FY13 Agency IT Planning Template by 1pqb6Z

VIEWS: 6 PAGES: 44

									                               Fiscal Year 2013
                            Agency IT Plan Template




                                 May 31, 2011


Strategic Planning Office

Department of Information Technology

505-476-1848
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan


Contents
About This Document - FY13 Agency IT Plan Template ............................................................ 6

FY13 Agency IT Planning Template ........................................................................................... 7

Executive Summary ................................................................................................................... 7

1. The Agency Context for IT Infrastructure and Operations....................................................... 7

   1.1 Agency Mission ................................................................................................................ 7

   1.2 Agency Description ........................................................................................................... 7

   1.3 Changes in Federal or State of New Mexico Requirements with IT Impact ....................... 7

   1.4 Agency IT Description of Services .................................................................................... 8

      1.4.1 Infrastructure Services ............................................................................................... 8

      1.4.2 Business Application Services.................................................................................... 8

   1.5 Agency IT Performance Measures.................................................................................... 9

   1.6 Agency IT Strategic Goals ................................................................................................ 9

      Agency IT Strategic Goal 1 ................................................................................................. 9

2. Agency Compliance with IT Consolidation ............................................................................11

   2.1 Agency IT Consolidation Accomplishments .....................................................................11

   2.2 Agency IT Consolidation Planning ...................................................................................11

   2. 3 Agency Co-located Servers and Agency Applications on Enterprise Servers .................11

   2.4 Hosting Exceptions ...........................................................................................................12

      2.4.1 Current Hosting Exceptions .......................................................................................12

      2.4.2 Anticipated Hosting Exceptions .................................................................................12

3. Agency Accomplishments and Planning................................................................................13

   3.1 Agency Major IT Accomplishments of FY12 IT Plan ........................................................13

   3.2 Agency Major IT Issues/Concerns within the Agency ......................................................13

   3.3 Agency Major IT Initiatives for Current Fiscal Year FY12 .................................................14

      3.3.1 Major Initiative List ....................................................................................................16



                                                 Page # 2         May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan

     3.3.2 List Current Year IT Projects > $100,000 ..................................................................17

  3.4 Agency Major IT Initiatives FY13 .....................................................................................17

     3.4.1 Major FY13 Initiative List ...........................................................................................18

     3.4.2 FY13 Projects ...........................................................................................................19

  3.5 Identification of joint funding opportunities .......................................................................19

4. Agency Applications, Legacy and New..................................................................................20

  4.1 Agency IT Business Application Portfolio .........................................................................20

  4.2 Planned Major Changes for Agency Application ..............................................................20

  4.3 Data Ownership and Sharing ...........................................................................................21

5. Management of IT Infrastructure and IT Assets.....................................................................21

  5.1 Asset Management Process ............................................................................................22

  5.2 Equipment and Software Refreshment Cycles and Policy ...............................................22

     5.2.1 IT Asset Refreshment Cycle Policy and Practice .......................................................22

     5.2.2 What Equipment and Software is anticipated to be refreshed in FY12-FY13? ...........23

  5.3 Data Storage ...................................................................................................................23

  5.4 Network ...........................................................................................................................24

     5.4.1 Network Diagrams.....................................................................................................24

  5.5 Security and reliability upgrades ......................................................................................25

     5.5.1 Security and Reliability Upgrades ..............................................................................25

  5.6 Cyber Security .................................................................................................................25

     5.6.1 Cyber Security Details ...............................................................................................25

  5.7 System Monitoring and Management Tools Inventory .....................................................27

     5.7.1 What system monitoring and management tools are used by the agency? ...............27

  5.8 IT Records Retention Plans .............................................................................................27

  5.9 Business Continuity .........................................................................................................28

     5.9.1 Business Continuity Program Scorecard ...................................................................28



                                                  Page # 3         May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan

6. IT Human Capital Management.............................................................................................30

  6.1 Agency IT staff makeup ...................................................................................................30

     6.1.1 Embedded HR Inventory spreadsheet.......................................................................30

  6.2 Staffing Gaps and recruitment – Specific skills related to gaps and hiring issues?...........30

  6.3 Agency IT Staff Training Plans ........................................................................................31

7. IT Business Management Areas ...........................................................................................31

  7.1 IT Service Management efforts- ITIL – Information Technology Infrastructure Library .....31

     7.1.1 ITIL Initiatives ............................................................................................................31

  7.2 IT Project Management ...................................................................................................32

     7.2.1 Project Management Organization ............................................................................32

  7.3 System and Solution Development Life Cycles ................................................................32

     7.3.1 Product Development Life Cycle ...............................................................................33

     7.3.2 Web Application Development and Production Platforms ..........................................33

  7.4 Business Partners and Vendors ......................................................................................33

     7.4.1 What topics would be useful to the agency in a program or workshop on improving
     vendor ................................................................................................................................33

8. IT Fiscal and Budget Management ........................................................................................34

  8.1 C1Form ...........................................................................................................................34

  8.2 Projected IT Projects: Capital, Special, Supplemental Form ............................................35

  Capital Improvement Project funding .........................................................................................35

  8.3 Request for Reauthorization of General Appropriations Act .............................................37

9. Enterprise Alignment - Agency IT planning related to State of New Mexico IT Strategic Plan38

  9.1 Government Services Portal for New Mexico’s Citizens and Businesses .........................38

     9.1.1 Potential Applications for New Mexico Constituent Portal..........................................38

  9.2 Agency Application Information Map................................................................................38

     9.2.1 Agency Applications for the Agency Application Information Roadmap .....................38

  9.3 Participation in Business Domain teams with other agencies...........................................39


                                                  Page # 4           May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan

     9.3.1 Line of Business Collaboration ..................................................................................39

     9.3.2 Social Services Architecture Activities – Only if This Applies! ....................................39

  9.4 Participation in Common Business Function Collaboration with other agencies ...............40

     9.4.1 Established Collaboration areas ................................................................................40

     9.4.2 Areas that the agency would like to collaborate on with other agencies ....................40

  9.5 Emerging Technology ......................................................................................................40

     9.5.1 Agency participation in or plans for emerging technology ..........................................40

Appendix A: Agency Information Application Map Entries ........................................................42

Appendix B: Current Agency Projects Not in Compliance ........................................................42




                                              Page # 5         May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan




About This Document - FY13 Agency IT Plan
Template

This document is the Agency IT Plan Template to be used for submitting the FY13 Agency IT
Plan required to be submitted September 1st, 2011. The Agency IT Plan Guidebook provides the
rationale, background and criteria the readers will be following in reading the completed Agency
IT Plan, and that the agency should be using in its planning for Information Technology.

DoIT Office of Strategic Planning analyzed the FY12 Agency IT Plans to develop a
comprehensive overview of the State of IT within New Mexico. As a result of the analysis, the
FY12 Agency IT Plan Compilations was published on DoIT’s website. This report can be
found at
http://www.doit.state.nm.us/docs/reports/FY12%20Agency%20IT%20Plan%20Compilation
s%20-%20Input%20to%20the%20Strategic%20Planning%20Process-dmedits.pdf.

It should be noted that for the FY13 Agency IT Plan process, the C2 Full Business Case
submission will be through a separate document or documents also due on September 1st.
There is also a C2 Business Case Guidebook.

Each submitted Agency IT Plan must be accompanied by the acknowledgement of key agency
leadership agreeing that the “document represents the history and planned information
technology-related activities for our agency. The elements of this plan, delivered through
information technology services, support the agency strategic plan and the State IT Strategic
Plan.” Instructions for a required agency signature page and the process for submission of all
required documents will be included in an FY13 Agency IT Planning Guidance FAQ to be
posted with the guidebooks and templates on the Department of Information Technology
website off the Oversight and Compliance page.

The FY13 Agency IT Plan must be submitted and signed by the Agency Cabinet Secretary. In
addition to the hard copy, please submit the Agency IT Plan as a MS Word document. PDF or
other type files will be rejected.

If there are any substantive changes, additions or removal of plan items by the agency an
Amendment Form must be submitted to the Department of Information Technology,
Project Oversight and Compliance Division.




                                   Page # 6    May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan




FY13 Agency IT Planning Template

Executive Summary
The executive summary should be no more than a page or two and should summarize all other
sections of your plan. Its concise length and summary format will enable the reader to quickly
understand what the agency plans to do with Information Technology. This should be no more
than one page long.

1. The Agency Context for IT Infrastructure and
Operations
1.1 Agency Mission
Briefly state the purpose of the agency including what the agency does, why it does it and for
whom.

1.2 Agency Description
Provide a brief narrative overview of the organization, including business programs, major
locations and number of employees within each program. Provide a current organization chart.

1.3 Changes in Federal or State of New Mexico Requirements with
IT Impact
List the changes in Federal or State of New Mexico requirements that will significantly impact
the agency use of IT and IT applications.

Federal or State of New          Impact
Mexico Initiative, statutory
mandates or regulatory
compliance change




                                   Page # 7    May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan

1.4 Agency IT Description of Services
List the range of services the IT organization provides to the agency and/or to other agencies:
Include the services the agency provides for smaller boards, commissions, or other agencies.

1.4.1 Infrastructure Services
List the range of infrastructure services the IT organization provides to the agency and/or to
other agencies: Include the services the agency provides for smaller boards, commissions, or
other agencies

IT Service       Delivered by      Delivered to     # of Users       # of Users
                 which section     which            Impacted         Impacted
                 of the agency     Division(s) or   Internally       External
                 IT unit           Bureau(s)




1.4.2 Business Application Services
List the range of business application services the IT organization provides to the agency and/or
to other agencies: Include the services the agency provides for smaller boards, commissions, or
other agencies

IT Service       Delivered by      Delivered to     # of Users       # of Users
                 which section     which            Impacted         Impacted
                 of the agency     Division(s) or   Internally       External
                 IT unit           Bureau(s)




                                   Page # 8     May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan

1.5 Agency IT Performance Measures
What Performance Measures or Metrics exist for IT services delivery to the Agency? Items in
table are for illustration purposes only.



IT Area                  Objective               IT Performance            Target
                                                 Measure

Infrastructure           Network Availability       Percent of total
                                                  scheduled time the
                                                                                    %
                                                 network is available to
                                                   department users.

                         Server Availability     Percent of total
                                                 scheduled time
                                                 mission critical                   %
                                                 servers are available
                                                 to department users.

Specific Application     Meet the agency
                                                                                    %
                         mandate




1.6 Agency IT Strategic Goals

Use a separate table/form for each Strategic Goal.

Agency IT Strategic Goal 1
Present the agency’s key strategic IT goals using the format below. The goal should be tied to
the agency strategic planning and also the State of New Mexico IT Strategic Plan. Include
funding information and list outcomes by target year.

Please use this table without modifications.



IT Goal, Objectives, and Strategies Worksheet
    Agency
     Name:




                                     Page # 9   May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan

IT Strategic Goal

       Goal:
Identify the agency primary goal, or strategy this IT strategic goal supports.

  Agency Goal, or
            strategy
 State IT Strategic
                Plan
Initiative/Strategy
     that supports
        this agency
     strategic goal
Budget and Source of Funds – Appropriation requests and base budgets

               FY12                                     FY13

Budget in $
 Source of
    Funds
What is to be accomplished - what  the agency           When is the outcome to be accomplished –
proposes to buy, build or update, or service to be      identify the fiscal year of the expected
                                                        outcome.
improved.
Outcome 1

Outcome 2

Outcome 3

Outcome 4




                                    Page # 10     May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan


2. Agency Compliance with IT Consolidation
2.1 Agency IT Consolidation Accomplishments
List below the specifics of the agency FY12 IT consolidation activities

Agency FY12IT Consolidation Plan Items            Agency FY12 IT Consolidation
                                                  Accomplishments by Item




2.2 Agency IT Consolidation Planning
List below the specifics of the agency IT consolidation planned activities beyond FY13.



Agency Consolidation Planning Items               Target Completion Dates




2. 3 Agency Co-located Servers and Agency Applications on
Enterprise Servers
List below the cumulative totals of servers and applications that fit the descriptions below and
indicate the cumulative totals achieved since the Governor’s Office Directive. The servers are
defined as hardware not virtual.

   Servers and Applications                                               Total        Number
                                                                          Number       Since
                                                                                       Governor’s
                                                                                       Office
                                                                                       Directive

   Number of co-located servers at the State of New Mexico
   Enterprise Center




                                   Page # 11     May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan

   Servers and Applications                                            Total          Number
                                                                       Number         Since
                                                                                      Governor’s
                                                                                      Office
                                                                                      Directive

   Number of agency applications residing on State of New
   Mexico enterprise servers

   Number of co-located servers replaced by moving application
   to enterprise servers



2.4 Hosting Exceptions
2.4.1 Current Hosting Exceptions
List any and all hosting exceptions, these include hosting out of the State of New Mexico’s
Enterprise Data Center, Out-of-State hosting of Applications.



Application          Location of      Exception Letter     Exception            Dollar amount of
                     Application      Dated                Expiration Date      Out-of-State
                     Hosting                                                    Enterprise Data
                                                                                Center Hosting
                                                                                Contract




2.4.2 Anticipated Hosting Exceptions
List any and all anticipated hosting exceptions, these include hosting out of the State of New
Mexico’s Enterprise Data Center, Out-of-State hosting of Applications.

Application          Location of      Expected reason for requesting an         Dollar amount of
                     Application      exception                                 Out-of-State
                     Hosting                                                    Enterprise Data
                                                                                Center Hosting
                                                                                Contract




                                   Page # 12    May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan




3. Agency Accomplishments and Planning

3.1 Agency Major IT Accomplishments of FY12 IT Plan
Using the table below provide a brief description of the agency’s previous year’s initiatives
including accomplishments, and expenditures. Include what the agency bought, built or
updated to the IT environment and what progress was made on major projects.

.

Accomplishment Actual                 What agency bought,        Impact of Accomplishment
against FY11   Expenditures           built, or updated.
initiatives    and Funding
               Source(s)




3.2 Agency Major IT Issues/Concerns within the Agency

Using the table below indicate areas of issues and concerns for the agency on a scale of 1-10.
Provide a brief description of the agency’s efforts to deal with the issue or concern. Add any
other specific agency Major IT Issues or concerns not covered in the table below.



                                   Page # 13     May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan

Issues and Concerns             Rating for     Agency efforts to address or mitigate this issue or
                                agency -1 to   concern
                                10 with 10
                                being of
                                greatest
                                importance

Budget

Retaining Skilled IT
Professionals

Replacing – Hiring Skilled IT
professionals

Equipment Replacement

IT Training

Network Performance

Desktop Support

Agency Specific Application
Maintenance and Support

Agency Specific Legacy
Application upgrade or
replacement

Security

Managing electronic records

Business Continuity, Disaster
Recovery

Storage Management

Other -


3.3 Agency Major IT Initiatives for Current Fiscal Year FY12

The FY12 Major Initiative List is formatted in landscape legal size paper to allow for
responses to a list of criteria.



                                 Page # 14     May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan




                              Page # 15   May 19, 2012
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT Plan




3.3.1 Major Initiative List
Provide a brief description of FY12 IT initiatives, appropriations, and expenditures. Include what the agency proposes to buy, build or update with regard to IT projects, and what
progress will be made on major projects. Provide projected spending levels and describe how these expenditures will assist the agency in achieving its overall mission, goals,
and objectives

Major         Relationship of this   Impact to the           Impact to the        Appropriations/Base What the           If this is a         If this is a    Describe the
Initiative    initiative to the      Agency if               Agency if not        Budget Allocated for agency            certified project,   multi-year      critical success
              Strategic Goals of     Accomplished. What      Accomplished –       FY12.                proposes to       what phase is the    project what    factors for this
              section 1.6 What       Business                what risks are                            buy, build or     project in now       will be         Initiative:
              agency or state        requirement or          associated with                           update            and what are the     accomplished
              strategic goal(s)      business problem is     this effort?                                                project’s            in FY12.
              does this initiative   to be addressed?                                                                    certifications and
              address.                                                                                                   phase target
                                                                                                                         dates?




                                                                         Page # 16     5/19/2012 9:53 PM
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan




3.3.2 List Current Year IT Projects > $100,000


   Project Name            Appropriation       Current Certification     Amount expended
                         History ($/Source)          Phase                as of this Plan




3.4 Agency Major IT Initiatives FY13

The FY13 Major Initiative list is formatted in landscape legal size paper to allow for
responses to a list of criteria.




                              Page # 17     5/19/2012 9:53 PM
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT Plan




3.4.1 Major FY13 Initiative List
Provide a brief description of the agency’s FY13 IT initiatives, appropriations, and expenditures. Include what the agency proposes to buy, build or update with regard to IT
projects, and what progress will be made on major projects. Provide projected spending levels and describe how these expenditures will assist the agency in achieving its overall
mission, goals, and objectives. .



Major         Relationship of this      Impact to the         Impact to the      Appropriations/Base What the           If this is a         If this is a   Describe the
Initiative    Major initiative to the   Agency if             Agency if not      Budget Allocated for agency            certified project,   multi-year     critical success
              Strategic goals of        Accomplished. What    Accomplished –     FY13.                proposes to       what phase is the    project what   factors for this
              section 1.6 What          Business              what risks are                          buy, build or     project in now       will be        initiative:
              agency or state           requirement or        associated with                         update            and what are the     accomplished
              strategic goal(s)         business problem is   this effort?                                              project’s            in FY13.
              does this initiative      to be addressed?                                                                certifications and
              address.                                                                                                  phase target
                                                                                                                        dates?




                                                                         Page # 18   5/19/2012 9:53 PM
FY13 Agency IT Planning Template - Replace this header with FY13 [Agency Name] IT
Plan




3.4.2 FY13 Projects

3.4.2.1 List proposed FY13 Projects including multi-year projects that will extend
beyond FY13:
                                                                           Funding Amount
Project
                 Project Purpose            Stakeholders
Name                                                          (Include proposed source: Base, CSEF, Spec., Supp.,
                                                                      Grant, etc. as well as GF,FF, or OSF)




3.4.2.2 Compliance Spreadsheets
A compliance spreadsheet is mandatory for all proposed IT projects >$100K .Each proposed
FY13 project, regardless of funding source, must have an accompanying completed
Compliance Spreadsheet. All items on the spreadsheet must be checked off for a new project
to receive consideration. If all proposed projects are to be in compliance then only one
compliance spreadsheet needs to be submitted with the name of the project being “All”. If the
agency is unable to check a box and serious steps are in process to satisfy the requirement,
attach a written explanation.

For base budget projects, the compliance spreadsheet(s) should be placed in Appendix
B of the Agency IT plan.

The compliance spreadsheet should be included in the business case for projects for which
funding is requested. Guidebook and Full Business Case Template.

3.5 Identification of joint funding opportunities
List below any possible joint funding opportunities that the agency might be or wish to be
planning with other agencies or other funding sources that could be working on a more
enterprise level:

Potential Application, Services or Process        Potential partners




                                Page # 19     5/19/2012 9:53 PM
Potential Application, Services or Process       Potential partners




4. Agency Applications, Legacy and New
4.1 Agency IT Business Application Portfolio
A new State of New Mexico Agency IT Application Portfolio web database has been established
and has been pre-populated with entries for each agency. Among the sources used to pre-
populate the database are the FY11 and FY12 Agency IT Plans, The Business Continuity-
Disaster Recovery survey and data submitted in the FY12IT Inventory.

Before September 1st, 2010 each reporting agency is required to review the pre-populated
entries for accuracy and to provide more thorough information.



        Confirmation of Agency Review and Update of Agency IT Portfolio Entries

[Name of Agency]        has/has not reviewed and updated its Agency IT Application entries in
the State of New Mexico Agency IT Application Portfolio.




4.2 Planned Major Changes for Agency Application
List and describe major changes planned for agency applications such as retirement,
replacement of legacy applications, eliminations/consolidations, upgrades and updates and
Identified gaps in coverage. is repeated.



Application      Constituents      Brief             Major            Part of a    FY12 or
Name             Served            Description       Changes          Certified    FY13 or
                                                                      Project?     Both




                                 Page # 20     May 19, 2012
Application          Constituents      Brief            Major           Part of a     FY12 or
Name                 Served            Description      Changes         Certified     FY13 or
                                                                        Project?      Both




4.3 Data Ownership and Sharing
In the table below Identify existing sharing initiatives and opportunities to share data in common
with other agency/government or non-profit entities: common customers and shared resources,
including how and with which federal or state agency partners, databases are shared. Identify
duplicate data, redundant resources, and potential benefits of improved inter-agency data
sharing. List initiatives already in place or contemplated

Sharing Initiative                  Collaborating Agencies         Accomplishments




5. Management of IT Infrastructure and IT Assets
From a management perspective, describe the status of the agency IT infrastructure and the
goals for the infrastructure. The infrastructure includes the computers, communications,
software products, databases, and production applications used to support agency operations.
Focus on how agency management will ensure that these state assets are maintained and
improved.

Separate instructions will be issued about the IT Inventory collection process on the
Department of Information Technology Website under Oversight and Compliance-Agency
IT Plan Guidance.

                         Confirmation of Update of Agency IT Inventory

[Name of Agency]        has/has not reviewed and updated its Agency IT Inventory entries in
the State of New Mexico Agency IT Inventory Asset Management Program.




                                     Page # 21    May 19, 2012
5.1 Asset Management Process
Along with the State of New Mexico Enterprise IT Asset Management automated solution, each
agency must compile a list of IT assets and submit it to the Department of Information
Technology.

Describe the agency’s approach to technology asset management. Indicate if automated tools
are used to discover, track, or manage asset use and status information. Technology assets
include hardware, software, licenses and service contracts. Include a description of how the
assets or the list of assets are updated and reconciled with existing data.



    Asset Inventory Process                             Responses


 Percent of information technology assets
 inventoried and managed through an automated
 asset management system


 Process used to inventory and manage IT assets,
 or name of tool(s) used




5.2 Equipment and Software Refreshment Cycles and Policy
5.2.1 IT Asset Refreshment Cycle Policy and Practice
In the IT planning and budgeting process, include which policies, practices or goals the agency
follows for equipment refreshing. Each agency has equipment and software refresh policies
specific to the agency. Due to budgetary constraints, agencies have been forced to increase
such refresh cycles. Include the agency’s current refresh cycle policy.




Type of IT Asset                Refreshment Cycle Policy, practice or goal




                                  Page # 22     May 19, 2012
Desktop

Servers

Storage

Network



5.2.2 What Equipment and Software is anticipated to be refreshed in FY12-
FY13?
List by type of asset equipment/software the approximate dollar amount to be refreshed either
this or next fiscal year.

Type of IT Asset        Description                            FY12 or FY13 or Both

Desktop

Servers

Storage

Network




5.3 Data Storage
List terabytes of data stored at agency’s locations and at Enterprise Data Center (disk, tape,
and optical storage).

Type of Storage         Gigabytes/Terabytes stored at agency       Gigabytes/Terabytes stored at
                                                                   the Enterprise Data Center

Tier 1 Disk – faster
and more expensive
disk drives for
quicker access of
regularly used data
or transactions.

Tier 2 Disk - slower,
more economical
disk drives used for
less regularly
accessed data, or



                                      Page # 23   May 19, 2012
Type of Storage        Gigabytes/Terabytes stored at agency         Gigabytes/Terabytes stored at
                                                                    the Enterprise Data Center

less often changed
data.

Optical Disk - used
for archiving
function where data
must be kept on-
hand.

Tape - used for
back-up and
recovery functions,
including offsite
storage.



5.4 Network
5.4.1 Network Diagrams

5.4.1 Network Diagrams
Each agency shall maintain an agency network/systems diagram, supported by detailed diagrams
identifying the underlying structures of its computer/systems network. At a minimum, the information
below should be included within the agency’s network/system diagram. This year, Agencies will not be
required to turn into the DoIT a copy of this information. This information should be kept current
throughout the year, and be available, as appropriate, for review.

Note that during FY12, the DoIT, in conjunction with CIO’s and other IT Leaders in the State, will
review and realign the current Architectural standards and requirements with current emerging
best practices and State needs.

 Agency/Department IT Contact Person(s)

 Name:

 Desk Number:

 Cell Number:

 Email address:

                                                  If yes, IT Contact Person(s)
 Agency/Department after hours support


                                   Page # 24     May 19, 2012
Y/N

 On what devices:                                Name:

Networks:                                        Desk Number:

Systems:                                         Cell Number:

                                                 Email address:

Topology Map (all layers) for agency including Security:

DOIT/Agency Dmarc

IP Subnets (Public and Private)

Default gateway/s

Locations of routers and firewalls




5.5 Security and reliability upgrades
5.5.1 Security and Reliability Upgrades
 As a result of the Department of Information Technology Security Policy/Rule and other agency
planning, what security and reliability upgrades are anticipated by the agency?



Area                                              Initiatives, Operations, Issues

Firewalls

Remote Access

Wireless Network Access Points (Wi-Fi)

Intrusion Detection/Prevention Systems




5.6 Cyber Security
5.6.1 Cyber Security Details
Each agency shall maintain an agency a Cyber Security policy. This year, Agencies will not be
required to turn into the DoIT a copy of this information. This information should be kept current
throughout the year, and be available, as appropriate, for review.


                                     Page # 25   May 19, 2012
Note that during FY12, the DoIT, in conjunction with CIO’s and other IT Leaders in the State, will
review and realign the current Cyber Security standards and requirements with current emerging
best practices and State needs.



     Security Required Documentation to be submitted to DoIT
     Agency Name:
1    Agency security policy

2    Edged firewall configuration/policy

3    Firewall between DOIT and agency Y/N

4    Firewall type/model:

5    Owned by (DOIT/agency/other?):

6    Intrusion detection/prevention configuration/policy

     Questions

1    Has agency conducted a full security posture assessment (not sampling)? If yes
     submit results.

2    Has agency conducted an application and web security assessment? If yes, submit
     results.

3    Has agency implemented both inbound and outbound firewall policies?

4    Are intrusion detection and/or prevention systems used on the network? If yes, make
     and model.

5    Does agency have central log server or syslog server to collect logs/events from all
     network, security and sever devices? If yes, make and model.

6    Is the network regularly monitored to establish normal usage patterns?

7    Are configuration modifications to all servers logged?

8    Are configuration modifications to all routers and switches logged?

9    Are configuration modifications to all firewalls and intrusion detection systems
     logged?

10   Does agency have wireless network access? If yes, make and model.

11   If wireless technology is used, are the shared encryption keys rotated regularly?

12   Is a wireless analyzer periodically run to identify any unauthorized wireless devices



                                         Page # 26       May 19, 2012
     that may have been connected to the network?

13   Does agency use any type of VPN/remote access? If yes, describe.

14   Does agency use a secondary Internet connection? If yes, describe.

15   Is all security equipment required to meet minimum security standards before it is
     connected to the network?

16   Are web filters used to restrict access inappropriate websites?

17   Are web filters used to restrict confidential information from being uploaded to web-
     based email applications?

18   Are all employees given periodic training on security policies?




5.7 System Monitoring and Management Tools Inventory
5.7.1 What system monitoring and management tools are used by the agency?
This question is being asked to be able to provide feedback to all state agencies as to what
tools are being used across the agencies.

Vendor                            Product                            Function




5.8 IT Records Retention Plans
Public records that are created, maintained and stored in an electronic environment are subject
to records retention requirements established in statute (NMSA 1978), administrative law
(NMAC) or through policy (Internet/Email). Electronic public records must be managed for the
entire lifecycle of the record from creation to final disposition. Provide a brief description of how
your agency is achieving each step listed below.




                                    Page # 27     May 19, 2012
          Written retention policy directives for the use and management of email.

          Standard operating procedures for the capture, storage, and disposition of web-content
           that meets the definition of a public record.

          Standard operating procedures for storage, retrieval, access, security, and disposition of
           electronic data residing in systems that meets the definition of a public record
           (regardless of whether it is exempt from public disclosure).

          Procedures or guidelines for implementing records retention periods identified in general
           and executive records retention and disposition schedules.

          Procedures for securing electronic records from tampering or deletion if warranted by
           litigation, audit, etc.

          Policies and procedures for identifying and protecting records deemed essential for
           continuity of mission-critical business operations.

          Compliance assessment initiatives to monitor, audit, and enforce records management
           policies and procedures.




5.9 Business Continuity
Briefly describe your agency’s Business Continuity Program. If your agency has conducted
testing of your Business Continuity Plan or Disaster Recovery Plan provide a narrative on the
results of the tests. Include any lessons learned and modifications to your plans that resulted
from the tests. The Business Continuity Program Scorecard must also be completed.

For specific questions regarding this Business Continuity Program Scorecard contact the
Business Continuity office: 1-505-476-1892



5.9.1 Business Continuity Program Scorecard
                                                                                                   Requires
                                                                                      Date to be   Additional
        Business Continuity Program Scorecard                                         Completed    Services to
#       Agency Name :                                                   Yes   No       YY-MM       Complete
1       Does your agency currently have a Business Continuity
        (BC) Program?

2       Does your agency currently have a Business Continuity Plan
        (BCP) in place?

3       If #2 is YES, has your agency reviewed and updated the BC




                                          Page # 28   May 19, 2012
                                                                                           Requires
                                                                              Date to be   Additional
     Business Continuity Program Scorecard                                    Completed    Services to
#    Agency Name :                                                 Yes   No    YY-MM       Complete
     Plan within the last year?

4    If #2 is NO, is your agency currently in the process of
     developing a BC Plan?

5    If #2 is YES, Does your agency BC Plan include a Continuity
     of Operations Plan (COOP)?

6    If #2 is YES, Does your agency BC Plan include a Disaster
     Recovery (DR) Plan?

7    If #2 is YES, does your agency BC Plan include a
     Communication Plan?

8    If #2 is YES, does your agency BC Plan include a Risk
     Management Plan?

9    If #2 is YES, does your agency BC Plan include a
     Resumption of Service Plan?

10   If #2 is YES, does your agency BC Plan include a Return to
     Normal Operations Plan?

11   If #2 is YES, has your agency tested your BCP?

12   Has your agency conducted a Threat and Risk
     Assessment?

13   Has your agency conducted a Business Impact Analysis
     (BIA)?

14   Does your agency have a BC/DR Management policy?

15   If #6 is YES, has your agency reviewed and updated the DR
     Plan within the last year?

16   If #6 is YES, has your agency completed a structured walk-
     through (table top) DR test?

17   If #6 is YES, has your agency completed a checklist DR
     test?

18   If #6 is YES, has your agency completed a simulation DR
     test?




                                       Page # 29   May 19, 2012
                                                                                                Requires
                                                                                   Date to be   Additional
     Business Continuity Program Scorecard                                         Completed    Services to
#    Agency Name :                                                     Yes   No     YY-MM       Complete
19   If #6 is YES, has your agency completed a parallel DR test?

20   If #6 is YES, has your agency completed a full interruption
     DR test?

21   Is your agency BC Plan dependent on DoIT?

22   If so what is DoIT’s role in your plan?




6. IT Human Capital Management
6.1 Agency IT staff makeup



6.1.1 Embedded HR Inventory spreadsheet


Complete the embedded HR Inventory spreadsheet, and re-embed the completed spreadsheet
under this item 6.1.1 Consider saving spreadsheet separately as well.




 HR Inventory.xls




6.2 Staffing Gaps and recruitment – Specific skills related to gaps
and hiring issues?
Identify specific skill sets that represent staffing gaps and recruitment issues



                                       Page # 30   May 19, 2012
Specific Skill Set               Gap Impacts                       Mitigation Steps if any

Example: Data Base               Inability to install updates      Options: Delay updates or hire
administration                                                     a contractor




6.3 Agency IT Staff Training Plans
DoIT has a Training Center that offers excellence in IT education and has provided several
courses to agencies at an efficient cost and effective manner. In the effort to assist agencies
with their training requirements, DoIT is requesting agencies to define specific training needs by
completing the training table below.



IT Training Area         Typical IT Training        Number of Staff to be    Typical Individual
                         Provider                   Trained                  Cost of Training




7. IT Business Management Areas
7.1 IT Service Management efforts- ITIL – Information
Technology Infrastructure Library
7.1.1 ITIL Initiatives
What Initiatives is the Agency IT planning and taking to structure and improve IT Service
Delivery? The table below has a few examples.



                                   Page # 31     May 19, 2012
Initiative                                       Specific Agency Activity

ITIL Training

Change Management Processes

Service Catalog

Help Desk




7.2 IT Project Management
7.2.1 Project Management Organization
 Provide responses to the following questions about project management in the agency.

Question                                         Response

Does agency have an active project
management office?

Number of State of New Mexico Employees
serving as project managers

Number of State of New Mexico Employees
holding certification as project managers

Number of Contractors serving as project
managers

Does agency has an online Project
Management tracking application

What does agency use for tracking projects,
individual project spreadsheets, and project
management application?


7.3 System and Solution Development Life Cycles
The State of New Mexico IT Strategic Plan sets forth the requirement for agencies to follow a
proven standard for project implementation and the project certification process calls for
agencies to detail their product development life cycle.




                                  Page # 32     May 19, 2012
7.3.1 Product Development Life Cycle
What is the typical product development life cycle followed by the agency and what is the
maturity level of the agency in following this model?




Typical product development life cycle(s)         What is the maturity level of the agency in this
followed by the agency                            model?




7.3.2 Web Application Development and Production Platforms

7.3.2.1 Web Application Platforms
To enable standardization statewide for web application platforms, list those in use in the
agency.

Web Application Platforms Used By The             Comments
Agency




7.4 Business Partners and Vendors
7.4.1 What topics would be useful to the agency in a program or workshop on
improving vendor or supplier management?
Topic                                             Outcome Expectation

Example: Contract Management                      Write more effective IT contracts


Example: Delivery Management                      More effectively manage project deliverables




                                   Page # 33     May 19, 2012
    Topic                                               Outcome Expectation

    Example: Negotiation Skills                         More effectively manage vendor project staff
                                                        quality and productivity




    8. IT Fiscal and Budget Management
    8.1 C1Form
    The C1 form is used to present a picture of the agency’s base operating budget that includes
    recurring costs and expenditures to support operational information technology that is integral to
    an agency’s mission or operations as well as operational components of systems. This should
    include normal hardware replacement costs, standard software upgrades and/or normal
    contractual obligations related to software/hardware maintenance for the coming fiscal year.
    See DFA’s Appropriation Request Instructions for Base Operating Budget instructions. Note
    that this is strictly for information purposes only.




                                           Information Technology
                                            Base Operating Budget
                                         Informational Purposes Only
Agency Name:                                                                      Agency Code:
                              Base Request Operational Support of IT
Appropriation Funding Type:   Please check one of the options below:
                                           Flat Budget           or    Expansion from previous year
                                Revenue IT Base Budget (dollars in thousands)
                               FY10 & Prior    FY11 Actual FY12 OpBud              FY13          FY14 Estimate
                                                                                  Request
General Fund



                                       Page # 34       May 19, 2012
Other State Funds
ISF/IAT

Federal Funds
Total                            0.0               0.0              0.0             0.0           0.0
                                    Expenditure Categories (dollars in thousands)
Category or Account               FY10 & Prior         FY11         FY12 OpBud         FY13         FY14 Estimate
Description                           Actual           Actual                         Request
Personal Services & Employee
Benefits
Contractual & Professional
Services
IT Other Services
Other Financing Uses
Total                             0.0              0.0            0.0               0.0           0.0
                          Agency Cabinet           CIO or IT Lead                   Budget Director
                  Secretary/Director (mandatory)   (mandatory)                      (mandatory)
Print Name
Signature
Phone
Date
Email address

    8.2 Projected IT Projects: Capital, Special, Supplemental Form
    Capital Improvement Project funding
    The purpose of Capital Improvement Project funding is for non-recurring one-time funding for
    purposes with an anticipated useful life of more than seven (7) years and costing more than
    $50K. IT facility or hardware infrastructure should be requested through the Capital
    Improvement process. Please see DFA’s Appropriation Request Instructions for Capital
    Improvement Project funding. Please note that this is strictly for information purposes
    only.

    Special Funding

    The purpose of special funding is for one-time, non-recurring projects or items of expenditure for
    information technology. These are stand-alone requests that are not reflected in the agency’s
    operating budget request. Please see DFA’s Appropriation Request Instructions for Special
    funding. Please note that this is strictly for information purposes only.

    Supplemental Funding
    The purpose of Supplemental funding is for non-recurring, current fiscal year items that are not
    covered in an agency’s base budget. Please see DFA’s Appropriation Request Instructions for
    Supplemental funding. Note that this is strictly for information purposes only.




                                          Page # 35      May 19, 2012
Agency                                                            Agency
Name                                                              3 digit
                                                                  Code
Project      Funding Type    Anticipated      Anticipated Funding FY12       FY13     Project
Name         (Capital,       Start Date       End Date    Source                      Total
             Special, or
             Supplemental)




                     Agency Cabinet              CIO or IT Lead     Budget Director
             Secretary/Director (mandatory)       (mandatory)        (mandatory
Print Name
Signature
Date
Phone
Email




                                  Page # 36     May 19, 2012
        8.3 Request for Reauthorization of General Appropriations Act

        As part of any information technology project, there can be delays that would necessitate
        requesting an extension of time to use finances allocated to a specific project. Requesting such
        an extension is known as “Reauthorization” of a previous year’s appropriation. When an
        agency is requesting a Reauthorization, specific information is needed to assist DFA, DoIT, and
        LFC with this process.

        This year a Reauthorization form is included with the FY13 Agency IT Plan and Funding
        Request Guide. Please see DFA’s Appropriation Request Instructions for Reauthorization.

        Note that this is strictly for information purposes only.


                                             Information Technology
                             Request for Reauthorization of General Appropriations Act
                                                IT appropriations
Agency                                                        Lead agency name listed
Name:           Agency Code:                                  on the appropriation               Project Name:
Enter
Agency
Name Here       Enter Agency Code                                    Enter Lead Agency Here          Enter Project Name Here
                                                                                                     Appropriation    Remaini
                Source of Authorization                                                                Amount            ng
                (i.e. Laws of 2008, Section 7, Subsection 12 or Grant/FF#)                                            Balance
Laws of
                Enter Source of Appropriations                                                   0                   0
2008




Other           Enter Source of Appropriations                                                   0                   0
Total
amount
appropriated
for project
life (in                                                               Will the project be completed within the      Yes
thousands)                               0                             next fiscal year?                             No

Reason          Enter Reason For Requesting Re-authorization




                                                 Page # 37      May 19, 2012
9. Enterprise Alignment - Agency IT planning related
to State of New Mexico IT Strategic Plan
This section asks the agency to provide feedback on specific State of New Mexico IT Strategic
Plan initiatives so that Department of Information Technology’s office of strategic planning might
be better able to guide the fulfillment of these initiatives.




9.1 Government Services Portal for New Mexico’s Citizens and
Businesses
9.1.1 Potential Applications for New Mexico Constituent Portal
Identify customer service facing applications that could be links in a New Mexico Constituent
Portal

Application                        Specific Service              Identify area: Health and
                                   Provided                      Human Services, Education,
                                                                 Government and Business
                                                                 Services, State of New Mexico
                                                                 Resources, Government
                                                                 Information Access




9.2 Agency Application Information Map
9.2.1 Agency Applications for the Agency Application Information Roadmap
Identify the top five to ten key agency business applications that should be included in a State of
New Mexico Agency Application Information Map. Include high level description of Application,
Constituent served, Service to the State of New Mexico, Data collected and analyzed.

In Appendix A provide a narrative description of these applications including appropriate
graphics. (See FY2010-FY2013 State of New Mexico Information Technology Strategic Plan
Appendix 1 for examples.)



Application         Constituents        Service provided    Data Collected       Line of Business
                    Served                                  and Analyzed




                                   Page # 38     May 19, 2012
Application         Constituents        Service provided     Data Collected      Line of Business
                    Served                                   and Analyzed




 9.3 Participation in Business Domain teams with other agencies
9.3.1 Line of Business Collaboration
In the table below identify the agency’s business domain and any activity or collaboration with
other agencies in that line of business.

Line of Business – Constituent Services,           Activity or Collaboration
Justice, Education, Resource Management,
Government Operations




9.3.2 Social Services Architecture Activities – Only if This Applies!

9.3.2.1 Social Services Architecture Activities
In 2005 the Social Services Architecture was established with participating state agencies,
identify any activities or collaboration the agency has been or is currently involved with under
this architecture

Social Services Architecture activities            Activity or Collaboration




                                   Page # 39     May 19, 2012
9.4 Participation in Common Business Function Collaboration
with other agencies
9.4.1 Established Collaboration areas
List any participation in established collaboration areas such as GIS or ECM.

Collaborative Initiative         Collaborating Agencies            Accomplishments

GIS?

Electronic Content Management?




9.4.2 Areas that the agency would like to collaborate on with other agencies
List collaboration areas that the agency would like to participate in with other agencies

Collaborative Initiative         Possible Collaborating            Possible Accomplishments
                                 Agencies




9.5 Emerging Technology
9.5.1 Agency participation in or plans for emerging technology
Which if any of the following preliminary list of emerging technology is being planned by the
agency and which is in use by the agency? Add to the table list other emerging technologies
the agency is planning or using.



Emerging Technology                 Planned                          In use

Virtualization

Virtual Desktop

Web conferencing

Collaborative Web Content
Management – SharePoint




                                   Page # 40     May 19, 2012
Mobile Workforce

Voice over Internet Protocol

Social Media/Networking

Cloud Computing

Thin Client Computing

Other…




                               Page # 41   May 19, 2012
Appendix A: Agency Information Application Map
Entries
Appendix B: Current Agency Projects Not in
Compliance
List of Agency Projects not in compliance and for which there is a separately numbered
compliance spreadsheet in this appendix.

Project                             Phase or Status                     Estimated cost of Project




1. Compliance Spreadsheet: Agency and Project Identification

         Lead Agency Name: ________________________ Agency Code:             ____________________

         Project Name(s)1:     ________________________Contact Person: ____________________

         Contract Person: ___________________________Contact Phone Number: _______________

                                                            Investment Protection: Business Continuance &
           Compliance with IT Consolidation                            Disaster Recovery Plans

       IT functions of the project have been or will           Project is or will actively address
       be reviewed by the agency CIO or IT Lead                security and data integrity issues.
       to minimize duplication and redundancy.

       This project reports to or will report to a             Project is or will actively address
       Secretary or Director who is a single point             disaster recovery and business
       of accountability for IT within the agency.             continuance issues and records
                                                               retention

       This project has been or will be reviewed               Project is or will actively address
       by DoIT for participation in existing or




                                      Page # 42        May 19, 2012
  future common IT functions usable across                privacy issues.
  multiple agencies.

  Project has planned, will plan for or has               Project is or will actively address
  conducted a pilot test of applicability and             regulatory compliance issues.
  operability in an actual business
  environment.

  Project has planned or will plan for or                 Project is or will, wherever possible, act
  conduct a proof of concept of the                       as a supplier and user of shared
  technology to be used.                                  technical resources with the State.

  Project has addressed or will address                   Project is or will work with other state
  governance to identify decision points and              agencies to maximize savings through
  accountability to ensure successful                     participating in bulk purchases and
  implementation.                                         licensing of standardized components
                                                          and solutions.

  A risk profile has been created or will be              If already in service, the project
  created and will be updated at the start of             manager has performed a recent gap
  each phase of the project.                              analysis against current state security,
                                                          privacy, architecture, DR and BC
                                                          requirements and standards.



                                                       Compliance with the Framework For Enterprise
Compliance with the Enterprise IT Strategic Plan
                                                                     Architecture Plan
  An IV&V provider has been selected or will              Project is or will be in compliance with
  be selected and is ready to provide                     the current Enterprise IT Architecture
  independent quality assurance.                          Standards for the state.

  This project “uses” or will use existing                Data and information managed by the
  common IT functions from other agencies.                project are or will be handled and
                                                          protected as an enterprise asset.

  This project could benefit from common IT               Project is or will, wherever possible,
  functions usable across multiple agencies.              participate as a supplier or user of re-
                                                          usable enterprise architecture
                                                          components.

  Project has or will identify common                     Project is or will assess risks and
  (shareable) business functions and data.                engineering security into every layer of
                                                          project implementation.

  Project is or will use middleware, where                Project has or will plan for or conduct a
                                                          proof of concept of the technology to be


                                  Page # 43        May 19, 2012
appropriate, to enhance access to all data.             used.

Any common services to be “provided” by                 Project is or will collaborate between IT
this project to other agencies or external              and business leaders during analysis
parties are provided at competitive rates.              and review to provide advice on
                                                        technologies.

Project is or will actively address security            Project owners are or will take
and data integrity issues.                              responsibility for initiating analysis and
                                                        review.

Project has or will give thorough and                   Project has or will consider application
appropriate consideration to common                     of COTS (commercial off-the-shelf).
hosting and data center models.

Project has or will give thorough and                   Project is or will manage a separation of
appropriate consideration to open source                presentation logic, business logic and
components.                                             data access to maximize reusability of
                                                        components.

Project has or will give thorough and                   Project is or will actively address
appropriate consideration to common,                    system management issues.
distributed and remote support models.

Project is or will implement and participate
in state-wide approaches to business
continuity and disaster recovery solutions.

Project is or will actively participate in any
appropriate statewide or group purchases
of products, software or services to
minimize costs.

Project is or will comply with business case
and other project planning and ROI
evaluations appropriate to the size and
cost of the project.




                                Page # 44        May 19, 2012

								
To top