University of Utah IT strategic plan
The University of Utah pursues excellence in education, research, service and patient care. The U will become a top 10 public university with unsurpassed societal impact by inspiring student success, innovating to create new discoveries, and serving every Utahn. This strategic plan summarizes the foundational pillars, strategic objectives, targets, initiatives, and metrics that maximize UIT’s impact.
Top beliefs and assumptions underlying success
- Information technology is strategic to the mission and long-term sustainability of the university.
- Fully vetted and approved enterprise IT initiatives will be adequately funded for implementation and ongoing maintenance.
- IT governance groups (SITC, ANTC) and other IT thought leaders will collaborate to make enterprise IT decisions based on the common good of the university. Administrators, colleges, departments, and administrative units will support the process of evaluating and selecting institutional IT solutions and follow recommendations for the common good and to reduce risks.
- Administrators, central IT, and local IT units will cooperate to provide efficient, secure and reliable access to quality information resources.
Goals and initiatives (FY26-29)
Governance |
|
Maintain and enhance structure and processes to make informed decisions for the common good of the university and to vet and adopt a technical strategy that is affordable, secure, sustainable, and aligned with U goals and supported and enforced by senior administration.
Current state
IT issues are consistently vetted; however, decisions, standards, IT security, policies, and plans are not always followed by campus departments.
Initiatives
- Refine alignment between central and local IT units with the U mission
- Align central and local IT units with university IT plan, including improving cybersecurity, project management, process improvement and organizational change management and vetting of IT purchases and implementations aligned with goals
- Align IT strategic planning with the budget process
- Reinforce the roles of the campus CIO and UIT as a catalyst, technologist, strategist, and IT operations leader
- Create a strategy to consistently build business cases, including total cost of ownership on all key IT projects
- Make data-driven decisions for the financial and common good of the university
- Prepare the university for IT disruptions and enhancements in the instructional and business models of higher education
Future state
A model that allows the right people to make the business, IT, cybersecurity risk, and financial decisions to set a clear and effective strategic plan (approved by IT governance).
Digital learning technologies |
|
Foster a university community of learners by harnessing cutting-edge technologies across all modes of learning. Provide students seamless access to knowledge wherever and whenever they need it. Provide faculty and students reliable support, ensuring that educational goals are not only met but exceeded.
Current state
The university is actively enhancing student success by integrating innovative technologies and fostering a creative, supportive learning environment.
Initiatives
- Standardize common classroom and instructional technology services
- Provide professional development opportunities for new technologies
- Modernize student support systems and services
- Leverage digital technologies to ensure students have flexible and equitable pathways to success
- Investigate and explore innovative technology solutions to promote student and faculty success
Future state
The university will achieve a highly engaging and technologically advanced educational ecosystem, ensuring long-term viability through comprehensive services and digital learning initiatives.
Finance |
|
Transition to an IT funding model that allows for greater coordination of IT activity, management of IT spend, and return on IT investments across the university. Develop a unified approach to managing IT spend that facilitates shared purchasing, IT spend tracking, and supports vendor management. Fund and implement CIS safeguards in colleges and departments.
Current state
No centralized budget or funding for college and department IT issues. Limited collaboration in budgeting and funding processes for university IT. Many different sources of funding for IT. No current mechanism to monitor college and department IT spend.
Initiatives
- Create and adopt a collaborative funding model and budget process that provides transparency and covers the total costs of IT services and applications (from inception to retirement of the product or service)
- Follow best practices to evaluate, select, and integrate technologies
- Set policy and procedures for coordinating IT spend across the university, along with timelines for implementations
- Maintain and enhance mechanisms for managing local orgs’ IT allocations and IT spend; reduce duplication; align with higher education benchmarks
- Leverage Office of Software Licensing to ensure best prices and compliance; maintain and enhance software catalog to support seamless student experience
- Develop a report to show plans for ongoing and carry-forward funding
Future state
Collaborative, benchmarked, transparent budget and funding processes that support the university's IT purchases and services for greater innovation, efficiency, and growth.
IT security |
|
Implement a holistic, agile approach to information security and privacy that follows approved policies to secure university IT and reduce institutional exposure to threats. Reduce risks across campus to meet industry standards. Return authority for determining acceptable levels of risk to the University Cabinet.
Current state
The university has extremely high cybersecurity risks that must be addressed in colleges and departments immediately, including:
- Rising costs and ineligibility to qualify for cyberinsurance at reasonable rates.
- CMMC/FISMA/CMS compliance and loss of contracts.
- Extremely high risk for ransomware and other incidents.
- Misplaced local assessment and acceptance of IT security risks that affect the enterprise.
Initiatives
- Increase university-wide IT risk management awareness and processes for enforcement
- Measure progress toward industry standards (CIS) and desired IT security state, allowing the cabinet to determine an acceptable level of risk
- Continue to verify cloud IT security architecture before the purchase and integration of hardware, software, and cloud services
- Continue to refine processes for detection and protection of assets and data
- Require cybersecurity awareness training for administrators, staff, faculty, and student
- Apply third-party security assessments of our enterprise security program; develop a three-year plan/budget
- Continue progress toward compliance with the CIS-18 security controls and implementation of cybersecurity tools: NAC, default deny, PAM, DLP, and Tanium
- Implement CMMC Level 2 standards for federal funding (CHPC will follow guidelines for CMMC V 2.0, intermediate level)
- Establish college/department IT security reporting responsibility and authority to senior university administration through UIT to implement and maintain CIS standards campus-wide
Future state
Cybersecurity risks are reduced across campus to meet industry standards; colleges and departments have implemented CIS safeguards. The cabinet determines an acceptable level of risk. Simplified cybersecurity policies are communicated to faculty, staff, and students, with administrative mechanisms to enforce them.
Infrastructure |
|
Maintain and enhance centrally provided services, architecture, standards, and performance expectations. Continue to consolidate network operations with an equipment replacement plan. Consolidate data centers and develop disaster recovery plans to protect data. Modernize infrastructure to include cloud infrastructure as a service, cloud platform services, and generative AI services.
Current state
Duplication of common commodity services has been reduced, but some colleges and departments still need to be consolidated. Consolidated IT services now have plans for refreshing aging assets. Some data centers and server rooms still exist across the university that need to be consolidated or moved to the cloud. IT disaster recovery processes are improving but are still immature and don’t include local data.
Initiatives
- Standardize common infrastructure, network, classroom technology, and cloud architectures
- Maintain and enhance a single IT service catalog and continue to transition services, supported by U leadership and policies
- Follow the funded, multiyear roadmap to gradually refresh aging network assets and prioritize replacements to meet appropriate risk profile
- Implement IT asset management strategy and configuration management database
- Continue to transition college/department/org-owned network assets and email to UIT
- Deploy policies to provide incentives to departments for consolidating data centers and server rooms into UIT and the cloud
- Continue to review, refine, and execute the IT disaster recovery plan to include university data according to risk profile
- Ensure the U can provide sufficient network bandwidth, storage, and computational resources
- Continue to mature IT service management and delivery processes; leverage a common platform
- Mature our cloud strategy for pricing, capacity, backups, flexibility, and cybersecurity
Future state
Network is centrally managed, funded, and adheres to standards and IT security policies. Assets are refreshed according to formal network replacement plan. Disaster recovery processes are mature and comprehensive. Common services are well-defined and delivered efficiently and effectively in a uniform manner, with SLAs and MOUs that clearly identify expectations. Cloud infrastructure is a core service offering and is seamlessly integrated with on-premises infrastructure.
Enterprise applications and integrations |
|
Eliminate redundant and unsupported applications, shifting to a focused set of strategic products. Execute strategy for website services to reduce duplication and create a more holistic web presence. Establish a policy and transparent process to align and evaluate future investments informed by business cases, data, and application standards. Manage applications from purchase to retirement. Improve institutional data and analytics.
Current state
Plans are in place to reduce redundant and unsupported applications; web content management, analytics, and software development platforms exist. Most U orgs must now have applications or platform purchases reviewed by UIT. Business intelligence/analytics are being coordinated through governance to develop a common data dictionary, or single source of truth for development, student, and finance.
Initiatives
- Continue to standardize application and data architecture (e.g., APIs)
- Document and analyze UIT and college/department/org IT application portfolios for duplication of business use/functionality as well as technical data, total cost of ownership, and business risks; develop action plan to reduce duplications, obtain U leadership support, and execute the plan
- Create and follow best practices to evaluate, select, and integrate technologies with the help of IT product managers
- Improve data quality management through standards, integration, protection, and governance to support analytics for student success, teaching and learning, HR, finance and business services, development office, and research
- Implement and fund future state operating model for the enterprise office of data analytics; implement technical and service strategies (e.g., self-service portals, data definitions, data warehousing solutions, effective dashboards, and single source of truth)
- Implement, and fund future state operating model for U website services; implement technical and services strategies
- Implement an enterprise constituent relationship management (CRM) strategy for students
- Support business process reengineering and organizational change management for projects implementing new technologies
Future state
Minimal duplication and variation of applications and platforms facilitate a strategic set of IT products offered across the university, simplifying administrative support and enhancing IT security. An institutional data management strategy is implemented and approved. Sensitive data is identified and handled in a manner consistent with U policies. Everyone has access to the single source of truth.