Tasks:

Identified all systems containing Level-1 data (approximately 120 applications).
Prioritized applications based on functional area (by division/department).
Conducted project kickoff meeting with IRT leadership, presenting project goals, timelines, and training schedule.
Developed a project plan with milestones.
Successfully completed training sessions for
- IRT CAT (Campus Applications Team)
- IRT Network Services/Data Center
- IRT ERP (Enterprise Resource Planning)
- IRT URDW (University Reporting and Data Warehouse)
- IRT ISO (Information Security Office)
- IRT Academic Technology.

Key Activities Planned

ISO/PMO will coordinate with system owners to schedule the remaining training sessions.
System administrators will conduct security reviews on identified systems.
ISO/PMO will assist with routing completed review forms for approvals and filing with annual review documentation.

Details

Dates
Wed 11/16/22 - Tue 12/31/24

Acct/Dept

IRT - Information Security Office

Service

Project Request / New Project Request

Type

Project / Annual Project Call

Health

Green - On track

Portfolio(s)

2023-2024 Divisional Projects (Nadya Lucas)
2023-2024 Internal Projects (Nadya Lucas)

Created

Wed 11/16/22 2:55 PM

Modified

Wed 5/1/24 10:08 AM

Link to Strategic Planning and Mandates

This will link the project to the University strategy it supports. If it is not a strategic project, don't select any.

Wellness & Safety Imperitive

Problem / Opportunity

Briefly summarize the problem or opportunity you propose to address. Write this in terms of the organizational problem being addressed, not in terms of the solution needed.

Increase in compliance with ICSUAM requirement to review all access to systems that contain level 1 data. This includes all systems in inventory, including those belonging to auxiliaries. This expansion is related to an observation in the 2021 IT Audit.

Goals & Objectives

Objectives are specific, measurable, and timed outcomes of the project that are stated in terms of the problem solutions or opportunities users will experience.

Identify all systems containing Level 1 data
Train managers and functional owners and administrators on review process
Collect attestation from app owners on security review
File with the annual review documentation

Area Lead

The person in your area who will help lead the following: document requirements, bring in appropriate resources (e.g., faculty, students, staff, etc.), and oversee tasks, testing, and training.

Jagan Pandarinathan

Functional Teams and Other Resources

Please do your best to define personnel needed for your project, as well as your best estimate of the number of hours needed from those project team members.

Campus Applications Team, University Data Warehouse, other campus divisions

Risks and Dependencies

Identify any factors that can affect the outcome of the project including major dependencies on other events or actions. These factors can affect deliverables, success, and completion of the project.

Time is the biggest risk. An early start is recommended in order to ensure a well documented process.

Executive Sponsor

Each project must have an executive sponsor (VP / Cabinet level executive).

Mark Hendricks

Description

Train managers and users, and roll out the level 1 system access review process that was designed for UEI and OnBase as part of the response to 2021 IT Audit.

Manager

Vikram Chidambarasundaram

Sponsor