Project Portfolio

This project will define incident type categories, and for each category, identify:

• the corresponding responsible units,
• the applicable governing law and University policies, and
• the methods of reporting incidents

This project will also develop guidance for users so they can easily access, understand, and follow processes in compliance with governing law and UNC-CH Incident Management Policy. Secondary goals include improving coordination between campus “incident” authorities, reducing risk, and identifying gaps in our processes. When we identify policies, authorities, and reporting methods that conflict with each other, we will resolve the conflicts. We also expect that we will be able to identify efficiencies by going through the process of defining incident type categories.

The purpose of the project is to implement a 3rd party solution to allow UNC to do capital budgeting, the annual budgeting cycle, and associated reporting across the Enterprise. Currently, we use resource intensive manual processes to do UNC’s budgeting, which has led to a reduced  ability to properly plan for large capital expenditures. The success of this project will be measured by the ability of UNC to handle the annual 2023 budgeting cycle with the new 3rd party solution.  We will get a better picture of the work effort required by different ITS teams once we get past the Request for Proposals (RFP) stage. Groups that we expect to be involved in the project are:

• Office of the CIO
• Enterprise Applications
• DREAM
• F&A
• Identity Management
• Information Security
• Infrastructure & Operations
• User Services and Engagement

Don Hepp and Becky Arnold are jointly leading this project for EA, on behalf of Finance, and are working very closely with that leadership team at every step. As this project progresses, they will reach out to various ITS groups to solidify how they need to be involved, and get work effort estimates, as well as specific resource commitments. This project needs to be implemented by end Sept 2022 in order to be in place for the next cycle of UNC Annual Budgeting.

When UNC migrated to Microsoft 365, we implemented an on-premises infrastructure called “Active Directory Federation Services” (ADFS) to support authentication into Microsoft 365. ADFS addressed security concerns around syncing passwords into the Azure Active Directory Cloud service, but it also created an on-premises dependency for Microsoft 365 and technical debt.

Note: Technical debt can be defined as “incomplete configurations or deployments of technology that have been on the books, but due to lack of resources or time, have been lingering and if resolved will either improve service, save staff time, reduce cost, or allow for the decommissioning of aged infrastructure or services.”

This past summer the ITS cloud team and ITS identity management teams did an evaluation to see if we needed the ADFS infrastructure and concluded we do not need it anymore. The goal of this project is to remove the ADFS on-premises infrastructure and rely on Azure Active Directory authentication for Microsoft 365. Once the ADFS infrastructure is turned off, campus will authenticate directly to Azure through the Microsoft portal.

Implement the GRC module in ServiceNow and evaluate functionality with focus on:

• Vendor risk management
• Policy compliance
• BAA/contract repository
• Risk assessment workflow

This is a combination of implementation (of a ServiceNow module) and “discovery” of suitability of functionality. The destination and end-product depends on the results of that discovery. Staff impacted would include those who request risk assessments and those who work on those requests. If the vendor management work bears fruit, this could impact vendors, as well.