Community College of Rhode Island

Go to 50th Anniversary website

Get Adobe Reader

*PDF files require Adobe Acrobat Reader to view - Download here

IT News

March 2013

Software for Classroom Use for fall 2013

In an effort to ensure that every classroom is supplied with the software required to effectively teach our students, IT is beginning the process of collecting information concerning the names of the various applications and the versions needed to compose and load the software image for the fall 2013 semester. Last year was a particularly successful process which involved faculty members confirming and suggesting those software packages needed and those no Information Technologylonger in use. Every year we try to guarantee that the first day of classes has no surprises and expected applications are present in each classroom and computer-based lab. Your assistance is extremely helpful in making sure we supply those tools that will ensure your success from day one in each teaching environment.

If you could take a minute and collect a brief list of those software packages that you sue on a regular or irregular basis, we can cross check that against licenses we have and those we need to acquire now before the semester gets any closer. Our staff does a terrific job of putting it all together and testing to make sure it all works when you initially turn on the computers. This list provides us with the guidance we need to eliminate those packages no longer used and to include those new elements of which we might not be aware. Please help us help you by either submitting a list of what you use or, when we send out the spreadsheet of what is currently included in our list, taking ownership of those packages that you do use and plan to use in the fall. We appreciate your assistance in getting the fall semester off on the right foot.

Go to top of page

An Email Retention Policy

Information Technology

Email retention refers to the limits placed on the length of time an email should reside in a user’s mailbox. The CCRI email server provides “post office” facilities for current users. Its purpose is to receive and store incoming mail for users and forward outgoing email for delivery. Users are assigned individual “mailboxes” where incoming and outgoing email messages are stored until deleted by the user.

The Federal Rules of Civil Procedure (FRCP) govern the evidence discovery process for litigation in Federal and U.S. District Courts. Prior to December 2006, the FRCP included no specific provisions dealing with electronically stored information (ESI), which led to ad hoc and inconsistent decisions being made with regard to ESI discovery. Through the actions of the Advisory Committee on Civil Rules, amendments to the FRCP that specifically dealt with ESI were enacted. Many state evidentiary rules apply to the production of electronic information as part of the discovery process in state courts

Electronically Stored Information (ESI)—All electronically stored information and data subject to possession, control, or custody of an institution regardless of its format and the media on which it is stored. ESI includes, but is not limited to: electronic files; communications, including email and instant messages sent or received, and voicemail; data produced by calendaring software; and information management software. In addition to specific data that are electronically stored and readily retrievable, ESI includes data that may not be visible that is generated by computer hard-drive, email and instant messaging, information management software, handheld computer devices (ex: iPhone), telecommunications devices, and back-up storage devices. ESI may be stored on different electronic devices and removable devices (ex: internal and external drives, PDAs, smart phones, servers, laptops, backup tapes, thumb drives, CDs, DVDs) and may also reside at different locations (e.g., on the home or work systems, institutionally-owned or personal systems, in departmental files, etc.).

  • Data Files:
    • Active
    • Archived
    • Backups
    • Legacy
    • Internet (Web)
  • System Files:
    • Audit trails
    • Access control lists
    • Metadata
    • Logs
    • Internet "Footprints"
    • Cookies
    • Internet History
    • Browser Activity
    • Electronic Communications
    • Email
    • Instant messages
  • Sources may include:
    • Hardware Devices (Samples)
    • Servers
    • Desktops
    • Laptops
    • Personal Digital Assistants (PDA)
    • Mobile Phone
    • USB Drives
    • Network appliances
    • Storage area Networks (SANS)
    • Backup Media (e.g., CD, tape)
    • Internal and external disk drives
    • MP3 / IPOD players
    • Software Applications (Samples)
    • ERP systems
    • CRM Systems
    • Financial / Accounting Systems
    • Student Information Systems
    • e-Learning Management Systems
    • Software application code
    • Email systems / service
    • Voicemail systems
    • Instant messaging system / service
    • Calendaring systems
    • Network activity monitoring systems
    • Third-party systems? (e.g., ISP, outsourcer, etc)
    • Archiving / Records Management systems (e.g., Filenet)
    • Collaboration systems
    • Database various
    • Spreadsheets
    • Locations may include:
    • Work devices, applications and departments
    • Home devices and applications

ESI that imposes an undue burden or cost to make it accessible need not be provided initially, but may later need to be produced, as determined on a case-by-case basis. Examples of ESI data that might not be reasonably accessible include, but not limited to:

  • information backups created for disaster recovery
  • legacy information from technically obsolete systems
  • remnants of deleted information that would require the aid of forensic specialists to recover
  • databases designed to produce information only in ways not useful to the case

The presumption is that the responding party will bear the cost of producing the requested ESI; however, the court may decide otherwise.

The duty to preserve relevant ESI may precede formal proceedings. This duty includes the requirement to suspend information destruction policies and procedures affecting the relevant ESI. As stated in FRCP Rule 37(f), however, “Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.”

It is very important that ESI is preserved in its original electronic form so that all information contained within it, whether visible or not, is also available for inspection.

CCRI needs an email management policy to comply with the law, to be fiscally responsible by eliminating unnecessary file storage space, and to apply best practices for retaining electronic records, which will improve operational efficiencies and effectiveness.

Email messages are treated just like a paper document in terms of retention. The content of the document is what is important, not the format. A college record is any document (including email), that is part of a mission critical decision, shows why a decision was made, or is required for legal, tax, fiscal, or audit purposes. Email messages that meet any of these criteria are college records, and have the same retention as similar paper based records.

Email users at the Community College of Rhode Island must organize email messages so they can be located and used. An approved Retention and Disposal Schedule must be in place to identify how long email messages must be kept. To keep email messages for their entire retention period, and delete email messages in accordance with an approved Retention and Disposal Schedule guarantees compliance with all legal discovery challenges.

So email archiving and email deletion after designated periods of time are primary components of a written email retention policy that CCRI can demonstrate when a legal discovery injunction is required of the college. If CCRI has a policy that states that all email is deleted after a certain period of time and CCRI maintains the letter of law concerning that policy, then the college is protected saving them significant costs related to a legal discovery and search of all retained email. Without a written email retention policy, all email retained becomes open to public disclosure to the courts.

Email archiving then becomes a means to eliminate those email messages no longer required, store long-term messages that have value in a personal archive or folder structure and archive all the rest until an established period of time when that also gets expunged. Questions arise as to why email needs to be deleted at all.

Go to top of page

SourceOne Email Archiving

The IT Governance process is evaluating the SourceOne email archiving utility to help establish some guidelines for its use for CCRI. Based upon the feedback collected from the committees (ATAC, ISAC and ITAC), the groups will move forward to the policy committee a document suggesting timelines for archiving and dealing with read email messages currently in storage in everyone’s mailbox. CCRI currently has no policy for email retention and this is a necessity for legal discovery. Having established guidelines for dealing with incoming email enables CCRI to comply with requests for information from the courts.

Information Technology

Once the policy has been established by the committees and formatted properly for acceptance through the Policy Committee, it will then be passed along to the President’s Council for vetting and final approval. At that point, the SourceOne email archiving tool will be turned on at an agreed upon date and begin to copy and function as designed by the advisory committees. The Department of Information Technology will take great care in designing this to function exactly as requested by the committees and President’s Council to the letter. So what is SourceOne?

SourceOne email archiving is a process in which email messages are managed over time from the primary information stores (the Exchange mailbox that everyone has) to a permanent storage area that managed as determined by compliance, policy, and its usefulness as determined by the advisory committees. The process involves a workflow that is made of SourceOne archiving policies. The workflow involves several steps. Each one of these steps will have an impact on the end user. The SourceOne archival area is an extension of the users’ email storage. The archiving system comes with a rich, web-based search client. All email that has been copied from the users’ Exchange mailbox to the archival area is accessible using this client. Following is the general work flow of the archival process.

  1. Step one: Copy to the Archive - Copy CCRI Exchange email to the permanent archival area
    1. This step is transparent and has the least impact on the end user experience. This step involves copying the original email message to the archival storage area. The impact on the user is that once this step occurs, it cannot be deleted. Email messages can always be deleted by the user in the CCRI Exchange email system. However once the copy is made to the archival area, the email cannot be deleted by the user in the archival area. It is then managed by archiving policies.
    2. The copy process is created and managed by an administrator. This is done by setting up a Source One Policy. This policy starts by selecting email messages. The selection process involves defining criteria in which to make the selection. These criteria can look at the age of the email as well as characteristics such as if the message is read or unread. How old the message is. We can eliminate folders in this selection process. For example, do not copy messages in the deleted items folder
      email archive 1
    3. Here is a policy that is currently active for users in Information Technology;
      1. Copy all messages that are older than 7 days, have been read, and skip the deleted items folder.
        1. The assumption is that within 7 days the mail user will have had the opportunity to sort thru and manage messages. If the messages are still in the user mailbox, it is probably something worth saving and will be archived.
    4. We need to create a policy that will serve the general population. If necessary, we can group users in to separate policies as needed. However, the fewer policies we have the better. It can become unwieldy to manage many policies as users change roles at CCRI. Mail management also becomes more difficult to document.
  2. Short Cut Attachments
    1. The next set of policies involve more of an impact to the end user experience as they will physically alter the email messages in the CCRI Exchange mail system. The concept of short cutting involves taking pieces of the email message and linking those pieces to the copy in the archival area. Specifically, that means the attachments and the body of the email itself. Attachments can be Word documents, PDF’s, Pictures, etc…

      Many people keep email with attachments simply as a way to store those documents. This accounts for 50% or more of the storage footprint used by the CCRI Exchange email system. It is a good assumption that the email attachments become less relevant over time and are simply kept for reference. SourceOne has the ability to set a policy that will strip away these attachments and replace the attachment with a link that points to the archival area. Realize that the copy made in step one is an exact replica of the original email message. We are not deleting the attachment. We are giving up its place in the primary CCRI Exchange email system.

      The question is at what point is it safe to assume that the email attachment is no longer as relevant. There is a policy currently in effect for the Information Technology Group that will shortcut attachments after 90 days.

      The impact to the user may vary depending on your choice of mail client. At CCRI, we support many email clients such as Outlook, iPhone, Mac, Webmail, etc... The majority of our users are using a PC with Outlook. For users running Outlook on a PC, there is a Source One email add-on that makes the short cut transparent to the end user. For users not using Outlook, there is a two-step process to retrieve the attachment. It becomes less convenient. This is why it is important to choose a proper time frame in which to short cut email attachments. The process involves clicking on the link in your email message where the attachment was. This brings you to a Source One email login screen. Once you supply your credentials, you are presented with a web page that has a link to the document and you are able to click that link to bring down your document. Once you supply your credentials to the Source Once system, you will stay logged in for the duration of the day and subsequent attempts will not include logging in again to the Source One system.
  3. Short Cut the body of the email
    1. As email ages, it becomes less relevant and we keep them for reference. We use search capabilities in the email client such as Outlook, to query for mail messages. The impact of this next step is that when we short the body of your email, you can no longer use the search capabilities of your mail client to look for text in the body of your email message.

      email archive 2 You will always have search capabilities in the Source One archival system. As soon as messages are copied, you can use the Source One mail client to query email messages. This email search is more powerful than your current email client. It has the ability to query very specific fields of your email message, as well as searching thru the attachments in your email. Users may find that this is a preferable search utility and use this in lieu of searching email in your current email client.

      The decision point for this step is to state when we will short cut the email body. Will this be after one year, 6 months, etc...? Users will lose search ability in the current email client. Users will continue using their email client to search on other attributes such as time, date, to, from, subject matter, attachment name.
  4. Delete the Email message form the CCRI Exchange system
    1. Once it has been determined that the mail is no longer relevant, we will delete it from the CCRI Exchange mail system. The original message is still present in the Source One archival system. It can still be retrieved, searched, and brought back to print and reference. However, it is no longer current and less relevant than it originally was.email archive 3

      The decision point here is when to delete the email from CCRI Exchange mail system. This policy should fit the general population, but we can create policies that will fit the needs of specific groups or departments at CCRI.

      An example of a ‘Delete Policy’ is as follows, delete CCRI Exchange mail for all messages that have been read and are over one year old and skip the deleted messages folder .

      The impact to the user is that they will no longer have access to the email messages in their current email client. Email messages will be accessed directly using the Source One mail client.
  5. Delete the Email message from the Source One Archival System
    1. email archive 4This step eliminates the email message and is the end of the archival workflow. When this occurs, the email is no longer accessible. This step would be governed by compliance, legal requirements, etc... For example, we may set this policy to delete mail that is greater than 7 years old. The thought would be that after 7 years the email is no longer needed and it is not required that we save this for any legal or compliance reasons.

      This leads CCRI to an email retention policy that will be admissible in a court of law when legal discovery of email might come into play. If CCRI has a policy and the college follows that policy, then the policy dictates what can be used for legal discovery in the retention of old email.

Go to top of page

Security Awareness

For the last several months the Institutional Technology Advisory Committee, the Academic Technology Advisory Committee and the Information Systems Advisory Committee, the three primary groups for directing IT-related projects, have been reviewing the SANS Institute Security Awareness Training modules. The goal was for the teams to decide Information Technologywhether an annual security awareness training program should be offered for all faculty and staff and which modules from the online training suite would be suggested as possibilities.

IT purchased thee modules in conjunction with URI to ensure that the population of technology users here at the college had an opportunity to provide themselves with enough information to avoid the pitfalls evident in cyberspace. Ten modules were particularly nominated to be in the initial program and they are:

Password - Wi-Fi Security - Protecting Your Computer
Email & IM - Social Networking
- Mobile Devices
Browsing - FERPA - Ethics - Data Protection

Each of the online presentations is brief; no more than 2 or 3 minutes in most cases. However, the content and style of each is comfortable and not overly technical in nature. Easily utilized, the videos are web-based and so will work with any browser. Additional modules exist and will be offered as part of the program for those who want more specific information on topics not covered in this list.

The security awareness program will be vetted through the President’s Council for approval and adoption and then offered in late summer and early fall. The SANS Institute modules will be updated every year to include new and changing content surround security.

Go to top of page

Sleep Mode on Inactive Computers

Information Technology

Another important topic that involves security and was a feature of the advisory group meetings was the concept of “sleep” mode on each CCRI computer. When someone steps away from their computer for thirty minutes, resulting in inactivity on the keyboard or mouse, the machine will be configured to go into a sleep mode. This will happen at every faculty and staff computer located in an office or suite area. What does sleep mode mean?

The computer sensing inactivity after thirty minutes, automatically logs itself off. The person returning to the machine needs to hit any key and will be prompted to type in their password once again. Once logged back in, the files, applications and features being used on the computer when it went to sleep will return to exactly the spot where the machine was left. Nothing gets lost, no files get closed and no interruption is caused in what was being done. So why would we institute sleep mode?

The greatest security risk that anyone has at their desk is if they leave their computer on, walk away and someone sits down at that machine and creates mayhem. Deleting files is simple enough and in a rapid fashion. Sending emails through an open account can be done. Just simply turning the machine off could result in lost data or corrupted files. All this could occur in a blink of an eye if no one is watching. So sleep mode ends up being a small price to pay for a large level of protection.

Once again this is going to go to the President’s council for vetting and approval. Once that approval is given, a group policy will be delivered to each machine as an update to institute the sleep mode.

Go to top of page

Service Desk! We Need Your Help!

The Department of Information Technology has a limited number of staff resources to dedicate to support of the various campuses throughout CCRI. We are constantly re-evaluating the manner in which we use those resources and where we might have areas needing supplemental support or indeed, not as much support. A key indicator for us to evaluate that is through the “trouble ticketing” system and what workload is attached to the number of tickets at each campus.

Information Technology

IT needs your help to ensure that we provide the best service we can to each CCRI student, faculty and staff member. Every time you have a problem, we ask that you send an email message to itsd@ccri.edu as well as cc’ing your favorite IT person. That way we have a record of each issue encountered, who had the problem and how it was resolved. This method makes us better than we are today. How?

When IT as a group knows about the incident it is a good thing. Other campuses could experience the same problem and once solved, that solution would be shared. With this data available the knowledge base surrounding issues gets populated helping IT folks improve their overall skill level. The problem does not occur again and again and we work to solve it once. Having that central point to collect the trouble tickets is vital to make us more efficient and effective with the limited number of people we have.

So the next time you get ready to call your favorite IT person, please consider sending an email to the Service Desk instead. In this way, everyone in IT knows about problems and if a solution is prolonged, we can devote even more resources to its solution. When it gets solved, everyone knows what that solution was and it can be applied repeatedly. Additionally it gives credit to the person whom you would have contacted directly for a job well done and the workload that they are maintaining.

While the Service Desk at CCRI has gotten a bad name, I am convinced that the email delivery of ticket requests does work. I’ve seen it. I hope you can help. Emailing the Service Desk does not add to the numerous phone calls we get every day and it gets your message through quickly and efficiently. Thanks for your consideration in this extremely helpful act.

Go to top of page

This page developed and maintained by the Chief Information Officer. Send comments and suggestions to .


Last Updated: 11/21/14