TEXAS DEPARTMENT OF INFORMATION RESOURCES
2006 Information Resources Strategic Plan Instructions & Template
Guidance for State Agencies and Institutions of Higher Education
UPDATED JUNE 20, 2006
��CONTENTS
INTRODUCTION .................................................................................1
Changes to the IRSP Instructions .......................................................................... 1 IRSP Submission Requirements and DIR Support ................................................ 1 Background .............................................................................................................. 2 Purpose ..................................................................................................................... 3 Approach ................................................................................................................. 4 IRSP Organization .................................................................................................... 5
PART 1:AGENCY ENVIRONMENT .........................................................7
Aligning Technology with Agency Mission, Goals, and Objectives ............... 7 Information and Communications Technology Management Practices ................. 8 Information Resources Manager ............................................................ 9 Project and Portfolio Management ........................................................ 9 Software Development Life Cycle Methodologies ............................. 11 Performance Management .................................................................. 12 Requirements/Change/Configuration Management ........................ 12 Telecommuting ....................................................................................... 13 Intranet .................................................................................................... 14 Enterprise Architecture and Governance Practices ...................................... 14 Agency Database and Application Portfolio .................................................. 15 Databases ............................................................................................... 16 Applications ............................................................................................ 17
PART 2:SUPPORT OF 2005 SSP GOALS AND OBJECTIVES ...................19
Objective 1. Reduce Cost, Eliminate Duplication, and Improve Performance of Data Center Services .......................................................... 19 Service Level Agreements/Requirements ............................................ 19 Disaster Recovery ................................................................................... 21 Objective 2. Safeguard Information and Communications Technology Assets ................................................................................................................... 21 Security Responsibilities .......................................................................... 22 Security Funding ..................................................................................... 23 Security Capabilities ............................................................................... 24 Security Assistance Survey ..................................................................... 25 Objective 3. Leverage Shared Network Operations and Resources .......... 26 Voice Network Upgrades ...................................................................... 26 Data Network Upgrades ........................................................................ 26 Voice over Internet Protocol (VoIP) ...................................................... 27 Interactive Voice Response................................................................... 27
20 JUN 06 | 2006 IRSP INSTRUCTIONS
i
�CONTENTS
Call Centers ............................................................................................. 27 Video Conferencing............................................................................... 28 Wireless Data Services and Infrastructure ............................................ 28 TEX-AN Contracts .................................................................................... 29 Shared Network Operations Survey ...................................................... 29 Objective 4. Solve Common Business Problems through Shared Applications ....................................................................................................... 29 Receiving Payments over the Internet ................................................. 30 Collecting Fees or Fines over the Internet ............................................ 30 Forms over the Internet .......................................................................... 30 Taking applications Through Interactive Voice Recognition (IVR) .... 31 E-mail Environment ................................................................................. 31 E-mail Costs (Optional)........................................................................... 32 Event Registration ................................................................................... 32 Grants Systems ........................................................................................ 33 Shared Services Survey........................................................................... 33 Objective 5. Maximize Buying Power on Commodity Technologies and Services ............................................................................................................... 34 DIR Cooperative Contracts Program ................................................... 34 Best Practices for Acquisition of Goods and Services ......................... 34 Objective 6. Ensure Maximum Results from State Projects ............................ 35 Texas Project Delivery Framework ......................................................... 35 Framework Training ................................................................................. 35 Objective 7. Encourage Business and Technology Architectures that Drive Improved Planning and Coordination................................................ 36 Reuse........................................................................................................ 36 Collaboration .......................................................................................... 37 Interoperability ........................................................................................ 38 Information Architecture Practices ....................................................... 38 Technical Architecture Practices .......................................................... 39 Business Architecture Practices ............................................................. 40 New Opportunities for Statewide Management or Support .............. 41 Objective 8. Enhance the Value of State Reviews ......................................... 42 Streamlined Reporting............................................................................ 42 Management of Technology Assets ..................................................... 43 Objective 9. Increase the Value of Electronic Data and Information ........ 43 Data and Information Management ................................................... 43 Electronic Records Management ......................................................... 44 Accessibility of Agency Web Sites ........................................................ 44
PART 3:COMPLIANCE WITH STATE STANDARDS ................................45
Security Requirements ......................................................................................... 45 Geographic Information Systems Standards ................................................... 50 Additional Rules and Requirements .................................................................. 52
ii
DEPARTMENT OF INFORMATION RESOURCES
�CONTENTS
GLOSSARY........................................................................................55
20 JUN 06 | 2006 IRSP INSTRUCTIONS
iii
��Introduction
CHANGES TO THE IRSP INSTRUCTIONS
The original version of the 2006 Information Resources Strategic Plan (IRSP) Instructions was posted on the Texas Department of Information Resources (DIR) Web site on May 5, 2006. It provided a background of the purpose and context of the plan, along with a preliminary set of questions to enable information resources managers (IRMs) to begin development of the IRSP offline. This updated version, the 2006 Information Resources Strategic Plan Instructions & Template, includes modified instructions and revised or edited questions that match those contained in the IRSP Collection Tool (see the Frequently Asked Questions, or ―FAQ‖, document on the DIR Web site for details). It replaces the original version of the IRSP Instructions and the DIR Data Instruction Template.
IRSP SUBMISSION REQUIREMENTS AND DIR SUPPORT
IRMs must submit responses to all required IRSP questions by August 22, 2006. A response is required for each IRSP question unless otherwise indicated. The two questions on e-mail costs, for example, are optional (questions 2.4.13 and 2.4.14). While this instruction document may be used to aid IRMs and subject matter experts in gathering information offline, the IRSP Collection Tool must be used to submit final IRSP responses to DIR (see Collection Tool Instructions, on the DIR Web site, for details). Texas Government Code (TGC) Chapter 2054, the Information Resources Management Act, or ―IRMA,‖ specifies that all agencies and institutions of higher education are required to complete IRSPs. These agencies should have received detailed instructions from DIR on using the hosted Web survey system for IRSP reporting. If an agency is required to complete the IRSP but did not receive these instructions, or if an agency would like to complete this plan on a voluntary basis to improve its deployment of information and communications technology, the agency IRM, or a representative, should contact David Dennis at 512-475-0577 or at david.dennis@dir.state.tx.us. The IRSP homepage, www.dir.state.tx.us/irsp/, which includes an FAQ page and other support documents, will also include any future amendments to these instructions. Additional guidance materials will be posted periodically throughout the reporting period. In addition, IRMs may retrieve data submitted by the agency in the 2004 IRSP through SITAR: https://sitar.dir.state.tx.us/itar/login.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
1
�INTRODUCTION
Specific IRSP-related questions should be sent to irsp@dir.state.tx.us. DIR staff will respond to these questions as soon as possible, usually within two business days. The IRM is responsible for the preparation of the IRSP; however, state law requires that it be ―signed by the presiding officer of the governing body of the state agency if the agency is governed by one or more fully paid full-time state officials, and otherwise by the executive director of the agency‖ (or the president, chancellor, or vice chancellor if the agency is an institution of higher education). DIR will not require the submission of ―hard copy‖ plans or signature pages as part of the approval process; options such as e-mail certifications by the executive director/university head are being explored. DIR will provide detailed instructions to IRMs by e-mail once instructions are finalized. In the meantime, each IRM should ensure that their executive leadership, including the executive director/university head, is aware that a review and approval process must be completed before the IRSP submission deadline of August 22, 2006. Ideally, the IRM will seek the full support and collaboration of business units within the agency or institution of higher education as early as possible to ensure that the IRSP fully aligns technology with the business needs, mission, and goals of the agency.
BACKGROUND
Every two years, each Texas state agency and institution of higher education is required to develop an Information Resources Strategic Plan (IRSP) and send it to DIR and the Quality Assurance Team (QAT) for review. The QAT comprises representatives from DIR, the Legislative Budget Board (LBB), and the Texas State Auditor’s Office. Each agency’s information resources manager is responsible for completing the IRSP. DIR, in coordination with the QAT, must report to the agency or institution of higher education, and may report to the governor and the presiding officer of each house of the legislature, when an IRSP or plan amendment is not in compliance with the state strategic plan for information resources management (state strategic plan, or SSP). IRMA contains specific content requirements for the IRSP (TGC §2054.096). DIR conducted a focus group with 19 representatives from agencies and institutions of higher education on April 12, 2006, to review IRSP questions, format, and direction. In response to the review and to input from other stakeholders, DIR reduced the number of questions and adjusted the scope in some areas. The resulting IRSP avoids requesting information already provided to the state through other data collection instruments.
2
DEPARTMENT OF INFORMATION RESOURCES
�INTRODUCTION
Throughout this document, all references to agencies apply to state-supported institutions of higher education as well, unless otherwise indicated. In addition, all references to the state strategic plan refer to the 2005 plan, Shared Success: Building a Better Texas through Shared Responsibilities.
PURPOSE
The 79th Texas Legislature signaled a clear mandate for the state to restructure the roles and responsibilities for its investment in information and communications technology. The key elements of this change include a focus on advancing services to citizens, supporting the core missions of individual agencies, simplifying technology management, and maximizing the value of the state’s investment in hardware, software, services, data, and personnel. The IRSP is one of several mandated planning and reporting tools that enable oversight entities to monitor and evaluate how effectively agencies are delivering on legislative mandates and requirements. The 2006 IRSP also helps agencies establish a roadmap for improving service delivery to citizens and in performing agency administrative functions more efficiently. It contains questions in various formats, including yes/no, single select, multiple select, survey, and text. While the IRSP is developed every two years, the required planning horizon for each plan is five years. Questions in the 2006 IRSP are limited to information that cannot be gathered through other sources. For example, although TGC §2054.096 requires DIR to collect project-specific information from agencies, there is sufficient project information in the Information Technology Detail (ITD) reported to the LBB, and the Texas Project Delivery Framework to meet these requirements. Therefore, the 2006 IRSP has no project-specific questions. Similarly, agencies involved in data center assessments and the data center consolidation project (institutions of higher education and 27 prioritized state agencies) will not be required to answer certain questions because they have already provided extensive information on their data center operations. The 2006 IRSP fully aligns with the 2005 SSP and provides the basis for agencies to collaboratively develop technology solutions that support individual, missioncritical agency business processes. To ensure alignment of information and communications technology planning with agency missions, goals, and objectives, the IRSP should be developed in concert with agency strategic plans (state agencies only) and the legislative appropriations request process. DIR will use agency responses to questions in the IRSP to fulfill research responsibilities, gauge future agency and statewide needs, and help compile the 2006 biennial performance report for information resources management.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
3
�INTRODUCTION
Additionally, the Legislature requires DIR to provide the LBB with a list of agencies that have not complied with standards, provisions in the SSP, or corrective action plans. Each listed agency must develop corrective action plans, approved by DIR, that specify how the agency will correct the deficiencies before components of the agency biennial operating plan can be approved by the LBB.
APPROACH
The 2005 SSP articulates five strategic goals that will govern the state’s technology investment. These goals are to • • • • • Reduce government costs Drive effective technology contracting Leverage shared technology operations Promote innovative use of technology that adds value Protect technology and information assets
These goals will require substantial coordination among all levels of government. The Texas Model of the Enterprise, as discussed in the 2005 state strategic plan, supports these goals through ten objectives. The structure of the 2006 IRSP reflects the Model by addressing all of the objectives, promoting effective technology planning and service delivery at the agency level that also advances shared success throughout the state. The base of the Texas Model—the statewide infrastructure layer— delivers shared functions that, similar to utility services, are needed by all agencies, but are not unique or specific to an individual agency. These functions include those addressed by Objectives 1–5 of the 2005 SSP: Data Center, Security, Network, Shared Applications, and Commodity Procurements. The collaboration layer supports the shared development of guidelines and practices that contribute to effective enterprise management of information and communications technology. These guidelines and practices include those addressed by Objectives 6–9: Project Delivery, Architecture, State Reviews, and Data Management and Access. The collaboration layer includes guiding the development of integrated architectures that advance data and information sharing among agencies, establishing a collaborative approach for evaluating
4
DEPARTMENT OF INFORMATION RESOURCES
�INTRODUCTION
opportunities to standardize agency business processes where common needs exist, and supporting the adoption of statewide technology rules and standards. Leveraging each of the preceding layers, the most important is the agency layer, which supports the unique functionality that an agency must deliver to successfully support its core mission. By unifying Texas government through coordinated commitments and shared responsibilities, the state can strategically align its significant investment in information and communications technology with agency business needs.
IRSP ORGANIZATION
The 2004 IRSP was primarily an inventory of agency goals and objectives, projects, applications and databases, and compliance status. While the 2006 IRSP includes these elements, as required by TGC §2054.096, it is also a roadmap to help the state transform technology as a shared responsibility among all agencies. It also supports collaboration among agencies and DIR to build an enterprise infrastructure that supports individual, mission-critical agency business processes. The 2006 IRSP is organized into three parts: Part 1, Agency Environment, represents the agency layer of the model (Objective 10). It describes how the agency aligns information and communications technology with its business goals and objectives, how it manages its information resources, and how it manages its portfolio of applications and databases. Part 2, Support of 2005 SSP Goals and Objectives, represents the statewide infrastructure layer (Objectives 1-5) and the collaboration layer (Objectives 6-9). It describes how the agency’s technology plans and operations support, and are supported by, the statewide objectives contained within the 2005 state strategic plan. Part 3, Compliance with State Standards, describes the status of agency compliance with key technology-related statutes and rules. The IRSP includes a glossary of key terms to orient agencies completing the questions.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
5
�INTRODUCTION
6
DEPARTMENT OF INFORMATION RESOURCES
�Part 1:
Agency Environment
Objectives 1 through 9 of this plan present key functions of the statewide infrastructure and collaboration layers of the Texas Model of the Enterprise. The most critical layer of the model—the agency layer—builds on this foundation of shared technology and business solutions. Agencies will achieve their core missions by aligning their specific technology solutions with their unique business functions. Additionally, by integrating shared technologies and best practices into their processes, agencies will be empowered to take advantage of a full spectrum of resources made available through the statewide infrastructure and collaboration layers of the Texas Model. In so doing, agencies will be positioned to serve their customers more quickly, efficiently, and at a lower cost. 2005 SSP, Shared Success, p. 26.
The alignment of technology with an agency’s mission, goals, objectives, and strategies ensures that information and communications technology efforts (projects, operations, and systems) are based on a full understanding of business objectives. This level of alignment between business and technology is known as ―enterprise architecture,‖ a comprehensive approach used to manage and coordinate an organization’s business processes and information systems so that they align with the organization’s core goals and strategic direction. The 2006 IRSP seeks to identify how agencies approach enterprise architecture from the perspective of the IRM. DIR will use information gathered to develop guidelines, policies, training, and support for improved alignment to achieve the following goals: • • • Produce measurable cost savings for state agencies Promote service-delivery innovation and efficiency for state agencies Promote interoperability, collaboration, and reuse, both across agency divisions and statewide
ALIGNING TECHNOLOGY WITH AGENCY MISSION, GOALS, AND OBJECTIVES
Agencies should describe how information and communications technology is deployed in direct support of their agency mission, goals, and objectives, as described in their agency strategic plans (ASPs) for fiscal years 2007-2011 and/or through requests for funding through their legislative appropriations requests (LARs) for fiscal years 2008-2009, including Information Technology Detail (ITD) information.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
7
�PART I: AGENCY ENVIRONMENT
DIR will use agency responses to understand how each agency uses technology to fulfill its mission, goals, and objectives and how it governs its enterprise strategy and impact. Such understanding will aid DIR in its efforts to promote enterprise architectures within Texas agencies in order to facilitate interoperability, reuse, and collaboration.
1.1.1 Describe how technology is deployed in direct support of the agency mission, goals, and objectives. Summarize the agency mission, goals, and objectives, and address both strategic and tactical perspectives as applicable. Enter answer in paragraph form. [ ] 1.1.2 Describe technology deployments that are NOT directly supporting agency goals and objectives. Enter answer in paragraph form. [ ] 1.1.3 Has agency executive leadership from both business and technology divisions/units identified a need for improving alignment (communications and interaction) of business and technology? Choose one. ( ) Yes ( ) No 1.1.4 If an agency plan is in place for improving the alignment of business and technology in terms of communications an interaction, how is it managed? Choose one. ( ) Business Divisions/Units (including executive leadership) ( ) Technology Divisions/Units (including IRM and technology directors) ( ) Collaborative Group or Committee (a combination of business and technology) ( ) Not Applicable
INFORMATION AND COMMUNICATIONS TECHNOLOGY MANAGEMENT PRACTICES
The state strategic plan supports the development of standards, rules, guidelines, and practices that contribute to effective enterprise management of information and communications technology. The 2006 IRSP will identify current collaboration, reuse, and interoperability practices, while providing a forum for agencies to identify opportunities for improvements in these areas.
8
DEPARTMENT OF INFORMATION RESOURCES
�PART I: AGENCY ENVIRONMENT
DIR will use agency responses to the following questions to scope and develop the approach to fulfilling SSP objectives and strategies that direct DIR to improve technology management, operations, and project delivery. INFORMATION RESOURCES MANAGER
1.2.1 Does the IRM report directly to a person with a title functionally equivalent to executive director or deputy executive director (president, chancellor, or vice chancellor for institutions of higher education)? Choose one. ( ) Yes (skip 1.2.1a) ( ) No 1.2.1a Describe the level of the IRM in the agency’s organizational chart and the title of the IRM’s supervisor. Enter answer in paragraph form. [ ] 1.2.2 Describe the IRM’s business role, including alignment of business and technology and the development of the agency strategic plan (state agencies only) and/or requests for funding through the legislative appropriations request process (LAR). Enter answer in paragraph form. [ ] 1.2.3 Does the agency’s IRM also serve as IRM for one or more other agencies? Choose one. ( ) Yes ( ) No (skip 1.2.3a) 1.2.3a List the additional agency or agencies (please use standard agency acronyms). Enter answer in paragraph form. [ ]
PROJECT AND PORTFOLIO MANAGEMENT Project management includes the methods and disciplines used to define goals, plan and monitor tasks and resources, identify and resolve issues, and control costs and budgets for a specific project. Portfolio management is a business process in which organizations make investment decisions to determine and select the mix of active projects, along with the budget, staffing, and other resource allocations for each project.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
9
�PART I: AGENCY ENVIRONMENT
1.2.4
What is the status of implementing a standard project management methodology for technology projects in the agency? Choose one. ( ) Implemented ( ) Implementation in Progress ( ) Planned or Planning in Progress ( ) Not Implemented and Not Planned
1.2.5
What is the status of implementing a standard portfolio management methodology for technology projects in the agency? Choose one. ( ) Implemented ( ) Implementation in Progress ( ) Planned or Planning in Progress ( ) Not Implemented and Not Planned
NOTE: If both of the above questions (1.2.4 and 1.2.5) are answered ―Not Implemented and Not Planned‖, the appropriate answer to questions 1.2.6 through 1.2.11 would be ―Not applicable‖, and the appropriate answer to question 1.2.12 would be ―None‖.
1.2.6 Are any Texas Project Delivery Framework tools used as part of the agency’s project/portfolio management methodology? Choose one. ( ) Yes ( ) No ( ) Partial ( ) Not Applicable 1.2.7 Does the project/portfolio management methodology define the sequence of activities (the project life cycle) necessary to complete the project? Choose one. ( ) Yes ( ) No ( ) Not Applicable 1.2.8 Does the project/portfolio management methodology monitor and control key project activities? Choose one. ( ) Yes ( ) No ( ) Not Applicable
10
DEPARTMENT OF INFORMATION RESOURCES
�PART I: AGENCY ENVIRONMENT
1.2.9
Does the project/portfolio management methodology document successes and failures and determine how future projects will benefit from these findings? Choose one. ( ) Yes ( ) No ( ) Not Applicable
1.2.10
Does the project/portfolio management methodology verify that project risks are identified? Choose one. ( ) Yes ( ) No ( ) Not Applicable
1.2.11
Does the project/portfolio management methodology ensure that costs and benefits for the project have been identified? Choose one. ( ) Yes ( ) No ( ) Not Applicable
1.2.12
List any automated tools being used for project/portfolio management (Enter “None” if no automated tools are being used). Enter answer in paragraph form. [ ]
1.2.13
Describe project-level and portfolio-level governance practices, including change management and issue resolution. Enter answer in paragraph form. [ ]
SOFTWARE DEVELOPMENT LIFE CYCLE METHODOLOGIES
1.2.14 What is the status of implementing a standard software development life cycle (SDLC) in the agency? Choose one. ( ) Implemented ( ) Implementation in Progress ( ) Planned or Planning in Progress ( ) Not Implemented and Not Planned
20 JUN 06 | 2006 IRSP INSTRUCTIONS
11
�PART I: AGENCY ENVIRONMENT
1.2.15
Describe current SDLC practices and status. Enter answer in paragraph form. [ ]
1.2.16
If the agency has implemented an SDLC methodology, does it incorporate the Texas Project Delivery Framework SDLC deliverable templates and guidelines? Choose one. ( ) Yes ( ) No ( ) Partial ( ) Not Applicable
PERFORMANCE MANAGEMENT
1.2.17 What is the status of implementing a standard product and/or service performance management process for use by all technology projects in the agency? Choose one. ( ) Implemented ( ) Implementation in Progress ( ) Planned or Planning in Progress ( ) Not Implemented and Not Planned 1.2.18 Describe any performance management products and/or services the agency has implemented, or is planning. Specify any “best practices” elements, including tools used or developed. Enter answer in paragraph form. [ ]
REQUIREMENTS/CHANGE/CONFIGURATION MANAGEMENT DIR will use agency responses to the following questions to scope and develop the state’s approach to enterprise architecture standards, including requirements management, change management, and configuration management, which have been demonstrated to improve the alignment of business and technology. See the Glossary for a more detailed description.
1.2.19 What is the status of implementing a standard requirements management process for the agency? Choose one. ( ) Implemented ( ) Implementation in Progress ( ) Planned or Planning in Progress
12
DEPARTMENT OF INFORMATION RESOURCES
�PART I: AGENCY ENVIRONMENT
( ) Not Implemented and Not Planned 1.2.20 What is the status of implementing a standard project change control/ change management structure and process for the agency? Choose one. ( ) Implemented ( ) Implementation in Progress ( ) Planned or Planning in Progress ( ) Not Implemented and Not Planned 1.2.21 What is the status of implementing a standard configuration management process for the agency? Choose one. ( ) Implemented ( ) Implementation in Progress ( ) Planned or Planning in Progress ( ) Not Implemented and Not Planned 1.2.22 Describe current requirements management, change control/management and configuration management practices and status, along with future plans in these areas. List any automated tools used. Enter answer in paragraph form. [ ]
TELECOMMUTING
1.2.23 Does the agency have a policy regarding telecommuting or AWA (alternative workplace arrangements) that allows employees to work one or more days per week at home or at alternate locations? Choose one. ( ) Yes ( ) No (skip 1.2.23a) 1.2.23a Describe the agency’s telecommuting and/or AWA policy. Enter answer in paragraph form. [ ] 1.2.24 Does the agency incorporate telecommuting or alternative workplace arrangements in its disaster recovery and/or business continuity plans, related to potential scenarios which could limit the use of central facilities? Choose one. ( ) Yes ( ) No (skip 1.2.24a)
20 JUN 06 | 2006 IRSP INSTRUCTIONS
13
�PART I: AGENCY ENVIRONMENT
1.2.24a
Describe how the agency addresses telecommuting and AWA in its disaster recovery and/or business continuity plans. Enter answer in paragraph form. [ ]
INTRANET
1.2.25 List all applications and/or applets that are hosted on an agency intranet, which may be useful to other agencies through reuse. Enter answer in paragraph form. [ ]
ENTERPRISE ARCHITECTURE AND GOVERNANCE PRACTICES
DIR will use agency responses to the following questions to scope and develop the approach to fulfilling state strategic plan objectives and strategies that direct DIR to promote enterprise architectures in state agencies; this includes business, technical, and information architectures, focusing on alignment. See the Glossary for detailed definitions of business, technical, and information architectures. Additional information on DIR’s Enterprise Architecture program is available at www.dir.state.tx.us/ea/.
1.3.1 Describe the agency’s practice of Enterprise Governance. Indicate whether strategic direction, impact analysis, and issue resolution for technology and business divisions/units are addressed collaboratively. Enter answer in paragraph form. [ ] 1.3.2 Describe the agency’s practice of technical architecture modeling, including development, testing and production environments, hardware, software, database management systems (DBMSs), infrastructure, and other technology assets. Indicate if technical architecture modeling is managed or coordinated at an enterprise level (across business and technology divisions/units). Enter answer in paragraph form. [ ] 1.3.3 Describe the agency’s practice of Business Architecture modeling, including business divisions/organizational structure, business processes and requirements, and business re-engineering efforts. Indicate if business modeling is performed at the enterprise level (across business divisions/units). Enter answer in paragraph form.
14
DEPARTMENT OF INFORMATION RESOURCES
�PART I: AGENCY ENVIRONMENT
[ ] 1.3.4 Describe the agency’s practice of information architecture modeling, including data models, taxonomies, and databases. Indicate if data modeling is managed or coordinated at an enterprise level (across systems, applications, and/or business divisions/units). Enter answer in paragraph form. [ ] 1.3.5 For all new applications being created at the agency, what technology platforms are being used (include hardware, software, programming languages, DBMSs, tools, and commercial off-the-shelf (COTS) products)? Enter answer in paragraph form. [ ]
AGENCY DATABASE AND APPLICATION PORTFOLIO
Agency responses to questions in this section will help the state facilitate agency collaboration and reuse by making information about data and applications centrally available, part of the enterprise architecture effort underway at DIR. In addition, this information will facilitate business-asset and technical-asset reuse, as well as statewide efforts to identify key taxonomy elements. Finally, DIR and other oversight agencies will use database information to support the Statewide Technology Management and Reporting Initiative (see the report, Statewide Technology Management: Opportunities for Improvement, available on the DIR Web site, for more details), which will evaluate methods to eliminate redundancies in reporting, eliminate taxonomy conflicts, and establish opportunities for virtual data warehouse capabilities across state agencies. Agencies prioritized to participate in the data center consolidation project and institutions of higher education required to answer database portfolio questions (1.4.1 through 1.4.8) are exempt from answering application portfolio questions (1.4.10 through 1.4.16). This is because the application inventories that were reported by these agencies included a level of detail that is comparable to these questions. However, while the application inventories included related database information, they did not include the same level of detail as did the IRSP database questions. Therefore, all agencies are required to respond to database portfolio questions.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
15
�PART I: AGENCY ENVIRONMENT
DATABASES DIR will use agency responses to the following questions to identify and evaluate requirements and opportunities to streamline reporting, including redundant reporting, eliminate taxonomy conflicts, and establish opportunities for shared virtual data warehouse capabilities. All agencies must complete questions 1.4.1 through 1.4.8 for EACH existing database that holds ―of record‖ information. ―Of record‖ information includes any data or information that is official, may be reported to oversight agencies, or is required to meet the mission, goals, and objectives of the agency. Databases that hold copies or replications of data used for analysis or reporting do NOT need to be listed. Institutions of higher education may limit reporting to those databases typically managed by the institution’s chief information officer, IRM, or equivalent position.
1.4.1 DATABASE NAME. List primary database name and acronym, if used. Enter text answer. [ ] 1.4.2 DBMS AND VERSION. Identify the database management system and version (e.g., Oracle, SQL Server, Sybase, Access, Excel Spreadsheet, etc.). Enter text answer. [ ] 1.4.3 PURPOSE. Brief description of the purpose of the database. Enter answer in paragraph form. [ ] 1.4.4 DATA MODELS, DATA DICTIONARIES, AND TAXONOMIES. Indicate if an upto-date data model exists for this database, and if an up-to-date data dictionary or taxonomy exists for this database. Enter text answer. [ ] 1.4.5 ASSOCIATED APPLICATIONS. List all applications that are associated with this database. Enter answer in paragraph form. [ ] 1.4.6 ANALYSIS AND REPORTING TOOLS/VERSIONS. List all analysis and/or reporting tool(s) being used with this data. Include version information. Enter answer in paragraph form. [ ]
16
DEPARTMENT OF INFORMATION RESOURCES
�PART I: AGENCY ENVIRONMENT
1.4.7
DATA SHARING AND DATA EXCHANGE. Describe any current data sharing/data exchange practices. Enter answer in paragraph form. [ ]
1.4.8
AGE OF DATABASE. Describe the age of the database and indicate if sunset, rewrite, or replacement projects are planned or underway. Enter text answer. [ ]
APPLICATIONS After answering question 1.4.9, institutions of higher education and the 27 agencies prioritized to participate in the data center consolidation project may skip the questions in this section because DIR has already collected this data through other processes. All other agencies must complete questions 1.4.10 through 1.4.16 for EACH existing application of the types listed in question 1.4.11. DIR will use agency responses to the following questions to identify and evaluate collaboration, reuse, and interoperability standards, and to facilitate development of statewide business-asset and technical-asset reuse inventories and repositories. They will also be used to identify opportunities for collaboration across agencies. However, responses to this section will not establish a comprehensive statewide applications inventory. Based on analysis of the data received, DIR will evaluate the need to request complete application inventories in the future.
1.4.9 Is the agency one of the 27 agencies prioritized to participate in the data center consolidation or an institution of higher education? Choose one. ( ) Yes (skip 1.4.10 - 1.4.16) ( ) No 1.4.10 APPLICATION NAME AND ACRONYM. Primary application name and acronym, if used. Enter text answer. [ ] 1.4.11 APPLICATION TYPE. Choose all that apply. ( ) Data Warehousing/Business Intelligence ( ) Citizen-Facing Core Business Application ( ) Internal-Facing Core Business Application ( ) ERP/Human Resources ( ) ERP/Financial ( ) Help Desk
20 JUN 06 | 2006 IRSP INSTRUCTIONS
17
�PART I: AGENCY ENVIRONMENT
( ) CRM 1.4.12 PURPOSE. Brief description of the purpose of the application; specify business outcomes supported by this application. Enter answer in paragraph form. [ ] 1.4.13 PLATFORM. Brief but clear descriptions of application platform, including hardware, OS, and COTS version information, as applicable. Enter answer in paragraph form. [ ] 1.4.14 PROGRAMMING LANGUAGE(S). Primary and secondary programming languages. Enter answer in paragraph form. [ ] 1.4.15 AGE OF SYSTEM. Age of the system, and indicate if sunset, rewrite, or replacement projects are planned or underway. Enter answer in paragraph form. [ ] 1.4.16 INTEROPERABILITY DESCRIPTION/CONSTRAINTS. Brief description of interoperability requirements or constraints involving other applications or major databases within the agency or with external entities. Enter answer in paragraph form. [ ]
18
DEPARTMENT OF INFORMATION RESOURCES
�Part 2: Support of 2005 SSP Goals and Objectives
OBJECTIVE 1. REDUCE COST, ELIMINATE DUPLICATION, AND IMPROVE PERFORMANCE OF DATA CENTER SERVICES
Agencies have been given critical missions to fulfill in addition to new responsibilities resulting from House Bill 1516 (HB1516). Through collaboration and strong project planning, all of these missions and responsibilities will be met. The result will be new infrastructure and collaboration practices that will allow agencies to spend more of their time fulfilling their core missions. 2005 SSP, Shared Success, p. 5
The 79th Texas Legislature enacted a series of technology bills that support the continued implementation of a shared technology infrastructure. Part of this legislation directed DIR to accelerate consolidation of the state’s data center and disaster recovery services. Part 2 of the IRSP reflects new legislation and the vision of greater cost efficiencies, improved services, and a shared technology infrastructure that is flexible, innovative, and supports agencies in meeting their missions. Since institutions of higher education and the 27 agencies prioritized to participate in the data center consolidation project have already submitted pertinent data through other processes, they may skip questions 2.1.2 through 2.1.8 after answering 2.1.1, but must still answer questions 2.1.9 and 2.1.10. DIR will use agency responses to the following questions to support its evaluation of data center operations and service level requirements. Responses will also help provide the basis for developing statewide standards for service level agreements and for evaluating the status of data center and critical server programs. SERVICE LEVEL AGREEMENTS/REQUIREMENTS
2.1.1 Is the agency one of the 27 agencies prioritized to participate in the data center consolidation or an institution of higher education? Choose one. ( ) Yes (skip 2.1.2 through 2.1.8) ( ) No 2.1.2 Does the agency have a data center (see Glossary)? Choose one.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
19
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
( ) Yes ( ) No 2.1.3 Does the agency have documented service level agreements (SLAs) or service level requirements for data center services and/or server functions (including system availability measures for the agency’s main application to support critical agency functions)? Choose one. ( ) Yes ( ) No (skip 2.1.4 through 2.1.8) 2.1.4 Does the agency have documented service level agreements or requirements for systems availability? Choose one. ( ) Yes ( ) No (skip 2.1.4a) 2.1.4a Describe the documented service level agreements or requirements for systems availability. Enter answer in paragraph form. [ ] 2.1.5 Does the agency have documented service level agreements or requirements for problem resolution? Choose one. ( ) Yes ( ) No (skip 2.1.5a) 2.1.5a Describe the documented service level agreements or requirements for problem resolution. Enter answer in paragraph form. [ ] 2.1.6 Does the agency have documented service level agreements or requirements for incident response time? Choose one. ( ) Yes ( ) No (skip 2.1.6a) 2.1.6a Describe the documented service level agreements or requirements for incident response time. Enter answer in paragraph form. [ ] 2.1.7 Does the agency have documented service level agreements or requirements for customer satisfaction? Choose one. ( ) Yes
20
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
( ) No (skip 2.1.7a) 2.1.7a Describe the documented service level agreements or requirements for customer satisfaction. Enter answer in paragraph form. [ ] 2.1.8 If the agency does NOT have documented service level agreements or requirements for data center or server functions, how does the agency address availability and efficiency of operations in these areas? Enter answer in paragraph form. [ ]
DISASTER RECOVERY
2.1.9 Does the agency maintain a written disaster recovery plan for information resources? Choose one. ( ) Yes ( ) No 2.1.10 If the agency maintains a written disaster recovery plan, describe its scope and status. OR, if the agency does NOT maintain a written disaster recovery plan, describe the strategy and timeline for developing and implementing one. Enter answer in paragraph form. [ ]
OBJECTIVE 2. SAFEGUARD INFORMATION AND COMMUNICATIONS TECHNOLOGY ASSETS
In a large and decentralized state government environment, it is challenging to respond in a coordinated fashion to security threats. To adequately secure state assets, the state must establish processes and infrastructure through which all government entities can coordinate the use of limited resources to effectively respond to security threats. DIR will use responses to questions in this section to help identify steps that will help ensure that agency information resources are safe from destruction, unauthorized access, or loss. Such steps will include those needed to define and measure performance levels and optimize both employee and agency cyber security best practices.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
21
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
SECURITY RESPONSIBILITIES
2.2.1 Does the information security officer (ISO) have additional job titles/responsibilities (e.g., IRM, technology director)? Choose one. ( ) Yes ( ) No (skip 2.2.1a) 2.2.1a What are the additional job titles/responsibilities? Enter answer in paragraph form. [ ] 2.2.2 To whom does the ISO report in the agency? Choose one. ( ) Information Resources Manager (IRM) ( ) Executive Director (or equivalent) ( ) Technology Division Director ( ) Other (specify) [ ] 2.2.3 Who in the agency is primarily responsible for setting security policy? Choose one. ( ) Information Security Officer (ISO) ( ) Information Resources Manager (IRM) ( ) Executive Director (or equivalent) ( ) Technology Division Director ( ) Other (specify) [ ] 2.2.4 Who in the agency is primarily responsible for reviewing/approving projects for security features? Choose one. ( ) Information Security Officer (ISO) ( ) Information Resources Manager (IRM) ( ) Executive Director (or equivalent) ( ) Technology Division Director ( ) Other (specify) [ ] 2.2.5 Who in the agency is primarily responsible for analyzing agency security risks? Choose one. ( ) Information Security Officer (ISO) ( ) Information Resources Manager (IRM) ( ) Executive Director (or equivalent) ( ) Technology Division Director ( ) Other (specify) [ ]
22
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.2.6
Who in the agency is primarily responsible for determining budget requirements to address security risks? Choose one. ( ) Information Security Officer (ISO) ( ) Information Resources Manager (IRM) ( ) Executive Director (or equivalent) ( ) Technology Division Director ( ) Other (specify) [ ]
2.2.7
Who in the agency is primarily responsible for identifying cyber security violations? Choose one. ( ) Information Security Officer (ISO) ( ) Information Resources Manager (IRM) ( ) Executive Director (or equivalent) ( ) Technology Division Director ( ) Other (specify) [ ]
SECURITY FUNDING
2.2.8 Is security funding set by analyzing risks and determining the appropriate investment needed to address the risks? Choose one. ( ) Yes ( ) No 2.2.9 Does the agency budget include security-specific funding levels as a percentage of either the overall agency budget or the technology budget? Choose one. ( ) Yes ( ) No 2.2.10 Does the agency budget include line item(s) for security training and/or education? Choose one. ( ) Yes ( ) No 2.2.11 Does the agency fund some security functions and/or initiatives for which there are no security-specific cost categories or line items in the agency budget? Choose one. ( ) Yes ( ) No
20 JUN 06 | 2006 IRSP INSTRUCTIONS
23
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.2.12
Describe the process the agency utilizes to determine security funding requirements. Include the level of funding and/or the percentage of security funding compared to overall budget (for FY 2008-09) if this information is available. Enter answer in paragraph form. [ ]
SECURITY CAPABILITIES
2.2.13 What is the status of the agency’s capabilities in the area of automated security tools, including patch management, risk assessment, and incident reporting? Choose one. ( ) Currently in place ( ) Planned within the next 1 to 3 years ( ) Not planned, but will be considered ( ) Not feasible for agency 2.2.14 What is the status of the agency’s capabilities in the area of computer incident response mechanisms and related training? Choose one. ( ) Currently in place ( ) Planned within the next 1 to 3 years ( ) Not planned, but will be considered ( ) Not feasible for agency 2.2.15 What is the status of the agency’s capabilities in the area of cyber vulnerability detection and remediation methods? Choose one. ( ) Currently in place ( ) Planned within the next 1 to 3 years ( ) Not planned, but will be considered ( ) Not feasible for agency 2.2.16 Are security staffing levels sufficient to meet statutory requirements and agency needs? Choose one. ( ) Yes ( ) No 2.2.17 What is the status of the agency’s capabilities in the area of security training and awareness programs for all levels of the organization (users, management, technology professionals, and security professionals)? Choose one. ( ) Currently in place ( ) Planned within the next 1 to 3 years
24
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
( ) Not planned, but will be considered ( ) Not feasible for agency 2.2.18 Provide a general description of the agency’s overall security capabilities, and describe any plans for expanding or improving these capabilities over the next five fiscal years. Enter answer in paragraph form. [ ]
SECURITY ASSISTANCE SURVEY DIR is currently engaged in several projects and services designed to assist agencies in the area of technology security. Responses to the following questions will help identify and evaluate opportunities to achieve maximum agency and statewide benefit.
2.2.19 Rank the following security services and functions based on which would provide the greatest benefit to the agency. Click the greatest benefit item first, etc. (1 = greatest benefit, 7 = least benefit). Rank the following from 1 to 7. [ ] Periodic external IT security assessments to help identify information resource strengths and weaknesses [ ] State Cyber Security Response System that rapidly identifies, contains, and recovers from any attack or attempt to disrupt critical information and communications technology infrastructure [ ] Identification, development, and maintenance of best practice rules, standards, and guidelines to help reduce agency workload while providing more timely, complete, and accurate data for internal and external monitoring and management [ ] Shared network security services and solutions provided by a network security and operations center (NSOC) [ ] Improved cyber security information sharing and enhanced security communication and collaboration throughout the state by leveraging new technologies [ ] Development of comprehensive cyber security training program requirements to ensure IT security professionals, agency leadership, and network users at all levels are able to perform cyber security responsibilities [ ] Cyber security integration into state homeland security exercises and promotion of tailored exercises to help reduce network vulnerabilities and minimize the severity of cyber attacks
20 JUN 06 | 2006 IRSP INSTRUCTIONS
25
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.2.20
Provide additional detail if needed, and describe how DIR could help improve the security capabilities of the agency. Enter answer in paragraph form. [ ]
OBJECTIVE 3. LEVERAGE SHARED NETWORK OPERATIONS AND RESOURCES
Providing a shared communications network that reduces statewide costs and delivers exceptional performance is essential for Texas government to continue to serve state employees and customers. A shared communications network allows agency-level infrastructure and resources that overlap the needs of other agencies to be integrated, expanded, or adapted to benefit the entire state. VOICE NETWORK UPGRADES
2.3.1 What is the agency’s Voice Network Infrastructure upgrade status? Choose one. ( ) Upgraded within the past year (skip 2.3.2) ( ) Plan to upgrade within one year ( ) Plan to upgrade within three years ( ) Plan to upgrade within five years ( ) No plans to upgrade at this time (skip 2.3.2) 2.3.2 In the agency’s Voice Network Infrastructure upgrade plan, has the agency considered (or will it consider) a shared service arrangement through DIR to support agency efforts in this area? Choose one. ( ) Yes ( ) No
DATA NETWORK UPGRADES
2.3.3 What is the agency’s Data Network Infrastructure upgrade status? Choose one. ( ) Upgraded within the past year (skip 2.3.4) ( ) Plan to upgrade within one year ( ) Plan to upgrade within two years ( ) Plan to upgrade within three years ( ) No plans to upgrade at this time (skip 2.3.4)
26
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.3.4
In the agency’s Data Network Infrastructure upgrade plan, has the agency considered (or will it consider) a shared service arrangement through DIR to support agency efforts in this area? Choose one. ( ) Yes ( ) No
VOICE OVER INTERNET PROTOCOL (VOIP)
2.3.5 What is status of any Voice over Internet Protocol (VoIP) initiative in the agency? Choose one. ( ) No plans to adopt VoIP (skip 2.3.6) ( ) Evaluating VoIP ( ) Planning a VoIP implementation ( ) Have an active VoIP pilot project ( ) Have an operational VoIP installation 2.3.6 Has the agency considered, or will it consider, a shared service arrangement through DIR to support agency VoIP efforts? Choose one. ( ) Yes ( ) No
INTERACTIVE VOICE RESPONSE
2.3.7 What are the agency’s plans for Interactive Voice Response (IVR)? Choose one. ( ) No plans to adopt IVR (skip 2.3.8) ( ) Evaluating IVR ( ) Planning an IVR implementation ( ) Have an operational IVR system 2.3.8 Has the agency considered, or will it consider, a shared service arrangement through DIR to support agency IVR efforts? Choose one. ( ) Yes ( ) No
CALL CENTERS
2.3.9 What is the status of any telephone call center in the agency? Choose one. ( ) No plans to implement a call center (skip 2.3.10) ( ) Evaluating call center operations and technologies ( ) Planning a call center implementation
20 JUN 06 | 2006 IRSP INSTRUCTIONS
27
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
( ) Have an operational call center 2.3.10 Has the agency considered, or will it consider, a shared service arrangement through DIR to support agency call center efforts? Choose one. ( ) Yes ( ) No
VIDEO CONFERENCING
2.3.11 What is the status of any video conferencing system in the agency? Choose one. ( ) No plans to implement video conferencing (skip 2.3.12) ( ) Evaluating video conferencing systems and technologies ( ) Planning a video conferencing implementation ( ) Have an operational agency video conferencing system ( ) Utilize a shared video conferencing system among a number of institutions of higher education (skip 2.3.12) 2.3.12 Has the agency considered, or will it consider, a shared service arrangement through DIR to support agency video conferencing efforts? Choose one. ( ) Yes ( ) No
WIRELESS DATA SERVICES AND INFRASTRUCTURE
2.3.13 What is the status of any wireless data service initiative in the agency? Choose one. ( ) No plans to adopt wireless data services (skip 2.3.14) ( ) Evaluating wireless data services and infrastructure ( ) Planning a wireless data service implementation ( ) Have an active wireless data service pilot project ( ) Have an operational wireless data service 2.3.14 Has the agency considered, or will it consider, a shared service arrangement through DIR to support agency wireless data service efforts? Choose one. ( ) Yes ( ) No
28
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
TEX-AN CONTRACTS
2.3.15 Does the agency use TEX-AN contracts for purchasing telecommunications services? Choose one. ( ) Always (skip 2.3.16) ( ) Sometimes ( ) Never 2.3.16 What is the agency’s rationale for purchasing these services through other sources? Enter answer in paragraph form. [ ]
SHARED NETWORK OPERATIONS SURVEY DIR is involved in several projects and services to assist agencies in the area of shared network operations. Responses to the following questions will help identify and evaluate opportunities to achieve maximum agency and statewide benefit.
2.3.17 Rank the following network operations/services based on which would provide the greatest benefit to the agency and whether or not the agency provides or plans to provide these operations or services. Click the greatest benefit item first, etc. (1 = greatest benefit, 7 = least benefit). Rank the following from 1 to 7. [ ] Upgrades to voice network [ ] Upgrades to data network [ ] Voice over Internet Protocol (VoIP) [ ] Interactive Voice Response (IVR) [ ] Call centers [ ] Video conferencing [ ] Wireless data services and infrastructure 2.3.18 Please provide additional detail if needed, and describe how DIR could help improve the network capabilities of the agency. Enter answer in paragraph form. [ ]
OBJECTIVE 4. SOLVE COMMON BUSINESS PROBLEMS THROUGH SHARED APPLICATIONS
Some agency processes overlap and even replicate processes of other agencies. Without coordination, agencies develop duplicative and occasionally conflicting solutions.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
29
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
The state strategic plan calls for state agencies to partner with DIR and other agencies where common business problems can be solved through shared opportunities. The following questions address shared application solutions available to agencies. RECEIVING PAYMENTS OVER THE INTERNET
2.4.1 Does the agency currently take, or would it be interested in taking payments for services over the Internet (see “Payment Services” in Glossary)? Choose one. ( ) Agency currently offers this service ( ) Agency is interested in offering this service ( ) Agency has no need or interest in this service (skip 2.4.2 and 2.4.3) 2.4.2 What payment services vendor does the agency use? What is the agency plan for receiving payments, including any provisions for security and performance measures? Enter answer in paragraph form. [ ] 2.4.3 Describe any barriers or limitations that could inhibit the taking of payments for agency services over the Internet. Enter answer in paragraph form. [ ]
COLLECTING FEES OR FINES OVER THE INTERNET
2.4.4 Does the agency currently collect, or would it be interested in collecting fees or fines over the Internet (see "Collection of Fees/Fines" in Glossary)? Choose one. ( ) Agency currently provides this service ( ) Agency is interested in providing this service ( ) Agency has no need or interest in this service
FORMS OVER THE INTERNET
2.4.5 Does the agency currently offer or accept online applications or forms that can be filled in and transferred to the agency over the Internet? Choose one. ( ) Yes ( ) No (skip 2.4.6 and 2.4.7)
30
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.4.6
Describe the agency’s policies for offering or accepting applications or forms over the Internet, including any provisions for security and performance measures. Enter answer in paragraph form. [ ]
2.4.7
Does the agency require a mailed copy of the application or form with a signature? Choose one. ( ) Yes ( ) No
TAKING APPLICATIONS THROUGH INTERACTIVE VOICE RECOGNITION (IVR)
2.4.8 Does the agency currently take, or would it be interested in taking, applications through IVR via the telephone? Choose one. ( ) Agency currently offers this service ( ) Agency is interested in offering this service ( ) Agency has no need or interest in this service
E-MAIL ENVIRONMENT
2.4.9 What is the approximate number of e-mail mailboxes currently in use within the agency? Choose one. ( ) 0 - 100 ( ) 101 - 500 ( ) 501 - 1,000 ( ) 1,001 - 2,500 ( ) 2,501 - 5,000 ( ) 5,001 + 2.4.10 What e-mail rich client type is used on the majority of desktops within the agency? Choose one. ( ) Microsoft Outlook ( ) IBM Lotus Notes ( ) Novell GroupWise ( ) Other (specify) [ ]
20 JUN 06 | 2006 IRSP INSTRUCTIONS
31
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.4.11
What is the status of the agency’s participation in DIR’s voluntary, Enterprise Messaging Services contract (see www.dir.state.tx.us/messaging for details)? Choose one. ( ) Currently in place ( ) Planned within the next 1–3 years ( ) Not planned, but will be considered ( ) Not feasible for agency
2.4.12
Is the agency planning an upgrade of its current e-mail/messaging system in FY2008-09 (maintenance renewal, upgrade, or replacement of an existing messaging system) at a cost of $50,000 or more? Choose one. ( ) Yes ( ) No
E-MAIL COSTS (OPTIONAL) Total Cost of Ownership (TCO) is a method for identifying all of the one-time and ongoing costs associated with the evaluation, acquisition, implementation, maintenance, operation/ usage, and management of an e-mail system. Agencies that have volunteered to participate in DIR’s Enterprise Messaging Services contract may have TCO calculations that could be used to respond to questions 2.4.13 and 2.4.14. However, DIR has determined that it is not necessary for all agencies and institutions of higher education to calculate these costs. Agencies interested in DIR support for conducting a TCO analysis or analyzing feasibility for participating in DIR’s Enterprise Messaging Services contract should visit www.dir.state.tx.us/messaging/ for information. Agencies may also submit questions on messaging to messaging@dir.state.tx.us.
2.4.13 What is the agency’s estimated Total Cost of Ownership for messaging (email) services, expressed in dollars per mailbox per month? Enter text answer. [ ] 2.4.14 Describe the agency’s costs for messaging (e-mail), how they were calculated, and any comparative analysis completed by the agency. Enter answer in paragraph form. [ ]
EVENT REGISTRATION
2.4.15 Does the agency currently offer, or is it interested in offering, event registration over the Internet? Choose one.
32
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
( ) Agency currently offers this service ( ) Agency is interested in offering this service ( ) Agency has no need or interest in this service (skip 2.4.16) 2.4.16 Describe the types of events for which the agency offers, or is interested in offering registration over the Internet. Enter answer in paragraph form. [ ]
GRANTS SYSTEMS
2.4.17 Does the agency currently manage, authorize, and/or issue grant monies over the Internet to other governmental entities, public service organizations, or citizens? Choose one. ( ) Yes ( ) No
SHARED SERVICES SURVEY DIR is involved in several projects and services to assist agencies in the area of shared services. Responses to the following questions will help identify and evaluate opportunities to achieve maximum agency and statewide benefit.
2.4.18 Rank the following shared services based on which would provide the greatest benefit to the agency and whether or not the agency provides or plans to provide these services. Click the greatest benefit item first, etc. (1 = greatest benefit, 6 = least benefit). Rank the following from 1 to 6. [ ] Receiving payments over the Internet [ ] Collecting fees or fines over the Internet [ ] Offering or accepting forms over the Internet [ ] Providing e-mail/messaging and collaboration services [ ] Offering event registrations [ ] Managing, authorizing, and/or issuing grant monies 2.4.19 Please provide additional detail if needed, and describe how DIR could help improve the shared services capabilities of the agency. Enter answer in paragraph form. [ ]
20 JUN 06 | 2006 IRSP INSTRUCTIONS
33
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
OBJECTIVE 5. MAXIMIZE BUYING POWER ON COMMODITY TECHNOLOGIES AND SERVICES
The DIR Cooperative Contracts Program enables government entities to pool their purchasing power to drive down technology product and service costs. The program provides an effective procurement channel to thousands of public sector entities across Texas. However, it has yet to reach its full potential. DIR COOPERATIVE CONTRACTS PROGRAM
2.5.1 How does the agency benefit from the Cooperative Contracts Program? Choose all that apply. ( ) Enhanced contract terms and conditions ( ) Reduced staff time and time to receive goods and services ( ) Actual monetary savings ( ) Higher level of negotiating expertise ( ) Agency could get better pricing through other means ( ) Agency does not find the Cooperative Contracts Program beneficial ( ) Other [ ] 2.5.2 Describe the agency’s experience with the Cooperative Contracts Program. Enter answer in paragraph form. [ ] 2.5.3 What future improvements (2-5 years) to the Cooperative Contracts Program would benefit the agency and the state? Include areas where DIR could provide additional services/support to improve the program. Enter answer in paragraph form. [ ]
BEST PRACTICES FOR ACQUISITION OF GOODS AND SERVICES
2.5.4 Describe any strategies used by the agency for acquiring technology and/or non-technology goods and services that could provide a best practices model for the state’s information and communications technology procurement processes and practices, such as reverse auctions and external contracting. Enter answer in paragraph form. [ ]
34
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
OBJECTIVE 6. ENSURE MAXIMUM RESULTS FROM STATE PROJECTS
Successful project delivery requires alignment of business and technology goals among stakeholders under the direction of agency executives. The Texas Project Delivery Framework (Framework) provides strategies and tools for tying technology projects to clearly defined business needs and outcomes, a clear scope, and solid cost-benefit estimates. The Framework will be refined over time to incorporate new and successful tools, techniques, and processes. DIR will use agency responses to the following questions to scope and prioritize improvement opportunities for project delivery in the state. TEXAS PROJECT DELIVERY FRAMEWORK
2.6.1 Does the agency use the Texas Project Delivery Framework (deliverable templates and instructions)? Choose all that apply. ( ) Yes, for major technology projects (life cycle costs of $1 million or more) ( ) Yes, for non-major technology projects (life cycle costs of less than $1 million) ( ) No, Framework is not being used 2.6.2 Describe the benefits and/or any recommendations or challenges associated with use of the Framework templates and instructions. Enter answer in paragraph form. [ ]
FRAMEWORK TRAINING
2.6.3 DIR is establishing a Texas Project Delivery Framework Training Program. Does the agency have a training need within any of the following areas? Choose all that apply. ( ) Portfolio and project management practices ( ) Portfolio and project governance ( ) Systems Development Life Cycle (SDLC) ( ) Executive leadership practices ( ) Performance management ( ) Business case analysis 2.6.4 Describe details of agency Framework training needs and interests. Enter answer in paragraph form. [ ]
20 JUN 06 | 2006 IRSP INSTRUCTIONS
35
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
OBJECTIVE 7. ENCOURAGE BUSINESS AND TECHNOLOGY ARCHITECTURES THAT DRIVE IMPROVED PLANNING AND COORDINATION
Architectural standards start with a structured understanding of the key business functions the agency must fulfill to achieve its mission and support the goals of the state. With business needs established as a baseline, technology architectures can be developed that directly support those priorities. This objective is further reinforced when agencies build reuse and interoperability strategies into their development and deployment standards. DIR will use agency responses to the following questions to scope and develop the approach to fulfilling SSP objectives and strategies that direct DIR to promote the alignment of business and technology and to provide opportunities for reuse, collaboration, and interoperability. Additional information on DIR’s Enterprise Architecture program is available at www.dir.state.tx.us/ea/. REUSE
2.7.1 Describe current or planned reuse or adaptation of existing business assets (requirements, models) and/or technology assets (designs, code) from other projects, within or outside the agency. Enter answer in paragraph form. [ ] 2.7.2 Describe the factors that reflect success in reuse of business and technology assets, and indicate which of those success factors are currently met at the agency. Enter answer in paragraph form. [ ] 2.7.3 Describe any plans to produce reusable business or technology assets that may be valuable to other state agencies or institutions of higher education. Enter answer in paragraph form. [ ] 2.7.4 Which resource(s) would help the agency to identify and/or evaluate reuse opportunities, or to produce more reusable assets? Choose all that apply. ( ) Business asset reuse guidelines and training ( ) Technology asset reuse guidelines and training ( ) Information asset reuse guidelines and training ( ) Reuse asset inventory (with contact info, but without repository) ( ) Reuse asset inventory and repository ( ) Statewide business asset standards facilitating reusability ( ) Statewide technology asset standards facilitating reusability
36
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
( ) Statewide information asset standards facilitating reusability ( ) Support resources to mentor and support agency reuse efforts 2.7.5 Describe the types of services, systems, and applications that the agency would like to find and reuse that may have already been developed by other governmental entities. Enter answer in paragraph form. [ ] 2.7.6 Describe any other ideas or suggestions for improving agency capabilities for reuse. Enter answer in paragraph form. [ ]
COLLABORATION
2.7.7 Describe current collaborations with other agencies, institutions of higher education and/or local governments. Enter answer in paragraph form. [ ] 2.7.8 Describe any planned collaboration initiatives with other agencies, institutions of higher education and/or local governments. Enter answer in paragraph form. [ ] 2.7.9 Which resource(s) would help the agency to identify and/or evaluate collaboration opportunities with other agencies, institutions of higher education, local governments and/or private entities? Choose all that apply. ( ) Interagency collaboration guidelines and training ( ) Public-private collaboration guidelines and training ( ) List describing agency projects and applications ( ) List of public-private collaboration opportunities ( ) Statewide standards for technology project collaboration (including collaboration governance) ( ) Support resources to mentor and support agency collaboration efforts 2.7.10 Describe any other ideas or suggestions the agency has for improving capabilities for collaboration on technology projects. Enter answer in paragraph form. [ ]
20 JUN 06 | 2006 IRSP INSTRUCTIONS
37
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
INTEROPERABILITY
2.7.11 Describe significant interoperability constraints and requirements that exist with other agencies, local or federal government, and institutions of higher education, stakeholder groups, or private sector entities. These include systems and/or applications outside the agency with which data must be integrated and/or shared. Enter answer in paragraph form. [ ] 2.7.12 Describe any potential interoperability opportunities that could add value within the agency or outside the agency. Indicate the value associated with each opportunity. Enter answer in paragraph form. [ ]
INFORMATION ARCHITECTURE PRACTICES
2.7.13 Has the agency developed and implemented standards for information (data) architecture, including standards for data modeling, database design, and taxonomies? Choose one. ( ) Yes ( ) No 2.7.14 Describe the key areas of focus on any existing data modeling, database and/or taxonomy standards. Indicate if the agency’s data-focused standards may be valuable to other agencies. Enter answer in paragraph form. [ ] 2.7.15 Has the agency undertaken an enterprise data modeling effort? Choose one. ( ) Yes ( ) No (skip 2.7.16) 2.7.16 How much of the agency’s enterprise data modeling effort is complete? Choose one. ( ) More than 50% ( ) Between 10% and 50% ( ) Less than 10% ( ) Not Applicable
38
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.7.17
How many agency data models (enterprise and/or application-specific) include data dictionaries or taxonomies? Choose one. ( ) More than 50% ( ) Between 10% and 50% ( ) Less than 10% ( ) Not Applicable
2.7.18
Describe the agency’s policy and practice of keeping data models, database designs, and/or data dictionaries/taxonomies (enterprise or application-specific) up to date. Enter answer in paragraph form. [ ]
2.7.19
What could DIR do to support the agency’s information architecture practices? Enter answer in paragraph form. [ ]
TECHNICAL ARCHITECTURE PRACTICES
2.7.20 Has the agency developed and implemented coding and design standards for technical architecture? Choose one. ( ) Yes ( ) No 2.7.21 Describe the key areas of focus on any existing coding and design standards (security, interfaces, etc.). Indicate if the agency’s coding and design standards may be valuable to other agencies. Enter answer in paragraph form. [ ] 2.7.22 How much of the agency’s technical architecture has been modeled (development, testing and production environments, hardware, software DBMS, infrastructure, and other technology assets)? Choose one. ( ) More than 50% ( ) Between 10% and 50% ( ) Less than 10% ( ) Not Applicable
20 JUN 06 | 2006 IRSP INSTRUCTIONS
39
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.7.23
Describe the agency’s policy and practice of keeping technical architecture models and/or system requirements and designs up to date. Enter answer in paragraph form. [ ]
2.7.24
What could DIR do to support the agency’s technical architecture practices? Enter answer in paragraph form. [ ]
BUSINESS ARCHITECTURE PRACTICES
2.7.25 Does the agency gather business requirements separately and in advance of gathering system requirements? Choose one. ( ) Yes ( ) No 2.7.26 Has the agency developed and implemented business modeling and business requirements gathering methodology and standards? Choose one. ( ) Yes ( ) No 2.7.27 Describe the key areas of focus on any existing business modeling/requirements standards and/or methodology. Indicate if the agency’s business modeling/requirements standards and/or methodology may be valuable to other agencies. Enter answer in paragraph form. [ ] 2.7.28 How much of the agency’s business architecture (across all business divisions) has been modeled (enterprise service delivery and/or business process models)? Choose one. ( ) More than 50% ( ) Between 10% and 50% ( ) Less than 10% ( ) Not Applicable 2.7.29 Describe the agency’s policy and practice of keeping business models and/or business requirements up-to-date or current. Enter answer in paragraph form. [ ]
40
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.7.30
If the agency currently practices business architecture/modeling/ requirements separate from system requirement efforts, which group(s) are responsible for producing the business models/requirements? (Note: “business analysts” and “system analysts” are generic role names, not job titles.) Choose all that apply. ( ) Business analysts who work WITHIN a particular business division ( ) Business analysts who work ACROSS business divisions, but are NOT technology staff ( ) Business analysts who work ACROSS business divisions, but ARE technology staff ( ) Systems analysts who work ACROSS business divisions, and ARE technology staff ( ) Systems analysts who work WITHIN a particular business division, and ARE technology staff ( ) Business or solution architects who work WITHIN or ACROSS business divisions, and are NOT technology staff ( ) Business or solution architects who work ACROSS business divisions, and ARE technology staff ( ) Not applicable ( ) Other (specify) [ ]
2.7.31
What could DIR do to support the agency’s business architecture process? Enter answer in paragraph form. [ ]
NEW OPPORTUNITIES FOR STATEWIDE MANAGEMENT OR SUPPORT DIR will use agency responses to identify agency level of interest in new opportunities for shared or consolidated management or support.
2.7.32 In which technology areas could shared or consolidated management and/or support help the agency better accomplish its mission? Choose all that apply. ( ) E-mail/messaging/collaboration services ( ) Human resources applications ( ) Financial applications ( ) Help desk ( ) Web services ( ) None of the above ( ) Other (specify) [ ]
20 JUN 06 | 2006 IRSP INSTRUCTIONS
41
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
2.7.33
Describe the agency’s interest in the technology area(s) indicated above (question 2.7.32). Enter answer in paragraph form. [ ]
OBJECTIVE 8. ENHANCE THE VALUE OF STATE REVIEWS
Oversight of the success and status of the state’s investment is primarily focused on mitigating risk, identifying and documenting best practices, and ensuring that state leadership is kept well informed. To effectively oversee and manage the state’s technology investment, agencies and decision-making authorities require current and reliable information. At present, Texas collects and analyzes technology information and monitors agency projects through a number of processes and reporting applications. DIR will use agency responses to the following questions to develop streamlined reporting program scope and priorities. See the report, Statewide Technology Management: Opportunities for Improvement, available on the DIR Web site, for additional information. STREAMLINED REPORTING
2.8.1 Describe the extent to which the agency experiences redundancies in technology reporting to oversight agencies and groups, including LBB, Comptroller of Public Accounts, Contract Advisory Team, DIR, Quality Assurance Team, and/or the Texas Building and Procurement Commission. Enter answer in paragraph form. [ ] 2.8.2 Describe the extent to which the agency experiences inconsistent technology terminology and definitions among different oversight agencies. Enter answer in paragraph form. [ ] 2.8.3 Describe challenges in technology reporting to oversight agencies, including manual reporting requirements and/or the inability to directly export existing datasets. Enter answer in paragraph form. [ ] 2.8.4 Describe any other challenges the agency faces in reporting technology information to oversight agencies. Enter answer in paragraph form. [ ]
42
DEPARTMENT OF INFORMATION RESOURCES
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
MANAGEMENT OF TECHNOLOGY ASSETS
2.8.5 Describe the agency’s strategy and approach to technology asset management. Indicate if automated tools are used to discover, track, and/or manage asset usage and status information. Technology assets include hardware, software, licenses, and service contracts. Enter answer in paragraph form. [ ]
OBJECTIVE 9. INCREASE THE VALUE OF ELECTRONIC DATA AND INFORMATION
Information held by government resides in abundant quantities, in multiple versions, and in various formats within mainframes, network servers, desktop hard drives, e-mail systems, and mobile devices. Without tools and processes to locate and retrieve required files, data is effectively useless. To enhance their value, data and information must be controlled systematically from creation to disposition. Managing information consistently will minimize redundancy in data collection and storage, improve data accuracy, increase staff productivity, and improve system performance. DATA AND INFORMATION MANAGEMENT
2.9.1 What types of automated tools does the agency currently use to manage data and information? Choose all that apply. ( ) Automatic classification systems ( ) Business intelligence ( ) Content management ( ) Document management ( ) Enterprise search engines ( ) Records management ( ) Imaging systems ( ) Information life cycle management ( ) Data warehouse ( ) Web content management ( ) Workflow ( ) E-mail archiving ( ) None of the above ( ) Other (specify) [ ] 2.9.2 Which of the data and information management tools listed above is the agency considering or planning to purchase during the 2008-09 biennium? Enter answer in paragraph form.
20 JUN 06 | 2006 IRSP INSTRUCTIONS
43
�PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES
[ ] 2.9.3 Would the agency benefit from DIR support or shared services in the data and information management areas cited in question 2.9.1? Choose one. ( ) Yes ( ) No (skip 2.9.3a) 2.9.3a Describe how the agency would benefit from DIR support or shared services in data and information management. Enter answer in paragraph form. [ ]
ELECTRONIC RECORDS MANAGEMENT
2.9.4 Describe the agency’s strategy and approach for creating, retaining, and disposing of electronic records as detailed in the Electronic Records Standards and Procedures [13 TAC §§6.93-6.97]. Enter answer in paragraph form. [ ] 2.9.5 Describe the agency’s strategy and approach for protecting the citizens’ personal data in content that is published on the agency’s Web site or on publicly available information systems. Enter answer in paragraph form. [ ]
ACCESSIBILITY OF AGENCY WEB SITES
2.9.6 How often are agency Web sites (Internet and intranet) and public-facing Web-based applications checked/tested for accessibility compliance? Choose all that apply. ( ) Upon modification of existing content or functionality ( ) Upon development of new content or functionality ( ) Monthly ( ) When a problem is identified ( ) Accessibility compliance has not been tested (skip 2.9.7) 2.9.7 Who performs accessibility compliance testing? Choose all that apply. ( ) Agency Web/application design staff using test and evaluation tools ( ) Other state or public resources (e.g., the UT Accessibility Institute) ( ) A design/accessibility assessment contractor (e.g., Knowbility)
44
DEPARTMENT OF INFORMATION RESOURCES
�Part 3:
Compliance with State Standards
Agencies should review technology-related statutes and rules referenced in this part of the IRSP and identify the status of compliance with each. DIR will use agency responses to each compliance requirement to identify and evaluate the extent to which each agency, and the state as a whole, is complying with key statutes and rules related to technology. For each requirement, select the answer that best represents the agency’s current compliance status. When selecting ―In Progress‖ or ―Planned‖, indicate the month and calendar year in which the requirement will be fully implemented. • • Implemented – The agency has implemented the requirement. In Progress – The agency has begun an activity that will lead to implementation of the requirement. Indicate the estimated date (month and calendar year) that the requirement will be implemented. • Planned – The agency is planning to implement the requirement, but has not yet begun activity toward implementation. Indicate the estimated date (month and calendar year) that the requirement will be implemented. • • Not Planned – The agency is not planning to implement the requirement. Not Applicable – The requirement is not applicable to the agency.
SECURITY REQUIREMENTS
3.1.1 The agency head or a designated representative must review and approve ownership of information resources and their associated responsibilities [TAC §202.21(a), §202.71(a)]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
20 JUN 06 | 2006 IRSP INSTRUCTIONS
45
�PART 3: COMPLIANCE WITH STATE STANDARDS
3.1.2
Each agency must designate a full-time information security officer [TAC §202.21(d), §202.71(d)]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.1.3
Each agency must have annual reviews of their security program for compliance with the TAC 202 Security Standards [TAC §202.21(e), §202.71(e)]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.1.4
Each agency must perform a security risk analysis of information resources [TAC §202.22, §202.72]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
46
DEPARTMENT OF INFORMATION RESOURCES
�PART 3: COMPLIANCE WITH STATE STANDARDS
3.1.5
Each agency must have documented Physical Security measures in place [TAC §202.23, §202.73]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.1.6
Each agency must have a Business Continuity Plan [TAC §202.24, §202.74]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.1.7
Each agency must take measures to ensure that designated confidential information is accessible to only authorized users [TAC §202.25(2)(A), §202.75(2)(A)]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
20 JUN 06 | 2006 IRSP INSTRUCTIONS
47
�PART 3: COMPLIANCE WITH STATE STANDARDS
3.1.8
Each agency must utilize the DIR monthly incident reporting system [TAC §202.26, §202.76]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.1.9
Each agency must have controls in place to ensure that test functions for systems development, acquisition, and testing are either physically or logically separated from production functions [TAC §202.25(6)(A), §202.75 (6)(A)]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.1.10
Each agency must establish a perimeter protection strategy [TAC §202.25(8), §202.75(8)]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
48
DEPARTMENT OF INFORMATION RESOURCES
�PART 3: COMPLIANCE WITH STATE STANDARDS
3.1.11
All System Identification/Logon Banners must have the appropriate warning statements [TAC §202.25(9), §202.75(9)]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.1.12
All authorized users of agency information resources must be required to formally acknowledge that they will comply with security policies and procedures before they are granted access to information systems [TAC §202.27, §202.77]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.1.13
Each agency must create, distribute, and implement information security policies [TAC §202.25(7), §202.75(7)]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
20 JUN 06 | 2006 IRSP INSTRUCTIONS
49
�PART 3: COMPLIANCE WITH STATE STANDARDS
GEOGRAPHIC INFORMATION SYSTEMS STANDARDS
• • • Indicate which GIS standards listed below have been implemented [TAC §201.6]. If ―In Progress‖ or ―Planned‖, estimate the year/month that implementation will be completed. If the agency does not use, or plan to use, GIS technology to conduct any part of its business, select ―Not Applicable‖ for questions 3.2.1 through 3.2.5.
3.2.1 The agency must coordinate in advance with the Texas Geographic Information Council on expenditures of over $100,000 to acquire, enhance, or develop a GIS base map dataset. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009} 3.2.2 If the agency originates or adds content to a digital geospatial dataset and distributes it to other agencies or the public, it must offer the dataset in at least one format that is readily usable by a variety of GIS software packages. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
50
DEPARTMENT OF INFORMATION RESOURCES
�PART 3: COMPLIANCE WITH STATE STANDARDS
3.2.3
If the agency acquires a federal or other public domain geospatial dataset, it must make it available to other agencies and the public via the agency’s Web site and/or the Texas Natural Resources Information System. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.2.4
If the agency originates or adds content to a digital geospatial dataset and distributes it to other agencies or the public, it must prepare standardized metadata documentation for each dataset, and distribute this metadata with the dataset. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.2.5
If the agency generates or contracts for positional data using field measurement techniques, it must utilize the North American Datum of 1983 (NAD83) for horizontal positional data and the North American Vertical Datum of 1988 (NAVD88) for vertical elevation data. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
20 JUN 06 | 2006 IRSP INSTRUCTIONS
51
�PART 3: COMPLIANCE WITH STATE STANDARDS
ADDITIONAL RULES AND REQUIREMENTS
3.3.1 The agency must adhere to the published standards when wiring or rewiring state-owned or state-leased space [TAC §208.10, §208.20]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009} 3.3.2 If the agency holds an open or closed meeting by video conference call, the systems used must comply with the approved standards [TAC §209]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009} 3.3.3 The agency must purchase commodity software in accordance with contracts developed by the department or obtain an approved waiver [TAC §212]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
52
DEPARTMENT OF INFORMATION RESOURCES
�PART 3: COMPLIANCE WITH STATE STANDARDS
3.3.4
If the agency receives information resources technologies under a contract from another state entity, it must solicit bids or proposals for the procurement of such technologies by giving public notice of a request for proposals or a request for bids [TAC §204, TGC §2054.119]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.3.5
Each agency must manage electronic records according to the Electronic Records Standards and Procedures adopted by the Texas State Library and Archives Commission [13 TAC §§6.91-6.97]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.3.6
Each agency must ensure that electronic records in its custody that have historical value to the state are properly preserved [TGC §441.186]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
20 JUN 06 | 2006 IRSP INSTRUCTIONS
53
�PART 3: COMPLIANCE WITH STATE STANDARDS
3.3.7
Each agency must remove restricted personal information from any associated storage device before selling or transferring data processing equipment to a person who is not a state agency or other agent of the state [TGC §2054.130; TAC §202.28, §202.78]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.3.8
Each agency’s IRM should at a minimum have a four-year degree from a fully accredited post-secondary institution (if appointed after September 1, 1992) [TAC §211.11, §211.21]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
3.3.9
Each agency’s IRM should meet or exceed the IRM continuing education requirements for FY2005 [TAC §211.11, §211.21]. Status: Choose one. ( ) Implemented ( ) In Progress ( ) Planned ( ) Not Planned ( ) Not Applicable Estimated Date (if “In Progress” or “Planned”) {Choose date between 09/2006 and 12/2009}
54
DEPARTMENT OF INFORMATION RESOURCES
�Glossary
Architecture. Refers to either hardware or software, or to a combination of hardware and software. The architecture of a system always defines its broad outlines, and may define precise mechanisms as well. An open architecture allows the system to be connected easily to devices and programs made by other manufacturers. Open architectures use off-the-shelf components and conform to approved standards. A system with a closed architecture, on the other hand, is one whose design is proprietary, making it difficult to connect the system to other systems. [Source: Webopedia.com: www.webopedia.com/TERM/a/ architecture.html] Automatic Classification Systems. Automatic classification systems use mathematical constructs to identify key concepts by analyzing the frequency and placement of words and concepts within documents for the purpose of tagging the documents, organizing them into categories and improving retrieval success. Best Practice. A term used to describe generally agreed-upon processes, derived from experienced industry experts, which should be undertaken when deploying projects in order to decrease operational and financial risk. [Source: 2005 SSP Glossary] Business Architecture. Refers to the landscape of business units or divisions and the services and processes they perform to fulfill the agency’s mission, goals and objectives. Business architecture encompasses: Standards for business modeling, business requirements gathering, and business process reengineering Practices of business modeling, business requirements gathering, and business process reengineering at the business unit/division level Practices of business modeling and business re-engineering at the enterprise level Development of business-based service level agreements (SLAs) with regard to information and communications technology support Impact analyses and governance of business models, requirements and re-engineering proposals across divisions or enterprise-wide Business Continuity Management. A holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and valuecreating activities. [Source: Business Continuity Institute: www.thebci.org/ Glossary.pdf. Also, see the DIR Web site for Business Continuity Planning Guidelines: www.dir.state.tx.us/IRAPC/bcpg/index.htm] Business Intelligence. Business intelligence (BI) is a broad category of applications and technologies for gathering, storing, analyzing, and providing access to data to help enterprise users make better business decisions. BI applications include the activities of decision support systems, query and reporting, online analytical processing (OLAP), statistical analysis, forecasting, and data mining. [Source: www.whatis.com] Change Control. Any alteration of the functional or physical characteristics of a project work product. This includes both defect repairs and enhancements. Change Management. Addresses changes to requirements, operational systems, and/or procedures. These changes may originate within or outside the agency. An effective agency-wide change management/change control practice can enable a thorough impact analysis. Collaboration Software. Software that allows user groups to share information and applications online. [Source: 2005 SSP Glossary]
20 JUN 06 | 2006 IRSP INSTRUCTIONS
55
�GLOSSARY
Collection of Fees/Fines. Collection of any fee or fine for enforcement actions or failure to perform to agency requirements or standards. The result is a printable receipt of the funds. Commodity Items (Technology). Technology commodity items are defined in legislation as commercially available hardware, software, and technology services that are generally available to businesses or the public. See the DIR Web site for details: www.dir.state.tx.us/commodities/program.htm#II. Computer Incident Reports. Agencies and universities are required by TAC 202.26 and TAC 202.76 to provide summary reports that contain information concerning violations of security policy of which the agency has become aware. For more detail, see the DIR Web site for reported incidents in published documents: www.dir.state.tx.us/security/reports/. Configuration. Functional and physical characteristics of hardware or software as set forth in technical documentation or archived in a product; requirements, design, and implementation that define a particular version of a system or system component. Configuration Management. Subset of project management that includes the processes for formally identifying and controlling project configuration items. Includes version control of project deliverables and other text documents, as well as code and build procedures. Technology project artifacts and deliverables must be versioned if they are to be kept up to date, including business and system requirements, designs, and data models. An agency-wide configuration management practice can support the ongoing maintenance of standards and requirements and code bases within an agency. Content Management. Content management systems consist of technologies used to capture, manage, store, preserve, and deliver content such as images, office documents, graphics, drawings, print streams, Web pages, e-mail, video, and rich media assets. Contract Advisory Team (CAT). The Contract Advisory Team consists of a representative from the Comptroller of Public Accounts, Office of Attorney General, Office of the Governor, DIR, and the Texas Building and Procurement Commission. Its role is to review project solicitation plans based on risk assessment results and to grant approval to an agency to proceed with solicitation plans. Cooperative Contracts Program. In accordance with TGC §2157.068, and 1 TAC Chapter 212, each state agency must purchase technology commodity items through contracts established by DIR unless the agency first obtains an exemption. For more details on the program, see the DIR Web site: www.dir.state.tx.us/commodities/program.htm#I. Cyber Security. The branch of security that protects data and information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional. [Source: 2005 SSP Glossary] Data Center. A centrally managed computing facility that houses servers or mainframe(s) and storage devices to serve as a centralized processing center. Typically, such a facility is constructed or modified with separate climate controls and electrical connections that are adequate to support the computing environment. [Source: 2005 SSP Glossary] Data Management. Data management ensures data integrity and availability through methodologies such as data warehousing, cleansing, profiling, stewardship, modeling, and definition. Effective business decisions rely on data accuracy and reliability. [Source: BetterManagement.com: www.bettermanagement.com/topic/subject.aspx?f=10&s=1266] Data Warehouse. A data warehouse is a collection of data designed to support management decision making. Data warehouses contain a wide variety of data that present a coherent picture of business conditions at a single point in time. Data warehousing generally refers to the combination of many
56
DEPARTMENT OF INFORMATION RESOURCES
�GLOSSARY
different databases across an entire enterprise. [Source: Webopedia.com ] Disaster Recovery Services. Services usually provided by a third party that include developing advance arrangements and procedures to enable an organization to either maintain or quickly resume mission-critical functions within a specified time, minimizing loss to the organization. [Source: 2005 SSP Glossary] Document Imaging Systems. Document imaging systems consists of various configurations of hardware and software components used to render paper documents into computer readable digital images. These images can then be transferred onto a variety of electronic storage media and can be stored, retrieved, and managed electronically. Document Management. Document management systems consist of technologies used to control the life cycle of documents from their point of creation by providing indexing, profiling, routing, check-in and checkout, revision, and version control capabilities. The primary concern of electronic document management systems is the authoring and approval process. Electronic Records Management Systems. Electronic records management systems consist of technologies that collect, organize, categorize, store, retrieve, use, and dispose of electronic records, managing them throughout their complete life cycle. Basic functionality supports the development of retention schedules, implementation of disposition and retention requirements, calculation of disposal eligibility dates, ability to place holds on disposition when necessary, and generation of disposal logs. E-mail Archiving System. E-mail archiving systems capture and store all e-mail in read-only form. Both sent and received e-mail is indexed on header information and stores captured messages to disk, optical storage, or tape storage. E-mail archive systems are used by organizations to manage e-mail for compliance, storage management, legal discovery, and knowledge management. Enterprise. Concerning the broadest scope of the agency, including all business and technology divisions. Enterprise Architecture. A comprehensive approach used to manage and coordinate an agency’s business processes and information systems so that they align with the agency’s core goals and strategic direction. Enterprise Impact. Effect of one variable across all business and technology divisions of the agency. Enterprise Resource Planning. A term for the broad set of activities supported by multi-module application software that helps a business manage its business processes, including operational planning, inventory, procurement, customer service, finance, and human resources. Typically, an ERP system uses or is integrated with a relational database system. Enterprise Search Engines. Enterprise search engines are programs designed to help find information stored inside corporate or proprietary networks or intranets. A search engine employs a variety of strategies, such as thesauri, dictionaries, and probabilistic analysis, to discover documents that match a user’s interests. Enterprise Strategic Governance. Encompasses the structures and processes for defining and ensuring fulfillment of agency mission, goals, and objectives through consideration of both business and technology services within a common forum. Geographic Information System (GIS). A system of computer hardware, software, and procedures used to store and manipulate electronic maps and related data to solve complex planning and management problems. [Source: 2005 SSP Glossary]
20 JUN 06 | 2006 IRSP INSTRUCTIONS
57
�GLOSSARY
Global Positioning System (GPS). A satellite-based navigation system developed by the U.S. Department of Defense. GPS receivers can determine one’s position on the earth’s surface. Impact Analysis. Analysis of the relative harm or damage to a project if a risk becomes a problem, usually expressed either as a dollar amount or on a scale from 1 to 10. Information Life Cycle Management. Information life cycle management is an approach to managing information and storage that recognizes that the value of information, based on its purpose and content, changes over time. Information Architecture. Refers to the landscape of data models, taxonomies, databases, data warehousing, business intelligence, data retention/archiving and reporting, and the services and processes they perform to fulfill the agency’s mission, goals, and objectives. Information architecture encompasses Standards for all aspects of information architecture mentioned above Practices for all aspects of information architecture mentioned above Impact analyses and governance of information architecture elements across technology divisions and across business divisions, or enterprise-wide Information Resources Management Act (IRMA). Section 2054 of the Texas Government Code. Information Resources Manager (IRM). Responsible to the State of Texas for management of the agency’s information resources. The designation of an agency information resources manager (IRM) is intended to establish clear accountability for setting policy for information resource management activities, provide for greater coordination of the state agency’s information activities and ensure greater visibility of such activities within and between state agencies. See DIR Web site: www.dir.state.tx.us/oversight/index.htm. Information Security. Effective information security practices requires executive management support, effective policies and procedures that are appropriate for the environment, staff training, risk assessment, employee awareness, appropriate and effective controls, and comprehensive audit and testing. The goal is to protect the agency’s critical missions by reducing risks, complying with laws and regulations, and ensuring business continuity, information integrity, and confidentiality. [Source: Practices Protecting Information Resources Assets on the DIR Web site: www.dir.state.tx.us/IRAPC/practices/pdf/practices-pt1.pdf] Information Security Officer (ISO). Responsible to the information resources manager for administering the information security functions within the agency. The ISO is the agency’s internal and external point of contact for all information security matters. See DIR Web site: www.dir.state.tx.us/security/policies/incident_mgmt_policy.doc. Information Technology Detail (ITD). TGC 2054 (IRMA) directs that an agency’s strategic planning process coincide with the state’s budget cycle. As part of that process, agencies must prepare an ITD to substantiate their capital project information and show how they will manage their information resources technology, implement their IRSP, and use their information resources budget in the next biennium. See the LBB Web site: www.lbb.state.tx.us/ITD/ITD_Manual_0604.pdf. Infrastructure. The physical hardware used to interconnect computers and users, as well as the software used to send, receive, and manage transmitted signals. Interactive Voice Response (IVR). A computerized system that allows a person, typically a telephone caller, to select an option from a voice menu and interact with a computer system. Generally, the system plays pre-recorded voice prompts to which the person presses a number on a telephone keypad to select an option or speaks simple answers such as ―yes,‖ ―no,‖ or a number. [Source: 2005 SSP Glossary]
58
DEPARTMENT OF INFORMATION RESOURCES
�GLOSSARY
Interoperability. The ability of two or more systems or products to work together without special effort. For example, routers and switches in a network require interoperability. Intrusion Detection System. Software and/or hardware that detects and logs inappropriate, incorrect, or anomalous activity on a network and that identifies suspicious patterns that may indicate an attack from someone attempting to break into or compromise a system. [Source: 2005 SSP Glossary] Messaging. Services that use a network to send, receive, and combine messages, faxes and large data files. Examples are electronic mail and enhanced fax. Modeling. Generally, the process of representing a real-world object or phenomenon as a set of mathematical equations. [Source: Webopedia.com] Network Convergence. The integration of voice, data, and video networks. [Source: 2005 SSP Glossary] Network Security and Operations Center (NSOC). HB3112 (79th Texas Legislature) authorizes DIR to establish NSOC on a cost-recovery basis to manage and deliver network security system services to state agencies. Patch Management. Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management tasks include: maintaining current knowledge of available patches, deciding what patches are appropriate for particular systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures, such as configurations required. [Source: Whatis.com: http://searchwindowssecurity.techtarget.com/sDefinition/0,,sid45_gci901422,00.html] Payment for Services. Refers to a payment accepted by an agency that will result in the providing of a service, license, registration, permit, or product of transferable value to its constituency that could be revoked, confiscated or cancelled, or that might lapse at a later date. Performance Management. Subset of project management that includes the processes for measuring the performance of the product and/or service delivered by the project. Planned Procurement Schedule. A legislatively mandated data collection instrument that identifies planned procurements for technology commodities and data center equipment and services by agencies. The information is used by DIR to plan future vendor solicitations of commodity items and as a vehicle to review and approve data center-related procurements. Portfolio Management. A business process in which investment decisions are made to determine and select the mix of active projects and the budget, staffing, and other resource allocations for each one. [Source: 2005 SSP Glossary] Project. As defined in Texas Government Code, Chapter 2054, a program to provide information resources technologies support to functions within or among elements of a state agency that ideally is characterized by well-defined parameters, specific objectives, common benefits, planned activities, a scheduled completion date, and an established budget with a specified source of funding. Project Management. System of procedures, practices, technologies, and know-how that provides the planning, organizing, staffing, directing, and controlling necessary to successfully manage a project. Project: Major Information Resources . As defined in Texas Government Code, Chapter 2054, any information resources technology project identified in a state agency’s biennial operating plan whose development costs exceed $1 million and that requires one year or longer to reach operations status; involves more than one state agency; or substantially alters work methods of state
20 JUN 06 | 2006 IRSP INSTRUCTIONS
59
�GLOSSARY
agency personnel or the delivery of services to clients; and any information resources technology project designated by the legislature in the General Appropriations Act as a major information resources project. Quality Assurance. A critical review process to ensure that a task is adequately and correctly performed. Quality Assurance Guidelines. The Guidelines explain and identify project management processes and procedures that address quality assurance compliance for major information resource projects. Quality Assurance Team (QAT). The QAT is composed of representatives from DIR, the Legislative Budget Board, and the State Auditor’s Office. The Team is responsible for reviewing, approving, and overseeing major information resources projects. Requirements Management. Addresses requirements that have an enterprise impact, including legislative statutes, business requirements, system requirements, design requirements, and test requirements. Requirements Management Policy. An agency-level (as opposed to project-level) requirements management policy that establishes the various requirement types, as well as critical traceability guidelines for those requirements; allows for effective impact analyses to be performed when changes are proposed. Reuse. Reuse is the inclusion of previously designed components (blocks of logic or data) in software and hardware. The term is more frequently used in hardware development. Design reuse makes it faster and cheaper to design and build a new product, since the reused components will not only be already designed but also tested for reliability. Developers can reuse a component in both similar and completely different applications. [Source: Whatis.com: http://whatis.techtarget.com/definition/ 0,289893,sid9_gci759468,00.html] Reverse Auction. A type of auction in which the role of the buyer and seller are reversed. In a typical reverse auction, a buyer specifies what is to be purchased and, through an auction process, awards the procurement to the lowest bidder. Risk. The possibility of an act or event occurring that would have an adverse effect on the state, an organization, or an information system. Risk involves both the probability of failure and the possible consequences of a failure. Seat Management Services. A method of standardizing installation, operation, and maintenance of hardware and software at each desktop across an enterprise. [Source: 2005 SSP Glossary] Service Level Management. Service Level Management negotiates and monitors line-of-business technology consumption and service quality to ensure alignment with business objectives and maximize the business benefits of technology investments. [Source: BetterManagement.com: www.bettermanagement.com/topic/ subject.aspx?f=486&s=1252] Service-Oriented Architecture. A collection of self-contained services that communicate with each other by passing data or coordinating activity among two or more services. [Source: 2005 SSP Glossary] Software Development Life Cycle. The process used to develop an information system, including requirements, validation, training, and user ownership through investigation, analysis, design, implementation, and maintenance. Also known as Systems Development Life Cycle. [Source: 2005 SSP Glossary]
60
DEPARTMENT OF INFORMATION RESOURCES
�GLOSSARY
Stakeholder. Any individual or group who cares about the effort and cost of a project, wants to see the agency use the results of the product, and needs to provide time and effort to make the product usable. Standard. An approved, documented, and available set of criteria used to determine the adequacy of an action or object. Statewide Information Technology Asset Report (SITAR). A Web-based reporting tool developed by DIR for state agencies to report their technology assets to support development of a consolidation plan directed by the legislature. The original SITAR application was adapted to support submission of the agency Information Resources Strategic Plans (IRSP) in 2004. SITAR will not be used for 2006 submissions of agency IRSPs. Strategic. Important or essential in relation to a plan of action; what is to be accomplished. Tactical. Method or plan for attaining a particular goal; how something will be accomplished. Taxonomy. The science of categorization, or classification, of things based on a predetermined system. In reference to Web sites and portals, a site’s taxonomy is the way it organizes its data into categories and subcategories, sometimes displayed in a site map. [Source: Webopedia.com: www.webopedia.com/TERM/t/taxonomy.html] Technical Architecture. Refers to the landscape of applications, environments, hardware, software, and infrastructure, and the services and processes they perform to fulfill the agency’s mission, goals and objectives. Technical architecture encompasses Standards for all aspects of the technical architecture, including development and deployment methodologies Practices of modeling, requirements gathering and re-engineering of applications, environments, hardware, software and infrastructure Management of business-based service level agreements (SLAs) Impact analyses and governance of technical standards, models, requirements, and reengineering proposals across technology divisions and across business divisions, or enterprise-wide TEX-AN. Texas Agency Network Texas Project Delivery Framework. The Texas Project Delivery Framework (Framework) establishes a consistent, statewide method for project selection, control, and evaluation based on alignment with business goals and objectives. The Framework consists of five review gates with guidance and tools for each of the gates: Business Justification–initial review gate for selection and approval of the project Project Planning–planning for both project management and technology-related activities and deliverables Solicitation and Contracting–development and management of technology solicitations and contracts Project Implementation–development, testing, and deployment based on project planning deliverables Benefits Realization–final review gate for measurement and evaluation of all project outcomes See the DIR Web site: www.dir.state.tx.us/pubs/framework/overview.htm. Voice over Internet Protocol (VoIP). A technology used to transmit voice over a data network using the Internet. [Source: 2005 SSP Glossary] Web Content Management. Web content management systems provide an automated approach to implementing content management processes, controls and policies within a Web site, a Web-
20 JUN 06 | 2006 IRSP INSTRUCTIONS
61
�GLOSSARY
based application or a Web-based network. Most major Web content management systems include authoring tools, workflow tools and templates, and approval workflow processes. Work Breakdown Structure (WBS). The complete list of activities that need to be done for a project, used for estimation and scheduling the work. Workflow. Workflow management products automate tasks, procedural steps, organizations or people involved, required input and output information, and tools needed for each step in a business process. These products manage and enforce work progression consistently focusing on processes rather than documents.
62
DEPARTMENT OF INFORMATION RESOURCES
�20 JUN 06 | 2006 IRSP INSTRUCTIONS
63
�Department of Information Resources P.O. Box 13564 Austin, TX 78711-3564 www.dir.state.tx.us
Visit www.TexasOnline.com, the Official Web Site of the State of Texas
�