IT Strategic Plan 2023- 2025

IT Strategic Plan

Strategies in bold font are currently underway or planned for AY23-24

Goal 1: Create Sustainable Services  

Strategy 1 – Appropriately Allocate Resources and Positions 

1. Perform value review of managed services vs internal resources 
   
2. Create regular budget review and overview process including capital vs operational 
   
3. Examine budget model and allocation and determine appropriate balance  
4. Build formal knowledge and task transfer from Senior to Journey and Entry workers 
5. Audit roles and duties across the division and reallocate duties and classifications if necessary; rewrite PDs 

Strategy 2 – Develop a Technology Roadmap  

1. Review institutional strategic plan and defined technology needs  
2. Create an infrastructure roadmap for next 5-10 years; determine feasibility of maintaining data center and remaining physical infrastructure 
3. Create policy, procedures, and solution requirements for creating and maintaining a dynamic asset inventory for servers, software, licenses, network equipment and end points  
4. Overhaul the Peoplesoft account lifecycle process 
5. Implement IAM; AD group assignment 
6. Define cloud strategy with input from governance 
7. Analyze and optimize value of service portfolio 
8. Identify, evaluate, and minimize technical debt, redundancies, and inefficient services  

Strategy 3 – Increase IT Organizational Maturity  

1. Improve the change management process  
2. Implement code management and development best practices  
3. Determine code migration tools for cloud and on prem platforms 
4. Utilize project management processes for all IT related projects  

Goal 2: Strengthen Collaborations with University Community 

Strategy 1 – Restructure IT governance 

1. Implement project portfolio management and prioritization 
2. Improve Solution Request process
   
3. Review EISC and sub council charters and membership; update policy  
4. Build criteria for technology investments that aligns with overall institutional strategy 

Strategy 2 – Enhance Business Partner Relationships 

1. Create communication strategy 
2. Meet with all business and academic units regularly; create calendar and scope of conversations 
3. Build technology training for end users 
4. Define SLAs for all services  
5. Review methods for gathering community feedback and requirements 

Strategy 3 – Facilitate Business Process Improvement 

1. Design automated onboarding/offboarding processes, including role provisioning in PS 
2. Work with business units to identify Peoplesoft processes that require improvement and create roadmap for development work  
3. Develop service templates for university processes in O365 

Goal 3: Improve Student Experience  

Strategy 1 – Understand the Student Experience 

1. Map student technology touchpoints 
2. Learn about our students (customer persona); determine gaps in support for at risk cohorts 
3. Gather input from students on their needs via the Student Tech Fee council and Student government 

Strategy 2 – Improve Student Technology Experience 

1. Revamp IS service catalog 
2. Streamline/optimize technology touchpoints (Prioritize PeopleSoft Fluid interface) 
3. Align student-facing solutions with expectation and experiences 

Goal 4: Support Institutional Culture Change  

Strategy 1 – Build Culture of Learning within IS 

1. Build leadership development curriculum for new managers 
2. Create training and upskilling plan for each employee, focusing on future tech - automation, cloud, project management, Career Development Assignments. Require Managers to take plan into consideration when scheduling work    
3. Build knowledge transfer program for first weeks of employment and when employees are leaving  
4. Design mentorship program for IS employees  
5. Allocate training budget; track training funding allocated per employee 
6. Encourage ad-hoc teams to tackle persistent problems and innovate solutions 

Strategy 2 – Support Culture of Inclusivity and Belonging 

1. Create initiatives to support cultural competency and inclusive excellence 
2. Provide awareness of DEI issues through participation in workshops and training opportunities  
3. Measure belonging and inclusion through workforce survey  
4. Create plan for remote work and remote workers advocacy 

Strategy 3 – Create a Culture of Data Literacy  

1. In partnership with IERP and business units, promote data responsibility and accountability and records management 
2. Build program to provide data literacy training and tools (Dashboards, PS queries, reports) 
3. Work with IERP to determine future state for data warehouse needs and technology future planning  
4. Build systems and data maps across the organization 
5. Facilitate taxonomy discussion and management (Business glossary) 
6. Determine and implement technology solution for automated business glossary/data cataloging 

Goal 5: Ensure security and data privacy 

Strategy 1 – Ensure disaster recovery and business continuity is in place.  

1. Identify and define backup needs considering business continuity needs, referencing legal requirements, business unit needs, and appropriate industry standards.  
2. Reengineer backup solution and procedures to meet business continuity requirements.  
3. Backup cloud data including O365 data in OneDrive and exchange online.  
4. Require all SaaS solutions holding university data have appropriate backup and disaster recovery capacity in place. 

Strategy 2 – Address security compliance gaps 

1. Address gaps identified through SAO assessment  
2. Address gaps identified through Ren-Isac assessment 
3. Address deficiencies identified by cyber insurance vendors  
4. Complete GLBA and GDPR assessments 

Strategy 3 – Design security program based on NIST cyber security framework 

1. Incident response  
2. Inventory 
3. Vulnerability management  
4. Policy and Procedure for compliance 
5. Risk Assessment – External benchmark; new projects; security standards 

Strategy 4 – Create data privacy program based on WaTech OPDP privacy framework 

1. Identify  
   a. Inventory current applications and systems  
   b. Discover and record business practices of units collecting, using, sharing sensitive data 
   c. Identify and update governance roles in Data Governance Framework  
   d. Provide data governance training on roles/responsibilities 
2. Govern
   a. Review changes annually/Perform quality control review of application inventory with impacted units/governance roles  
   b. Create new privacy policy or incorporate framework and WA State Privacy Principles into existing security policy  
3. Protect
   a. Implement zero trust architecture  
   b. Conduct privacy assessments - 
   c. Create policy and procedures for privacy review 
   d. Data Sharing Privacy Agreements (DSPA) due diligence 
   e. Cooperate/Collaborate with IS leaders to ensure security safeguard implementation 
   f. Review data retention policies and disposal procedures 
   g. Enculturate privacy by design within IS and CWU by incorporating privacy into system development process 
4. Communicate
   a. Create IS Data Privacy Office web presence on IS website 
   b. Implement annual privacy training for all CWU employees 
   c. Collaborate with Security Services staff to conduct awareness training/events 
   d. Update CWU online privacy policy  
   e. Use SPDAC and EISC to share proposed and enacted state and federal legislation, monthly and quarterly news from OPDP and OCIO 
   f.  Create communication channel to report privacy performance metrics to CWU community  
5. Respond
   a. Observe incident response and learn processes in prep for participation 
   b. Create response templates for PTAs and PIAs for greater efficiency in response