Anyone can build a mobile App so how they heck do you govern that? BRETT POLLAK UC SAN DIEGO

EDUCAUSE ECAR Mobile App Working Group Brett Pollak, UC San Diego (Co-Chair) Rose Rochio, UCLA (Co-Chair) Jim Burgoon, Ohio State University Deepika Chalemela, UT Arlington Jason Fish, Purdue Jeffrey Rosczyk, UC Santa Cruz Lori Tirpak, Oakland University Chris Ward, Kennesaw State Robin Ying, Tidewater Community College

App development made easier App code generators make development quicker Maturation of the market

Who’s building Apps? Internal IT staff Faculty / Researchers Students Vendors (with internal sponsor)

Key considerations How do you determine what qualifies as an institutional app? What brand requirements are there? Are there processes in place to assure an app is tested for quality assurance? What are the data security and legal requirements protecting privacy (FERPA)? How is intellectual property determined when apps are developed by students or faculty? Are there financial considerations?

Governance Goals People, Policies, and Processes Produce mobile apps aligning with institutional strategic priorities Leverage existing structures if possible

Responsibilities Facilitating executive buy-in to mobile app governance policies and processes Streamlined process for review and approval of institutional mobile apps to be made available in public app stores Ensuring appropriate stakeholders are represented in decision making

Governance is Cyclical Convene Group Set Goals Publish Guidelines Review, Test and Deploy Maintain and retest

Unit/StakeholderRole/Responsibility Information Technology (IT) Technical review, security audits, code assessment/compiling, keys/certificates, maintain app store presences Marketing/Communications Naming, branding, design, editorial/language consistency Institutional Research Review Board (IRB) Adherence to responsible research practices Hospital, Medical Center/College of Medicine HIPAA, human subject concerns Legal App store contracts, vendor RFPs Technology commercialization/ Intellectual Property Assess commercial viability/pricing, potential for technology licensing, IP usage Academic/Faculty Strategic direction, concept validation, development resources Students Sounding board; user testing and feedback; creator of student-developed apps;

App Categories External focus with intent to communicate info about the university Internal focus to support administrative transactions Research based Apps with a narrow focus

What qualifies as a university App? Is the app owner/publisher a university faculty, student or staff member? Is the owner/publisher acting on behalf of an institutional department or unit? Does the app’s purpose and function align with an institutional priority, strategic goal or academic pursuit? Do the app’s intended audiences align with the institution’s constituency (Students, Faculty, Alumni, Patients, etc.)?

Branding Minimum set of standards Produce branding and graphic templates

Paid Apps Athletics: App was free to download but contained “premium content” Single merchant account Technology transfer office review

Advertising What is the institutional policy for advertising on electronic mediums? What is the view of adds within and App?

Data Governance Considerations Can they make use of secure data, e.g., (FERPA/HIPAA) from an ERP (i.e. grades/class schedules) or other data stores IRB/export control and ITAR (?) issues – certain nationalities not allowed to work with or access the data Does your app governance process account for online content-- content provided to the app via an API, database, or other mechanism?

Testing What level of responsibility does the governance group have for testing? ◦Testing with Devices ◦Testing with Emulators ◦Testing with Devices and Emulators Are apps proactively checked for vulnerabilities? If a critical security issue is discovered, does the governance process have a resolution plan?

Distribution What App Stores do you support? Process for Managing publishing to App Stores iOS ◦Single University Account enforced by DUNS number ◦No good method of distributed access to administration

App Store Administration Models Allow requestors to have direct access to the administration panel Have central IT be the broker Have vendors publish through their own accounts

Maintenance Review Analytics to monitor usage Review feedback Give the governing body authority to decommission Apps

Thank You Brett Pollak UC San Diego