My NacuboWhy Join: Benefits of Membership

E-mail:   Password:   

 Remember Me? | Forgot password? | Need an online account?

Business Officer Magazine

Focus on Delivery Methods

An efficient flow of information is critical to business office functions, and sessions in this track focused on managing information technology (IT). Following are highlights of two presentations.

The Appeal of Cloud Computing

A range of options is available for outsourcing technology services or operating IT functions. The session “Partly Cloudy? What a CBO Should Know About Cloud Computing” examined a delivery method in which applications are provided as services over the Internet, along with the hardware and systems software. Rodney Peterson, government relations officer and security task force coordinator for EDUCAUSE, Washington, D.C., explained that cloud computing could include accessing externally managed applications, development environments, hardware via the Internet, and support from consortia (i.e., open community resources such as Kuali).

Business officers are attracted to cloud computing's reduced costs, scalability of services, and sustainability (fewer servers on campus). Before contracting outside for IT services and functions—or “enabling the cloud”—there are essentials to address, said Stephen McDonald, general counsel for the Rhode Island School of Design, Providence. Be sure you consider economic value, full connectivity, open access, reliability, security, privacy, interoperability and use choice, and sustainability.

In coming to agreements with service providers, such as Google or Microsoft, institutions can help service providers build into their business model necessary considerations such as the Family Educational Rights and Privacy Act and other confidentiality measures, data security and breach responsibilities, and patent infringement protections. McDonald said contracts should be clear on the provider's responsibilities for end users, the service level agreements, conditions for suspension or termination of service, warranties, and indemnification (both ways).

Adequate Diffusion of Technology

Anyone who has been involved in the implementation of an enterprise resource planning (ERP) system at a college or university knows that it is complex and often fails to achieve its promised objectives. A recent study by Richard Cosentino, director of budget, personnel, and logistics at George Washington University's School of Engineering and Applied Science, analyzed the problem of ERP deployment and found 41 critical factors that influence a successful ERP system implementation.

“Problems with any of these factors can lead to failure,” said Cosentino, who collaborated on the project with IT officers at George Washington and American universities in Washington, D.C., and conducted interviews with professional ERP implementers at 20 organizations. The group discussed its findings in the session “Ensuring the Successful Implementation of Enterprise Systems in Higher Education Institutions.”

The study divided the 41 factors into nine broader categories: change, management, project plan, personnel, technology, procurement, software logistics, systems engineering, and evaluation. The interviewees identified management and change factors as extremely critical, supporting a frequent claim that the most damaging problems associated with ERP implementation projects are not technical issues.

David Swartz, chief information officer at American University, and David Steinour, interim chief information officer at George Washington University, urged attendees to modify the system as little as possible. “Stay as close to vanilla/out of the box as you can,” Swartz said. “Change your processes to match the system.”

Primer on Privacy

A legal panel session, “Point on Privacy: FERPA and the FTC 'Red Flag Rule,'” led by J. Kelley Wiltbank, general counsel for the University of Maine System, Bangor, and Steven McDonald, general counsel for the Rhode Island School of Design, Providence, reviewed regulations regarding student information and identity theft.

McDonald addressed the basic components of the Family Educational Rights and Privacy Act of 1974 (FERPA). He identified “FERPA's Big Three,” which are college students' rights to control the disclosure of their education records to others, inspect and review their own records, and seek amendment of their records.

At a high level, FERPA defines education records as those that are directly related to a student and maintained by an educational agency or institution or party acting for the institution (any institution that receives funds under any program administered by the U.S. Department of Education). Generally, a record is “directly related” to a student if it includes personally identifiable information about that student. Following the 2007 shootings at Virginia Tech, FERPA rules were eased to allow institutions greater flexibility in releasing student information when there is a threat to the health and safety of the individual or others.

In reviewing the Federal Trade Commission (FTC) Red Flag rules, Wiltbank reminded the audience of the August 1 enforcement deadline (since extended to November 1). The Red Flag rules, which implement provisions of the Fair and Accurate Credit Transactions Act of 2003, apply to colleges and universities in their capacity as creditors. Aimed at identity theft protections, the rules are intended to prevent fraudulent access to money, goods, services, or other information by someone using already-obtained identity information.

A red flag is a pattern, practice, or activity that can indicate the existence of identity theft. Identifying information includes name, address, telephone number, Social Security number, date of birth, and passport or student identification number. To comply with the rule, institutions need to identify possible red flags in campus systems and decide how they will respond to them, have a written plan that is approved by the board, and ensure that staff are trained accordingly.

Return to the conference's main page.