1.Purpose
In order to ensure that UNC Greensboro’s technology and data are managed in the most efficient and effective manner, consistent with established University standards, audit and all legal and ethical compliance requirements, the purpose of this policy is to outline a centralized, collaborative approach to all facets of the management and operation of technology and data related services. Specifically, this policy defines the roles and responsibilities associated with centralization and regulation of University Information Technology (ITS positions) to ensure greater institutional coherence with new and established technology policies, standards, and guidelines. This policy addresses the Information Technology management requirements specified in the UNC System Policy Manual Chapter 1400, section 1400.1 – Information Technology Governance, 1400.2 – Information Security, and 1400.3 – User Identity and Access Control.
It is not the intent of this policy to remove or diminish specialized technical expertise and support in academic and administrative units across campus. In all cases, effective operationalization of this policy to ensure that unit needs and expectations are met or exceeded is dependent on professional relationships and collaboration consistent with relevant Federal, State, and University policies between Central IT and distributed IT Personnel and IT Personnel Management, and Human Resources.
2.Scope
The scope of this policy applies to any employee with any position that has duties or responsibilities to select, operate, manage, or support university technology services and data, and to any employee who manages this type of employee. Such positions will normally have classifications found in the Information Technology Job Family (SHRA), the Information Technology category (EHRA), or have primary responsibilities related to IT management (SAAO II). The scope of this policy authorizes UNCG Information Technology Services to possess oversight and governance of university distributed technology employee activity to ensure strategic alignment with university technology needs and interests along with consultation with Human Resources for alignment and compliance with relevant federal, state, and university policies and guidelines.
3.Definitions and Roles and Responsibilities
3.1Definitions
3.1.1Central IT
refers to the UNCG Division of Information Technology Services
3.1.2Central IT Administration
refers to the UNCG Vice Chancellor of Information Technology Services, and Chief Information Officer, or assigned delegate
3.1.3Distributed IT
refers to positions outside of the Information Technology Services organization chart, in roles embedded in a Home Department that have classifications found in the Information Technology Job Family (SHRA), the Information Technology category (EHRA), or have primary responsibilities related to IT management (SAAO II), such as but, not limited to those with the following titles : Hardware/software support analyst; Application administrator; Business systems analyst; Data analyst; Technical project manager; Classroom/AV Support Analyst; Developer; Workflow Engineer; Network Engineer; and Systems Infrastructure Engineer. Other included positions, which may not have the foregoing titles, identified by the Chief Information Officer and Chief Human Resources Officer, as having primary responsibilities consistent with IT classifications may also be subject to this policy upon notification to, and consultation with, the Home Department at the time the position is reviewed.
3.1.4Dotted-line Central IT Manager
refers to the Central IT designate who will coordinate with Home Departments regarding their technology support needs, including supervision of Distributed IT positions
3.1.5IT Personnel
refers to any university employee with job duties or responsibilities outlined in section 3.1.3.
3.1.6Home Department
refers to the specific Department or Academic Unit (external to Central IT, or ITS) of which the IT Personnel is embedded
3.1.7Home Department IT Manager
refers to any university employee that manages Distributed IT Personnel.
3.1.8Position Description and Performance Plan
documentation that outlines primary duties and key responsibilities for any University position for which an employee is held accountable. The Performance Plan is a document that highlights specific areas of achievement or necessary accountability or goals.
3.1.9 Supervisory related activities and actions
includes responsibilities that are consistent with relevant Federal, State, and University policies and guidelines such as PTO approval, Annual Performance Evaluation, and Disciplinary Action.
3.2Roles and Responsibilities
3.2.1 Chief Information Officer
has the overall responsibility for the Division of Information Technology Services and possesses full oversight and governance of university distributed technology employee activity to ensure strategic alignment with university technology needs and interests and ensuring compliance to University policies, standards, procedures, and guidelines.
3.2.2 Central IT Administration
is responsible for providing necessary training to all IT Personnel, including but not limited to annual Information Security Awareness Training and HIPAA Awareness Training; conducting unannounced periodic Home Department technology and data audits; and designating to each Distributed IT personnel a Dotted-Line Central IT Manager, who will ensure that they communicate applicable technical initiatives, requirements, or projects in a timely manner, and who will hold the Distributed IT personnel accountable for compliance with these requirements. Central IT will also collaborate closely with Home Department Personnel Manager and Distributed IT personnel to develop a comprehensive understanding of Home Department technology support needs as well as Distributed IT personnel duties and responsibilities.
3.2.3Distributed IT Personnel
are responsible for complying with all UNC Greensboro policy and procedures, with all Central IT Security Standards and Institutional Policies and procedures, as well as any relevant Federal, State, or University policies and guidance. This includes the annual Information Security Awareness Training, HIPAA Awareness Training, and other technical and information security training as recommended by Central IT. Distributed IT personnel must adhere to the policy described below; communicating technical initiatives, requirements, or projects within their area or department with their designated Dotted-Line Central IT Manager in a timely manner; and communicating and supporting within their Department Central IT enterprise technical initiatives, requirements, or projects. Distributed IT personnel shall cooperate with any Home Department technology audit conducted by Central IT, whether announced or unannounced. Nothing in this policy alleviates the Distributed IT personnel from fulling the duties and responsibilities expressed within their assigned performance plan and/or position description.
3.2.4Dotted-line Central IT Managers
are responsible for serving as supervisory partners to the Home Department IT Managers, and technology planning advisors to Home Departments
3.2.5Home Department IT Managers
are required to comply with the policy as described below, along with related university policies, standards, procedures, and guidelines; collaborate with Dotted-Line Central IT Managers regarding the performance of Distributed IT personnel; and ensure that Distributed IT personnel communicate applicable technical initiatives, requirements, or projects in a timely manner so that Central IT Administration can hold Distributed IT personnel accountable for the technical IT responsibilities. Home Department IT managers have the primary responsibility of ensuring that Distributed IT Personnel have appropriate time and opportunity to participate in any required and/or recommended training, as suggested by Central IT Administration or the Dotted-Line Central IT Manager, and that Home Departments and Distributed IT personnel fully cooperate with any Central IT technology audits, whether announced or unannounced.
4.Policy
Central IT and the Chief Information Officer have the authority and responsibility for comprehensively and strategically managing all UNC Greensboro IT Personnel.
4.1Training and Career Development
Distributed IT personnel are required to complete annual Information Security Awareness Training HIPAA Training, and other mandatory technical and information security training administered by Central IT. Training or career development in alignment with training provided to other Central IT staff in similar roles may be approved and funded by Central IT. For Distributed IT positions, additional training or career development may also be approved and funded by the Distributed IT personnel’s Home Department. Performance Evaluations. Distributed IT personnel will be evaluated annually with goals and objectives mutually discussed and agreed upon with their Home Department IT Manager and the Dotted-line Central IT Manager. The Home Department IT Manager will solicit, discuss and include the Dotted-Line Central IT Manager’s co-evaluator feedback prior to discussion with Distributed IT personnel and final evaluation submission to Human Resources. Annual performance management plans shall reflect Central IT’s role as an active management partner with responsibility for ensuring a safe, high performing campus computing environment that is fully compliant with state and federal regulatory requirements.
4.2Disciplinary Actions
Disciplinary actions will be initiated and managed by Home Department IT Managers, who will consult with the assigned Dotted-Line Central IT Manager regarding all disciplinary actions related to Distributed IT Personnel, prior to discussion with Distributed IT personnel and submission to Human Resources.
4.3Position Classification and Salary Decisions
Position classification and salary actions for University personnel, including IT personnel, are within the exclusive purview of Human Resources. IT position classifications and salary actions are made upon recommendation of the Home Department IT Managers and such recommendations shall first be made to Central IT and then to Human Resources, whose responsibility it shall be to ensure decisions are aligned with the University’s technology needs and interests and relevant Federal, State, and University policies and procedures.
4.4Recruitment and Posting of Vacancies
Recruitment of IT personnel and posting of IT personnel vacancies are recommended by Central ITS after consultation with the Home Department IT Personnel Manager and approved by Human Resources to ensure related decisions are aligned with university technology needs and interests. Home Department shall collaborate with Central IT Administration, or assigned delegate, in to form a search committee and/or perform interview activities for Distributed IT positions.
4.5Decision Making and Exceptions
Central IT Administration will make the final recommendation to Human Resources (after consultation with the Home Department) on actions related to position classification, compensation, and recruitment, including posting of vacancies, and the hiring of candidates for all IT positions, including those distributed positions that may be embedded in units managed by University Executives, Deans/Chairs, Directors/Managers outside of Central ITS. All recommendations are subject to approval by Human Resources. The Vice Chancellor of Information Technology Services and Chief Information Officer (CIO), or assigned delegate, has the sole authority to make exceptions, in writing, to this policy. Disciplinary Actions for Distributed IT employees are governed by section 4.2 of this policy
5.Compliance and Enforcement
Any violation will be subject to disciplinary action in accordance with policies pertaining to the classification of the employee.
If violation of the policy also results in a violation of law such as assault and battery, fraud, theft, bribery, and other related violations, then the violation may also be referred for criminal or civil prosecution.
Violations of this policy may result in termination or suspension of access, in whole or in part, to University information systems at the discretion of IT where such action is reasonable to protect the University or the University’s information infrastructure.