TOP 10 TECHNOLOGIES
FOR
EDUCATIONAL
INSTITUTIONS IN 2009
PRESENTED AT
CCA 2009 ANNUAL CONVENTION
The envelopes please!
Agenda
• Top Technology Initiatives Background
• Review the 2009 List
• Explore the Top Technologies as they
affect Schools with emphasis on security,
privacy, workflow, and compliance issues
• Examples of what schools are using
technology initiatives to achieve
Background
• The list has been produced for over 20 years
• Origin of the list
– Working Group prepares survey
– AICPA ITMS, ISACA, IIA & ITA members vote
• Time frame – 12-18 months
AICPA
TOP 10
TECHNOLOGIES
2009
#10 Document, Forms, Content
and Knowledge Management
• Lessening the “Ocean” of paper many schools are drowning in
• Paperless Systems
• Paper is scanned or converted to electronic forms
• All electronic documents in one central repository
• Once data is centralized and document control is in place, policies
can be more easily defined and put into “action”
• Policy is better enforced and compliance requirements for records
management internally audited using applied accountability.
PAPERLESS?
#9 - Mobile and Remote Computing
• Technologies that enable users to securely
connect to key resources anywhere, anytime,
regardless of physical location.
• Supporting technologies include server-
based applications, VPNs, remote control
software, laptops, PDAs, Smart Phones,
VoIP and wireless technologies, such as 3G
(EVDO / EDGE), WiFi and WiMax.
Mobile and Remote Technologies
• Internet – universal plumbing
• Remote Control
– GoToMyPC
• Remote connectivity
– Terminal Services/Citrix
– VPNs
• Hosted services (SaaS)
• Employee/Customer/Vendor portals
• Teleconferencing/Web Meetings
• VoIP
#8 - Business Intelligence (BI)
• Applications and technologies used for
gathering, providing access and visibility
to, and analyzing data to help business
owners and managers make informed
business decisions.
• Tools include data warehousing and
integration applications, report writers and
application dashboards.
#7 - Conforming to Assurance
and Compliance Standards
• Creation of formalized strategies, systems and training
programs to address organizational goals, statutory
requirements (SAS Nos. 104-111 & FIN 48) and annual
audits (Accreditation & Title IV)
• Includes risk assessment standards, risk management,
continuous internal auditing, and the implementation of
technology tools capable of monitoring and enforcing the
associated “action plan"
Security
Proper Information Security Management:
1. protects the integrity, confidentiality and
availability of information in the custody of
an organization.
2. reduces the risk of information being
compromised.
#6 - Identity and Access
Management
• Hardware, software and process used to
authenticate user identity, then provide
appropriate access to authorized systems.
• May include single sign-on and/or
automatic account provisioning.
Identity and Access
Management
• Authentication Factors
– What you know
• Passwords/passphrases
– What you have
• Tokens, digital certificates, PKI
– Who you are
• Biometrics (finger, hand, retina, etc.)
– Where you are
• Multi-factor authentication becoming
increasingly more common.
#5 - Business Process Improvement,
Workflow and Process Exception Alerts
• Methods used to enhance business and
transaction processing through a
continuous cycle of modeling, execution,
monitoring and improvement.
Alerts
• Monitor date and time-sensitive events
• Check status of data, such as missing
documents to complete enrollment
• Merge data into email messages
• Pass data, files, and messages to the next
person in the pipeline
Workflow
• Identifying and tracking processes
(Student-based and internal) using a
centralized database
• Usually more complex decision/routing
sequence, i.e. map, control & manage
overall process.
#4 - Privacy Management
Privacy Management
• The rights and obligations of individuals
and organizations with respect to the
collection, use, disclosure, and retention
of personal information (especially the
private information of students)
Steps to Protect Personal Information
(PI)
• Don’t collect more PI than needed.
• Don’t retain PI longer than legally required and/or
necessary for business purposes.
• Protect PI you collect, use, disclose and retain.
• Ensure additional protection methods on sensitive
PI retained.
• Restrict access to PI to only individuals with a need
to access information.
Steps to Protect Personal Information
(PI)
• Dispose of PI appropriately.
• Keep anti-virus software and security patches
current.
• Instill awareness and train employees on the proper
handling of PI.
• Know federal, state and local laws and the rights
consumers and employees have under those laws.
• Conduct regular audits to ensure PI is protected.
#3 - Business Continuity Management
and Disaster Recovery Planning
Business Continuity Management and
Disaster Recovery Planning
• Have a plan!
– Remember the goal
– Identify stakeholders
– Identify key assets and processes to protect
– Devise strategy to provide maximum
protection and minimize downtime
– Document the plan
– Test the plan
– Repeat and update!
#2 - IT Governance
• Relationships and
processes that
– direct and control an
organization
– help it achieve its goals
– add value while
balancing risk versus
return over IT and its
processes
IT Governance
• Five Key Components
– Strategic Alignment
– Delivery
– Resource management
– Risk management
– Performance measures
#1 - Information Security
Management
• People, process and systems that safeguard data from
internal and external threats
EXAMPLES
Router/IP addressing Unprotected Shares
Firewall Personal Firewall
Patches Web-based e-mail/
Anti- file sharing
– Virus
Wireless
– Spam
– Spyware
Physical Access
Passwords / Backups
Passphrases
PRIVACY
•Do you know how many states have a breach and privacy law? 46
•Do you know that you are required to meet the standards for each
state in which a student resides?
PRIVACY
• Failure to protect sensitive information can cause serious
damage to a school’s reputation and subject it to legal
penalties.
Key Themes
• Protecting privacy of confidential
information
• Reducing risk
• Improving business processes
Application of these technologies
for Career Colleges
Schools are using technology
initiatives to:
• Create a paperless approach to student
enrollments
Schools are using technology
initiatives to:
• Track missing documents for each
student’s master folder based on specific
scenarios and requirements related to
federal financial aid, accreditation,
licensing, and other auditing/compliance
organizations
Schools are using technology
initiatives to:
• Monitor due dates of internal corporate
files required to be maintained at
corporate and campus levels.
Schools are using technology
initiatives to:
• Create an IT & Records Management
foundation for expansion and make it
easier to begin operations at new institutes
and learning sites, while ensuring
compliance of the new sites with existing
corporate governance
Schools are using technology
initiatives to:
• Help minimize risk associated with
possible audit findings, as well as issues
related to monetary fines, penalties,
accreditation revocations, and eligibility
withdrawal for certain funding/financial aid
programs, through continuous electronic
auditing of student data.
Schools are using technology
initiatives to:
• Comply with records retention policies and
requirements related to the lifecycle,
disposition, and destruction of student and
corporate documents.
Schools are using technology
initiatives to:
• Ensure maintenance and documentation
of student privacy requirements.
Schools are using technology
initiatives to:
• Anticipate and document each compliance
element in the student relationship.
Schools are using technology
initiatives to:
• Provide a monitoring system for tracking
missing documents and other records-
based scenarios which comprise a
compliance requirement or best practice
implementation.
Schools are using technology
initiatives to:
• Manage internal corporate documents and
due dates of required documentation for
single or multiple campuses.
Schools are using technology
initiatives to:
• Improve Application and Data Integration
• Effective operations and governance rely
on information systems which “talk to each
other” seamlessly and where information
is readily available in a form that expedites
business decision making. Disparate
systems continue to exist within
organizations and duplicate databases
reside within these multiple systems.