This website is the repository for the work of the IT@TCC project from 2015 to 2016. Activity continues but has been subsumed into a new and permanent IT governance structure. Please see the IT community website for the latest information on IT projects, governance, and service providers.

Definitions of Success



  • The network has the necessary levels of flexibility, agility and scalability.
  • A consistent set of infrastructure (hardware/software) is used, both at the core and at each campus.
  • The performance level of the network is such that people do not notice (i.e., a sign that it is consistently performing well).
  • The network functionality/services enable The Claremont Colleges to achieve its strategic initiatives.


  • The network is administered by a single entity.
  • The administrative structure supporting the network does not rely on a single individual and their expertise.
  • A strong governance group/process exists to oversee the network.
  • The CIO/IT director group is significantly engaged with the ongoing assessment of the network service portfolio.
  • Network security is handled centrally by a single team.


  • Cost efficiencies are obtained through centralized purchasing of network related hardware and software.
  • The annual pricing of the network to users is fair and transparent.
  • A common, clear catalog exists that outlines core services and what additional services/functionality can be acquired for an additional cost.

Information Security


  • Processes, policies and tools are in place that appropriately balance information security risk with cost.
  • A consistent set of security guidelines are in use with an appropriate level of documentation.
  • A strong and collective cross-functional buy in with security policies and procedures.
  • Procedures are in place to review vendor security as part of our contracting and vendor management process.


  • A central office with strong expertise that collaborates with the colleges.
  • A consistent set of processes that ensure an ongoing security audit function, compliance and continuous risk assessment.
  • A strong level of independence within the security office.
  • A governance structure that enables the office to make security-related decisions that support the academic mission and considers the level of investment, risk, etc.
  • A coordinated security professional development program that includes an ongoing communication mechanism that enables colleges to share best practices, and provides ongoing training and awareness of relevant trends and practices for staff.

Identity and Access Management


  • A central or federated identity management (IDM) platform is used that includes: identity management, provisioning (onboarding), deprovisioning (offboarding) of accounts, authorization (what users have access to), vetting (ask for identification and confirm it is you) and audit.
  • A process that ensures data is consistent and accurate across TCC is in place.
  • Expertise in IDM solutions remains to connect ”rogue“ applications (i.e., applications that are not compatible with our IDM protocols).
  • Complete separation exists between authentication and authorization.
  • Visitors can log on but only have access to appropriate applications/content.
  • Characteristic of the user-experience includes: traveling faculty have seamless access, TCC faculty and staff can look up other TCC users in directories, students have one set of credentials.


  • An identity management “office” is in place to manage processes.
  • A governance structure and set of policies for appropriate use of identity information is in use.

Disaster Recovery (DR)


  • A common set of processes exists to help each college recover.
  • A common infrastructure and toolset is maintained that will provide a cost-effective disaster recovery (DR) solution.
  • An ongoing process exists to assess various scenarios and our DR response.
  • An ongoing process exists to assess data and locate it in a tool like “recovery planner”.
  • A systematic review of 3rd-party vendor DR plans is standard practice.
  • Ongoing testing of our 3rd-party vendor DR plans is standard practice.
  • Inclusion of DR costs in the evaluation of applications that are under consideration for purchase is standard practice.
  • Faculty, staff and students have access to information and broader functionality within an agreed upon time after recovery commences (i.e., how fast to “uptime”).


  • A central planning “office” to oversee IT-related disaster recovery is in place.
  • Ongoing coordination exists with other functions within TCC and local/national organizations on DR plans (i.e., business continuity).

Data Centers


  • Data centers are centralized where appropriate to save money and improve operations.
  • Data centers are moved to the cloud and off site when it makes sense.
  • Enhanced support (e.g., 24/7) is provided to TCC.
  • No single points of failure exist.
  • An increased ability/capacity to respond to changing needs exists (i.e., agile).
  • An increased level of robustness of the systems exists (e.g., better facilities, ability to segment, etc.).
  • A professional development process exists that aims to build required staff skills (i.e., retooling).
  • Any potential energy savings are obtained through our new model (i.e., “green”).