Loyola University Chicago

Information Technology Services

Glossary of Project Management Terms


Assumptions – Assumptions are factors that, for planning purposes, are considered to be true, real, or certain. Each assumption is an "educated guess", a likely condition, circumstance or event, presumed known in the absence of absolute certainty. Once identified, assumptions should be evaluated from a long term perspective, according to confidence level (i.e. How confident are you that this assumption will be proven correct?), followed by a related "if-then" risk counterpart analysis (i.e. If this assumption is proven incorrect, what will be the likely consequences for the project?).

Constraints/Risks – Constraints are applicable restrictions that will affect the performance of the project. A constraint can be any factor that affects when an activity can be scheduled. The primary impact of project constraints is the likelihood of delaying the completion of the project. There are three types of project constraints: technological, resource and physical. The technological constraints relate to the sequence in which individual project activities must be completed. For example, in constructing a house, pouring the foundation must occur before building the frame. Resource constraints relate to the lack of adequate resources which may force parallel activities to be performed in sequence. Project risks can be further aligned with the specific project triple-constraint variable that they may impact if not addressed: schedule, budget and quality. The team needs to identify the potential issues / risks that will need to be managed in order to mitigate their impact to the project’s success. 

Critical Success Factors – These factors are important to those who will benefit from the project and those who are responsible for determining the success criteria. Critical success factors (CSFs) are the essential activity that must be completed well if you are to achieve the mission, objectives or goals of your project. By identifying your CSFs, you can create a common point of reference to help you direct and measure the success of your project. As a common point of reference, CSFs help everyone on the team know exactly what's most important to the customer.

Deliverables – A deliverable can be an outcome to be achieved or a product to be provided. It becomes a set of specified outputs for each project milestone. A deliverable is a tangible or intangible object produced as a result of the project that is intended to be delivered to a customer. A deliverable could be a report, a document, a server upgrade or any other building block of an overall project. A deliverable may be composed of multiple smaller deliverables. It may be either an outcome to be achieved or a product to be provided. A deliverable differs from a project milestone in that a milestone is a measurement of progress toward an outcome whereas the deliverable is the result of the process. For a typical project, a milestone might be the completion of a product design while the deliverable might be the technical diagram of the product. In technical projects, deliverables can further be classified as hardware, software, or design documents.

Milestones – The milestones are only estimates and can be revised during any phase of the implementation.  A milestone is a measurement of progress toward an outcome, whereas the deliverable is the result of the process. For a typical project, a milestone might be the completion of a product design while the deliverable might be the technical diagram of the product. 

Scope – Project scope is focused on what needs to be accomplished to complete the project and deliver the product, service or result with specified features and functions. The project’s scope can be identified through discussions with the project’s sponsor and key stakeholders. Managing the project’s scope is one of the fundamental responsibilities of a project manager. It is important for the project manager and team to understand the project’s scope in order to be able to recognize scope creep as it occurs. As important as identifying what will be included in the project is to clearly identify what will not be part of the project (i.e. out of scope). 

Stakeholders – Stakeholders are persons or groups who are actively involved in the project or whose interest may be positively or negatively affected by the performance or completion of the project. Stakeholders may exert influence over the project, its deliverables, and the project team members. For each project, both internal and external stakeholders must be identified in order to determine the project requirements and expectations of all involved groups. Stakeholder identification is a continuous process and can be difficult to finalize. Identifying stakeholders and understanding their relative degree of influence on a project is critical.


Computing, networking, telephony, and information resources of Loyola University Chicago are available to advance our education, research, health care and public service missions. Any access and use of these resources and services that interfere with these goals are prohibited. All who access and use these resources will abide by all applicable policies, legal and contractual requirements, and the highest standard of ethical principles and practices, when using these University resources. Breach of or disregard for access and acceptable use policies are grounds for revoking access privileges, and may lead to additional sanctions by the University, including referral to other authorities for civil litigation and criminal prosecution.

Individuals covered

This policy applies to all persons accessing and using computing, networking, telephony and information resources through any facility of the University. These persons include students, faculty, staff, persons retained to perform University work, and any other person extended access and use privileges by the University given the availability of these resources and services, and in accordance with University contractual agreements and obligations.

Systems and resources covered

This policy covers all computing, networking, telephony and information resources procured through, operated or contracted by the University. Such resources include computing and networking systems including those that connect to the University telecommunications infrastructure, other computer hardware, software, data bases, support personnel and services, physical facilities, and communications systems and services.

Policy on access and acceptable use

Computing, networking, telephony and information resources at the University, including access to local, national and international networks, are available to support students, faculty and staff as they carry out the University's instructional, research, health care, administration and public service missions. Therefore, the University encourages and promotes the access and use of these resources by the University community. However, access and use which do not support the University mission are subject to regulation and restriction to insure that they do not interfere with this legitimate work. Any access and use of computing, networking, telephony and information resources must not interfere with the University's instructional, research, health care and public service missions and should be consistent with the person's educational, scholarly, research, service, operational or management activities within the University. Those who access and use University computing, networking, telephony and information resources are to take reasonable and necessary measures to safeguard the operating integrity of the systems and their accessibility by others, while acting to maintain a working environment conducive to carrying out the mission of the University efficiently and productively.

Responsibilities regarding system and resource use

Persons who access and use university computing, networking, telephony and information resources are responsible for:

  • respecting the rights of other individuals, including compliance with other university policies for students, faculty, and staff -- these rights include but are not limited to intellectual property, privacy, freedom from harassment, and academic freedom,
  • exercising caution when committing confidential information to electronic media given that the confidentiality and integrity of such material are difficult to ensure,
  • activity connected with the individual's assigned account,
  • using systems and resources in ways that do not interfere with or disrupt the normal operation of these systems, nor interfere with the access and use of these systems and resources by others allowed to do so,
  • protecting the security of access to University computing and networking systems and the confidentiality and integrity of information stored on University computing and networking systems,
  • knowing and obeying the specific policies established for the system and networks they access.
  • members of the University community with access to University electronic resources may not use these resources in a way that implies that the University is actually or implicitly espousing a particular view, or endorsing any person, organization, product, service or belief; similarly, they may not use the name, logos, facilities or resources of the University for any personal, commercial or similar purposes, or to participate in or intervene in (including the publishing or distribution of statements) any political campaign on behalf of, or in opposition to, any candidate for public office.

Under no circumstances, may individuals give others access to any system they do not administer, or exploit or fail to promptly report any security loopholes. Individuals must act to maintain a working environment conducive to carrying out the mission of the University efficiently and productively.

Individuals may not under any circumstances deliberately circumvent or attempt to circumvent data protection schemes or uninstall or disable any software installed by the university for the purpose of protecting the university from the intentional or unintentional disclosure of information.

Systems and network administration, and facilities management

Administrators of systems and networks have the responsibility to protect the rights of users, to set policies consistent with those rights, and to publicize these policies to their users. They have authority to control or to refuse access to anyone who violates these policies or threatens the rights of other users. They have the responsibility to notify those individuals affected by decisions they have made. Administrators of systems and networks are empowered to take reasonable steps necessary to preserve the availability and integrity of the system, to restore the integrity of the system in case of malfunction, abuse, virus, and other similar situations, and to protect the integrity of University data and other assets. These steps may include deactivating accounts, access codes or security clearances, stopping processes, deleting affected files, and disabling access to computing, networking, telephony, and information resources.

All devices deployed in the PCI environment must be documented listing Acceptable uses for the technology, Acceptable network locations for the technology, along with a list of company approved products. Additionally, all devices within the PCI environment must be labeled containing the owner, contact information, and purpose of the device.

Demand for computing, networking, telephony and information resources may occasionally exceed available resources. Priorities should be established for allocating such resources, giving a higher priority to activities that are more essential to the mission of the University.


Access to University computing resources is granted to ensure that all who use these resources are given sufficient access rights to fully perform their tasks without restriction, but no more. Please review the following policies for details of protecting information when accessing University computing resources:

  • Access Control Policy
  • Vendor Access to Internal Systems Policy
  • Password Standards

Appeal of an administrative decision

Individuals who disagree with an administrative decision may submit an appeal of the decision to the appropriate resource manager or systems administrator. From there, a student may submit an appeal to the Dean of Students, a faculty member through their department administration either to the Provost or to the Vice President for the Health Sciences, and a staff member through their management to the Vice President for Human Resources. Individuals must submit these appeals according to any rules and procedures issued by system administrators or component administrators.

Noncompliance and sanctions

Individual units within the University may define "conditions of acceptable use" for facilities and resources under their control. These statements must be consistent with this general policy but may provide additional detail, guidelines and restrictions. Such "conditions of acceptable use" should indicate the enforcement mechanism. Where no enforcement mechanisms exist, the procedures defined in the applicable University's standards of conduct, i.e., Student Handbook (students), Faculty Handbook (faculty), and Employee Handbook and Personnel Policies (staff), will apply. Where use of external networks is involved, policies governing such use also are applicable and require compliance by individuals using these networks, which include:

Acceptable use policies for these networks are available on the Internet. Disregarding policies and procedures concerning access and use of computing, networking, telephony and information resources may result in the denial or removal of access privileges by administrators of systems and networks, and may lead to disciplinary action under the applicable University's standards of conduct, as cited above. Additionally, such disregard may be referred to other authorities for civil litigation and criminal prosecution under applicable state and federal statutes.

Legal context for this policy

Regarding legal context, all existing laws (local, state and federal) and University policies, regulations and rules apply, including not only those laws, policies, regulations and rules that are specific to computers and networks, but also those that apply generally to personal conduct including Sexual Harassment: Faculty, Staff and Students.

Relationship of this policy with others

This policy supplements the Rights and Responsibilities for the Access and Use of University Computing, Networking, Telephony and Information Resources policies and the Access and Acceptable Use of Public Access Computing and Networking Facilities and Services. These policies are available and can be found on the Loyola University Chicago website. The University reserves the right to change the information, requirements and procedures announced in this policy. This policy will continue to be in effect until a further revision is required and promulgated. Consult the campus computing center or the appropriate system administrator for information on other policies, procedures or directives that supplement this policy.


  • September 4, 2009: Initial Policy
  • October 22, 2012: Corrected links
  • August 8, 2014: Add “Access” clause for PCI Compliance
  • October 13, 2014: Add PCI 3.0 labeling requirements
  • May 11, 2015: Annual review for PCI Compliance
  • April 21, 2016: Annual review for PCI Compliance
  • October 25, 2016: Changes to section "Responsibilities Regarding System and Resource Use" as Approved by President's Cabinet.
  • April 19, 2017: Annual review for PCI Compliance
  • July 10, 2018: Annual review for PCI Compliance
  • Aug 8, 2019: Annual review for PCi Compliance