|
| | | | This will be a virtual meeting conducted via GoToMeeting. Should you wish to join this meeting from your phone, tablet, or computer you may go to https://meet.goto.com/884314069. You can also dial in using your phone United States: +1 (571) 317-3122 and Access Code: 884-314-069. | | | |
|
Not available
|
|
| | 1. | | Call to order.
Minutes note: The meeting was called to order at 10:01 a.m. | | | |
|
Not available
|
|
| | 2. | | Roll call.
Minutes note: Present (11) - Kovac, Henke, Richter, Zimmer, Klajbor, Meyer-Stearns, Owczarski, Jaeger, Klein, Watt, Larson
Absent (1) - Madison | | | |
|
Not available
|
|
| | | | Also present:
Minutes note: Brad Houston, City Records Center
Atty. Peter Block, City Attorney's Office
Judy Siettmann, ITMD
Roberto Surita, ITMD
| | | |
|
Not available
|
|
| | 3. | | Review and approval of the previous meeting minutes from December 9, 2021.
Minutes note: The meeting minutes from December 9, 2021 were approved without objection. | | | |
|
Not available
|
|
| | 4. | | Records Retention.
Minutes note: a. Proposed departmental record schedules for approval
Mr. Houston gave an overview. Schedules totaled 30 and were from 3 departments. Schedules from the Office of Equity and Inclusion were due to updating the department name from its previous name of Office of Small Business Development. Department of City Development Planning schedules would have records yearly scanned and sent to the E-Vault. There was the consolidation of Library out-of-date schedules. Library use reports would have a copy on site, a copy sent to the Municipal Research Library, and a digital version archived at City Records Center.
Member Klajbor moved approval of the proposed departmental record schedules. There was no objection.
b. State Records Board approval of previous schedules
Mr. Houston said that all 7 schedules from the last meeting were approved by the State Records Board with two minor revisions to change "disposition of case" to "until appeals were exhausted" for 2 schedules.
c. Microsoft 365 Data Retention Policy for review or approval
d. DocuSign Records Maintenance and Retention Best Practices for review or approval
Mr. Houston said that both policies were solicited for department feedback, department response was lower than expected, most feedback pertained to DocuSign, feedback from Mike Totoraitis were related to retention labels and retention training on M365 data, the most relevant feedback came from Rhonda Kelsey regarding Certificates of Completions, the policies did not need revision, feedback inquiries would be worked out administratively and through the Data Governance Policy and Committee, and he would work with ITMD to conduct retention training for the two systems.
Members said that training was important, the two systems were going to be used more widely, both systems provided efficiencies, and DocuSign had been a useful tool for departments to use (such as with the Library's contracts) during the pandemic and remote work environment.
Member Klajbor moved approval of the Microsoft 365 and Docusign records retention policies. There was no objection. | | | |
|
Not available
|
|
| | 5. | | Information and Technology Management Division.
Minutes note: a. Recent IT infrastructure improvements update
Vice-chair Henke and Mr. Surita gave updates as follows:
i. New applications and file server/storage infrastructure deployed
There have been maintenance windows, and servers have been moved to the new structure. 50% of servers have been moved. The rest of the servers would be moved in 1-2 months. The new applications and infrastructure would provide redundancy to the Field Headquarters, which was a much better place. Manual fail over would be automated.
ii. Enterprise SQL database servers moved to redundant hardware with DR site
Similar redundant configuration was being done.
iii. New dedicated database servers to be installed for Spring
There had been some changes, equipment was on order, and the installation would be a summer project.
iv. Deployment of cyber-recovery solution
The backup system was improved, increased backup time, allowed for quicker recovery, and would protect against cyber threats. The backup system was immutable and could not be touched by anyone. There would be a separate server at the Field Headquarters for the backup data system.
Members questioned the location and duplication of data.
Mr. Surita replied that the new infrastructure would have a fail order, the system at the Field Headquarters would automatically puck up data if servers went down, data would be picked up simultaneously, the backup data system was for long-term retention and for anticipated cyber recovery, multiple backups and fail over would be in place.
b. O365 Multi-factor Authentication (MFA) deployment status
MFA deployment started a year ago. ITMD and DER were using MFA for all their user account logins. ITMD was working to deploy MFA with other departments, such as DNS and the Common Council - City Clerk's Office. MFA would allow for a second factor authentication device when users log into their device from an unknown device or when their passwords were being changed. MFA was a authentication and protection measure against compromised accounts and hackers. The second authentication would send notification via a 6-digit code to the second device or send a phone call to a user's work desk phone, and users would have the ability to confirm or deny the authentication.
Members and Mr. Houston questioned MFA training, MFA second device access, extending or eliminating the 60-day user account password update duration, use of MFA, target date for universal MFA for the City, and complexity of passwords.
Members and Mr. Houston discussed that there may be some resistance to MFA, some remote working employees (such as those in the Comptroller's Office) may have the properly issued device for MFA, frequent password updates were not effective or necessary (per Microsoft), many would just increase the number that was part of their passwords, and there should be the exploration to increasing or eliminating the frequency to update user account passwords due to MFA, which could be a replacement for password updates.
Mr. Surita, vice-chair Henke, Ms. Siettmann, and member Watt replied. There would be training via materials, a video, info on the MINT, and possible 1-on-1 meetings. There were no other MFA alternative options yet available. Users would have to choose their preferred device for MFA. Those without a proper device and who were remote should forward their desk phones to their personal phones to receive a MFA call. Password updating was a Comptroller audit compliance measure and would need sign-off from the Comptroller's Office if eliminated. If MFA was universal for the City, the password change duration could be revisited and possibly extended to 90 days. MFA was not only used for password updates. MFA was also use to authentic remote or unknown user log-ins. MFA was not uncommon and was used in other types of accounts/industries such as banking. MFA was a prevention measure against account hacking. Federal standards on passwords may be outdated and would take time to change. Passwords would be required to be more complex in the future, such as requiring longer passwords and containing three unrelated words. They would like for there to be universal MFA by the next Comptroller audit.
Member Klein said that he would anticipate issues with MFA with his office, but would work to address them.
Members and Mr. Houston discussed drawbacks with requiring more complex passwords, said that passwords were becoming harder to remember, passwords could potentially end up being gibberish, cautioned the use biometrics for password purposes, and said that (accordingly to NIST 800-63b 2020 recommendations) policies should not require employees to change passwords based on memorized secrets on a regular basis, provided that MFA was required.
| | | |
|
Not available
|
|
| | 6. | | Review and approval of the CIMC 2021 Annual Report.
Minutes note: Mr. Lee said that the annual report was a requirement from City ordinance, summarized the committee meetings and topics discussed for 2021, and was prepared by him.
Member Klajbor moved approval of the CIMC 2021 Annual Report. There was no objection. | | | |
|
Not available
|
|
| | 7. | | The following files may be placed on file as no longer needed:
Minutes note: Member Klajbor moved to place on file file numbers 201491, 210196, 210762, 211174. There was no objection. | | | |
|
Not available
|
|
201491
| 0 | a. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its March 18, 2021 meeting. | PLACED ON FILE | | |
Action details
|
Not available
|
|
210196
| 0 | b. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its June 10, 2021 meeting. | PLACED ON FILE | | |
Action details
|
Not available
|
|
210762
| 0 | c. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its September 16, 2021 meeting. | PLACED ON FILE | | |
Action details
|
Not available
|
|
211174
| 0 | d. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its December 9, 2021 meeting. | PLACED ON FILE | | |
Action details
|
Not available
|
|
| | 8. | | Next steps.
Minutes note: a. Agenda items for the next meeting
To be determined.
b. Next meeting date and time (June 16, 2022 at 10 am)
Members discussed and said to continue meeting virtually going forward until further notice. | | | |
|
Not available
|
|
| | 9. | | Adjournment.
Minutes note: The meeting adjourned at 11:02 a.m.
Chris Lee, Staff Assistant
Council Records Section
City Clerk's Office | | | |
|
Not available
|
|
| | | | Meeting materials from this meeting can be found within the following file: | | | |
|
Not available
|
|
211775
| 0 | | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its March 17, 2022 meeting. | | | |
Action details
|
Not available
|
|