The Technology Steering Committee (TSC) is a service-oriented committee created specifically for the purpose of partnering with ITS to help drive technology decisions and projects at Norwich University.
The mission of the TSC is twofold:
· Promote a collaborative, forward thinking culture around the use of technology at Norwich.
· Ensure Norwich’s technology expenditures are aligned with strategic and business goals.
In support of the mission, the TSC has eight main objectives:
· Create a community comprised of representatives from across the university who are invested in proactive technological advancement at Norwich University.
· Create Campus wide awareness of new and existing technologies.
· Serve as the final voice to approve or deny new technologies and technology projects.
· Work to eliminate redundant technologies by fully utilizing existing systems and integrating where possible.
· Assist in the prioritization of technology projects.
· Serve in an advisory role to ITS for the creation and upkeep of the ITS Strategic Plan.
· Serve as a recurring review between IT and customers.
· Consistent experience for all customers.
Membership:
The TSC will be comprised of technology minded individuals (ITS Liaisons) from departments across campus as well as members of the ITS leadership team.
Committee Charge:
The Technology Steering Committee (TSC) will be responsible for assessing all new technologies or technology implementations. The TSC will also review all new technology project requests.
To ensure Norwich University is employing the right technologies at the right time, where:
· Projects are requested and planned proactively.
· Technologies are compliant and secure.
· Technologies align with Norwich’s strategic and business goals.
· ROI is considered
To be productive, it is imperative that the TSC have the authority to make decisions regarding technologies, technology projects, and data. The individuals of the TSC must have a clear understanding of the University mission, goals, and strategic plans.
The following positions and members will serve on the Technology Steering Committee[1] (an ‘*’ denotes a voting member):
· Director of the Project Management Office (PMO) (Chair)
· VP of IT / Chief Information Officer*
· AVP of Information Security/Chief Information Security Officer *
· AVP Data Governance / Chief Data Officer*[GJS1]
o NOTE: This position does not yet exist, but will be incorporated once approved.
· Compliance Officer*
· Director of User Support (ITS)
· Director of Enterprise Systems (ITS)
· Director of Systems and Operations (ITS)
· CAT Members*
o COLA
o COLA
o COSM
o COSM
o COPS
o COPS
o Library
· CGCS Faculty Member or Dean*
· Office of Communications Representative*
· CGCS Representative*
· Student Representative*
· Controller*
· Admissions Office Representative*
· Registrar’s Office Representative*
· Library Representative
· Facilities Operations Representative*
· Development and Alumni Relations Representative *
The Technology Steering Committee (TSC) will be responsible for the following:
· Serving as an ITS Liaison for their respective areas.
o Promoting proactive technology planning[JO2]
o Officially request technology projects
o Advising ITS on the ITS strategic plan (In time)
· Assessing all new technologies or technology implementations/projects. In their assessment the following items will be considered:
o Is it the answer to solve the underlying business problem or to add value to Norwich?
o Are there alternative solutions that currently exist that we could expand on?
o Are there any process changes that could occur to avoid a new technology purchase?
o Are there financial, cybersecurity, or privacy related concerns to the university? (and its constituents[2]?)
o Will it expand enrollments to better serve the Nation and World?
o Will it enhance the financial sustainability for the campus?
o Will it enhance the student experience and the Norwich brand as the highest quality Senior Military Institution?
o Will it transform the organization into one characterized by extreme flexibility, high-demand and affordability?
· Project Prioritization
o Assist ITS by determining which projects are deemed most critical to the success of Norwich in which there may be competing projects for resources.
o To begin, the TSC will be charged with reviewing and prioritizing the current portfolio of projects to assist ITS is project planning.
The university is required (directly or implied[3]) to have a governance/steering process in place by various laws and regulations, including, but not limited to:
· Norwich University Presidential Directives
· Department of Education: Protecting Student Information
o Required compliance with NIST SP800-171
· Family Education Rights and Privacy Act (FERPA)
· Health Information Portability and Accountability Act (HIPAA)
· Payment Card Industry Data Security Standards (PCI-DSS)
· Gramm-Leach-Bliley Act (GLBA)
· General Data Protection Regulation (GDPR)
· ADA / Web Accessibility Guidelines (WCAG 2.1)
· Cybersecurity Insurance Providers
The members of the Technology Steering Committee must hold the following values:
· Communication – Communication must happen across campus, across departments and in support of the Technology Steering Committee process.
· Transparency – The process must be clear for all to understand.
· Accountability – Members of the committee must be held accountable for delivering on their responsibilities.
The committee will perform an annual review of this document to update personnel changes, changes in institutional mission, changes in ideology and/or changes of goals.
To ensure that all appropriate requests are properly assessed, this process must be the first requirement completed before seeking purchase approval. Technology or technology service purchases cannot be signed or approved without TSC approval.
To be successful, this process must be adhered to and supported by Norwich leadership at every level. The decision of the TSC is final.
A project is defined as any purchase, implementation or change that will result in new or changed services. This includes purchases of hardware or software that will rely on or utilize Norwich’s IT infrastructure.
Additionally, any work requested of Norwich ITS that is not a core service (e.g. creating accounts, adding phones and computers, etc.) or for the repair (break/fix) of a core service item, requires the submission of a project request to the Project Management Office.
Exceptions:
· Software to be installed in the lab environments for academic instruction
All requests for technology or technology services need to be requested through the ITS project request portal for security and compliance review at a minimum, regardless of ITS’ possible involvement in the implementation or project. The project request portal and valuable information related to ITS technologies and services can be found at: https://norwich.teamdynamix.com/TDClient/1978/Portal/Home/ .
All TSC Meetings will follow Robert’s Rules of Order.
· The committee will hold their meetings on a bimonthly basis to begin. Length of meetings will be determined by the number of projects to review and other business.
· The chair of the committee will distribute the agenda and supporting documentation at least one week prior to the scheduled meeting.
· Meeting minutes will be maintained by the committee chair or their designee.
· A quorum will consist of 10 or more voting members present and is required for any official business to be conducted.
· Additional Project Sponsors may be invited to a meeting to answer questions relating to a submitted project.
· Each meeting will follow the following format:
o Approval of prior meeting minutes.
o Old business: The status of previously approved projects.
o New business: Review of submitted projects and/or presentation by project submitters of their proposal.
o Additional Reports & Discussion
o New / Outstanding Action Items
There are two distinct types of requests that can be submitted.
The first is when the customers have done their research and fully understand what it is they are trying to accomplish and how they want to accomplish it (i.e., they want to implement a particular piece of software or a new system.) This will be referred to as a “Request for Project.”
The second type of request occurs when customers have identified an issue or problem, or have identified an area in need of improvement, but are unsure of the solution and are looking for guidance to identify one. This will be referred to as a “Request for Consult” and will be addressed differently than a standard project request. Please see Appendix A below for more details on how both requests are handled.
Requesting a Project/Technology:
· Project requests must be submitted by committee members representing their respective areas. This is important for several reasons:
o This allows departments to first vet their own project requests.
o Committee members will be trained on how to properly submit project requests.
o Reinforces the need to shift the culture at Norwich to be proactive when it comes to technology implementations and projects.
· Project Requests will be solicited and must be submitted six weeks prior to the next scheduled meeting to be considered.
o Example: For a project to be considered at the September 1st meeting, the request must be submitted by July 15th.
o This provides ITS with ample time to perform an initial assessment and for a security review to take place.
o An official schedule will be posted with important dates each fiscal year.
All new technology projects or requests for consult must be submitted to ITS for review via the TeamDynamix portal located here: https://norwich.teamdynamix.com/TDClient/Home/
· ITS will review and assess each project request prior to submitting to the TSC for review (see Appendix B)
o The preliminary review will utilize the Higher Education Cloud Vendor Assessment Tool (HEVCAT), Triage version. The Triage version of this tool seeks to gather some basic information about the product being reviewed. It must be completed by the vendor in its entirety in order to be considered.
o ITS will involve other departments as necessary (i.e. Office of Communications) for review and assessment.
o ITS will determine and report if additional resources are required to implement, maintain, or support the project/technology.
§ This may include updating the ITS Service Catalog to reflect the new technologies and/or services.
o ITS will submit an official assessment and recommendation to the TSC
·
· All new project requests will be submitted to the TSC no later than one week prior to the scheduled meeting[JO3] .
· TSC Assessment:
o Members must carefully consider the request and determine if the problem can be solved without technology (i.e. solved by people or process) at a reasonable cost and within a reasonable timeframe.
o If technology is required, can existing technology be leveraged to meet the needs outlined by the requestor?
o Does this project align to Norwich’s mission, strategic plan, and institutional goals?
o If the project involves a web technology:
§ Does the project conform to ADA / Web Accessibility Guidelines (WCAG 2.1)?
§ Has the project been reviewed by the Office of Communications for:
· Brand compliance
· Responsiveness
o Does the project pose significant risks?
§ Has a privacy impact assessment been performed?
· Compliance with GDPR, state privacy laws will be assessed.
§ Has a risk assessment been performed by the CISO?
§ Is there a proposed contract and has it been reviewed by the CISO and legal counsel?
§ Is the project required in support of any law or regulation?
o Is there an established budget to support the initiative as well as any additional resources that may be required to ensure its success?
§ If no, and the project is approved, it is dependent upon the Project Sponsor securing funding from the CFO.
· Voting will be done by an online system to avoid undue influence.
· If a Project Stakeholder is a voting member of the committee and they have presented a project, they must abstain from voting.
· The committee will vote to determine if the request is approved or denied
· Approval requires greater than 2/3 of the voting members in attendance to vote in favor of the project.
o If the committee determines that there is not sufficient value returned from this project, or that it could be fulfilled using existing technologies, people, or process, they must deny the project request[JO4] .
o If the committee determines that this project meets the requirements outlined above, they may approve this project.
Approved projects must be scored to aid in overall prioritization by ITS. The factors considered in scoring are outlined here. Actual project scoring will be completed within TeamDynamix, using these criteria as the basis for the algorithm.
· The project:
o directly supports Norwich University’s current strategic initiatives.
o is a compliance-related project.
o has security-related objectives.
o helps give the institution a competitive advantage.
o helps improve customer satisfaction.
o helps improve student retention.
o is related to critical software/hardware updates.
o will help increase enrollment.
o will increase efficiency.
o is considered an “Innovation” that will provide benefits to Norwich.
o will increase revenue for the university.
o will enhance the timeliness of institutional reporting
o will lead to significant cost reduction for the institution
o Project will consolidate or eliminate duplicate systems on campus.
o will provide enhanced functionality not currently available within the institution.
· Timeline of implementation. Do any of the following provide definitive guidance for the timeline:
a. Compliance
b. Academics
Once a project is approved and scored, the following processes will be followed
· Legal Review
o All approved and prioritized projects are contingent upon a legal review of the contract if applicable. Project planning cannot begin until the legal review has been completed and approved.
· Communication
o A formal email will be sent to the requestor notifying them of their project approval.
o TeamDynamix will be updated to reflect the approval.
o Notes from all meetings will be made publicly available on the ITS Portal.
· Project Management
o TSC approval does not mean projects will begin immediately, the PMO will establish the official timeline.
§ The ITS Project Manager will communicate with the requestor on estimated timelines based upon priority and resource availability.
§ In the event a project is mission critical, and the TSC and PMO are unable to shift priorities to provide sufficient ITS staffing to meet critical deadlines, the requestor may work with ITS to secure third party resources to complete the project, where applicable, and will be funded by the requestor.
o The project plan will be developed after approval.
§ This step will require user and stakeholder input.
When a project is denied by the committee, the requestor will be notified via email, this will also be reflective in the project request located in the TeamDynamix portal.
Requestors may seek an appeal from the the Chief of Staff, who must take into consideration section 7.5 Project Process as part of their decision making process. The Project Requestor will coordinate a meeting to include only the requestor, the Chief of Staff, and the Chief Information Officer to review the request before a decision is made.
This appendix will be updated annually to reflect current committee members.
|
Name
|
Department
|
Email
|
Voting Status
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Requestor[JO6] submits a request from the ITS portal
2. PMO does an initial review
a. If the project involves third party software or vendors:
i. A security assessment will be completed including a review of the HECVAT.
ii. Additional departments will be brought in as necessary for assessment.
3. ITS Directors review initial request and do an official assessment of the project and proposed solution to include:
a. Feasibility
b. Comparable tTechnologies already on campus
c. Scope
d. Potential resourcing (based upon skillsets)
e. Amount of effort on ITS part
4. PMO will identify resources and potential scheduling options
a. Will submit a document to the TSC for review.
5. TSC will determine if this project brings value to NU and approve or deny.
6. If approved, any contracts will be reviewed by Norwich legal counsel.
1. Improve student experience and student success.
2. Increase academic program relevancy and excellence.
3. Expand strategic partnerships.
4. Establish a Center of Leadership.
5. Enhance faculty/staff excellent (invest in our people).
6. Improve affordability.
7. Ensure financial stewartship.