System owner roadmap

Ancillary systems that manage business processes necessary outside of Workday will be “kept”; to continue operating after the Workday implementation, many will need updated data integrations. It is also an opportune time to evaluate the long-term viability and security of these systems and consider appropriate actions to manage risks.

Following are the key steps for “keep” systems in the roadmap to Workday implementation on July 1, 2024:

Step 1: ASP work planning and prioritization

ASP business analysts reach out to all schools, colleges, institutes, and divisions (SCIDs) with a link to a spreadsheet, the purpose of which is to collect additional information on each specific system to help with ASP planning.

Timeframe: January 2023

Step 2: Integration recommendation

Any system that integrates with the current HR or financial system will require Workday data in the future. The goal is to identify a modern integration method that provides the necessary data.

Timeframe: February to July 2023

Step 3: Security review

The Office of Cybersecurity conducts security assessments of most “keep” systems. Risk Executives review the findings and determine appropriate actions if necessary.

Timeframe: February 2023 and ongoing


Step 1 addresses all “keep” systems belonging to a campus unit at once whereas Steps 2 and 3 are done system-by-system, one at a time. Campus units will iteratively go through Steps 2 and 3 for each “keep” system they have.

Step 1: ASP work planning & prioritization

Information collection

Primary technical contact or business contact for the system receive a spreadsheet listing all “keep” systems and 11 questions, many that require selection of one answer from several choices.

Analysis

Responses will be used to plan and prioritize the work in subsequent Steps 2 and 3.

Next step

Work on Step 2, integration recommendation, will start for higher priority systems.

Step 2: Integration recommendation

Information collection

Primary technical contact or business contact for the system receives a Qualtrics survey of about 20 questions. Support for completion of the survey is available via open office hours with the ASP integrations team.

Next step

Integrations team member/s and a business analyst meet with system contacts and/or unit leadership to discuss the integration recommendation and considerations including:

    • Types of integrations available to the system and the recommended type of integration
    • Impacts to vended solutions and ability of vendor to respond
    • People/skills available within the campus unit to update the integrations
    • Cost considerations (licenses, external support if necessary)
    • Timeline

Analysis & recommendation

The integrations team reviews the survey responses and follows up as necessary to arrive at a recommended approach for integration.

Options

System owners evaluate the benefits of the ancillary system against potential costs, effort, and time needed to update the integrations. Ultimately, the system owner and campus unit leadership decide whether to proceed with the integration recommendation or to retire the ancillary system and seek other options for completing the necessary work.

Step 3: Security review

Information collection

Members of the Cybersecurity team will initiate an abbreviated risk assessment questionnaire and will meet with business contacts to collect and document the necessary information.

Next step

Security analysts work with system owners to create action plans.

Due to the number of systems involved and the complexity of the risk assessment, review, and action planning process, this step will likely continue beyond implementation of Workday on July 1, 2024.

Analysis and report

After analyzing the information collected, the security analyst will issue a risk review report with recommended actions to mitigate identified risks.

Options

Ultimately, the unit risk executive has responsibility for ensuring each identified risk is either addressed or acknowledged and accepted.