ITIL or not ITIL?

A couple of presentations at the conference looked at ITIL. One, from Noel Bruton suggested that it is time to replace ITIL; the other from Barry Corless highlighted the benefits of ITIL v3. The two came from different perspectives – Noel was focussing specifically on service desk whereas Barry was taking a more corporate view. And that is perhaps the difference between versions 2 and 3. The move to ITIL 3 really goes beyond the service desk into really institutional IT governance. Perhaps suggesting that ITIL 2 was just service focused was something of a mistake from the service management community. That focus may not have been the intention but it was certainly my perspective and I suspect may be the view of many others in the sector.

So is there a real answer? It is really a horses for courses sort of question. If I was to take a corporate view then I would look to promote ITIL version 3 throughout the organisation. There are clear advantages to the IT Director if ITIL was adopted as an institutional standard – there is so much in the new standard that concentrates on the corporate business rather than just the IT department. It makes sound business sense to look to push an institution’s executive in that direction. What are the key business drivers? Well portfolio management is one – I’m not convinced that many institutional executives understand what the business priorities are when making a decision. Understanding the impact of business constraints is another – how many executives understand the impact of their decisions on a project? What are the real corporate boundaries of a project? Is there really the understanding that a decision made on ethical grounds may have a real financial implication?

But that is all about ITIL 3. The conference here is focusing on the service desk and support function. Is there anything that version 3 offers over and above version 2? Probably precious little but the nub of the matter is that, in order to deliver a quality service, you need to have a prescribed methodology – if that is ITIL 2 or (a perception of) ITIL 3, that really doesn’t matter in my view. Provided you are delivering a quality, defined service your customers will be happy in the main. Where I think the challenge is to UCISA is looking to get ITIL version 3 implemented beyond the IT service – there is a lot here that focuses on IT as a delivery mechanism. Could this be the audit tool that drags senior institutional managers towards Dearing’s type 42 manager? Should this really be our real focus for getting senior management engaged?

A growing shared service

There were a number of pre-conference sessions ahead of UCISA’s Advisory and Support Staff Symposium. The first detailed the out of hours support service operated out of the North-West regional network NorMAN. This was one of the initial feasibility studies funded by HEFCE as part of their Shared Services programme and is a good example of how bottom up initiatives can grow and become realistic shared services. They now have 21 institutions signed up from a starting point of the original five NorMAN universities. A good number of problems are solved by the helpdesk although the proportion addressed by the service (compared with those referred back) varies both between institutions and from month to month. Obviously it is not possible to solve all problems – for example if the network is down in the home institution then there is little the service can do other than advise the institution concerned – but in some cases the number of problems solved is close to 80%. Students can access the service in a number of ways – telephone remains the most popular by far although the service can also be accessed by email and text (SMS). Chat is also used to communicate with students and this has proved particularly useful where the student’s first language is not English. There is generally a good level of satisfaction with the service (over 75% of respondents to a survey) and the service continues to grow, with a further expansion of another 9 institutions planned by mid 2010. So overall a success story – a service delivering an enhanced service to students in a cost effective way.

An unwanted first follower

I have finally set up my Twitter account. I’ve done this partly to see what all the fuss is about and partly because UCISA is running a conference over the next two days and we’re going to use Twitter to blog the event. Having set up my account, I then started to look for a couple of friends to ‘follow’ (ie see what they are up to) to get started. On returning to my home page I found that, in addition to the four accounts I had chosen to follow initially, I already had a follower. Naturally I assumed that someone was doing much the same as I was and had found me by entering my name into the search mechanism within Twitter. I’d be surprised if this was the case. The follower concerned merely had one entry which was advertising her site. You didn’t have to go to the site to find out what it was about – the Twitter entry was quite explicit (as presumably the site is too!).

So I suspect that Twitter has a problem – either someone has infiltrated their software so that as soon as a new account is created the suspect account is added as a follower, or perhaps there is some sort of web crawler that searches for new Twitter pages and immediately does the same. It isn’t a problem for me – I accept that this is a fact of internet life, however unpalatable it may be. For others though it will be a problem and will cause offence. Ideally we wouldn’t have to put up with this sort of intrusion. In practice though, it is nigh on impossible to prevent.

Immigration database progress

As the implementation of the new points based immigration database progresses, the meetings of the IT working group are now more frequent. I’ve missed the last two so it was encouraging to see that progress has been made and the prototype sponsor management system continues to develop. There are always questions as institutional representatives consider how the system will operate in practice and where it is not clear how the developers have interpreted requests from the earlier meetings. This meeting was no different (and in the higher education sector there are always exceptions that break the rules) but the questions were more focused than they have been in the past when the group was still trying to understand the process.

There remain some concerns – such as the use of free format text fields for the level of the course – but these may be addressed by clearer guidance from UKBA as to what to enter. The guidance needs to be two way – it needs to go to the institutions and software suppliers to determine what is appropriate to be entered/transferred, and it needs to go to the overseas visa offices to ensure that the definitions are understood and the rules applied consistently.

The UKBA staff are about to head off on a series of regional roadshows to promulgate details about the PBS system and the processes around it. This is likely to raise more questions from those who have not been directly involved in the discussions to date. What I hope it will do is promote thought amongst the attendees about how they are going to amend their own processes to ensure controlled use of the system and generation of CAS number, to feedback data from the sponsor management system into student records systems and to manage updates to the SMS about students who withdraw, fail to progress, etc. The process changes may prove to be a bigger challenge that the technology.

State control or not?

This is my final wrapping up blog from the EUNIS conference. In terms of content the programme was the best I’ve experienced at a EUNIS conference with quite a few innovative ideas and a few things that, quite frankly, we should be doing in the UK. There are of course differences in the way HE is managed in different countries – in the UK the institutions are independent which can be both a blessing and a hindrance. One area where I think it is a hindrance is with regard to IT governance – the Spanish are, in my view leading the way in Europe, adopting a toolkit for IT governance across all universities in the country. This should lead to a much better integration of business aims into the institutional IT strategy and planning. The fact that this has appeared as one of the UCISA top concerns in recent surveys suggests that it is an area that is not mature in the UK.

The lack of state control may also legislate against the sort of operation that has evolved in Italy. There a database has been developed that can both provide CVs to companies looking to employ graduates and provide many of the statistics that both the state and institutions require. The system is being extended to providing better information to school leavers to try to ensure that they make better choices about their university courses. This should reduce the drop out rate. The other benefit is that the same feedback questions are being asked of school students, university students and graduates moving into their working life which has the potential to give strong statistical data for a succession of cohorts and to provide evidence that the systems are delivering. The two initiatives had some of the elements of the MIAP programme in the UK, combined with the function that HESA provides. The difference in the UK is that the HESA functionality is already established – the MIAP component (where there is greater benefit to the learner rather than the institution) has to be sold well to a sceptical audience.

That said, one benefit is the independence of institutions in the sector. This allows the UK provision to be far more varied than some of our European counterparts, with institutions largely free to choose their own mission. The consequence is that institutions have established their own identity, are used to competing with each other and as a result, are probably better equipped to compete in the international market.

To conclude, there was an interesting comment from one delegate about the impacts of the Bologna process. In the UK Bologna has hardly been on the radar but there has been rather more activity recently as 2010 – the date by which all countries who have signed up to the agreement are meant to comply to the requirements of the agreement – draws closer. The comment was ‘if you talk to our university executive they will tell you that they have implemented Bologna and it is a success. If you talk to our students, they will tell you that it is a disaster’. The UK higher education sector has a strong market brand – it will be necessary to ensure that any changes to policies as a result of moving towards Bologna implementation strengthen our position rather than weaken it. The student experience is key.

IT Governance developments in Spain

There were a couple of interesting presentations covering aspects of IT governance in Spanish universities. The Spanish equivalent of Universities UK, CRUE, have sponsored the development of an IT Governance toolkit based on the ISO standard 38500 and the toolkit developed by the University of Strathclyde on behalf of the JISC. The toolkit links the ISO principles with seventeen IT goals each of which is measured from the perspective of the maturity of the service in meeting those goals, backed up by both qualitative and quantitative measures. The toolkit is being piloted in a number of institutions and is expected to roll out to all Spanish universities within a couple of years. This contrasts with the UK experience where the JISC toolkit, after being piloted was not adopted by the Funding Councils. Consequently take up has not been great and IT governance remains a concern for IT Directors in the UK.
One impact of poor governance is poor communications about IT projects with the result that there is often a poor perception of the IT department. “Always late”, “expensive” and “failing to deliver” are common comments about a services department that doesn’t communicate about their work. One institution has taken the novel step to address this issue of developing an online resource to track and record decisions made relating to projects, to highlight the projects’ alignment with the institutional strategy and to improve communications about projects within the institution. The resource has had a positive effect with the institution’s senior executives now having a better understanding of the links between the projects and the institution’s strategy and the impact of their decisions on project progress. The online resource was developed to address a local issue but it may be rolled out as part of the overall governance toolkit being developed by CRUE. Without good communications it is easy to blame the IT department when something goes wrong. With a resource that highlights and communicates the reasons behind decisions, it is harder for such a blame culture to be established and should, with greater understanding by the senior management in an institution, result in better IT governance.

A new role for UK AMF?

A later presentation on the first day gave details of the STORK project to deliver interoperability of personal electronic identities throughout the EU. The project is moving towards the pilot stage and is considering two modes of operation – either developing middleware to integrate between the various national identity systems or adopting a federated approach.
One of the pilots relates to student mobility and data. The basic aim of this pilot is to enable students to register at one institution using attributes from their home country and to also allow the student to authorise the transfer of data from their home institution. The pilot is likely to use a SAML based approach with institutions being service and/or authentication providers. There is a commitment to link in with whatever technology or system an EU member state has adopted. Since the UK Access Management Federation already exists and has the potential to allow access to authenticated data for the student population, is there the opportunity for UK AMF to take advantage of the delay in the Identity Card project in the UK and take the lead in providing access management for all nationals in the UK?

Research infrastructure – European progress

The first presentation at EUNIS this year gave an oversight of the EU funded activities on research e-infrastructure. The EU is looking to promote the interoperability of research data and build an underlying infrastructure that facilitates collaboration both between institutions and between disciplines and provides a resilient platform to European researchers to use. There is a significant investment planned in this area – hundreds of millions of euros. However there is recognition that, although there are some technical issues that need addressing, the greater difficulties are addressing strategic and policy differences, financing services and governance of shared resources. The difference in intellectual property requirements of the member states is also an issue.

Some of these issues have been picked up by the UK Research Data Service project – there the challenges are recognised as being more cultural than technical. It is acknowledged that there will need to be incentives to encourage the publication of research data in a usable format. Introducing the desire to make data available across disciplines adds further complications. There will be a need to ensure that there is consistency in the use and definition of metadata to tag research information and the cultural differences between different disciplines will need to be addressed.

There is also a concern that the Grid resources provided will not be utilised to the full. The statistics presented did not suggest a high level of usage; the last figures I saw for the UK Grid suggested it was being used by a minority of institutions and a small subset of academics within those institutions. It was suggested that one reason for this was the need for specialist programming skills to use the grid and recognised that it needed to become more intuitive to increase usage.

The projects within the EU’s Framework 7, if successful, will go some way to making the infrastructure and the data within it more accessible. There is collaboration across EU states within disciplines but the main challenges will be the cultural, strategic and governance issues. The one technical concern that was only really mentioned in passing was the need to manage access. I believe that implementation of federated access management varies across Europe but hope to get a more detailed picture during the course of the week.

AIM – a transatlantic perspective

Part of the discussion over dinner tonight with other members of the Educause 2010 Programme Committee was on access and identity management. There are challenges making the business case for moving to federated access here in the States, partly because there is no real incentive for the publishers to “Shibbolize” their offerings and partly because many institutions are content to use IP authentication as the way of restricting access to resources. The lack of adoption of federated access by publishers suggests that they accept that a certain amount of unlicensed use of their resources will take place. The lack of movement by institutions suggests that there are currently no additional services which require federated access.

In the UK we have the Access Management Federation but I don’t believe that implementation of federated access is as advanced as the number of members of the Federation might suggest. This is perhaps borne out by Access/Identity management featuring as a UCISA top concern a couple of years ago but only featuring as a rising concern now. This suggests that institutions have implemented temporary solutions to see them through the next few years whilst they look to address their identity management issues ahead of moving to a federated access solution that encompasses both internal and external resources. It may be that access to external resources delivered by managed services or in the cloud provide the real driver to the move to federated access. With more and more resources provided in an increasing number of ways, the increasing cost of maintaining a single sign-on solution may mean the business case is easier to make.

Points based immigration – spreading the word

Last week UCISA ran a couple of seminars on the points based immigration system. The seminars were well attended by a mixture of admissions, registry and IT staff from higher education institutions as well as a number of representatives from suppliers. The seminars presented an opportunity to ask questions of UKBA staff as well as highlighting how the new system will work.

The key points from the meeting to be emphasised are:

• There is no expectation from UKBA for additional monitoring to be put in place to satisfy the requirements for checking that international students do not miss ten consecutive ‘expected contacts’. What an HEI should have is a policy that defines how it will identify (any) students who have ceased studying (for whatever reason).
• The mechanism for the transfer of data between the sponsor management system (SMS) and institutional student records systems is that a file is extracted from one system then uploaded into the other. It will be necessary to log into the SMS in order to extract or upload data as appropriate. Consequently each HEI will need robust processes to ensure the correct records are uploaded into the SMS, when to assign confirmation of acceptance for studies (CAS) numbers, to check on the status (and upload it) of the assigned CAS numbers and how to handle applicant withdrawals.
• UUK continue to lobby for a separate CAS status to indicate a successful visa application. Currently the status is Used whether or not the application has been successful.
• UUK continue to lobby for a different payment regime, citing the way the Criminal Records Bureau invoice for searches.

Overall I felt the seminars were a success. The UKBA staff who attended were open and honest with their answers and contributed fully to the day. The slides are up on the UCISA website and we are currently writing up the question and answer session as these will address many of the issues that HEIs will have. There is still much work to be done regarding both the implementation and communications about it but hopefully those that attended the sessions will have a clearer understanding of the direction of travel.