Technology Services Board Quarterly Meeting March 14 2017
Technology Services Board Quarterly Meeting March 14, 2017 9: 00 a. m. – 12: 00 p. m. March 14, 2017
AGENDA TOPIC Welcome and opening remarks Staff Changes IT Safety Tip Policy Update Policy 188 - Accessibility Project Updates ECY – e. Time DOL – DRIVES DFW – WILD ESD - UTAB Strategic Priorities Work Plan Improving Project Outcomes o Objectives o Plan BREAK Enterprise Services Enterprise Active Directory (EAD) IP Address Management Starter for Time & Attendance Legislative Update IT Procurement SIEC Legislative Reports Biennial IT Spend Report (OFM) State Data Center Plan Biennial Report / Draft Strategic Plan Public Comment LEAD PURPOSE TIME Michael Cockrill Information 9: 00 Michael Cockrill Information 9: 05 Approval 9: 10 Discussion 9: 20 Discussion/Feedback 9: 40 Discussion 10: 40 10: 50 Rob St. John Connie Michener Information 11: 20 Rob St. John Sue Langen Information 11: 30 Rob St. John Sue Langen Rob St. John David Walddon Whitney Dickinson Rob St. John Consultants Rob St. John Sue Langen 11: 45 ADJOURN – 12: 00 noon March 14, 2017 2
Current TSB Members Industry Members Kris Kutchera – Alaska Airlines* Paul Moulton – Costco Legislative Members Sen. Mark Miloscia - Senate R Rep. Derek Stanford - House D Executive Branch (Agency Directors) Michael Cockrill – CIO & Chair Dave Danner – UTC Tracy Guerin - DRS Vikki Smith – DOR Other Government Bill Kehoe – CIO King County Jeff Paulsen – Labor Rep Blue – members present Black – members absent March 14, 2017 3
Policy Review Discussion / Approval Required March 14, 2017 4
Policy 188 – Accessibility Emergency changes to reduce risk 1. Remove additional waiver requirements (previous Section 3) 2. Remove requirement to track & publish non-compliance (Section 5) Move tracking to Guidelines Previous language protected from Depts. of Justice & Education, but created liability for tort actions. March 14, 2017 5
Project Updates Information March 14, 2017 6
Project Updates Projects • ECY – e. Time • DOL – DRIVES • DFW – WILD • ESD – UTAB March 14, 2017 7
Strategic Priorities Work Plan Discussion / Feedback March 14, 2017 8
Improving Project Outcomes Budget Align technology strategy & public policy IT strategy Portfolio Delivery Invest in the right things Execute & deliver outcomes Enterprise strategies Quality Assurance Risk / Severity Modern / Transform Triggers / major projects to TSB 4 -6 year projection Enterprise resource planning (ERP) Lessons learned Capital budget model March 14, 2017 People/skill Unified business identifier (UBI) Responsibility Humans Governance e. Gov IT budget pool Process Project / Program management (PMO) Technology Business Management (TBM) Taskforce 9 Done
Why is this a priority? OCIO Priorities FY 13 -15 OCIO Priorities FY 16 Top 5 1. IT Strategy 2. Policies & Standards 3. Project Outcomes 4. Enterprise Architecture 5. Investment Consultation Top 5 1. Project Outcomes 2. Enterprise Architecture 3. Investment Consultation 4. IT Strategy 5. Policies & Standards Other Priorities Security* Biz. Hub/Wa. BOS* Technology Business Mgmnt Open Data GIS Privacy* SIEC/First. Net March 14, 2017 OCIO Priorities FY 17 -19 Top 5 TBD Technology Business Mgmnt Open Data GIS SIEC/First. Net Security Privacy 10
Elements of Process Improvement • Identify Major Projects • Oversight Framework • Intervening for Success • Readiness for Go-Live March 14, 2017 11
Identification of Major Project Proposal: • Analyze the data collected in the pilot phase • Finalize tool for go-live • Set cut score for projects and major projects • Socialize/communicate changes and set expectations with community Situation: • Previous risk severity was based on older criteria and needed to be updated • Develop new IT Project Assessment Tool • Old and new have been run simultaneously for a pilot phase Target: Implement the new IT Project Assessment Tool Risk/Severity Calculator March 14, 2017 IT Project Assessment tool 12
Concept for Oversight Framework Procurement Transparency Dashboard Reporting Project Assessment Reporting Project Risk Assessment Negligible March 14, 2017 Low Moderate High 13 Oversight Strategies Technical Oversight Enterprise Architecture Alignment Project Oversight Risk Management Independent Verification & Validation Independent QA Transparency Levels of Oversight Stage Gating Financial Controls TSB Review
Concept for Oversight Framework Proposal: • Create definitions and triggers for the tiers within the updated approach • Allow for proactive oversight: Focus oversight resources and processes based on risk factors to achieve the greatest value Situation: • Current oversight methods and processes may not always apply resources and focus attention in the most appropriate fashion in a given situation or at the right time Target: • Clearly define oversight framework components • Begin process to match components to projects • Recommend changes to policy/procedures March 14, 2017 14
Intervening for Success Proposal: • Clearly define and socialize concepts and processes to set expectations that critical decisions and interventions at executive levels will occur when appropriate Situation: Governance intervention concept and processes • not clearly defined • not consistently applied Target: Governance intervention concept and processes • clearly defined and socialized • consistently applied • promote valuable executive level engagement in anticipation of critical conversations March 14, 2017 15
Readiness for Go-Live Proposal: • Identify and publish best practices for assessing project readiness to go-live • Socialize and set expectations with community Situation: • Agency maturity in making a go/no-go decision varies widely • These critical decisions should be discussed with the OCIO but there is no standard procedure or expectation published in policy or standard Target: Agencies apply a set of defined criteria for determining readiness and know how and when to involve the OCIO in this critical decision March 14, 2017 16
Elements of Process Improvement • Identify Major Projects • Oversight Framework • Intervening for Success • Readiness for Go-Live e n e rv e t In Monitor ht g i ers work v O e m a Fr March 14, 2017 Concept cts y f e i j nt Pro e Id jor Ma Plan Design / Procure Implement ss e n e i ad o-Liv e R G for 17 Conclude
Work Plan for Process Improvement Sep Report Out Aug Identification of Major Projects Iterate on Policy and Procedure May 1 Implement New Tool Sep Mar–Apr Aug Finalize Tool Communicate to Users Oversight Framework Intervention Readiness for Go-Live March 14, 2017 Jun Apr Complete Policy Work Complete Implementation Present Recommendations to TSB Establish Workgroup 18
Break March 14, 2017 19
Enterprise Services Discussion March 14, 2017 20
What is an Enterprise Service? Standard Data Process can be common Enterprise Service Cross agency March 14, 2017 21
Enterprise Service: Identity Management Purpose of action • Information only. Service established by CIO. • Single sign-on • Minimize cost and complexity • Improved security Key objectives Strategic alignment Designates Enterprise Active Directory and related services for use by state agencies. By extension, this includes administration of a single enterprise tenant in O 365 • Improve security posture • Leverage central services Implementation Success criteria • EAD was already state standard for SGN • Higher Ed excluded • Documents single 0365 tenant decision/direction March 14, 2017 Business case • Functioning governance • % agencies using EAD • % agencies in enterprise tenant 22
Enterprise Service: IP Address Management Purpose of action • Information only. CIO has approval authority • Foundation to enterprise approach • Reduces network management complexity • Reduces complexity of security monitoring Key objectives Strategic alignment • Create a contiguous block of IP addresses for use by state agencies to reduce complexity and associated cost as well as improve security capabilities • K-20 Network excluded Implementation • Implements with IPv 6 addresses • Agency blocks available now, 30+ agencies have already received ranges • Enterprise IPv 6 strategy to be developed soon March 14, 2017 Business case • Improve security posture • Operational efficiency Success criteria • % agencies using centrally managed block assignment • TBD on reporting on benefits of reduced complexity 23
Possible Enterprise Service: Employee Time & Attendance • Question asked & answered by TLA: NO • No single instance can meet cross-agency need without significant, highly impactful redesign to standardize on processes across the enterprise Should State deploy a single, enterprise solution? March 14, 2017 Should the state standardize on a single, common software solution? • Need to do the work to answer this question. • Working assumption is YES • Solution can be deployed as separate instance for individual agencies or groups of agencies with similar needs Where else can the state standardize for efficiency? • Need to do the work to answer this question • Working assumption is a qualified YES • Agencies would migrate over time and as they wish • Need justification for alternative investment • Integration layer and interfaces would be standardized regardless of solution • Standard ADFS protocols for SSO • Other areas TBD Must all agencies deploy this software? 24
Legislative Update Information March 14, 2017 25
Legislative Reports Information March 14, 2017 26
Public Comment March 14, 2017 27
- Slides: 27