Common Systems Group (CSG)
June 28, 2005
Meeting Summary
CSG Attendees: Paul Craft, Jim Davis, Steve Duim, Jason
Frand, Mats Granlund (for Carol King), Max Kopelevich, Kathleen O’Kane, Tom
Phelan, Sean Pine, Vincent Riggs (for Bill Jepson), Terry Ryan, Ruth Sabean,
Marsha Smith, Eric Splaver, Kent Wada, Esther Woo-Benjamin, Don Worth
Guests: Diane Blake (CTS), Susanne LaRocca (OIT),
Greg Partipilo (ATS), Johnny Pugh (Student Financial Services), Tom Trappler
(OIT)
Agenda
1)
Campus Security Incident Tracking
The proposed UCLA IT Security Incident Tracking Program is jointly
sponsored by OIT and CTS. Its purpose is to enable UCLA to more effectively
resolve and report security incidents to the campus. Under the proposed
process, OIT will continue to oversee the security environment and manage the
high level and sensitive security breaches. CTS, in conjunction with the
Director of IT Policy will serve as a clearinghouse for all standard campus security
incident tracking, notification and reporting.
There was discussion about the process steps. The CSG recommended that
the operational aspect of the process be integrated into the soon to be formed
Applied Security task force. They also recommended that a subgroup be formed to
address data policies (e.g. personal information) and return to the full CSG
with recommendations on elements to include in the tracking system.
Action:
·
Form a
subgroup to address data policies. Terry Ryan and Mike Schilling agreed to be
members of this subgroup. Jonathan Curtiss (Student Affairs) was nominated to
be included in the subgroup.
2)
Systemwide RFP on Encryption
Kent Wada forwarded documents related to a systemwide RFP for an
encryption solution and is seeking CSG comment, particularly about whether/how
the RFP fits in with each unit’s needs. HIPAA has been the primary driver
behind the RFP and the timeline is aggressive – it is expected to be issued on
July 15th.
3)
Express Travel System Update
Full re-implementation of the UCLA Express Travel Expense Management
System is planned for December 2005. The system is currently in production
pilot in Psychology, Law, Chancellor’s Office, Corporate Financial Services,
University Extension, and Graduate School of Education (GSEIS). The
implementation plan is to migrate all users of the current system first and
then roll out all remaining campus departments. The new system incorporates
feedback from a campus-wide user group and includes enhancements such as: HTML
based, improved email notification process, streamlined approval process, easier
FAU entry, approvers established in DACSS, proxies maintained by DSAs in
Express through the System Administration Tool, and digital receipt filing.
4)
Post Authorization Notification (PAN) Update
PAN is a UCOP application that has been adopted by all UC campuses. It
is currently being re-written in a new environment. UCLA has established a
campus-wide PAN User Group to address and prioritize needs. The main issues
identified are performance, navigation, printing and forwarding, too many
reviewers, and Mac issues. UCLA has sent a list of requested enhancements to
UCOP. Some problems identified during CSG discussion include: lack of search
capability, lack of detail in travel transactions, re-enabling access after a
vacation is cumbersome.
Actions:
·
Steve
Duim agreed to send the list and status of requested enhancements to the CSG
5)
Payment Card Industry (PCI) Compliance and
Development Front End Update
In order to meet a new compliance requirement for credit card
processing mandated by Visa and Mastercard, AIS was asked to develop and
implement a central front-end process that all merchant application systems
could interact with when their clients intend to pay for services with their
credit card. UCLA is not subject to non-compliance fines until June 2006;
however, starting July 1, 2005, UCLA is vulnerable for break-ins until the new
front end can be implemented. Greg Partipilo, the project’s manager, gave an
overview of the approach, assumptions, and schedule for building the front-end
process. The CSG was asked to send feedback to Don Worth as soon as possible so
AIS can begin coding.
6)
Repositioning IT Initiative
Marsha Smith distributed the draft Repositioning IT Key Attention Areas
document for CSG review and comment (Marsha will follow up individually with
CSG members). This document describes principles that will guide project
planning, long term activities, and activities to be accomplished in the year
ahead. The document has already been reviewed by the Chancellor, EVC, ITFOC and
ITPB.
Meeting Schedule for
Remainder of 2005:
|
Tuesday |
July
26 |
2:30
– 4:30 p.m. |
2121
Murphy |
|
Tuesday |
August
23 |
2:00
– 4:00 p.m. |
2121
Murphy |
|
Tuesday |
September
27 |
2:00
– 4:00 p.m. |
2121
Murphy |
|
Tuesday |
October
25 |
2:00
– 4:00 p.m. |
2121
Murphy |
|
Tuesday |
November
22 |
2:00
– 4:00 p.m. |
2121
Murphy |
|
Tuesday |
December
20 |
2:00
– 4:00 p.m. |
2121
Murphy |