Anyone can build a mobile App so how they heck do you govern that?

BRETT POLLAK

UC SAN DIEGO

EDUCAUSE ECAR Mobile App Working Group

Brett Pollak, UC San Diego (Co-Chair) Rose Rochio, UCLA (Co-Chair) Jim Burgoon, Ohio State University Deepika Chalemela, UT Arlington Jason Fish, Purdue Jeffrey Rosczyk, UC Santa Cruz Lori Tirpak, Oakland University Chris Ward, Kennesaw State Robin Ying, Tidewater Community College

App development made easier

App code generators make development quicker

Maturation of the market

Who’s building Apps?

Internal IT staff Faculty / Researchers Students Vendors (with internal sponsor)

Key considerations How do you determine what qualifies as an institutional app? What brand requirements are there? Are there processes in place to assure an app is tested for quality assurance?

What are the data security and legal requirements protecting privacy (FERPA)?

How is intellectual property determined when apps are developed by students or faculty?

Are there financial considerations?

Governance Goals

People, Policies, and Processes

Produce mobile apps aligning with institutional strategic priorities

Leverage existing structures if possible

Responsibilities Facilitating executive buy-in to mobile app governance policies and processes

Streamlined process for review and approval of institutional mobile apps to be made available in public app stores

Ensuring appropriate stakeholders are represented in decision making

Governance is CyclicalConvene

Group

Set Goals

Publish Guidelines

Review, Test and Deploy

Maintain and retest

Unit/Stakeholder Role/ResponsibilityInformation Technology (IT) Technical review, security audits, code

assessment/compiling, keys/certificates, maintain app store presences

Marketing/Communications Naming, branding, design, editorial/language consistency

Institutional Research Review Board (IRB) Adherence to responsible research practices

Hospital, Medical Center/College of Medicine HIPAA, human subject concerns

Legal App store contracts, vendor RFPs

Technology commercialization/Intellectual Property

Assess commercial viability/pricing, potential for technology licensing, IP usage

Academic/Faculty Strategic direction, concept validation, development resources

Students Sounding board; user testing and feedback; creator of student-developed apps;

App Categories

External focus with intent to communicate info about the university

Internal focus to support administrative transactions

Research based Apps with a narrow focus

What qualifies as a university App?

Is the app owner/publisher a university faculty, student or staff member?

Is the owner/publisher acting on behalf of an institutional department or unit?

Does the app’s purpose and function align with an institutional priority, strategic goal or academic pursuit?

Do the app’s intended audiences align with the institution’s constituency (Students, Faculty, Alumni, Patients, etc.)?

Branding Minimum set of standards Produce branding and graphic templates

Paid Apps Athletics: App was free to download but contained “premium content”

Single merchant account

Technology transfer office review

Advertising What is the institutional policy for advertising on electronic mediums?

What is the view of adds within and App?

Data Governance Considerations

Can they make use of secure data, e.g., (FERPA/HIPAA) from an ERP (i.e. grades/class schedules) or other data stores

IRB/export control and ITAR (?) issues – certain nationalities not allowed to work with or access the data

Does your app governance process account for online content--content provided to the app via an API, database, or other mechanism?

Testing What level of responsibility does the governance group have for testing?◦ Testing with Devices◦ Testing with Emulators◦ Testing with Devices and Emulators

Are apps proactively checked for vulnerabilities? If a critical security issue is discovered, does the governance process have a resolution plan?

Distribution What App Stores do you support? Process for Managing publishing to App Stores iOS

◦ Single University Account enforced by DUNS number◦ No good method of distributed access to administration

App Store Administration Models Allow requestors to have direct access to the administration panel

Have central IT be the broker

Have vendors publish through their own accounts

Maintenance Review Analytics to monitor usage Review feedback Give the governing body authority to decommission Apps

Thank You

Brett Pollak UC San Diego