IT Services Guidelines and Directives

The following guidelines and directives help IT Services implement the appropriate Board Policies and Administrative Procedures of Ohlone Community College District as it pertain to information systems, information security, instructional technology, information and communications technology accessibility, and technology infrastructure.

Guidelines and Directives


2020-2021 Classroom Technology Standards

The following standards constitute instructional technology in classrooms, offices, and conference/meeting rooms at Ohlone College. These standards reflect the technology for the new academic core buildings. These standards serve as the foundation for any renovation or new construction that will include instructional technology.

General Classrooms and Lab Standards

  • Epson PowerLite L615U 6000 Lumens Laser Projector - Black
  • Chief Suspended Kits Series CMS492 - mounting component
  • Chief RPA Elite Universal RPMBUW - ceiling mount
  • Chief CPA640W Decorative Tile Ring - mounting component
  • Da-Lite Model C with CSR Wide Format - projection screen -130 in
  • Da-Lite Number 6 Wall Brackets
  • Valcom 25/70-volt 8 inch Clarity Ceiling Speaker 4
  • Airtame 2 Wireless HDMI Adapter
  • Extron Faceplate MLC 62 RS D, IR & RS-232 Control
  • Extron DTP transmitter, HDMI decora wall plate 230
  • Extron Extender DTP HDMI 4K 230
  • Extron Extron XPA 1002 Amplifier
  • Ultra flexible high speed HDMI cable 6FT -2
  • Ultra flexible high speed HDMI cable 12FT -1
  • VoIP Phone
  • Data Ports required 3

Conference Room Standards

  • Sharp LE701 70” Class (69.5” viewable) LED TV
  • Airtame 2 Wireless HDMI Adapter
  • Chief PAC526 – Storage Box
  • Chief Large Fusion LTA1U – Wall Mount
  • Extron 6' ultra flexible high speed HDMI Cable
  • Extron 12' ultra flexible high speed HDMI Cable
  • Extron 12' VGA Micro HR with audio cable
  • Extron Faceplate MLC 62 RS D, IR & RS-232 Control
  • Extron DTP transmitter, HDMI decora wall plate 230'
  • Extron Extender DTP HDMI 4K 230
  • JBL Bar Studio 2.0 Channel Sound bar with Bluetooth
  • VoIP Phone
  • Data Ports required 3

Special Offices Standards

  • Sharp LE701 70” Class (69.5” viewable) LED TV
  • Airtame 2 Wireless HDMI Adapter
  • Chief PAC526 – Storage Box
  • Chief Large Fusion LTA1U – Wall Mount
  • Extron 6' ultra flexible high speed HDMI Cable
  • Extron 12' ultra flexible high speed HDMI Cable
  • Extron 12' VGA Micro HR with audio cable
  • Extron Faceplate MLC 62 RS D, IR & RS-232 Control
  • Extron DTP transmitter, HDMI decora wall plate 230'
  • Extron Extender DTP HDMI 4K 230
  • JBL Bar Studio 2.0 Channel Sound bar with Bluetooth
  • VoIP Phone
  • Data Ports required 3

Updated May 2020.

Back To Top of Page


2021-2022 Computer Standards

As endorsed by the Technology Committee in its May 2021 meeting, the following are the computing standards at Ohlone College. Replacements are evaluated and prioritized annually based on need and availability of funding.

Type Processor Memory Hard Drive Display Size
Laptop - Level 1 Core i7 8 GB 512 GB SSD 14.0"
Laptop - Level 2 Core i7 16 GB 512 TB SSD 15.6"
Laptop - Surface Pro Core i7 8 GB 256 GB SSD 12.3"
MacBook Air  M1 8 Core 8 GB 512 GB SSD 13"
MacBook Pro M1 8 Core 16 GB 512 GB SSD 13"
Desktop Core i7 8 GB 512 GB SSD 23" monitor

Other Considerations

  • Replacement computers for faculty shall be either a laptop or MacBook.
  • Replacement computers for staff shall be laptops. The variant depends on the software used in discharging their duties and responsibilities.
  • Exceptions may apply depending on the need as described in the position description. This must be endorsed by the respective division dean or director and the Director, Technology Support and Services, and approved by the Vice President of Administrative and Technology Services.
  • Some staff may have dual monitors depended on need. This will be determined by the Director of Technology Support and Services.
  • In requesting different equipment for the purpose of accommodation, the request will be coursed through Human Resources and Training.

Archive of Previous Computer Standards

Updated August 2021.

Back To Top of Page


Information Technology Incident Response Guideline

In accordance with industry best practices and to comply with numerous regulations, Ohlone College adopted board policies (BP 3720, BP 3721, BP 5040) administrative procedures (AP 3720, AP 5040), and guidelines in order to protect the confidentiality, integrity and availability (CIA) of critical data and technology resources. This Information Security Incident Response Guideline is one such document intended to prepare Ohlone College to address information security incidents. Regular testing and refinement of this document will help Ohlone College prepare for adverse security incidents and to manage and minimize risk.

It is anticipated that as new technologies and new requirements are introduced this document will be updated and reviewed annually.  This function will be performed by members of the security team at the direction of the Associate Vice President of IT Services or designee.

Incident Response Overview

There are many different security incidents that can occur with assorted severity levels and not all incidents will require focus on each step.  However, it is important to be prepared and understand that typically different phases exist in responding to an incident, and the goals and objectives of each phase.  The different phases of a security incident response plan at Ohlone College are as follows:

  • Prepare
  • Identify
  • Contain
  • Eradicate
  • Recover
  • Review


In preparing for security incidents several items need to be addressed.

  • Incident handling team include campus security officers, systems administrators, system analysts and human resources personnel
  • End users and analysts to be trained at an appropriate level. Login banner and warning messages will be posted.  
  • Backups will be taken and tested.


Awareness that a security incident has occurred can originate from different sources such as technical staff, faculty, other staff, and students.

Best practices suggest to declare that an incident has occurred when the information security officers’ sense that an adverse risk to the company exists and then assemble the team and implement the plan.  It is also suggested to early on have multiple people involved, to save all key system files or records such as log files and start detailed documentation as soon as possible.

Appropriate department and division heads must be involved in many security incidents to determine the goals in handling a particular incident, such as immediate business recovery or forensic examination.


Following basic procedures can contain many incidents.  Specific procedures will frequently depend on the nature of the incident, as well as the direction of the business owner.  Remember that a compromised machine might not present valid data! Basic steps to consider include:

  • Obtain and analyze as much system information as possible including key files and possibly a backup of the compromised machine for later forensic analysis.  
  • Powering off a machine might lose data and evidence.  Preferably disconnecting the LAN cable facilitates containment and forensic activity. (Putting the computer on a separate network with a network analyzer might help analyzing network activity).
  • If one machine has been exploited others may be vulnerable.  Actions that need to be taken on a large scale may include:    
    • Download security patches from vendors.
    • Update antivirus signatures.
    • Close firewall ports.
    • Disable compromised accounts.
    • Run vulnerability analyzers to see where other vulnerable hosts are located.
    • Change passwords as appropriate.


To eradicate the problem specific procedures will frequently depend on the nature of the incident as well as the direction of the business owner.  Key considerations include:  

  • Boot CDs should be used to access data on compromised machines.  (Rootkits installed on compromised machines might affect basic system level utilities and discourage use of a compromised host)
  • If machines OS has been compromised it needs to be rebuilt using hardened machines on appropriate platforms
  • Test any backups prior to restore and monitor for a new incident.
  • Document everything.


The recovery phase’s goal is to return safely to production. Once again specific actions might depend on the nature of the incident as well as the direction of the business owner.  Key considerations include:  

  • Retest the system preferably with a variety of end users.
  • Consider timing of the return to production.
  • Discuss customer notification and their concerns
  • Discuss media handling issues
  • Continue to monitor for security incidents


This phase is to allow Ohlone College to better handle future information security incidents.  A final report should be written describing the incident and how it was handled using the Incident reporting form.  Suggestions for handling future incidents and reworking this document should be included in this report.

High Level Incident Response Process

IS Response Flowchart

Updated January 2019.

Back To Top of Page


Disaster Recovery Preparedness

Due to the uncertainty regarding the magnitude of any potential disaster on the district campuses, this will address the recovery of systems under the direct control of Information Technology Services, which are deemed critical for business continuity. This includes the following major areas:

  • ERP System (Student, Financial Aid, Finance, HR/Payroll)
  • Communication Systems (Electronic Mail, Telecommunications)
  • Data Networks and Telecommunications (networks, servers, infrastructure)

This covers all phases of any IT related disaster occurring at Ohlone College. These phases include:

  • Incident Response
  • Assessment and Disaster Declaration
  • Incident Planning and Recovery
  • Post incident Review

Web Services, Domain Naming Services (DNS), and critical authentication services have been extended to the Cloud.
These Cloud-based services provide redundancy to our on-premises authentication services allowing authentication to various systems and applications.

All critical servers (system state and data) are backed up and archived to the Cloud securely.

Back To Top of Page


Server Patching Schedule

Patches are applied to all non critical and test environments to ensure successful patch installation and testing. Critical systems patches are applied within a one to two week period following the patching schedule.

2021 Patching Schedule

Approved – November 5, 2020, Revised May 6, 2021

  1. January 2, 2021
  2. March 20, 2021
  3. June 5, 2021
  4. September 18, 2021
  5. January 1, 2022

Updated November 12, 2020.

Back To Top of Page


Computer Replacements

The Ohlone College computer replacement cycle for academic areas such as computer labs, staff, and faculty are as follows:

Laptops     3 - 4 years

Desktops   4 - 5 years

Replacements are evaluated and prioritized annually based on need and availability of funding.

Academic Year Academic Lab Equipment Faculty Equipment Administrative Staff Equipment
2014 to 2015 77 7 4
2015 to 2016 46 47 65
2016 to 2017 167 43 21
2017 to 2018 185 41 65


Updated December 2018.

Back To Top of Page


Software Inventory

The tables summarize software currently used in various college environments. Instructional software reflects software installed in lab environments to support academic divisions. Software designated as office productivity provides base support for office functions for academic areas and administrative support services. Software with the communications designation provides various functionality including campus alerts, tracking of tutoring programs, and instructor remote control of lab environments. Software licensing is maintained on an institution or site level, server based licensing or individual machine level. To request software please contact the IT Service Desk and submit a ticket.

Jump To: Instructional Software | Office productivity software | Communications Software

Instructional Software

Software Vendor
Adobe Site License (various products) Adobe
Substance Painter Designer Allegorithmic
ArcGIS  ArcGis
Autodesk Suites Autodesk
Media Composer AVID
Camtasia TechSmith
Deep Freeze Faronics
ESP Vision Vectorworks
HOG PC Flying Pig Software
Kurzweil Kurzweil
Labsoft Labsoft
Logger Pro Vernier
Mathematica Wolfram
MatLab Mathworks
MultiSim National Instruments
Odyssey WaveFunction
Pixologic Zbrush
Sketchup Sketchup
Solidworks Solidworks
Spartan WaveFunction
ToonBoom ToonBoom
Unity 3D Inity Technolgies
Vectorworks Vectorworks
LoggerPro Vernier
Visual Studio Microsoft
Logger Pro Vernier
Edius Grass Valley
Avid Media Composer Avid Technology
Qseries AutoCue Group

Back To Top of Section

Office Productivity Software

Software Vendor
Accudemia Engineerica
MS Office Microsoft
CI Badge CI solutions
Daktronics Marquee Daktronics
EMS  EMS Software
FileMaker FileMaker
Genetec Security Center Genetec
Global Protect Palo Alto Networks
Perceptive Hyland
SARS SARS Software
SchoolDude Dude Solutions

Back To Top of Section

Communications Software

Software Vendor
Accudemia Engineerica Systems
Accuplacer College Board
Alertus Alertus Technologies
Dragon Speaking Naturally Nuance
Ultimate Vocabulary Vocab1
Ultimate Spelling Vocab1
Insight Faronics
Rave  Rave Mobile Safety
NetOp NetOp
ZoomText Zoomtext

Back To Top of Section

Updated March 2019.

Back To Top of Page


Authentication Management Guidelines

In order to ensure the integrity of the District’s information systems, the District will require students, faculty, administrators, staff and other non-Ohlone District entities to be provided with a dedicated username and password. This will allow the District to associate each assigned user’s credential with their access, roles, and responsibilities.

  • To the extent possible, authentication to all systems shall be from an integrated single source managed and operated institutionally.
  • To the extent possible, each system shall require a user to accept the terms and conditions on the use of the District’s information and technology resources before log on.
  • To the extent possible, administrative access to critical systems will require the use of multi-factor authentication.

Back To Top of Page


Change Management Guidelines

Managing changes, within information technology systems, is essential in order to ensure minimal disruption within the production environment, minimize effects to students and employees, and provide effective communication regarding service interruptions. Change management provide the guidelines for managing and tracking changes, as well as a mechanism to restore systems in the event of an unsuccessful change.

  • All changes to the production environment shall be required to have a change management form filled out by the appropriate IT Services staff member who will coordinate and implement the change.
  • Should a third-party consultant be engaged to implement changes on the production environment, the IT Services staff member who is responsible for the service, application, system, or infrastructure will submit the change request.
  • To the extent possible, changes in configurations, codes, security permissions, and the like must be done in a test or development environment prior to implementing changes in the production environment.
  • Changes to systems that involve disruption to students and employees require a minimum of one week notice. The Director of Information Systems or the Director of Technology Services shall be responsible to communicate the changes to students and employees, when appropriate, unless there is an urgency issue due to production systems being down, information security, physical security, and compliance, the one week notice is required.
  • The Director of Technology Services, Director of Information Systems, and Associate Vice President of Information Technology Services need to approve the change before the change is implemented.

Back To Top of Page


Voluntary Product Accessibility Template (VPAT) Review for Accessibility of Information and Communication Technology Tools (Equipment and Software)

The purpose of reviewing the adoption of preferred information and communication technology tools (hardware and software) for use at Ohlone College are to comply with state and federal laws and to achieve the College’s value of equity. Note: This process does not replace or is part of the department’s normal procedures of identifying, exploring, vetting, and other discussions with the vendor(s). VPAT is a process or review of the technology tool for accessibility only.


  1. Government Code Sections 7405 and 11135
  2. Title 5 Sections 59300 et seq.
  3. Section 508 of the Rehabilitation Act of 1973 (29 U.S. Code Section 794d)
  4. 36 Code of Federal Regulations Parts 1194.1 et seq.
  5. Web Content Accessibility Guidelines


  1. The requesting department works with the vendor to complete the VPAT form.
  2. Vendor submits the VPAT form for District’s assessment.
  3. Vendor and SAS evaluate the software using various accommodation tools. If applicable, the Director of Student Accessibility Services determines steps that would require accommodations for non-accessible sections.
  4. Vice President, Administrative and IT Services calls a meeting for VPAT validation with the following:
    • Vice President, Administrative and IT Services
    • Vice President, Human Resources and Training
    • Executive Director, Information Technology Services
    • Director, Purchasing
    • Director, Student Accessibility Services
    • District ICT Accessibility Specialist
    • Requesting Department Head
    • Instructional Designer
  5. Vice President of Administrative and Technology Services or designee will send an email to the group that the tool meet minimum compliance requirements to be used by the College. The Purchasing department will include this as part of the procurement documentation.
  6. Appropriate purchasing procedures follows.

This process for verifying accessibility of information and communications technology tools applies to all new tools adopted by the College for both instructional and administrative use.

Approved VPAT’s:

Software/Hardware Approval Date
Comevo 02/23/2017
Symplicity 09/20/2017
ParkingPlus 06/11/2019
Nuventive 06/12/2019
Precision Campus 06/18/2019
Typhon Group 10/23/2019
Marching Order 12/13/2019
Handshake 02/05/2020
Gradescope 04/13/2020
CampusLogic Student Forms 04/27/2020
Nextgen - Dynamic Forms 04/27/2020
Edfinity 06/30/2020
Exxat 07/06/2020
GoReact 07/22/2020
TutorMe 08/25/2020
Tooling U-SME 10/27/2020
Proctorio - Secure Exam Proctor Extension 11/02/2020
Watermark -  EvaluationKit 12/21/2020
Pivot Interactives 01/15/2021
Hypothesis 05/25/2021
Labster 05/25/2021
ISLE 07/01/2021
LRNR 07/19/2021
Camtasia 08/27/2021
Alexander Street 09/23/2021
Proquest 10/12/2021
EBSCOhost Research 10/19/21
EBSCO eBooks 10/19/21

Back To Top of Page