IT Services Guidelines and Directives

The following guidelines and directives help IT Services implement the appropriate Board Policies and Administrative Procedures of Ohlone Community College District as it pertain to information systems, information security, instructional technology, information and communications technology accessibility, and technology infrastructure.

Guidelines and Directives

 


2019-2020 Classroom Technology Standards

The following standards constitute instructional technology in classrooms, offices, and conference/meeting rooms at Ohlone College. These standards reflect the technology for the new academic core buildings. These standards serve as the foundation for any renovation or new construction that will include instructional technology.

General Classrooms and Lab Standards

  • Epson PowerLite L615U 6000 Lumens Laser Projector - Black
  • Chief Suspended Kits Series CMS492 - mounting component
  • Chief RPA Elite Universal RPMBUW - ceiling mount
  • Chief CPA640W Decorative Tile Ring - mounting component
  • Da-Lite Model C with CSR Wide Format - projection screen -130 in
  • Da-Lite Number 6 Wall Brackets
  • Valcom 25/70-volt 8 inch Clarity Ceiling Speaker 4
  • Airtame 2 Wireless HDMI Adapter
  • Extron Faceplate MLC 62 RS D, IR & RS-232 Control
  • Extron DTP transmitter, HDMI decora wall plate 230'
  • Extron Extender DTP HDMI 4K 230
  • Extron Extron XPA 1002 Amplifier
  • Ultra flexible high speed HDMI cable 6FT -2
  • Ultra flexible high speed HDMI cable 12FT -1
  • VGA MICRO HR WITH AUDIO CABLE, MALE TO MALE 12 FT -1
  • VoIP Phone
  • Data Ports required 3

Conference Room Standards

  • Sharp LE701 70” Class (69.5” viewable) LED TV
  • Airtame 2 Wireless HDMI Adapter
  • Chief PAC526 – Storage Box
  • Chief Large Fusion LTA1U – Wall Mount
  • Extron 6' ultra flexible high speed HDMI Cable
  • Extron 12' ultra flexible high speed HDMI Cable
  • Extron 12' VGA Micro HR with audio cable
  • Extron Faceplate MLC 62 RS D, IR & RS-232 Control
  • Extron DTP transmitter, HDMI decora wall plate 230'
  • Extron Extender DTP HDMI 4K 230
  • JBL Bar Studio 2.0 Channel Sound bar with Bluetooth
  • VoIP Phone
  • Data Ports required 3

Special Offices Standards

  • Sharp LE701 70” Class (69.5” viewable) LED TV
  • Airtame 2 Wireless HDMI Adapter
  • Chief PAC526 – Storage Box
  • Chief Large Fusion LTA1U – Wall Mount
  • Extron 6' ultra flexible high speed HDMI Cable
  • Extron 12' ultra flexible high speed HDMI Cable
  • Extron 12' VGA Micro HR with audio cable
  • Extron Faceplate MLC 62 RS D, IR & RS-232 Control
  • Extron DTP transmitter, HDMI decora wall plate 230'
  • Extron Extender DTP HDMI 4K 230
  • JBL Bar Studio 2.0 Channel Sound bar with Bluetooth
  • VoIP Phone
  • Data Ports required 3

Updated October 2019.

Back To Top of Page

 


2019-2020 Computer Standards

As endorsed by the Technology Committee in its May 2019 meeting, the following are the computing standards at Ohlone College. Replacements are evaluated and prioritized annually based on need and availability of funding.

Computer Standards 2019-2020
Type Processor Memory Hard Drive Display Size
Laptop - Level 1 Core i7 8 GB 512 GB SSD 14.0"
Laptop - Level 2 Core i7 16 GB 512 TB SSD 15.6"
Laptop - Surface Pro Core i7 8 GB 256 GB SSD 12.3"
Laptop - Dell 5520 Core i7 16 GB 512 GB SSD 12.3"
MacBook Air Core i7 8 GB 512 GB SSD 13"
MacBook Pro Core i7 16 GB 512 GB SSD 13"
Desktop Core i7 8 GB 512 GB SSD 23" monitor
iMac Core i7 8 GB 512 GB SSD 21.5"

Other Considerations

  • Replacement computers for faculty shall be a mobile device.
  • By default, staff computers are desktops. Alternative considered based upon responsibilities and duties.
  • Exceptions may apply depending on the need as described in the position description. This must be endorsed by the respective division dean or director and approved by the Director, Technology Services.
  • In requesting different equipment for the purpose of accommodation, the request will be routed through Human Resources and Training.

Archive of Previous Computer Standards

Updated May 2019.

Back To Top of Page

 


Information Technology Incident Response Guideline

In accordance with industry best practices and to comply with numerous regulations, Ohlone College adopted board policies (BP 3720, BP 3721, BP 5040) administrative procedures (AP 3720, AP 5040), and guidelines in order to protect the confidentiality, integrity and availability (CIA) of critical data and technology resources. This Information Security Incident Response Guideline is one such document intended to prepare Ohlone College to address information security incidents. Regular testing and refinement of this document will help Ohlone College prepare for adverse security incidents and to manage and minimize risk.

It is anticipated that as new technologies and new requirements are introduced this document will be updated and reviewed annually.  This function will be performed by members of the security team at the direction of the Associate Vice President of IT Services or designee.

Incident Response Overview

There are many different security incidents that can occur with assorted severity levels and not all incidents will require focus on each step.  However, it is important to be prepared and understand that typically different phases exist in responding to an incident, and the goals and objectives of each phase.  The different phases of a security incident response plan at Ohlone College are as follows:

  • Prepare
  • Identify
  • Contain
  • Eradicate
  • Recover
  • Review

Prepare

In preparing for security incidents several items need to be addressed.

  • Incident handling team include campus security officers, systems administrators, system analysts and human resources personnel
  • End users and analysts to be trained at an appropriate level. Login banner and warning messages will be posted.  
  • Backups will be taken and tested.

Identify

Awareness that a security incident has occurred can originate from different sources such as technical staff, faculty, other staff, and students.

Best practices suggest to declare that an incident has occurred when the information security officers’ sense that an adverse risk to the company exists and then assemble the team and implement the plan.  It is also suggested to early on have multiple people involved, to save all key system files or records such as log files and start detailed documentation as soon as possible.

Appropriate department and division heads must be involved in many security incidents to determine the goals in handling a particular incident, such as immediate business recovery or forensic examination.

Contain

Following basic procedures can contain many incidents.  Specific procedures will frequently depend on the nature of the incident, as well as the direction of the business owner.  Remember that a compromised machine might not present valid data! Basic steps to consider include:

  • Obtain and analyze as much system information as possible including key files and possibly a backup of the compromised machine for later forensic analysis.  
  • Powering off a machine might lose data and evidence.  Preferably disconnecting the LAN cable facilitates containment and forensic activity. (Putting the computer on a separate network with a network analyzer might help analyzing network activity).
  • If one machine has been exploited others may be vulnerable.  Actions that need to be taken on a large scale may include:    
    • Download security patches from vendors.
    • Update antivirus signatures.
    • Close firewall ports.
    • Disable compromised accounts.
    • Run vulnerability analyzers to see where other vulnerable hosts are located.
    • Change passwords as appropriate.

Eradicate

To eradicate the problem specific procedures will frequently depend on the nature of the incident as well as the direction of the business owner.  Key considerations include:  

  • Boot CDs should be used to access data on compromised machines.  (Rootkits installed on compromised machines might affect basic system level utilities and discourage use of a compromised host)
  • If machines OS has been compromised it needs to be rebuilt using hardened machines on appropriate platforms
  • Test any backups prior to restore and monitor for a new incident.
  • Document everything.

Recover

The recovery phase’s goal is to return safely to production. Once again specific actions might depend on the nature of the incident as well as the direction of the business owner.  Key considerations include:  

  • Retest the system preferably with a variety of end users.
  • Consider timing of the return to production.
  • Discuss customer notification and their concerns
  • Discuss media handling issues
  • Continue to monitor for security incidents

Review

This phase is to allow Ohlone College to better handle future information security incidents.  A final report should be written describing the incident and how it was handled using the Incident reporting form.  Suggestions for handling future incidents and reworking this document should be included in this report.

High Level Incident Response Process

IS Response Flowchart

Updated January 2019.

Back To Top of Page

 


Disaster Recovery Preparedness

Due to the uncertainty regarding the magnitude of any potential disaster on the district campuses, this will address the recovery of systems under the direct control of Information Technology Services, which are deemed critical for business continuity. This includes the following major areas:

  • ERP System (Student, Financial Aid, Finance, HR/Payroll)
  • Communication Systems (Electronic Mail, Telecommunications)
  • Data Networks and Telecommunications (networks, servers, infrastructure)

This covers all phases of any IT related disaster occurring at Ohlone College. These phases include:

  • Incident Response
  • Assessment and Disaster Declaration
  • Incident Planning and Recovery
  • Post incident Review

Web Services, Domain Naming Services (DNS), and critical authentication services have been extended to the Cloud.
These Cloud-based services provide redundancy to our on-premises authentication services allowing authentication to various systems and applications.

All critical servers (system state and data) are backed up and archived to the Cloud securely.

Back To Top of Page

 


Server Patching Schedule

Patches are applied to all non critical and test environments to ensure successful patch installation and testing. Critical systems patches are applied within a one to two week period following the patching schedule.

2019 Patching Schedule

Approved Patch Dates – February 20, 2019

  1. 03/23/2019
  2. 06/01/2019
  3. 09/21/2019
  4. 12/21/2019

 

Updated January 2019.

Back To Top of Page

 


Computer Replacements

The Ohlone College computer replacement cycle for academic areas such as computer labs, staff, and faculty are as follows:

Laptops     3 - 4 years

Desktops   4 - 5 years

Replacements are evaluated and prioritized annually based on need and availability of funding.

Academic Year Academic Lab Equipment Faculty Equipment Administrative Staff Equipment
2014 to 2015 77 7 4
2015 to 2016 46 47 65
2016 to 2017 167 43 21
2017 to 2018 185 41 65

 

Updated December 2018.

Back To Top of Page

 


Software Inventory

The tables summarize software currently used in various college environments. Instructional software reflects software installed in lab environments to support academic divisions. Software designated as office productivity provides base support for office functions for academic areas and administrative support services. Software with the communications designation provides various functionality including campus alerts, tracking of tutoring programs, and instructor remote control of lab environments. Software licensing is maintained on an institution or site level, server based licensing or individual machine level. To request software please contact the IT Service Desk and submit a ticket.

Jump To: Instructional Software | Office productivity software | Communications Software

Instructional Software

Software Vendor
Adobe Site License (various products) Adobe
Substance Painter Designer Allegorithmic
ArcGIS  ArcGis
Autodesk Suites Autodesk
Media Composer AVID
Camtasia TechSmith
Deep Freeze Faronics
ESP Vision Vectorworks
HOG PC Flying Pig Software
Kurzweil Kurzweil
Labsoft Labsoft
Logger Pro Vernier
Mathematica Wolfram
MatLab Mathworks
MultiSim National Instruments
Odyssey WaveFunction
Pixologic Zbrush
Sketchup Sketchup
Solidworks Solidworks
Spartan WaveFunction
ToonBoom ToonBoom
Unity 3D Inity Technolgies
Vectorworks Vectorworks
LoggerPro Vernier
Visual Studio Microsoft
Logger Pro Vernier
Edius Grass Valley
Avid Media Composer Avid Technology
Qseries AutoCue Group

Back To Top of Section

Office Productivity Software

Software Vendor
Accudemia Engineerica
MS Office Microsoft
CI Badge CI solutions
Daktronics Marquee Daktronics
EMS  EMS Software
FileMaker FileMaker
Genetec Security Center Genetec
Global Protect Palo Alto Networks
Perceptive Hyland
SARS SARS Software
SchoolDude Dude Solutions

Back To Top of Section

Communications Software

Software Vendor
Accudemia Engineerica Systems
Accuplacer College Board
Alertus Alertus Technologies
Dragon Speaking Naturally Nuance
Ultimate Vocabulary Vocab1
Ultimate Spelling Vocab1
Insight Faronics
Rave  Rave Mobile Safety
NetOp NetOp
ZoomText Zoomtext

Back To Top of Section

Updated March 2019.

Back To Top of Page

 


Authentication Management Guidelines

In order to ensure the integrity of the District’s information systems, the District will require students, faculty, administrators, staff and other non-Ohlone District entities to be provided with a dedicated username and password. This will allow the District to associate each assigned user’s credential with their access, roles, and responsibilities.

  • To the extent possible, authentication to all systems shall be from an integrated single source managed and operated institutionally.
  • To the extent possible, each system shall require a user to accept the terms and conditions on the use of the District’s information and technology resources before log on.
  • To the extent possible, administrative access to critical systems will require the use of multi-factor authentication.

Back To Top of Page

 


Change Management Guidelines

Managing changes, within information technology systems, is essential in order to ensure minimal disruption within the production environment, minimize effects to students and employees, and provide effective communication regarding service interruptions. Change management provide the guidelines for managing and tracking changes, as well as a mechanism to restore systems in the event of an unsuccessful change.

  • All changes to the production environment shall be required to have a change management form filled out by the appropriate IT Services staff member who will coordinate and implement the change.
  • Should a third-party consultant be engaged to implement changes on the production environment, the IT Services staff member who is responsible for the service, application, system, or infrastructure will submit the change request.
  • To the extent possible, changes in configurations, codes, security permissions, and the like must be done in a test or development environment prior to implementing changes in the production environment.
  • Changes to systems that involve disruption to students and employees require a minimum of one week notice. The Director of Information Systems or the Director of Technology Services shall be responsible to communicate the changes to students and employees, when appropriate, unless there is an urgency issue due to production systems being down, information security, physical security, and compliance, the one week notice is required.
  • The Director of Technology Services, Director of Information Systems, and Associate Vice President of Information Technology Services need to approve the change before the change is implemented.

Back To Top of Page

Change Management Guidelines

Managing changes, within information technology systems, is essential in order to ensure minimal disruption within the production environment, minimize effects to students and employees, and provide effective communication regarding service interruptions. Change management provide the guidelines for managing and tracking changes, as well as a mechanism to restore systems in the event of an unsuccessful change.

  • All changes to the production environment shall be required to have a change management form filled out by the appropriate IT Services staff member who will coordinate and implement the change.
  • Should a third-party consultant be engaged to implement changes on the production environment, the IT Services staff member who is responsible for the service, application, system, or infrastructure will submit the change request.
  • To the extent possible, changes in configurations, codes, security permissions, and the like must be done in a test or development environment prior to implementing changes in the production environment.
  • Changes to systems that involve disruption to students and employees require a minimum of one week notice. The Director of Information Systems or the Director of Technology Services shall be responsible to communicate the changes to students and employees, when appropriate, unless there is an urgency issue due to production systems being down, information security, physical security, and compliance, the one week notice is required.
  • The Director of Technology Services, Director of Information Systems, and Associate Vice President of Information Technology Services need to approve the change before the change is implemented.

Back To Top of Page

Change Management Guidelines

Managing changes, within information technology systems, is essential in order to ensure minimal disruption within the production environment, minimize effects to students and employees, and provide effective communication regarding service interruptions. Change management provide the guidelines for managing and tracking changes, as well as a mechanism to restore systems in the event of an unsuccessful change.

  • All changes to the production environment shall be required to have a change management form filled out by the appropriate IT Services staff member who will coordinate and implement the change.
  • Should a third-party consultant be engaged to implement changes on the production environment, the IT Services staff member who is responsible for the service, application, system, or infrastructure will submit the change request.
  • To the extent possible, changes in configurations, codes, security permissions, and the like must be done in a test or development environment prior to implementing changes in the production environment.
  • Changes to systems that involve disruption to students and employees require a minimum of one week notice. The Director of Information Systems or the Director of Technology Services shall be responsible to communicate the changes to students and employees, when appropriate, unless there is an urgency issue due to production systems being down, information security, physical security, and compliance, the one week notice is required.
  • The Director of Technology Services, Director of Information Systems, and Associate Vice President of Information Technology Services need to approve the change before the change is implemented.

Back To Top of Page


Software Procurement

Voluntary Product Accessibility (VPAT) Template

  1. The requesting department or IT Services works with the vendor to fill out the VPAT form.
  2. Vendor submits the VPAT form.
  3. Associate Vice President, IT Services call a meeting with the following:
  • Vice President, Administrative and IT Services
  • Director, Information Systems or Director, Technology Services (whichever is applicable)
  • Director, Purchasing
  • Director, Student Accessibility Services
  • Vice President, Human Resources
  • District ICT Accessibility Specialist
  • Requesting Department Head
  1. If applicable, Director, Student Accessibility Services determines steps that would require accommodations for non-accessible sections.
  2. Requesting Department Head can proceed with requisition.
  3. Appropriate purchasing procedures follows.

Back To Top of Page