This Guide Memo describes the policy that governs the Administrative Computing Systems at Stanford University and identifies Administrative Computing System ownership, development and management responsibilities. This policy applies to all computerized systems involved with the creation, updating, processing, outputting, distribution, and other uses of administrative information at Stanford.
Every Administrative Computing System at Stanford University must have a designated Business Owner who ensures that the system meets the business needs of the University and is appropriately available, secure and sustainable.
The purpose of this policy is to establish system ownership responsibility and to ensure that each system meets its functional requirements, is appropriately documented, is secure and controlled, has been adequately tested, and is maintainable.
The specifications in this policy are independent of system architecture and delivery platforms—i.e., it makes no difference whether an application resides in mainframe, web, client/server, peer-to-peer, or other present or future environments. This policy applies to applications developed at Stanford, acquired from external vendors, built from open-source components, as well as those extended from existing or purchased applications, whether the systems are developed in central offices, in schools or in departments. This policy applies to all administrative applications that deal with financial, administrative, or other information that is an integral part of running the business of the University.
The standards in this policy specifically apply to the Business Owner of any Administrative Computing System at Stanford University and to all persons who develop, implement, maintain or use any University Administrative Computing System.
Administrative Computing System
Any computing system that directly or indirectly deals with or supports financial, administrative, or other information that is an integral part of running the business of the University.
Business Owner
The Business Owner of an Administrative Computing System is usually the owner of the primary business functions served by the system, the system's largest stakeholder. When the system serves several different functional business areas of the University, the Vice President of Business Affairs and Chief Financial Officer will designate the Business Owner.
Data Owner
The Dean, Director or Department Head of the administrative department having primary responsibility for creation and maintenance of the data content in an Administrative Computing System. In some cases, a single Administrative Computing System may have multiple Data Owners.
System Administrator
Manages the day-to-day operation of the computer system(s) within an organization that supports the Administrative Computing System. These support functions may include any or all of the following functions: database management, software distribution and upgrading, user profile management, version control, backup & recovery, system security and performance and capacity planning.
System Developer
A person who designs and writes software. The term generally refers to designers and programmers in the commercial software field. However, it may also refer to professionals developing internal business applications within an enterprise. With increasing complexity of technology, and organizations' desire for complete solutions to information problems, requiring hardware, software and networking expertise in a multi-vendor environment, System Developers are integral to the implementation of Administrative Computing Systems.
System Integrator
A person who takes responsibility for delivering a system solution which will solve a business problem. Systems Integrators are individuals or organizations that build systems froma variety of diverse components. With increasing complexity of technology, and organizations' desire for complete solutions to information problems, requiring hardware, software and networking expertise in a multi-vendor environment, Systems Integrators are often key in the implementation of Administrative Computing Systems.
System User
Any individual who interacts with the computer at an application level. Programmers, System Administrators and other technical personnel are not considered System Users when working in a professional capacity on the Administrative Computer System.
a. Business Owner
(1) General
A Business Owner who does not use the services of Administrative Systems for design, development, integration or maintenance of an Administrative Computing System must assume Business Owner, System Developer, System Integrator and System Administrator responsibilities.
(2) Development Phase
(3) Production Phase
b. Data Owner
c. System Developer
d. System Integrator
e. System Administrator
System Administrators of distributed computing systems, remote network servers, or small stand alone systems may in fact perform the roles, and have the responsibilities of, Business Owner, Data Owner, System Developer, System User and System Administrators in succession, and on an ongoing basis.
f. System User
a. Computer and Network Usage
Guide Memo 6.2.1: Computer and Network Usage
b. Information Security
Guide Memo 6.3.1: Information Security
c. Information Security Incident Response
Guide Memo 6.6.1: Information Security Incident Response
d. Specific security guidelines, procedures, standards, and practices
Information Security Office website, Secure Computing section.