Hit enter after type your search item
NEWS SMART

Here you will find everything about smart and technology

Tech Talks Jan. 30, 2020

/
/
/
74 Views

JACOB MORRIS: All right Welcome, folks

Welcome to our first Tech Talk for 2020 Thank you for being here Folks online, if you are having any trouble with audio, go ahead and put it in chat We've got folks monitoring chat right now So I want to welcome you all

My name is Jacob Morris, and today I'm in my role as co-chair of the TechConnect advisory board I've got Jamie Daniels here with me as well, who's our other co-chair And I want to welcome you all to our first event of 2020 We're going to already start plugging our next event We haven't even started this one and I'm already talking about future events

So April 30, put it on your calendars, our next Tech Talk right in this room, right at the same time and online And we actually have them again, I think, on the 30th of July What am I thinking of? August? July? July 30 And then we did October 29 because we couldn't keep the 30's going all year We tried very hard, but we couldn't quite do it

So please join us for that one as well Communities of Practice, if you are not a part of one of our wonderful Communities of Practice, take a look at them online and join one today They are a great place to connect with folks who are facing similar issues to you, have similar challenges as you, and have great ideas And then, of course, if you haven't heard already, we're going to say it again many times this year The conference this year is moved to September

September 2, 2020 is when our conference will be And more details are available online and will continue to come out throughout this year as we develop that program So UWedu/techconnect This is our QR code if you're so brave

And it looks like this And again, Community Practice, Tech Talks, and the Tech Conference Lots of great info there OK A couple of pro tips for folks online

You can rename yourself in the panel It's really helpful for us if we're watching because net IDs are sometimes not related to names I am a particular case of this And then, of course, we are going to have some participant feedback, some silent feedback So we're going to be raising hands in the room

And folks online, we're going to ask you to use either a raised hand or a yes or a no And that's available in the Zoom participant panel So that's a pro tip for folks who are potentially new to Zoom All right, without much further ado, we've got three great talks today We've got Sean Mooney here from UW Medicine

We've got Joby Walker here from UW-IT And we've got John Borwick here from the Office of Academic Personnel And I won't read all of these things to you You can all see them, you've all seen the invite So without much further ado, I want to hand it off to Sean Mooney for our first talk

SEAN MOONEY: All right Thank you very much I really appreciate the invite I'm one of those people who really enjoy hearing myself speak So I'm happy to be here talking to everyone, and particularly on a new topic

Jake, I think, reached out to me a month or two ago and said that there was a question, I think it came from Aaron, about the idea of covering ethics in information technology And that really resonated with me It's an area that I'm not an expert in I'll tell you what I've learned It resonated with me, though, because for years, I have given or have received responsible conduct of research talks in my research role

And I thought to myself, well, we should have similar things in other areas, particularly IT, which as you'll see, I think there's a growing responsibility, a growing response– ah, there we go Thank you A growing responsibility of IT professionals as stewards of technology and data And so I'll walk you through what my view on this is This is a new talk, and I would love feedback

So feel free to drop me an email or to send me a text message or to fill out a survey if there is one, and tell me exactly what you think about this Because I'd love to, you know, maybe this will become a thing I don't know I'm Chief Research Information Officer of UW Medicine I've been here five years in about a week

We manage systems that manage clinical trials, we enable technology access to UW Medicine patient records for research We manage computer systems that manage that data, again, for research We help with governance around clinical research informatics and supporting investigational studies in the health care system And we support for research and medical record systems as well I have no conflicts of interest

I am not an ethicist And so I'm going to raise more questions probably than I can answer in this presentation And then I want to thank Diane Korngiebel She's a faculty member in our department, in the biomedical informatics and medical education She's an associate professor and a bioethicist

So she's actually doing this for a living And she gave me feedback and helped me with that All right, so the goals of this presentation are– every researcher is required to take a responsible conduct of research course while performing research I said that And so I'm really hoping that through this presentation, that you'll understand the concept of responsible conduct of information technology

And this talk is really meant for information technology professionals like you And you should hopefully at the end understand the ethical principles and concepts governing IT as well as examples in our daily lives and of public interest And this is the first time we've given this presentation, so please, feedback So we're IT professionals We all understand things like service level agreements

Service agreements for an IT service really describe our obligations, like our scope of service, our technology that we are providing, the response time it defines It also defines essentially a legal framework for the work that we do Are there moral or ethical responsibilities in that work? And I would argue that ethical issues aren't necessarily gray areas because reasonable people can disagree over what principle interest or value prevails when they come into conflict in terms of how we make decisions of what we do And I'm hoping to raise your interest level and understanding of that through this presentation So here's a thought experiment

And I just made this up, so I don't know how real it is But I think it maybe will help relate some of these issues to you So let's say you're a manager and you're developing an automated helpdesk ticketing system You have a vendor who keeps sending you emails and you actually responded to one of those vendor requests' emails, and said, OK, sure, let's hear what you're doing And they send you a contract and tell you about that automated helpdesk system

And it's basically email-based, and a requester writes an email, sends it to helpdesk@mydepartment@UW or wherever And then that email is automatically routed into a priority queue It gets distributed to the right team, it gets assigned to some level of urgency or priority to it, and then would be responded in the appropriate way Let's say it's email- and cloud-based You're probably all familiar with this

It uses previous tickets at your organization So one of the things about this automated system is that it's adaptive and that it actually can use the existing tickets that you have And then it automatically assigns that priority and department to that Tickets of low priority based on your policy maybe are only checked weekly, while other tickets are monitored daily And the vendor argues that that will actually save you money over the long haul

And underneath the hood, they're using machine learning based on the text that's in the message body to assign priority So here's some questions So what are the legal and technical issues with such an approach? And then what are some of the ethical issues to consider when developing such an approach? And I guess I'll pose that question to this group I'm hoping that during this presentation, that we might be able to have some discussion So let's start with the legal and technical issues for those of you that are in the room

Does somebody want to give me an example of maybe a legal or technical issue with this approach, like with what you should be concerned about as you develop a vendor contract? Does anybody want to be brave enough to make a comment about that? So you're developing a contract Sure AUDIENCE: [INAUDIBLE] SEAN MOONEY: Exactly Exactly That's a great comment

Yes AUDIENCE: [INAUDIBLE] SEAN MOONEY: Yes OK, so the first question– the first answer was, who owns the data The second one is, is the data going to be shared Those are great points

So technical issues So you need to make sure that– you know, whenever we do a technical review, we're just kind of, you know, like focusing on the legal obligations that we have Does the solution meet our requirements? Does it meet any sort of service level agreement that we have to our customers or our users? And you know, the technical solution has to also follow law and policy And one of the issues that we run into is that local laws might differ in terms of like privacy of your users, for example, than, say, international law or national law where the vendor is actually pedaling this service or wares But there are ethical issues as well

So for example, what if the machine learning algorithm is biased? Let's say it's trained only on native English speakers And now we start applying it at the University of Washington where we have a lot of speakers who aren't native English speakers What if it's biased and it automatically assigns a lower priority to those individuals? What if the vendor– this gets to the data use issue– what if the vendor wants to use requests and the requesters' identities for product improvement? What if the vendor wants to use and sell the user identities? Like, say, I want all the emails And I'm going to extract the email out of that and I'm going to sell that to someone as a database that they can then use that data for other things So these are kind of examples of how ethics can come up in IT

And I think this is becoming more and more important as we move into the future An ethical concern in information technology occurs when you are technically fulfilling the requirements of an SLA or a service, but still have the potential to cause harm to some customers or users, either directly or indirectly I made that up so I really want feedback on that statement But the ethicist that reviewed this were OK with that The aim of the presentation, again, is to educate and socialize this concept of responsible conduct of information technology and to consider some practical examples

Again, I don't have answers I just have places to go find answers and to help think about decision-making from an ethical and a moral approach, as opposed to the legal and technical approach that we do in our daily lives There is an entire field of this There's a department of bioethics and humanities The research world where we do research on humans has been thinking about these issues for a long time

So they're very advanced and thinking about the ethical, legal, and societal implications of the decision-making that we do They actually run a consult service as well and would be happy to address data and IT issues in addition to life science kind of issues that they deal with on a regular basis So again, let's go back I'm going to use this like a service level agreement, something we think about a lot And what we do defines these contractual rules

Basically, the rules are the legal framework by which we operate And I'm going to compare these legal frameworks to the ethical frameworks like I did in the previous example For example, with data and data sharing, there's some local and national or even international law, such as the student records law, FERPA, or the human health clinical data law, HIPAA, or the European Union's privacy law, GDPR And then when we develop these sort of IT agreements, it could be in your service or they could be in a data use agreement, they talk about things like users must change passwords every six months, data must be encrypted when it's sitting at rest, data must be in data centers locked and monitored 24/7, breaches must be reported in 30 days Those are all very legal, very easy to respond to sort of things to think about

And you know, all of that's going to be spelled out in your data use agreement that tells you what you're going to do and how you are essentially going to operate when you provide that service And I want to say something that I think is maybe under-appreciated And that is that we are potentially the last gatekeeper before data is shared outside of the University of Washington And that's a really important concept to understand And that even though we're IT, we're not the business side, we aren't necessarily really even understanding that data

But sometimes, it's the IT guy who's the last person who's going to share that data And sometimes, that data can be really, really sensitive All right One of the concepts that I want everybody to run with when they leave this presentation is that delivery of an IT service can cause harm to some users Harm can be defined differently by different users or cultures

Harm doesn't have to be physical or monetary and can be difficult to quantify, such as reputational harms or causing moral, cultural, or personal distress And understanding harm can be very difficult to assess And one of the ways that ethicists overcome this is they consult or have the concept of a stakeholder to better understand how harm and concerns about use of data There's been some work in this area already The IEEE has a code of ethics to treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin

The ACM has a code of ethics to respect the privacy of others and honor confidentiality And there are even publications that you can read if these sides are shared later where you can go in and talk about how ethicists are thinking about IT and ethics and moral decision-making Stakeholder feedback can inform I think that's really important because we don't really necessarily understand the values of our customers, of our users, of society as a whole And so stakeholders can give that feedback

And in IT, the stakeholders, again, can be customers, users, colleagues, or society Gauging stakeholders is not possible for all decision-making But it's important to understand that we serve communities and those communities may have different views And they would inform us in how we do IT And that can be really complex because IT systems, I mean, the scope of the University of Washington is global

And we may manage IT systems on every continent in the world I'm not sure about Antarctica, but it's very, very possible In my previous organization, it was definitely Antarctica And again, we are increasingly the stewards and protectors of data We manage data that can be sensitive

In the era of the internet and big data, there are many risks of privacy and possible harm And we must think proactively about our work and its impact beyond just the maintenance of those computer systems And I really want to emphasize that the internet is complicating everything in this area And again, we should treat individual data like it is sensitive, even if there is no legal reason to do so And that includes your normal activities like minimizing incidental access to individualize data

And I guess purposeful non-work related access could break laws, they could result in HR, and even termination And you know, be considerate of things that you learn incidentally from data during you know your normal work For example, you might learn something about individuals that they would consider private And I think, finally, discouraging your peers and training staff to minimize contact with sensitive data and to not discuss that data as part of the delivery of the information and technology service I talked about how an automated helpdesk system could be biased

And that bias could result in, basically– biases turned some groups– it could be obvious like demographics, but it could be non-obvious And so I think it's important that when we deliver a service, that we're fair to all users Service and technology should not discriminate for or against specific demographics or other classes of users And this could be very subtle, like the artificial intelligence application that I described at the very beginning of the talk You're very well aware we read stories in the New York Times all the time about information technology and public privacy

There's a number of global debates about the impact of data in IT And we're constantly being challenged with addressing these issues at a societal level that deal with fairness, with equity privacy, and other issues that may cause harm to individuals or populations The privacy laws, again, I mentioned HIPAA and GDPR But there's also things like use of surveillance technologies or maybe a camera There probably is a camera looking at me right now

Yeah, there we go There's a camera looking at me But you know, for about $30 now, we can put a camera on a wall that looks at someone that's talking to Wi-Fi It's amazing how small and how inexpensive things have come And then, you know, there may be violation of other laws, such as property or cyber crimes

And so I think we have a duty in our stewardship of data as people we trust with data about them And I don't think IT– you know, we don't generally think of IT professionals like lawyers or banks But perhaps we should And that's something that one of the ethicists that reviewed this presentation said That we don't really think IT professionals have a fiduciary responsibility in the same way as a lawyer or a bank does

But perhaps we should think in that way There are frameworks So if you get these slides– I don't want to go through all of these because I don't have time to kind of get through this But thinking about what an ethical dilemma is, what your gut says, thinking about the facts, thinking about the values that are at stake What are the options, what are the best options given the facts, stakeholders, and values? What is the justification for the best option, and how can this dilemma be avoided next time? So thinking about a framework to kind of walk through problems that have moral or ethical importance is a good way to think and be

So we don't need to do a discussion here It actually looks like the question is missing on this But here's an example You have an administrative rights for an IT system of a small university research group that develops and tests mobile health interventions with identifiable communities Your manager wants you to archive, without the knowledge of anybody in the research group, all of the email communications and web browsing history

This request does not come from the university's legal office or through any other formal process that you can see You ask your supervisor to clarify things and are told it's complicated and just go ahead They will take full responsibility for what you do You are worried that you could lose your job if you bring it up or don't do it You also don't want to be embarrassed by making something out of nothing

What do you do? So I want you to go home and kind of think about that within this concept of a framework of the kinds of issues that we're talking about here So let's talk about some examples How am I doing on time? 10 til Perfect So actually, we're in good shape

So example number one, big data and the cloud And we see the cloud everywhere We're moving systems to the cloud, we're seeing very large contracts that we review and red line And usually, a lot of stakeholders will get involved Like a lawyer will red line the heck out of all the terms in there and they'll add sections

And their lawyers will add terms And then you as an IT person will look at what's possible The security office might add things about security And so it can get very, very complicated And within there, there's a lot of things that you should think about about what those terms that are both not only legal, but also, I think, of ethical importance

The cloud-based information technology vendor that you're reviewing has a clause that grants the vendor's ability to use data, including the ability to use data to improve their product That's pretty common The ability to use data for marketing purposes That's less common, but it's there pretty usually So probably, in almost every EULA you sign when you click OK on a website as an individual

And here's the one of the catches The ability to sell de-identified or even user-identified data to third parties So what are some of the issues to consider when doing this? Is that OK? So give me a comment Some feedback back on this What are some of the issues? Maybe you could even give examples of things that you've seen in the real world

There's one in the back Yeah? AUDIENCE: [INAUDIBLE] SEAN MOONEY: That's a great question So the question was, what constitutes user identification And that's the second part of the question was, how do we ensure that the data is de-identified, or how do we describe the de-identification process of the data Super interesting

So we think of identifiers, sometimes there's legal rules about what identifiers are So like, for example, in the health care world, which I'm most familiar with, HIPAA defines 18 types of identifiers Name, address, phone number, social security number, medical record number, that sort of thing And when we de-identify data, we'll remove those identifiers and we'll remove other things, like remove dates of when things happen and things like that And usually, with the health care world, the de-identified data fits as kind of an algorithm that a lot of informatics professionals use

And we have this concept of what we call potentially identifying information That's information that's not an identifier, but you think it statistically links back to an individual So for example, I probably have a genetic variant on my genome that is unique to me that no one else on earth, including my parents, have And so if my genome sequenced, that's a fingerprint of me So that's potentially identifying, but it's not really an identifier

It's not Sean Mooney, for example And so that's a really important issue Particularly, in legal agreements, it'll say, data must be de-identified And it's maybe your responsibility That's the worst part, is when it's your responsibility to ensure that it's de-identified before they get it

Yeah, you and then you AUDIENCE: [INAUDIBLE] SEAN MOONEY: That's a great point AUDIENCE: [INAUDIBLE] SEAN MOONEY: I'm in the health care world So this is a huge issue in health care because people want access to data and do data science on data And in the health care world, we are becoming increasingly familiar with the idea of supporting what we call synthetic data

That's data that looks exactly like our data, but it's not It's like completely fake and computer generated You may have seen the news stories about Kaggle having a competition to make a fake face Humans that look like real humans that weren't real It was in the news very recently

You could do the same thing with clinical data, with electronic health record data, to make data that looks real but it's not actually any individual that's in that or other data sets But there are other issues like selling the data Terms like you grant non-exclusive, worldwide rights to use the duh-duh-duh That sort of language, actually, in an agreement may be granting the other organization to call it Facebook or maybe one of the other companies that are out there and say, hey, you know, I've got data You want it? It's an issue

So you know, things to think about What rights does the vendor have to use your data? What are your customer concerns around the use of the data? Do local laws differ from national laws that should be considered? Your legal advice can give you that, your attorney What obligations do you have to your customers? I have found a blog that talks about this So if the slides are distributed, you can go there It talks about all the kind of issues that are in data licensing or in contracts that you see

Data sharing is now super pervasive, as you know Does data have to be shared? I think that you should try to minimize the amount of data sharing that happens Does the data link back to individual users? Does data sharing for the purposes, you know, really that are outside of IT, that's where I started having red flags about that Is it outside of the actual service that you're delivering in IT? And if the data is shared, is it an anonymized? Who has access to it? How long do they have access? Is there an end to that access? And are the recipients legally obligated to treat that data the same way you would treat it if it's in a computer that's on your desk or in your data center? Internet of Things, I think, is probably the second big issue that's out there that we, I think, are going to have to deal with and we're probably going to have to deal with more Man, I went to Costco with my wife a couple of weekends ago

And you know, when Internet of Things started getting talked about in the media, I was super skeptical and like, my refrigerator is not going to have a Wi-Fi device on it And you know what? My refrigerator is going to have a Wi-Fi device on it And I was impressed I can watch TV on the front of my refrigerator now I'm not sure why anybody would want to do that, but you could

So you know, devices are getting smaller and there's a lot of issues Give me some excuse that maybe you could think about in the context of what we do You want to raise– sure AUDIENCE: Well, [INAUDIBLE] SEAN MOONEY: Absolutely That's a great point

So yeah, so there is an issue – health sciences building had an issue of putting cameras around And just the concept of being surveyed all the time is something that's definitely with us You know, another example in the health care world, cameras in patient rooms That's a big deal Like can we use a camera to monitor, say, an inpatient? What if the camera– first, there's the question of the patient's concerns

But what about the provider, you know, the nurses, the doctors, the staff, the family members that are all going in there and also being recorded You know, it's some of basically the most sensitive moments, frankly, of our entire lives It's also an issue Audio, same thing I'm running out of time, so I'm going to go quickly through some of these other issues

Privacy and surveillance, we've talked about this Use and persistence of data Like where's that data going? Your Alexa device, your Siri, your camera on your new shiny smart doorbell that is like recording everything, that data is going somewhere and it's probably being used I have to say, this is totally me just talking personally I have no idea where this is going

Because some people have an enormous amount of data and that data is being integrated with other data sets that are out there in ways that are really interesting to think about Anyway, The Atlantic had an article a couple of years ago about how the Internet of Things also needs a code of ethics And I think that that's also being thought about Artificial intelligence and facial recognition is another area that is obviously of interest Using these Internet of Things devices, these cheap $30 cameras, you can actually use that to recognize people and using machine learning

It's not just the method and the application of the methods There's also been ethical discussions about the databases of data that are used to train these methods So I don't know if you remember, one of the big IT vendors, I can't remember which one, had some news that came out about creating a database of human faces, of identified faces for the purposes of building these models And that was also a concern And so I think this is also another issue

And when is it legal to apply these methods, et cetera And so I think, you know, machine learning in application is another big area I already talked a little bit about machine learning and artificial intelligence in health care Data science in health care is here People are using it, developing it, implementing it for things that are very administrative

Like let's predict all of the patients that we think are going to be no shows in our outpatient clinics so we can give them a phone call and remind them to come in Really simple machine learning Actually, here's an example that I just noticed the other day TSA, when you go through security, and they've been putting these new checkpoints in where the basket now comes out in front of you and you can take all the time you want to put the basket up And then you put the basket on a conveyor belt

The conveyor belt goes through the X-ray thing, it goes to the end Watch the end of the conveyor belt At the very end, I notice there's a camera that's a device looking down at the basket And the camera is determining whether the basket is empty or not And if it's empty, it pushes it into the thing to go back to the front of the line

And if it's still full, it holds the conveyor belt That's machine learning in our daily lives being applied And apparently works You know, I think this is the last example I'm going to give and then I'm going to open it up to some questions if I have time And that is, you know, we administrate public forum, public and private forums on the internet

And by forum, I'm using the broad– I'm not just talking about forums like Reddit I'm also talking about email, mailing lists from Mailman, you know, blogs Anytime people are talking to each other, and we're increasingly becoming moderators of that, there are laws and policies that govern that You know, HR can advise We try to enable an open and public discourse in the environment

But you know, sometimes we don't agree on things, which is probably OK But sometimes, communications can cross into ethical and legal areas, such as hate speech and other kinds of things that would be inappropriate They are other things to consider OK, so I'm out of time I'm going to finish up

I hope you enjoyed this Please send me some feedback about things I could add or things I could change There are places you can go For legal issues, you can talk to your manager, talk to your department I think that's probably the first place to start

Our council at the University of Washington is the attorney general's office They have an office in the UW tower They tend to be actually very responsive They have a website for intake, for requests And I work with them a lot and they've been really helpful

For academic conflicts, we have an ombudsman office And the ombudsman can help negotiate and basically act as a third party to help broker disagreements and conflicts between individuals And then finally, for ethics issues, the UW and the Institute of Translational Health Sciences have developed a consult service on the ITHS website You can make a request and a bona fide scholarly ethicist will reach out to you and will talk about your issue And actually, big data and data science and technology are really of interest to them, because this is an area that's emergent

It's something we deal with all the time, and really important So I think with that, I'm going to finish Thank you so much And I'd be happy to take a few questions JACOB MORRIS: So before we do questions, there was a note from online that the UW Privacy Office is another place that you could go to get information

And they're also dealing with similar concerns So there's lots of resources here at the University So if people have questions, I'll run quickly Maybe you can adjust me down SEAN MOONEY: Thank you for that

I'll add that to a future presentation JACOB MORRIS: I know you have questions Come on, don't be shy Any questions online, Kate? Are we seeing anything coming in chat? Oh, here we go Perfect

Brave individual Might be a second AUDIENCE: Hi Do you know of any cases where university employees have been held legally accountable for these issues? SEAN MOONEY: No I'm going to give the answer of no

Maybe someone else in the room does But I think that there are certainly areas around data where organizations are struggling with the issue of data and data sharing And there have been examples nationally of, for example, class action lawsuits in the health care world around data sharing and making clinical data available widely for a bunch of different purposes And so where they're individuals, I'm not sure JACOB MORRIS: Another question here

AUDIENCE: Yes I'd be interested– or a recommendation to this group and discussion is, I would love to see best practices for developing an SLA with a vendor that addresses some of these ethical concerns For example, one of the questions that I always come up with that I have a problem with is, what is the data retention policy So that's a sensitive issue And everyone's kind of afraid to throw away their data for years after use

SEAN MOONEY: That's a great comment about– I guess you guys picked it up online In the data sharing world, we're starting to become more aware of the kinds of terms that we would want to put into an agreement or see in an agreement with a contract Like, you know, that when this is done, the data is gone You know, that sort of thing And the vendor is definitely not going to put that in

And so it's something that's our responsibility to make sure it gets there And that's an issue, a similar issue that we address in the vendor contract or data sharing world And I think there could be similar, particularly in an organization as big and complex as UW also around internal service agreements as well Yeah? AUDIENCE: We've encountered our researchers sometimes kind of rubber stamping some of the IT requirements without actually consulting IT So you sort of have to be aware to that

Keep your ear to the rail to know that things are happening so that you can sort of step in and say, well, you made a promise that we're going to treat this particular data in a particular way But there's been no interaction with us to actually facilitate that So we've had to sort of educate our researchers So when they're getting these grants and things like that, that they are actually signing something that's actually going to happen SEAN MOONEY: That's also a great comment

In the research world, I mean, that stuff happens in other areas of the business world, too But in the research world, researchers are always kind of going after that shiny thing that they're really excited about And for large projects, it becomes very important to understand what we as an organization are obligated to do, particularly if there's a collaboration with a sponsor, with someone who's providing resources to do that research Really important to understand what's in there and what we are frankly on the hook for AUDIENCE: Sean, thanks a lot for this talk

A lot of relevant issues here So as you're probably aware, our department is involved in a couple of big research projects involving big data And first, I want to give a little bit of [INAUDIBLE] on the notion of IT people as lawyers That's so outside our lane And I would complement that comment by saying, well, you shouldn't be lawyers, but you should have the lawyers on speed dial

Because we call in compliance all the time for review and consultation They're our friends, they're our partners There is a perception, especially within UW Medicine, due to the history of data breaches that we're really gun shy, right? But I do inform the researchers that the compliance folks, we're on the same team, right? And we're here to accomplish the same mission So there is some level of distrust that we as IT people can help break down and to mediate to get everybody at the table So that's one thing

But regarding big data, the data sets that people are starting to analyze here at UW Medicine that come out of our [INAUDIBLE] and other data sets, I'm very sensitive to the bias inherent in those data sets Because here in the Pacific Northwest, our patient population is not representative of the country as a whole And they are underrepresented minority populations, African-Americans, Asians, Native Americans, that have issues of access to health care in the first place And then they are doubly underrepresented then within our population And we're doing natural language processing learning, AI, perioperative hypertension prediction off of those

Besides being just the computer guys, how do we, you know, do we have a role in advising the researchers, pointing them to resources that your office may have? SEAN MOONEY: Yeah Talk to me In the health care world, we can give you advice on that And if you get me an email on the offline, I can show you some of the data that we're collecting on this area as we start to think about data science I think it's a really important issue

I'm always looking for opportunities for research and it's also a good opportunity to look in from the research space I would expand that beyond health care I think you're going– you know, as everything becomes more and more cloud-based, we start thinking of the cloud more as a bunch of services in a tool box instead of being just simply a computer that we put into someone else's data center I think you're going to see this more and more of an issue that's going to touch student records, it's going to touch out employees, everything in our world So I think that's really important

I do want to amend something and say I'm not implying that the IT personnel are lawyers Lawyers are our best friends in terms of helping understand what the language means in these EULAs or in these licensing contract agreements What I was essentially suggesting is that we may have a fiduciary responsibility to data and to IT in a very similar way There's a lot of public trust, both from our users and customers and from society as a whole in terms of what we're doing and managing Again, we are stewards of data in ways that I think is really important for us to think about

Thank you very much JACOB MORRIS: Yeah, thank you very much Thank you, Sean And I think Sean is to be commended because I think he's traveling about 500 miles to give another talk to– 150, OK, whew 150 miles to give another talk today

So next up, we've got Joby Walker coming up to talk a little bit about GitHub and the partnership with GitHub So I'll hand that microphone off Slides are ready Clicker's ready OK

JOBY WALKER: OK, everyone My name is Joby Walker and I'm the Service Owner for a Developer and Integration Tools within UW IT And we have engaged GitHub with a partnership Starting in 2018, we started working with GitHub to sign an agreement to be part of an educational partnership, which would provide benefits to the University of Washington It took a good year to get that agreement finally signed

But that's been signed and we've started using GitHub under this partnership So let's get started here So first, just not sure about all of the information known about people in the audience But it is a distributed version control system which allows you to manage changes within files over time There's more information

It can be used for pretty much anything I use it for managing my own personal notes just because it is useful, and I prefer text as opposed to some tool that manages things for me But generally used in software but can be used for really any sort of data set you have GitHub itself opened up for business in 2007 It has been a leader in Git repository hosting

It was purchased by Microsoft, which changes a few details They offer public and private repositories for everyone for free It's sort of the add on features that cost and can cost for us too But the main advantage that a hosting service provides is collaboration with teams Anybody can just run Git on their workstation or even a local server, but the additional tools that the platform provides are what the real advantage is

So the partnership The partnership is contained by that we have an enterprise account with GitHub, which allows us at UW IT to create organizations within that account for your use So organizations within GitHub is sort of a self-contained management structure where you can management users, teams, the repositories, and the access control to those repositories Our partnership leverages the GitHub cloud offering as opposed to the enterprise offering So this is just using GitHub

com There's not an on-premises server that we're managing And also, if you are already using GitHub and you have organizations to manage your data there, we can migrate those organizations underneath the partnership There is a limit on that and I'm only allowed to email my contact once a month about this So what does the partnership actually provide? So within those organizations, you have unlimited public, private, and internal repositories

The internal is a special sort of state that exists within the enterprise accounts, which means it's not world visible, but anyone who has accounts that are underneath the University of Washington's partnership would then be able to see those repositories So it's sort of public to the university We have implemented integration with the University of Washington single sign on And then everything else that GitHub offers is available, including GitHub Classroom, which is an interesting tool I don't know a tremendous amount about it

But there are people in academic units that want to do some more work with that, we'd be happy to work with you There's also access to reduced price or free resources for students There's a link there And that is for students, not people at the University of Washington But students

And there is a Canvas integration that's available as a part of working with GitHub Classroom I have not tested that, but it's a way of getting some student names into the system, which can be a problem and I will talk about it a bit If you want to use this partnership, for every organization that we create, we require that there be at least two owners for that organization And you have obligations First, you have to take GitHub's mandatory training, which there is the link there

And it's not very onerous It's mainly some videos about Git and a few about GitHub Classroom, and a few other details After you finish the training, you have to sign up that you took the training, basically And then also, as an organization owner, you're responsible for everything that happens within those organizations, which is managing the users, teams, repositories, and permissions UW IT has limited capacity to do that

And in general operation, we wouldn't have any direct capacity We create the organizations for you and then you take control of them and then we don't have any visibility long term So that also means that you would be responsible for user support within your organization So if someone's having some issue, we would expect you guys to at least initially triage that And if it seems to be a platform issue, then come to UW IT

And then if there's no information that we can provide or there's nothing we can do, then we contact GitHub itself So as part of the partnership, they don't want to hear from you They want you to talk to us and then we'll talk to them So on using GitHub, the way things work is interesting It's actually interesting in a good way

So everyone that would be using this needs to create or use an existing GitHub account And then when you are invited into one of the UW affiliated organizations, it gets linked to your net ID as a part of login for access to those UW related repositories or resources This has some advantages, particularly for students or student employees, in that people who have established an identity on GitHub can then link back to their work within the University of Washington And then if they move on to another organization, then they can still maintain their GitHub persona and some of the metrics that were generated as a part of working with us Their frequency of commits and stuff at GitHub, hopefully anonymizes properly, that can continue

So they can show that they did have a history going in the past They may not be able to show their repositories and the actual data that they were working on, but that they had a working life Let's see Yeah And so the single sign on is only activated when you use your account to access one of the organizations within the UW enterprise

So when I log in, I see my own personal stuff, my own personal organizations, and some other stuff that I belong to And then if I go through a single sign on, that makes available some more resources that belong to the UW related organizations that I've got That's sort of a two-step process It takes a little while to get used to And then, as I mentioned, yeah, we were moved from one of the GitHub Enterprise organizations

Your GitHub account will just continue to work as it had before, just without the access Yeah, how does a single sign on work? It's just an example image So if you've logged in, you can see resources, traditional stuff But then it says, click the little single sign on link, and then you can access the pull requests and other information from your organizations within the University of Washington Oh, one other detail

As owners of an organization, you can also pull in someone as an outside collaborator, which means they would continue to use their GitHub identity and then would not follow through with the single sign on process So you can work with people who don't have a net ID Let's see Then there's controlling access Yeah, once we create the organization, we will eventually remove our [INAUDIBLE],, remove the account that created it

So we don't have visibility into your organizations Because you probably don't want me to have access to all of your repositories and information So then, in that case, we can't add or remove people We can't delete the organization without you contacting us and adding us back into the organization So all current staff and students are authorized to be added into one of the organizations

And an access will automatically be provisioned If you want to add a shared net IDs or application net ID or SADM, LADM net IDS, you just have to contact us and we will add them to the group that limits access Then for within your GitHub organization, you can define teams, which we would think of as groups There is no automatic synchronization that we provide to link those teams to the UW group service But a team within UW IT who's been using GitHub up for a while has a program that they use to sync groups' information into teams of their organization

That's freely available for you to run GitHub Classroom, so GitHub Classroom provides a way for you to manage both individual and group work within a class So you would set up a class for English 101 Then within that, you can tell all your students to use this URL to sign into the service They sign in, provide some information, and then you can assign assignments, which automatically creates repositories for them

And you can work on what they provide back to you And I haven't fully tested out the functionality, but it's pretty neat And yes, there are several videos on this And sort of a highlight to what we're going to talk about in the future is that we do not have a BAA with GitHub around both FERPA or HIPAA compliance So if you are concerned about student information being personally identifiable, that's something we need to talk about

I'll jump ahead Not jump ahead slides We have been talking with GitHub for several months now about having them sign our standard BAA around student information The people that we've talked to on the education side said that the agreement looks great and they would love to sign it And they passed it off to their legal team

And we have yet to hear from the legal team about that Yeah, so with GitHub, you create assignments So it creates a repository per assignment So you can start with some information and then clone that for each of the students or each of the groups within the organization And the students can work with it

There's a dashboard for managing all this And the module in the training walks people through handling all of this So again, our caveat It's not HIPAA aligned We have no intention to pursue this at this time

And you should never be putting patient data in GitHub That's just referencing the previous presentation We don't have a FERPA agreement And as I said, we're looking to work there I've talked with two other universities about this

GitHub has been sending universities my way to talk about this And I talk about using the GitHub education and I've been talking about the lack of a FERPA agreement, which they have all been wanting to hop on to There are a few known bugs within the system When you invite people into an organization, very frequently you have to click on the invitation twice to fully get through the process The first time I did it, it worked perfectly fine, but that's because I had already been logged into GitHub

But yeah, there is an issue there And then there are a few cases where you can't remove individuals from organizations The most notable one is there has to be a single owner, at least one owner for an organization So the last person can't be removed Yeah, we've engaged with GitHub to identify these

And one thing that we send out a note when we invite new owners into organizations, and you'd probably want to highlight to people, is that if you are already logged into GitHub with an identity that you don't want linked to your net ID, you can run into problems Or if you are logged in with a shared net ID or your SADM account, and then you're going through the login process, you might associate your GitHub account with a net ID that you don't want it associated with And there's no easy way to undo that We have to contact GitHub and have them pull those pieces apart So yeah

So if you want to use this, so we have a page within the UW IT service catalog Just source control GitHub And if you have help, there is a web forum also on service now And you can also just email help Any questions? Yeah? Can you get me your microphone to him? AUDIENCE: What are the features that you're getting with the Enterprise account that would either be different from or similar to the paid version of features that you get through GitHub on your own? Or contrary to– JOBY WALKER: Yeah

So that has changed over time So there isn't much difference between having your own paid account and using the GitHub organization, the UW enterprise That's essentially the same In terms of using the free service, the difference is minimal You don't have access to the UW single sign on, and there's not that internal repository alignment

And that's largely about it JACOB MORRIS: Cost, right? That's maybe the big tipping point here for costs? JOBY WALKER: That's actually less of an issue So when we started the engagement with GitHub, at that time, private repositories required that you pay for the service That's no longer the case They have opened that up because GitHub is looking to generate revenue on some of the additional things that you could do on GitHub

GitHub Actions, the additional storage options they've got, and some workflow pieces That's where they're actually looking to drive revenue right now, rather than the private repositories AUDIENCE: And when you create a new repository, do you market as specific to the organization so that it isn't– you can't sail with the ship? Like, how does that work? JOBY WALKER: So yeah, whenever you create a repository within GitHub, it presents the option of either your individual account or which organization you want that to be a part of So I mean, when I do it, I've got 10 organizations that I can choose from for that creation process And you also, as organization owners, have the ability to limit who can create repositories

Even if you've added somebody to the organization, you might not give them the ability to create it Within one of my teams, we limited that for a while just because there are a lot of options on repositories and how they're managed And we wanted to ensure that everything was aligned before we allowed everybody to create repos JACOB MORRIS: So we've got a question online from Jack that says, if I leave the university, does UW own the data I've put in a repo and is that the same for an external collaborator? JOBY WALKER: So that would depend a bit on your agreement on that But generally, yes

So if the repository is underneath an organization that is part of this UW agreement, then the people who manage that organization are the ones who have the real control over it I would strongly encourage everyone, when creating a repository, to have some licensing terms that are part of that GitHub strongly encourages you to do that Within UW IT, we've been talking about having some sort of standard licensing terms that are included in that And that is around how publicly available things are, what the ownership is

So that if someone worked on a project, would they have rights to it in the future? Or if they've contributed there, they no longer have any rights because it's owned by UW AUDIENCE: Check, check, check OK, may need to stand up AUDIENCE: I'll stand So we actually have two questions

We have a lot of student workers that work on our public repositories in an org that we already have set up Right now, what we do is we require them to use an account that's connected to a shared net ID email address to do most of their contributions Do you recommend, just based on your experience, we continue to do that because of how complicated it can be with interns coming in and out of the org? Or should we let them use their personal accounts with their shared net ID? JOBY WALKER: So what you've done isn't what I would do, but I can see why you would do that I mean, I don't have a good answer for that I would certainly be willing to talk to you some more about issues around that

In general, I would avoid that I mean, there's a few options for that AUDIENCE: Is it complicated for you, managing this, to have to disconnect net IDs from individual contributor's accounts? JOBY WALKER: Not really It really depends on the size of the groups that you're talking about If you're talking about 20, 30 people as a part of your group, then it's trivial

If you're getting bigger than that, then that's when I would start looking at the team sync that ACA had developed Because it just would make things a little bit easier AUDIENCE: We also have external vendors often contribute to our repositories Is that foreseen as a problem with this setup? JOBY WALKER: No That works

They would just be one of those outside collaborators Yeah, you just identify them and just manage them as another user AUDIENCE: Awesome Thank you JOBY WALKER: I'll repeat it

That's fine So the question is, if you're already using Atlassian's Bitbucket, using the server or the online version, if there's any integration or plans for around migration So we don't have any We haven't talked to Atlassian for a contract around Bitbucket, partially because there wasn't a real drive for it Atlassian's Bitbucket also provides free repositories for anyone with an edu email account

So there wasn't a push initially for that But then transferring information from any Git-related hosting service to another one is really trivial I mean, it's just a clone and then upload it to a new site It's very likely that there are some tools out there that automates the process for you I don't know, I haven't done that

AUDIENCE: [INAUDIBLE] JOBY WALKER: Yeah So the question is around Travis CI, which is a continuous integration tool So the partnership does not mean Travis is free for private repositories If you have public repositories, it is free because that's free for everyone The integration between GitHub and Travis CI is one of the reasons why several teams within UW IT was interested in moving to GitHub

And I mean, things work just as if any other private account working with Travis CI But it requires you to pay for that The only exception to that is for students If you've gone through the process of identifying yourself as a student to GitHub, there's a page that you say that I'm a student and here's my email address Once you've done that, then you have free access

There's some level of free access to a whole bunch of outside resources, including Travis for free for your private repositories AUDIENCE: Check, check, check It's working now JACOB MORRIS: All right So our next one is coming from– I can see it– from Jackie

And it says, can you give read or read write access to your team or repo to other GitHub teams or UW groups? JOBY WALKER: Yes How that happens is– I have not done a lot of experimentation around that You can invite people and manage them It's a little more complex because GitHub tries to contain everything into its own organization And then those aren't necessarily visible outside of its container

JACOB MORRIS: Another question on line from Tiffany It says, so if we have a private repository that we are paying for outside of UW, not an organization, do we have to create an organization before we can request to have this migrated to the UW service? JOBY WALKER: No So once there is an organization under the UW partnership, it's a simple process just within GitHub that the owner can transfer any repository within an organization that they have create rights to And that's happened many times JACOB MORRIS: All right

This is from another user online It says, so best practice is to just have students tie their personal GitHub accounts to their personal net IDs when doing work for the university JOBY WALKER: So referencing the previous presentation that we had, there are some issues around that in people being identified as a student And I am not a lawyer fully familiar with the FERPA issues So I don't know the correct answer that's best practice

I think that's what I– that's certainly what GitHub would like you to do JACOB MORRIS: And maybe a follow up to this If it's specifically about student employees doing paid for work by the university or some other work and not in their student capacity, necessarily, but in their student employee capacity, would you consider that a best practice? JOBY WALKER: So putting the same asterisk around it that I had on the same– I think there is much better alignment for that, that that is OK But again, I would consult with the appropriate university resources around that JACOB MORRIS: Great

Other questions in the room? Oh, back Let's see if this– oh, no JOBY WALKER: Yeah so the question is around the use of a UW shared net ID, and that the rules, which I'm looking at Jonathan Moore at, are that they are more for sharing information as opposed to individuals performing work under that shared net ID Jonathan might have more he can say about that In my own knowledge, I know that that happens a lot

And in one of my other hats on working with ServiceNow within UW IT that's been a persistent problem, is people emailing the system under a shared net ID And then us really being unable to tie that back to the user who's actually involved AUDIENCE: It's not– oh JOBY WALKER: So just to summarize what Jonathan is saying, is that there is a strong encouragement to use personal net IDs as opposed to shared net ID But with a particular focus on areas where the information is audited, where you absolutely need to know who performed an action

But it becomes fuzzier depending on the amount of work– the scope of work It really depends on how tightly you need to track who performed that action And checking in code might be one of those situations where you want to know exactly who the user was that did it So two questions So first was around [INAUDIBLE] have an organization within the system

We have not put any limitations on that We've had departments, individual teams within departments, specific labs sign up We've got a sort of standard nomenclature that we're using for creating the identifying names, which is just sort of which campus you are, then which are major unit you are in a sub-group But I am not going to pose any limits that a community of practice couldn't have an organization I would, although we're very well down this road

I would kind of encourage people to think more broadly, rather than having an organization just for a very small group of people because it does close things off But then it also makes it much easier to manage So I understand it The second question relates to the on premises Bitbucket server Within UW IT, we don't have any plans to retire that at this time, partially because some groups are using the sort of full stack path between Jira, Bitbucket, Bamboo Artifactory

But we are definitely looking to sunset those at sometime in the future Using a full CICD path of going from GitHub to a build tool to a deployment tool to Kubernetes or some sort of other cloud-provided service is really kind of the future And that's where we're trying to encourage development to move So as use of those on premises tools declines, then, yeah We'll remove them

Just like we recently retired Subversion JACOB MORRIS: All right, final questions? Perfect Thank you so much, Joby Thank you for this talk All right, we're going to switch up our slides here

And we've got our next talk is John Borwick talking to us about one of those other tools we just talked about, Jira So Jira JOHN BORWICK: Thank you so much Hello Thank you

This is great So hello My name is John Borwick Thanks very much for having me today I'm going to talk about how our office has configured and used Jira to track work that is non-technical in nature

So I work for the Office of Academic Personnel, or OAP Our office handles transactions that are specific to academic personnel, such as sabbatical requests, promotion and tenure review We also handle visa requests for academic personnel And also, the Office of Equal Opportunity and Affirmative Action for all of campus, all employees is housed in our area And I'm in the Project and Innovation Management team

We're responsible for a little bit of IT, but also project management and process improvement on behalf of our office So you may be curious who's this guy So I am the director of that team I've worked at UW for about a year and a half Before that, I worked at a company, Team Dynamics, that is a higher ed focused tool provider of IT service management, project portfolio management tools where I did tool and process consulting, helping schools set up PMOs and helpdesks and stuff

I worked at Virginia Tech as IT Director in Libraries And was PMO director at Wake Forest University Started out as a Unix systems administrator And my career goal is to make people's lives easier through improved IT management So I hope that I can share with you some lessons, maybe some specific to Jira, some maybe a little more general that might help you in thinking about the tools that you use and how you kind of support effective improvement in your organizations

OK, I have like four really quick questions And I appreciate everyone like experimenting with how we can include people who are remote for this There's just like four show of hand questions So if you, I guess, this is thank you for putting this here So I guess if they click raise hand, that's the best

OK We're going to go from like more general to more specific, and we'll see how it goes Who has used a team work tracking system? Jira, ServiceNow, Trello? OK, in the room, I see virtually everyone raising their hands How many people are on? Is this a large percentage? 37 So fewer

Yeah, so some people are using these tools Thank you I will attempt to move on to the next question We'll see how that goes Thank you for lowering your hand

OK, who's used Jira specifically? OK, it seems like most of this room has is used Jira I'm going to say that roughly a similar percentage of people online have used Jira I guess, if you could lower your hand, we're going to go to the next one Who uses Jira currently for work? That's maybe about half of this room And I see seven people have raised their hand

So slightly fewer, but still a fair number And the last one and the most specific question, who has, as like a Jira sort of project admin, configured a project? Like controlled which issues you set up and stuff? OK, I see like five, six people in this room And online, some number less than or equal to five people OK, great I really appreciate your engagement there

That helps me know what to speak to It also helps me know that everyone here has experienced Jira in one way or another, pretty much So the agenda today, I'm going to talk through a couple of concepts and kind of principles in rolling out a tool that I have used And then I'll get into some Jira specific configuration stuff and how we're actually using Jira Like examples of how Jira is then kind of employed

And then we'll have time for review and questions OK, so just a couple of key concepts These are not Jira specific In our office, we introduced the terms task, initiative, and project OK? A task is something that's beyond just day to day stuff, but maybe not a big thing

Like we need, I don't know, a poster We'd call that a task OK? Then an initiative is something bigger than that, something that needs coordination, maybe needs to show up on some reports, needs more visibility But it is not as big as a project And then a project is a big thing

Projects need to have a charter, the charter needs to get signed, there's going to be a kickoff meeting In terms of our office, we have a very small number of projects One would be like our support for the post-doctoral scholars bargaining implementation So they're pretty big, the projects are And then having this language outside of the tool helps us have discussions about what we're putting in the tool

And in Jira, we're putting projects and initiatives in the tool It's up to the individuals and teams if they want to put tasks in the tool or not So that's one quick concept Another one, and this is useful for probably any sort of new work system You want to have the approval and the review, and really the overhead proportional to the level of effort and risk

So a task, you know, we're just going to make a poster You just talked with your manager, that's great Something that's an initiative, that may need to get reviewed by the assistant Vice Provost And something that's a project, that needs more review and a more overhead, if you will That's where we have the charter that's signed by the Vice Provost

So these concepts of having these different terms and having the appropriate controls proportional to the work were introduced I kind of set them up before we reviewed how we use Jira Then I'd like to introduce four principles that I used in rolling out Jira that may or may not be helpful for you for any tool that you might implement First of my principles, make almost nothing required I would rather have no data in the tool than bad data

So if there is a field that's required, I can't tell you how many times I've seen an x put into that field in my history, right? And then the data is not useful If you're not controlling it, then it's worse, in my opinion, than not having the data So I wanted to have very little required I have a natural tendency to make things maybe a little complicated So I wanted to kind of make sure any feature that was introduced was needed and had some kind of anchor in a problem we're trying to solve

And similarly, I think the prevailing win for most tools is to make them more and more complicated over time So I try to consciously check in and make the tool less complicated There are a couple of parts to our Jira configuration that we removed because they weren't being used very much, for example So trying to consciously ask, is this more complicated than we need to be? And then finally, if you want to have a system that's true, that's your source of truth, you need to treat it as true So if Jira says that we have seven initiatives, for example, and then in a meeting, somebody says, oh, well, we also have these two other things, that's a great time to say, OK, well, let's put them in the system

So that the system will then say, we have nine things And if you treat a system as true, that helps you identify the kind of checks to improve how true it is So there has to be a point in time where you say, this is going to be our source of truth And we were able to do that with Jira So the reports that we pull, that is the correct list of our projects and initiatives, for example

All right, so now I'm going to talk a little more specifically about how Jira is configured OK, so Jira has terms that are different than the terms I shared a moment ago OK, so in Jira, we only have one project There is only one project for all of our stuff So like all of our projects or initiatives tasks are in one Jira project

OK? I can tell you a lot more about why we did that and I'll share how we use it But when I started, we were using Jira But the way we were using it, people were very confused about where to go for information This removed one of the levels of complexity in making sure people could all see the same thing Especially if you're trying to create a system of truth, everyone needs to be looking at the same stuff

So in Jira, there's a concept of a board A board is kind of like a view or a window into the issues that you have in Jira And so we have four different boards for four different views of our work And I'll talk with you about what is in these boards and why they're set up this way in a moment In Jira, since virtually all of you are familiar with it, the issues that you have in a project have statuses

These are the statuses that we use And they are sort of roughly in order Idea is like, hey, we have this idea No commitment that we're going to do it Just wanted to record it

Backlog is, yeah, we're probably going to do this work Not maybe sure when, but we're going to do it To do and in progress mean that this is happening It's on the person who owns that issue to decide how they use those So some people like to move stuff to in progress when they're like actually working on it that day

Blocked means we can't do it, ideally due to some external factor, like we're waiting to hear back from another unit or we have a ticket in for this thing So we can't do work right now And then canceled and done are, you know, we didn't do it or we did do it Just to give you an example of how I tried to set it up to be very simple to start out with I didn't even start out with having a canceled status

I added that later when there was a demonstrated need that we needed to better report on what we did versus didn't do And the resolution field was harder to get consistent use for OK, so we have I think six Jira issue types And I can talk to you about the rest if you're interested But the two key ones are the Jira Epic, which maps to what I was sharing earlier as our project and initiative

Both of those are tracked as a Jira Epic And a task, that corresponds to what I was saying about a task earlier Tasks can be tied to a project or initiative, or they can be recorded on their own as a separate thing, like the poster example I shared earlier OK, so just to make sure that everyone is on the same page with what a board is, this arrow has moved a little bit But the arrow was pointing to the [INAUDIBLE] portion of the menu on the left that's for the backlog

So backlog is future stuff And then this was pointing to the Kanban board section So Jira projects can be set up to have Kanban boards or Scrum boards We use Kanban It's a little confusing that the term board is used twice

But the overall board has the active work, and that's what's in the Kanban board So with that, here's a short description of those four boards that I shared earlier So the management board is primarily designed for our executive team It shows just the projects and initiatives So this is a view

There's like queries that define what shows up in a given board So the backlog is ideas and the backlog of initiatives and projects And the Kanban board is our active initiatives and projects And these show the due dates on the cards So you can see, for each one of these, when is it supposed to be done

So that's the management board The task board is what people would use in the office on a day to day basis That shows what's in the backlog It does not show idea tasks, it shows backlog tasks Then the Kanban board shows the active tasks

And we have a couple other issue types here that I mentioned, like stories, questions, and bugs These also show due dates So these are the two primary boards for what's happening right now There is an idea board And this only shows the stuff that's in the ideas state

And it is designed to be used by like a product owner or a business process owner, where they can list ideas and put the ideas in order for what's most important So like ideas for website changes, ideas for improvements to the visa request process, those would show up in the idea board But they are not seen in the task board So it's a way to separate out the ideas so they don't kind of clutter up the task board when you're trying to see what should I be doing right now And then there's one developer in our office, Jon, who's a J-O-N

So he has some other needs for Jira And particularly, we needed more information around effort I'm a big fan of t-shirt size effort estimates So those are displayed on these cards instead of the due dates But this helps us better prioritize just the development related work

And we can prioritize sort of inner file across initiatives and projects through the backlog to be able to prioritize with each initiative or project owner what should be queued up, what should be queued up next OK, so if you're familiar with Jira, you may know Jira comes with like a lot of fields It's really excited about you using all those fields And so I tried to get rid of almost all of them These are the fields that are on all of our issue types

This is a complete list Of these the only required field is summary so you can create an issue with just a summary and that's it the other fields that are used the most are the description assignee who it's assigned to, and the due date The other fields I could discuss with you if you're interested But they are not required And it may not be appropriate to use them depending on the issue

So really, just trying to track the key stuff, but if people have a need to track more, they can OK, so if you build Jira workflows, then when an issue goes from one status to another, you can set up a screen And the screen prompts people to fill out information It will start with whatever the current value of the attribute is, so you can change it So it's set up

If you move a task to in progress, you'll get asked for the due date, the next action date, and comment You may notice that all of these cells are optional So you can just drag it and hit OK if you don't care about these fields But the due date field you can then report on to see what's due soon And the next action date is probably one of the most helpful fields I found from the various [AUDIO OUT]

Test, test Thank you Is it working now? OK, thank you The idea of a next action date is you set the date for when you next want to see this thing And then you can just filter out all this stuff for the next action date is in the future

So if I put a ticket in and I know I'm probably not going to hear back for a couple of days, I can set the next action date till like three days from now And then in a filter, I don't see it anymore until that date shows up So it's a way to just hide the work that you know you can't work on right now So if something moves to the blocked status, then you get that next action date But you can also put in like a ticket number if that's relevant, and some reason for why it's blocked

So that way, if somebody else wants to know if they can help unblock stuff, they can see what the issue is And then when something gets closed, we have an another optional field, realized benefits This is designed to be language that our Vice Provost could use in like bragging about what we do So it's designed to be non-technical, something that speaks to the business outcome of work that you've done All right, so now I'm going to talk about how we use Jira, and then we should have some time for any questions

So it's up to the employees and their managers if they want to use Jira to track work beyond projects and initiatives So some people do and some people don't And that's fine If people are using Jira for tracking their tasks, then their work in Jira shows up as going to the tasks board, moving cards around, updating them, and closing things out So that would be the most common use for just somebody logging into Jira and using it

For their projects and initiatives, I send this email to all the people who own a project or initiative Part of the role of being the owner is that you have to do this, which is a weekly update The weekly update is just a two to three sentence summary of what's up with that project or initiative, along with checking the due date and the health The health we're still experimenting with So green, yellow, red

And especially trying to focus on there is no like penalty for setting it to yellow or red It just means that you need some help or assistance or there's some block there or something So this helps reinforce that Jira exists It also helps people know if you put it in Jira, maybe you won't have to go to a meeting to explain what's happening So this also helps us have a history of what has happened with the Jira log of all the updates

Then for projects and initiatives, like if I'm running a project meeting, I can pull up Jira and check on the status of issues as part of that meeting A great goal for any project manager is to move project meetings from being informative to consultative So if people are informing you ahead of time via Jira, then your meetings can be more consultative about the blockers or questions people have about how to do the work So this is another place where Jira is used to help our office work more efficiently And also another way that the use of Jira is reinforced because people see the value of updating the tool that the meetings can be a little bit smoother

Then for the teams that are using Jira, Jira can be used in one on ones with a manager and employee It can also be used in team meetings So for example, last week, I worked with someone on my team who has like a lot of open Jiras because there was a ton going on right now And so it's a great way for me to then have a conversation about what can I do as manager to maybe renegotiate some of these deadlines or scoot some stuff around So it helps the employee as well as the manager be able to understand resource constraints and have some productive conversations

And a team meeting, like my team reviews all of our Jiras that we are on or projects, initiatives that we're on Partly so people maybe have questions Like why are we doing this project or what's going on with this initiative You start to catch some of the cross initiative, cross project questions that otherwise you might not know about because the only time people talk about that issue is in the specific meeting There's not a place for the cross project meetings

Then if you manage a tool where people are recording data, it's really helpful to establish how much you own the data and the tool being correct And it's sort of a continuum And I recommend you don't go too far either way If I were checking like every day for how correct Jira is, it very quickly would be even more John's tool than it is already, you know? But I try to do a little like kind of nudging or checking once a month for issues that are active but haven't been updated in a long time, for due dates that are in the past For example, for due dates that might say, you know, you could just remove the due date

You don't have to put one But if there is one, it should be correct So the auditing helps check to make sure that the stuff in Jira is reasonable All of this is going towards the checking needed for care and feeding of a system of truth And then the bi-monthly reporting out to our executive team

I build a Gantt chart by downloading the data out of Jira for projects and initiatives And then using Microsoft Project to build the get view exactly the way that I want There is also a tool in Jira, the Jira Portfolio that's been very useful to me It's a great view of all of our work Work can be rolled up to the program level through another issue type called themes

It's really useful It just doesn't have a good print view And I want to have a document that we can then see later, like what were our commitments back in January So this bi-monthly report out to the executive team of the status of our portfolio also helps in soliciting other projects or initiatives that are coming Because we can say, here's what we have on the list

And then people can say, oh, yeah, we have this other thing coming in, too And that helps us then know we need to record other initiatives or projects that may be coming in the future So those are a few ways that Jira is used within our office We'll just kind of move into the question time here in a second Some key concepts I mentioned, like objects, initiatives, and tasks conceptually have been very useful for us to try to make the tool rather have no data than bad data, and check for making sure the tool is not too complicated

Like we removed a couple of issue types that we didn't need this last summer And then configuring Jira, I talked some about the board concept, the statuses, and workflows And we talked a little bit about how Jira is used So I'd appreciate any questions if you have them JACOB MORRIS: Microphone's just so fun today

Any questions in the audience or online about Jira? Oh, yes, here we go Perfect AUDIENCE: Thanks, John So a basic question Are you running your own implementation of Jira or using UW IT's, which leads to a related question? JOBY WALKER: I– Yeah, UW IT's version of Jira has been around for quite a while

Current– just right Its current mission is for UW IT's use or some of our partners who are linked to us, and other things that are related to UW IT We have run a few pilots for while we were running a TAP project of onboarding people, as well who were using Jira or some other tool that we could onboard easily and wouldn't be getting much support from us Our Jira support consists of a small portion of one person right now Yeah, so that's the current mission

We are not currently planning on expanding it beyond that We have talked about it around the cost and what the support needs would be for that That has not been prioritized at this point JOHN BORWICK: If I may, I believe what I described could all be set up in a cloud instance for sure And many of these approaches could apply to other tools as well

Jira was the tool we had at hand, and it's been very helpful to us And I really appreciate UW IT's letting us try it out But a lot of these concepts could be set up for an equivalent tool, not necessarily just Jira AUDIENCE: So is that the reason that you keep everything in one project? JOHN BORWICK: Is what the reason? AUDIENCE: Is the fact that you're running it off of UW IT's– because they have to create the project JOHN BORWICK: Well, I mean, that is a factor

I guess I'd like to think, in terms of like IT support tools for stuff like this, I'm very much a pragmatist So I learned TeamDynamix at Virginia Tech because that was the tool we had at hand So in this case, the one factor in having a project is that it's not easy to create a second project But another factor is, we were using the Jira cloud instance when I started And we had like 12 projects

And there was not necessarily a lot of consistency in how those projects were managed There was a way to create a board And boards can like span multiple projects, which is very confusing to people because they're just a query, just like a JQL query So we just didn't need that level of abstraction We did need a way to group Epics

And I had thought that you needed to do that through separate Jira projects until we learned about the Jira Portfolio tool and the theme parent type So the theme has been the equivalent for us of what some people might do in separate projects Because you can roll up to the theme level, which is a level above Epic AUDIENCE: The groups that I work with just use one Jira project, or they try to use one Jira project for their group work, largely because it works that way So infrastructure software tools, then we have several hundred applications that we manage

And having a separate Jira project for each of them would just not work at all We have one to manage our work JACOB MORRIS: Other questions out here on Jira? Perfect OK Any online? Last questions online

Awesome I want to thank John again Thank you very much JOHN BORWICK: Thank you JACOB MORRIS: All right, so closing out here, I know I'm standing between you and lunch in the lunch hour

I just want to put up here, and was mentioned earlier by Sean We would love feedback Not on the microphones I'll provide that directly to Odegaard But feedback on the presentations or the format or the topics, we'd love to get it This survey will also be sent out with the recording of this talk for today

So you'll be able to re-watch these exciting talks again online via our recording So we really appreciate you coming and we're looking forward to seeing you in April Thank you

Source: Youtube

This div height required for enabling the sticky sidebar
Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views :