Presidential Memo: UT System Policy Change Expanding IT Operations Role for Campus

October 25, 2022
 


Dear colleagues, 

As you know, modernizing our technology and data operations is a critical initiative area in our strategic plan, Change Starts Here. An important part of that effort is evolving how we handle information resources – the actual data and information used by the university – and manage the information security tools and protocols we use to protect them. 

Recently, UT System Board of Regents modified the responsibility and authority of the Information Resources Manager (IRM) role, in accordance with state requirements outlined in UT System Policy 165.  At UT Austin, our IRM is Assistant Vice President for ITS, Trice Humpert, and today, I want to make you aware of his updated scope and responsibilities.

The IRM is responsible for information resources across the entire institution as defined in Chapter 2054, Subchapter D, Texas Government Code. Responsibilities include coordinating UT Austin's information resources planning with UT System and the State of Texas, assessing and reporting on information resources and sharing, planning for current and future technologies, and assessing return on investment on those technologies, and working with the institution’s Chief Information Security Officer (CISO), Cam Beasley, to manage and secure resources, 

Modifications of the IRM authority relate specifically to managing information as information systems are modernized and addressing the complexities of multiple and individually managed devices. The updated responsibilities of the IRM are as follows:

  1. The IRM must be part of the institution’s executive management and report directly to a person with a title functionality equivalent to executive leadership (e.g. President, Provost, Chief Business Officer);
  2. Implement security controls for the entire institution in accordance with the Institutional Information Security Program developed by the Information Security Officer; and
  3. Review and approve or disallow the purchase or deployment of all new Information Systems or services (infrastructure, on-premise applications, hosted or cloud services/applications, internet of things (IoT) devices)
  4. Ensure all assets (e.g., devices, applications, and vendor products) used by the institution are catalogued and maintained in a central inventory
  5. Establish visibility (e.g., configuration management) into all assets used by the institution in a manner that does not interfere with the performance of the asset
  6. Operationalize an institution-wide system management practice based on the Institutional Information Security Program and corresponding standards for vulnerability management that ensures institutional accountability and report adherence to those standards to senior institution leadership and UT System Administration on a regular basis using a method provided by UT System Administration.

 In support of the IRM authority, Cam will continue to establish, develop and maintain our information security infrastructure. As our IRM, Trice will be responsible for developing security controls and practices to achieve the Information Security Program set forth by the CISO. More information can be found on the Information Resources Security Responsibilities and Accountability policy section of the university’s Information Resources Use Policies.

Moving forward, Trice and Cam will be working together to implement the new aspects of UT System Policy 165. CSUs are expected to support the university’s efforts by managing systems and assets, procuring software and hardware, and reporting on our inventory in a way that aligns with our risk mitigation policy and supports effective security across all CSUs and activities.

 Thank you to Trice and Cam for their diligence and dedication to evolving our IT infrastructure, and for building productive and fruitful relationships across our IT and Business IT governance bodies that will continue to enable transformative IT advancements on campus. We have seen the results of these efforts in many ways – such as our seamless swing to remote and hybrid work, research and teaching –   and they will continue leveraging these relationships and executing policy to secure and protect the university and our community. 

 I know I can count on you as leaders for your ongoing support of this important work.  Please reach out to Trice if you have any questions about the new IRM requirements or approach. 

 Sincerely yours,

Jay