The Office of Information Technology (OIT) has developed the Application Administration Standard to provide guidance to departments that manage software applications that they have built, inherited, or procured. It defines the responsibilities that come with managing applications in a consistent and secure manner, as well as the skills that an application administrator should have.
Because this standard will apply to all departments at PSU, we are inviting the campus community to review the standard and provide feedback before it is implemented. Information about how to provide feedback will be provided at the end of this article.
Why An Application Administration Standard
Our campus community relies on a multitude of software applications to deliver services in support of teaching, research, administration, and student support. While OIT provides and manages core services, many departments across campus maintain applications and systems that are unique to their operations and provide critical functionality. Additionally, many of these systems process and store sensitive information that is classified as confidential or restricted.
With the introduction of this standard, departments will have clearly defined guidance in determining when an application administrator is required, and what skills this individual must possess. Additionally, departments will have access to a list of the general responsibilities of an application administrator, which includes tasks such as managing and auditing account access, responding to requests from OIT regarding vulnerability remediation, managing security patching, and maintaining system documentation.
We hope to ensure department leaders are able to plan for adequate resources to support their applications in a way that ensures consistent and secure practices are followed while maintaining the confidentiality, integrity, and availability of these services.
What Does My Department Need To Do
The Application Administration Standard will go live on February 14, 2025 and will initially apply to new software application developments or procurements occurring after the go-live date. It is the responsibility of PSU department leadership to review and understand this standard. Our intention is for the standard to be applied to existing applications and systems on an incremental timeline detailed below.
For departments that currently manage applications and systems, an Application Owner should be identified, as well as an Application Administrator. Both roles are defined in the standard. Application Administrators should review their general responsibilities as defined in the standard to ensure that they are being met, and identify a plan to implement relevant responsibilities that are not currently being met.
Departments that manage applications and systems and do not currently have staff who can reasonably take on the roles of Application Owner or Administrator should contact OIT at security@pdx.edu to discuss options. Additionally, departments should consider this standard before building or procuring new systems to ensure that they will be able to meet the established requirements.
We understand that by implementing this standard, departments may identify that additional staffing or other resources would be necessary to meet requirements. Because of that, we are implementing this standard with an on-ramp period of 11 months to give departments time to plan and adjust. Our proposed implementation timeline is as follows:
- January 13, 2025: Announce to campus in the Currently and open 4 week comment period
- February 14, 2025: Approve, adopt, and publish the standard, to be applied for applications procured or built from this date onward
- July 1, 2025: Business units with applications in scope for the standard will have identified a person or a need for one to support an existing application, established a due date for an application, or identified another unit with adequate staffing for managing an application
- January 1, 2026: Full adoption of the standard across the university
The Office of Information Technology appreciates your time and input as we move to implement this standard, as well as your commitment to safe and secure practices and your assistance in helping us meet evolving regulatory requirements.
The Application Administration Standard is available at this link: DRAFT - Application Administration Standard
Feedback may be provided at this link: Comment Form: Application Administration Standard