• Section 1 - Purpose and Context
• Section 2 - Definitions
• Section 3 - Policy Statement
• Part A - Methodology
• Part B - Systems Proposals
• Section 4 - Procedures
• Section 5 - Guidelines

Section 1 - Purpose and Context

(1) Information Technology (IT) and IT -based systems are an important aspect of the University's normal business processes. Whilst these systems have enormous potential to make information much more accessible to our staff and students, (and external partners), and to greatly improve our efficiency, there is a need to ensure that new systems projects are properly designed and that their implementation is effectively managed.

(2) The high costs of IT systems should not be underestimated. What might appear to be a simple application intended to run on one's own workstation, could in fact require substantial investment at the server and networking level to make data available for wider access. This could have substantial technical support implications.

(3) The University is also concerned to see that effort is not duplicated and that only authoritative data sources are used when processing or storing information about staff, students, courses or indeed any element of data stored in University computer systems. It is important to protect and preserve this data and to ensure that confidentiality, privacy and related issues are considered as a part of the system design.

(4) This policy statement is intended to formalise the steps to be taken to design or otherwise acquire computer systems that involve the collection, processing and storage of university data.

Section 2 - Definitions

(5) The following definitions apply for the purpose of this policy:

1. APT Methodology: This methodology is based on best practice project management. Refer to product website http://www.aptsystems.com.au/and to the Manager, Corporate Systems with regard to University licensing for this methodology.
2. Authoritative Sources: It is common for the same data elements to be used in a number of application systems. An example might be a staff member's name which will be used in a number of different application systems such as Office of Human Resources /Payroll, Research Management, Telephone/Email Directories, Callista, the Library, etc. In order to keep data consistent across these diverse applications, it is normal to identify one such application as the authoritative source of that data element and for the other applications to use data maintained by the authoritative source rather than independently maintain this data. This would mean that if the Office of Human Resources (OHR) system was identified as the authoritative source of a staff member's name, then all applications that need to use or store that name will take the name from the OHR system. Then if the staff member's name changes, it need only be changed in one place (the OHR system) and the change will automatically flow through to dependent applications. Authoritative data sources are identified in the University's Information Policy.
3. Change Management: The controlled process to modify University corporate systems or application. (Web site under development).
4. Configuration Management: The controlled process to manage the technical environment in which University corporate systems are developed, modified, upgraded, verified and migrated to the University production environment. (Web site under development).
5. Corporate Systems or Corporate Application: An IT system that is used in performing a University business function and, as part of that process, uses or generates University Data.
6. Data Ownership: A specific University business community owns data identified as Authoritative Source Data. Authority to use this data must be obtained from the business owner who will consider issues such as privacy, confidentiality and security in authorizing such access.
7. IT: For the purpose of this policy this refers to the Information Technology which supports, provides and manages IT resources on behalf of the University.
8. IT Methodology: A structured, planned, managed and repeatable approach providing a framework for the development and maintenance of information systems.
9. Package: An IT system developed external to the University. The package is usually a software system that is required to be installed on University hardware, and utilises the University's technical infrastructure.
10. Production Readiness: Verification (in a pre-production environment) that the system conforms to functional and technical specification. The conformity to specification enables the acceptance of the system to be migrated to the university's corporate production systems environment.
11. Standard Operating Environment - Desktop: The University's standard environment for a user desktop workstation. Refer http://www.uws.edu.au/staff/its/soefor the specification.
12. University: For the purposes of this policy, University refers to the University of Western Sydney.
13. University Data: For the purposes of this policy statement, University data is deemed to be those items of information that are routinely collected and stored on University's computer systems. Typically, such data relates to student information, staff information and course information. However, it also includes information that might be collected about University assets, projects, areas of research, business activities, external partners, etc.
14. University Executive: For the purpose of this policy statement, University Executive refers to the Executive Committee of the University formed through the membership of the Vice-Chancellor, Deputy Vice-Chancellor Corporate Strategy and Services, and Deputy Vice-Chancellor Academic and Enterprise.

Section 3 - Policy Statement

Part A - Methodology

(6) It is a basic requirement that a formal methodology be followed in the implementation of computer systems. This methodology is intended to ensure that all of the appropriate checks and balances are in place to ensure that the proposed system is implemented in the most cost effective manner. To guide this process the University has acquired the APT Project Methodology.

(7) The Manager, Corporate Applications in the Information Technology (IT), can provide advice and assistance in the use of this methodology.

Part B - Systems Proposals

(8) Any computer system that is intended to process University data must have a formal proposal developed. This proposal must provide a statement of costs, a planned implementation schedule, an outline of the technical environment needed to support the application, planned integration with other systems, backup strategy and support services.

(9) Where a system proposal requires access to University data (or will create University data), the system implementation must conform with the University's Information Policy insofar as it relates to authoritative data sources.

(10) Discussions must be held with IT with a view to establishing an appropriate linkage to University data. That might be an "active" link, whereby the proposed application will dynamically access the authoritative source via a direct database link. Alternatively, an extract from the authoritative source database may be appropriate. Note that in the latter case the source data must not be transformed in any way by the proposed applications system. An appropriate extraction strategy must also be devised to ensure that the extracted dataset remains up to date in the target application.

(11) Should the proposal create new University data, special attention needs to be given to privacy and security aspects. Storage on a central server protected by the University disaster/recovery strategy is preferable in such cases. Appropriate annotations should be made to the Information Policy to ensure the availability of this information is recorded.

(12) The proposed system must be technically compatible with the University's technical infrastructure. Advice on this aspect must be sought from Information Technology before any commitments to the proposal are made. A budget account funding source must be nominated, and expenditure approved by a delegated officer.

(13) Systems proposals costing in excess of $50,000 must be endorsed by the University Executive's Information Technology Advisory Sub-Committee and will require approval from the Office of the Chief Financial Officer and the University Executive as part of the annual budget development process.

Section 4 - Procedures

(14) Information systems projects follow a life cycle consisting of several phases. System proposers should contact the Manager, Corporate Systems (IT ), to discuss the most appropriate phases of the APT Methodology to be used for a specific project. Generally, University information systems projects will require five phases:

1. Initiation - Estimating potential resource and cost implications and key milestones. Any computer system that is intended to process University data must have a formal proposal developed. This proposal must provide a statement of costs, a planned implementation schedule and an outline of the technical environment needed to support the application. ( Project Proposal)
2. Planning
   1. Analysis - Documenting the client requirements and determining the feasibility of the proposed implementation and timeline. ( Project Execution Planar Web Applications Manual, Project Schedule)
   2. Design or Package Selection - Developing a system design (if software development is required) or preparation of a Request for Quotation/Proposal for package acquisition. ( System Specification or RFQ/P)
3. Execution - Implementation of the proposed solution. Software development or package installation, testing, documenting and training. (System Documentation and Acceptance Test)
4. Control - Executed for the life of the project. Includes monitoring progress, updating project plans, schedule and conduct of meetings, Quality Assurance Inspections, management of risks and issues as required, scope management.
5. Support - Moving the system to a University production environment and preparing for on-going maintenance and support. ( Production Readiness Plan)

Section 5 - Guidelines

(15) Nil.