...
Campus | Resource Estimate | Notes |
---|---|---|
LBNL | $64,000 |
|
UCB | $166,000 |
|
UCD |
| Pending |
UCI | $80,000 | Plus cost for two-factor |
UCLA | $359,800 | Includes students |
UCM |
| Pending |
UCOP | $47,000 | Plus $14,000 annual |
UCSB | $0 | New system design includes InCommon Silver, no new resources |
UCSC | $51,000 - $ 160,000 | Range from optimistic to pessimistic |
UCSD | $304,000 - $470,000 |
|
UCSF | $200,000 |
|
UCR | $96,000 |
|
Recommendations
Next Steps
- Continue with plan to use InCommon Silver rather than UC Trust audit framework (continue "waiving" Waive UC Trust Basic audit requirement for minimum one more year
- Await revised certification plan and guidelines due from InCommon in the next couple months
- Review this revised plan at each campus and finalize resource requirements
- ITLC as a group and at each campus will need to make determination on resource assignment and priority.
- All campuses should begin the process of documenting current practices using the InCommon Silver framework.
- Begin work to establish an audit framework that will make InCommon Silver audits as efficient as possible. The UC Trust workgroup recommended a multi-campus audit team be formed, with representation from internal audit Create audit team comprised of representatives from 3-5 campuses (. Karl Heins has volunteered to chair provide leadership and guidance to this group).
Proposed ITLC Action Items
- Review InCommon Silver certification plans with your IAM lead and work with local campus constituents on resourcing the proposed implementation plans.
- Work with UC Trust workgroup leadership to draft request to UC audit services to form a multi-campus review team.
- Identify three campuses to begin audit process sometime before June 2012 (UC Trust workgroup agreed we should use the InCommon Silver audit framework even if we thought an audit might fail in the first round, given that the assurance framework is still new and no campus has yet tested it. We need an actual review to help tease out compliance issues).
- Set timelines for putting together audit team beginning January 2012 and conducting first 1-3 audits beginning March 2012