IST Townhall June 2015 - umanitoba.ca

IST Townhall June 2015

1

Agenda

• Recruitment • UM Leaders Program • Voluntary Days Off Program • IT Security (OAG) • Org Structure – next iteration • Questions

2

Recruitment

• Janice Derco – Director, Planning & Governance (interim) – Joined IST on Monday, June 8 – Reporting to Mario Lebar

• Larry Kuzmack – Manager, Production Control and Integration (interim) – Joined IST on Tuesday, May 19 – Reporting to Doug Stoyko

• Director of Information Security & Compliance – List interviews scheduled to complete by end of June – Target is August 31st for new Director to be on-site

3

4

UM Leaders Program

To our IST Leaders who successfully completed the UM Leaders Program in

May 2015!!

New – Voluntary Days Off Program

5

Offers staff the opportunity to take up to 10 additional days off (unpaid) without losing service, pension or vacation entitlement

accruals

Speak to your leader for more information

IT Security

6

Background

• An IT Security project started in September 2013 to deal with the OAG recommendations

• Unfortunately, not sufficient progress made by June 2014 and became highest priority work across IST for remainder 2014-15

• Project structure implemented.

7

OAG Recommendations (21)

Unix Servers – Trust Relationships Activity Monitoring * Developers’ access to production Unique Oracle DBA accounts Access rights in Unix/Linux Finance - User access to financial systems * Finance - Review of user access to financial systems * Disable terminated users on a timely basis * Strengthen server configuration * Windows operating system security controls * *

Oracle database password settings Password strength in Unix environment * Formal Disaster Recovery Plan (DRP) * Formal change management process * Formal IT Risk assessment process* Annual re-verification of compliance to end user policy * Review payroll authorization reports Business Continuity Plan * Finance - Faculty of Medicine review of operating statements * Access rights in payroll system Information Security Policy ^

8 * In progress ^ New

0

5

10

15

20

25

OpenResolved

Phase 1 – ready for Oct 2015 audit 2 are complete and require time

for compiling evidence for OAG (2007/08 and 2012/13)

3 IT Security initiatives underway (2007/08, 2009/10, 2013/14)

Phase 2 – ready for Mar 2016 audit Business Continuity / Disaster

Recovery Plan (2008/09, 2007/08) 1 from Registrar (2007/08) 2 IT Security initiatives underway

(2007/08 *2) Phase 3 – ready for Oct 2016 audit 4 recommendations will be

resolved with the IAM solution (2011/12 * 2, 2012/13 * 2)

1 recommendation for an IT Security Policy (2014/15)

NOTE – no assumptions made regarding new OAG recommendations

10

Since the December townhall

Revised the structure based on feedback from HR (January)

Submitted the org structure and the management jobs descriptions to AESES for feedback (March)

Revised the org structure based on feedback from AESES (June)

11

12

Org structure as of March 2015…

13

June 2015 Proposed Alternative

Top level December 2014

June 2015

Security and Compliance

December 2014 June 2015

Note: The Enterprise Security Architect has dual reporting. To the Director, IS&C for security work priorities and to the Chief Architect for primarily input to strategic plan, building the architecture practice and competency development

Planning and Governance

December 2014 June 2015

Client Solutions and Services

December 2014 June 2015

Build Services December 2014

June 2015

Run Services

Shared with Build Team

Research & Education Clients

December 2014

19

Run Services

June 2015

20

21

Total IST EMAPS Jobs Current structure 19

“Strawman” (as presented at Dec. townhall) 34

AESES Presentation (as of March 2015) 25

June 2015 proposed alternative 22

IST EMAPS Jobs

AESES Job Counts

• Current – AESES has 174 “positions”

• June 2015 proposed alternative – AESES would have 170 “positions”

22

What are your initial

Questions? Observations??

23

Immediate next steps

Post presentation and FAQs to IT

Transformation web site

Follow-up team meetings with your

Directors to answer questions

Business as usual!

24

Your feedback continues to be important to use!

• Share your feedback and questions directly

with your manager.

• Email your questions and feedback to

[email protected]

• Talk to someone on the IT Transformation

Program

• Post your questions/comments anonymously

on the printed org charts 25