Organizational & Operational Principles

• Services that are designed and delivered with input from the user are more accessible and easier and more intuitive to use.
• User-centered services reduce cognitive load for users allowing them to be more efficient.

• Users (or representative entities) are involved in the selection, design, testing and implementation of services.​
• Services are implemented in a way that users have a consistent experience regardless of how they access the service. 
• Services within the campus ecosystem interact with each other in a way that considers the user experience.

• Higher education institutions will continue to be targeted by sophisticated malicious actors in the cybersecurity threat landscape.
• Security measures help minimize risk and reduce the likelihood of adverse events involving unauthorized access and use of systems and data that could have financial, safety, legal, and reputational impacts.
• We are required to be in compliance with existing laws and regulations that require the safeguarding of security and the privacy of data.
• Secure services are available services, reducing the negative impact to the teaching, learning, and research mission caused by compromised systems.
• CU-provided IT resources must protect University data and set a model for adhering to policies and best practices.

• Unforeseen investment of resources (time, money, and staff) may be necessary to implement foundational security controls based on the risk assessment.
• Balancing the open sharing and release of information against the need to restrict the availability of sensitive information is nuanced and both sides must be considered in decision making.  Resources available to help navigate these decisions include the relevant data steward(s), the Data Governance Council, and the OIT security team.
• Services without proper security safeguards may be removed from production until such time that appropriate measures are in place, which could have business impacts.
• Security should be considered ‘early and often’. At inception and as any requirements change or come to light throughout a project or initiative, security checks ensure that appropriate controls are selected and implemented.

• Highly complex and customized tools are more expensive to build, operate, support and maintain. In addition, they require more resources to ensure optimal interoperability within the university IT ecosystem.
• Highly complex tools often require a longer “mean time to repair” (MTTR) in the event of an incident, impacting the reliability and availability of our services.  
• While users often have a bias toward complexity, complex tools result in a heavier cognitive load for the user. 
• By delivering 3rd party configurable tools “out-of-the-box” to campus users, OIT can deliver sustainable services that are useful for 80% of users that simply need a standard solution.

• “Out-of-the-box” solutions will not work for everyone’s unique needs.
• Departments will be encouraged to adjust their business processes to allow the “out-of-the-box” solutions to work for their needs. 
• Home-grown tools will be designed and implemented in a way that meets the “must have” functional requirements. 
• Individual department or user requests to implement “nice to have” functionality, where possible, will undergo careful assessment for sustainability and will only be pursued if deemed impactful to our stakeholders and sustainable for the long term given existing resources.

• The data ecosystem of the university supports the university in providing inclusive, high quality experiences to meet the needs of our students, faculty, and staff. Leveraging data as an asset results in opportunities for improvement and empowers the CU community to understand and actively engage with the university.

• Data are findable, accessible, interoperable, and reusable.
• Data are actively managed, protected and leveraged to benefit all stakeholders.
• Data managed as institutional resources are securely shared and monitored.
• Access to data is authorized to support innovation and efficiency of university operations.
• Data leveraged across the university enhances competitive advantage and informs and accelerates decision making.
• Data are collected, used, and protected in transparent ways.

• Interoperability improves our ability to manage systems and ensure reliability and availability.
• Interoperability protects existing IT investments and reduces operational costs.
• Interoperability helps to provide a consistent user experience.

• Software and hardware will need to conform to defined, preferably open, standards.
• Because major business systems are shared across campuses in the CU System and delivered by UIS, interoperability standards and any exceptions must be made in cooperation with them.
• There may be cases where interoperability is a more important factor than certain functionality when choosing or designing systems.
• Campus Architectural Review Board (ARB) review is initiated as part of any new service offering or significant change to existing service offering.

• Wasteful manual processes are identified and allocating resources to automate such identified manual processes is prioritized.
• Investing in tools to assist in automation is valued, including a common repository for automation code and the creation of an automation community of practice. 
• Enabling teams are made available to assist in the automation of processes when units do not have the skillset themselves.

• Creating IT transparency and decision-making at existing governance groups (e.g. UELT, BFA, Staff Council, UCSG) meets campus leaders where they are at thus creating authentic engagement versus a stand-alone IT governance process.
• Developing input and feedback communication mechanisms helps address the evolving IT landscape and change management needed to best support the campus.
• Leveraging the technical acumen of campus-wide IT experts, while understanding the academic and research mission of the campus helps ensure IT solutions meet the business needs of the university.

• Campus IT policies, standards, services, and best practices will be vetted, transparent, and measured to ensure relevancy, impact, and efficacy.
• Campus leadership will engage in quarterly discussions regarding System and campus IT prioritization.
• The technical operating principles above will heavily inform governance decisions.

• We operate in an environment of financial constraints and fiduciary duty; therefore, it is critical we are fiscally responsible when making investments to deliver high-value IT services and solutions in support of the campus mission and goals.
• Technological diversity is minimized and fiscal waste is prevented by regularly evaluating existing services before selecting new or continuing existing ones. 

To make informed decisions regarding resource allocations and evaluate opportunity costs relative to other budgetOIT priorities, IT investments should be evaluated using a forward-looking cost/benefit analysis guided by the following questions:

• Value: does investment in the service allow OIT to meet current and future university stakeholders’ needs at a reasonable and sustainable cost over the life of the investment?
• Strategy: does the investment provide a distinct competitive advantage, create efficiency, or eliminate redundancy? 
• Flexibility: does the investment improve our ability to proactively respond to change?
• Creativity: does the investment improve the ability to increase the rate of innovation?
• Risk: does the investment enable the university to comply with regulations and minimize institutional risk?

• Celebrating and embedding innovation across learning, teaching, and research, while ensuring that we focus on improving the student experience, is important to continue building trust as an organization. 
• Resources are at the core of our strategies and in order to innovate with limited resources, we must be selective.

• Focus on opportunities to address our customers' unarticulated pain points and desires.
• Use data-informed decision making to maximize impact. 
• Reflect on how innovation supports the strategic aims of the university specifically in respect to learning, teaching, and research.

• Functionally-redundant IT services and multiple technical solutions to meet similar needs are expensive both in cost of the technologies (less ability to apply economies of scale), and in the cost of the expertise and staffing needed to maintain and support them. 
• It is also inefficient for users who inevitably need to navigate or become proficient in many different systems.

• Standardized, widely shared services and applications implies common, standardized business processes wherever possible.
• Functionally redundant technologies and the proliferation of these technologies are inefficient both in cost of the technologies including support and in the human inefficiencies of users navigating and becoming proficient in multiple systems. 
• Timely review and decommissioning of legacy systems. 

• Public R1 doctoral universities with high research activity face similar challenges and have very similar but distinct IT needs. We also tend to use products and services from the same vendors. 
• Higher Ed IT is a well-connected community that freely shares ideas and often collaborates on solutions and in guiding vendors. The result is best practices, solutions or approaches that have been shown to work for specific higher ed use cases, pooled leverage on vendors, and sometimes consortia software uniquely suited to higher ed needs. 
• Conferring and collaborating with other universities, and staying aware of solutions being developed and deployed in higher ed will ensure we are considering solutions and vendors that are proven in higher ed, and/or start of the art, as appropriate.

• Maintain membership in, and regularly participate in relevant higher ed organizations: Educause, NACUBO, Internet2, RUCC, Common Solutions Group
• Make a practice of seeking out and considering proven and/or state of the art approaches in higher ed when we are designing systems or services or considering new commercial software.