Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Resources Technology - Information Security Office

Published byGiles Randall Modified over 5 years ago

Similar presentations

Presentation on theme: "Information Resources Technology - Information Security Office"— Presentation transcript:

1 Information Resources Technology - Information Security Office
Information & Communications Technology (ICT) Procurement Ensuring campus technology is accessible, secure, compliant, and supported Information Resources Technology - Information Security Office My name is Sue Rivera. Just a little background about myself. I’ve been at SacState since December, with the CSU at two campus’ now 19 years, all in technology, the last eight years being within Information Security. I’m excited to be working with all of you as we look to make SacState’s technology procurement the best! This presentation is a high level overview of our new and revitalized Technology Procurement process, previously called, “E&IT, now ICT”. As we continue to mature this process, our hope is to benefit the campus by reducing costs and risks, reduce complexity by connecting with all stakeholders, and identify optimal technology solutions to meet our academic and/or your business goals.

2 Agenda What is ICT? Types of Products and Services that need ICT
Who Evaluates My Request? Current Process Barriers How do I Submit a Request? What is My Role in “Security Reviews?” Questions Agenda What is ICT? Types of Products and Services that need ICT Who Evaluates My Request? Current Process Barriers How do I Submit a Request? What is My Role in “Security Reviews?” Questions

3 What is ICT? (New Name, New Process)
Information and Communications Technology (ICT) is an evaluation process and team of experts who support technology purchases for campus. It provides a structured way to determine if a technology meets compliance, accessibility and security criteria. In a nutshell: requests are submitted and approvals provided so you can turn in the approval to procurement with your requisition or pro card. We have a new name and an updated process. Information and Communications Technology (ICT) consists of an evaluation process and team of experts who support technology purchases (and some no dollar agreements) for campus. We’re doing this new process because: It provides a structured way to determine if a technology meets compliance, accessibility and security criteria so we as a campus and you as a business partner can maintain compliance and reduce risk to the University.

4 The New ICT: Let’s Work Together!
The process is being revitalized to maintain the integrity of our systems, and help our campus partners meet requirements.   Launching a new, clearly defined ICT process Collaboration and conversations – We would like to begin early and often – with campus stakeholders Proactive communications, ongoing education, training and resources to make the process easier to navigate We’re launching a new, clearly defined ICT process Collaboration and conversations – We would like to work together early and often – with our campus stakeholders to identify optimal solutions to meet academic and/or business goals To have proactive communications, ongoing education, training and resources to make the process easier to navigate and when questions arise, we can work through them together. There is always a better way, right! … you folks are in the trenches with those that want to use new products and services and can help us out to make this process run smoothly.

5 Types of Products/Services That Need ICT?
Computers Desktop, laptops, and tablets Self-contained products  Printers, copiers, kiosks, scanners, portable projectors, transaction machines  Software, web content, and mobile apps Telecommunications products  Phone, VOIP, any products/service that communicates to students (example: Hobson’s software) Video and multimedia materials  Streaming video (need to be captioned or subtitled if commercially available) Communications and Surveys Social media, Find items and exclusions at ICT Procurement This list isn’t exhaustive, but includes: New orders, renewals, upgrades, maintenance, subscriptions, service agreements, surveys. If you have suggestions as to how we should categorize these to help out the campus, please let me know. Computers Desktop, laptops, and tablets Self-contained products  Printers, copiers, kiosks, scanners, portable projectors, transaction machines  Software, web content, and mobile apps New, renewals, upgrades, maintenance, subscriptions Telecommunications products  Phone, VOIP, any product that communicates to students (example: Hobson’s software) Video and multimedia materials  Streaming video (need to be captioned or subtitled if commercially available) Communications and Surveys Social media and

6 Who Evaluates My Request?
A team of area experts work together to guide technology requests through a basic to comprehensive evaluation process. Evaluation Teams Accessibility Technology and Infrastructure Campus Enterprise Applications University Reporting Project Management Security Web Services Procurement Buyers Your Request A team of area experts work together to guide technology requests through a basic to comprehensive evaluation process. Some Requests do not require this type of involvement. Our evaluation Team includes: Accessibility Technology and Infrastructure Campus Enterprise Applications University Reporting Project Management Security Web Services Procurement Buyers

7 ICT: Current Process Barriers
Campus folks may be unaware of the new ICT process or what products/services “qualify” for review Short-notice requests; little time to evaluate properly Incomplete, inaccurate or unsubmitted forms Contract negotiation or renewal challenges Legal involvement There are some barriers within the ICT process that you should be aware of. Campus folks may be unaware of the ICT process or what products/services “qualify” for review (We’ve been trying to the spread the word and have begun talking with division folks and adding this process into our training offerings.) Short-notice requests; little time to evaluate properly Incomplete, inaccurate or unsubmitted forms  You may be asked to submit a request, yet have little background provided about the product or service Contract negotiation or renewal issues  Legal involvement Some folks submit a requisition or purchase on a Procard, but don’t have the ICT approval attached, and this is a requirement.

8 How do I Submit a Request?
1 Visit the Technology Procurement Webpage to “Begin the ICT Process.” 2 Review the timeline and fill out the ICT Request Form Collaboration will be with the requester 3 Confirm you've completed each field Click on “Submit” We’ll be in touch! To submit a request: Step 1: Visit the Technology Procurement Webpage to “Begin the ICT Process.” Instructions are available. Step 2: Review the timeline and fill out the ICT Request Form Collaboration will be with the requester. You will receive an where you can review the approvers and submit any questions or upload documents about your request. A timeline can be anywhere from a week to 8 weeks or more depending upon the complexity. Step 3: Confirm you've completed each field Click on “Submit” We’ll be in touch! (You will be contacted automatically via with any communications. We may also call you on the phone.

9

10

11 What Requires a Security Review?
Products and services that involve University Data, cloud applications & services, accounts and infrastructure University Data Such as credit card data, SSN’s, medical Info., student records, etc… Cloud Applications and Services Accounts An account used to login to use a product or service or       Single sign-on (SacLink account) Infrastructure Data Center, telephony, security cameras, HVAC, locks What requires a Security Review? Products and services that involve campus infrastructure, University Data, and/or accounts as part of use University Data This could be credit card data, SSN’s, student records or a number of other types of data Cloud Applications and Services Usually any 3rd party vendor that provides a product or service over the Internet. A Service may be a survey, , or social media. Accounts An account used to login to use a product or service or       Single sign-on (SacLink) Infrastructure Data Center, telephony, security cameras, HVAC, locks

12 Additional Requirements
HIPAA Health Insurance Portability and Accountability Act PCI DSS Payment Card Industry Data Security Standard IT Supplemental Security Language CSU Requirement Additional Requirements pertain to medical information, credit cards and CSU security language that gets entered into a contract or product/service agreement. HIPAA  Health Insurance Portability and Accountability Act PCI DSS Payment Card Industry Data Security Standards IT Supplemental Security Language CSU Requirement

13 What is My Role in Security Reviews?
Complete necessary forms, and be aware of your area’s current IRT Project Prioritization Have a clear understanding of the applications and requirements of the requested product or service, including ICSAUM 8065.S02 "data classification" Able to serve as a liaison between campus and the vendor Agree to regularly communicate process status within your area As a requester or submitter of an ICT: Complete necessary forms, and be aware of your area’s current IRT Project Prioritization Have a clear understanding of the applications and requirements of the requested product or service, including ICSAUM 8065.S02 "data classification“ (let your folks know that you will be depending upon them for additional information. Able to serve as a liaison between campus and the vendor Agree to regularly communicate process status within your area

14 Questions? We have time for about 2-3 questions and I’ve provided my contact information to Gina as well as a copy of the slide deck.

15 Contacts Sue Rivera s.rivera@csus.edu Mark Hendricks
Need Help? Open up a Service Desk Request:

Download ppt "Information Resources Technology - Information Security Office"

Similar presentations

Resolution Categorization

Resolution Categorization
System for Administration, Training, and Educational Resources for NASA External Training Requests for Learners and Supervisors January 2007.

System for Administration, Training, and Educational Resources for NASA External Training Requests for Learners and Supervisors January 2007.
QI Usage Requests: Part 2 Managing, Approving & Ordering.

QI Usage Requests: Part 2 Managing, Approving & Ordering.
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.

IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
Betsy L. Sirk Section 508 Coordinator NASA Goddard Space Flight Center

Betsy L. Sirk Section 508 Coordinator NASA Goddard Space Flight Center
Business solutions dedicated to actual situation of leasing market Vlad Cristutiu – Charisma Enterprise Product Manager, TotalSoft Daniel Balaceanu – Product.

Business solutions dedicated to actual situation of leasing market Vlad Cristutiu – Charisma Enterprise Product Manager, TotalSoft Daniel Balaceanu – Product.
Building Our Virtual Campus with Universal Design in Mind All resources are available here:

Building Our Virtual Campus with Universal Design in Mind All resources are available here:
Access Provisioning: Navigating the Request Process Stella Le and Jim Lewis Senior Information Security Analysts Enterprise Application Security Team (EAST)

Access Provisioning: Navigating the Request Process Stella Le and Jim Lewis Senior Information Security Analysts Enterprise Application Security Team (EAST)
SuccessFactors - Frequently Asked Questions FAQs Question: I don't have easy access to a computer at work. What other options do I have? Answer: SuccessFactors.

SuccessFactors - Frequently Asked Questions FAQs Question: I don't have easy access to a computer at work. What other options do I have? Answer: SuccessFactors.
Source-to-Pay (S2P) Initiative Coupa Supplier Network Training

Source-to-Pay (S2P) Initiative Coupa Supplier Network Training
Section 508 Survived Year One, on to Year Two

Section 508 Survived Year One, on to Year Two
My2N – Mobile Video Technical Training

My2N – Mobile Video Technical Training
Facebook privacy policy

Facebook privacy policy
University of Missouri – Columbia School of Medicine

University of Missouri – Columbia School of Medicine
Food Suppliers Implementation of EDI &PAV March 2010

Food Suppliers Implementation of EDI &PAV March 2010
PCard Sensitive and Protected Information Procedures

PCard Sensitive and Protected Information Procedures
How Can NRCS Clients Use the Conservation Client Gateway

How Can NRCS Clients Use the Conservation Client Gateway
Get your Math Lessons Into The hands of Your Students!

Get your Math Lessons Into The hands of Your Students!
Referral to Community Support Services

Referral to Community Support Services
slate for boilermakers

slate for boilermakers

Similar presentations

Ads by Google