2006 IRSP Instructions Template by ericaburns

VIEWS: 0 PAGES: 70

									        TEXAS DEPARTMENT OF INFORMATION RESOURCES




        2006 Information
Resources Strategic Plan
 Instructions & Template
 Guidance for State Agencies and
   Institutions of Higher Education




                UPDATED JUNE 20, 2006
     CONTENTS



               INTRODUCTION .................................................................................1
               Changes to the IRSP Instructions .......................................................................... 1
               IRSP Submission Requirements and DIR Support ................................................ 1
               Background .............................................................................................................. 2
               Purpose ..................................................................................................................... 3
               Approach ................................................................................................................. 4
               IRSP Organization .................................................................................................... 5

               PART 1:AGENCY ENVIRONMENT .........................................................7
               Aligning Technology with Agency Mission, Goals, and Objectives ............... 7
               Information and Communications Technology Management Practices ................. 8
                        Information Resources Manager ............................................................ 9
                        Project and Portfolio Management ........................................................ 9
                        Software Development Life Cycle Methodologies ............................. 11
                        Performance Management .................................................................. 12
                        Requirements/Change/Configuration Management ........................ 12
                        Telecommuting ....................................................................................... 13
                        Intranet .................................................................................................... 14
               Enterprise Architecture and Governance Practices ...................................... 14
               Agency Database and Application Portfolio .................................................. 15
                        Databases ............................................................................................... 16
                        Applications ............................................................................................ 17

               PART 2:SUPPORT OF 2005 SSP GOALS AND OBJECTIVES ...................19
               Objective 1. Reduce Cost, Eliminate Duplication, and Improve
                Performance of Data Center Services .......................................................... 19
                        Service Level Agreements/Requirements ............................................ 19
                        Disaster Recovery ................................................................................... 21
               Objective 2. Safeguard Information and Communications Technology
                Assets ................................................................................................................... 21
                        Security Responsibilities .......................................................................... 22
                        Security Funding ..................................................................................... 23
                        Security Capabilities ............................................................................... 24
                        Security Assistance Survey ..................................................................... 25
               Objective 3. Leverage Shared Network Operations and Resources .......... 26
                        Voice Network Upgrades ...................................................................... 26
                        Data Network Upgrades ........................................................................ 26
                        Voice over Internet Protocol (VoIP) ...................................................... 27
                        Interactive Voice Response................................................................... 27




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                                                               i
CONTENTS




                    Call Centers ............................................................................................. 27
                    Video Conferencing............................................................................... 28
                    Wireless Data Services and Infrastructure ............................................ 28
                    TEX-AN Contracts .................................................................................... 29
                    Shared Network Operations Survey ...................................................... 29
           Objective 4. Solve Common Business Problems through Shared
            Applications ....................................................................................................... 29
                    Receiving Payments over the Internet ................................................. 30
                    Collecting Fees or Fines over the Internet ............................................ 30
                    Forms over the Internet .......................................................................... 30
                    Taking applications Through Interactive Voice Recognition (IVR) .... 31
                    E-mail Environment ................................................................................. 31
                    E-mail Costs (Optional)........................................................................... 32
                    Event Registration ................................................................................... 32
                    Grants Systems ........................................................................................ 33
                    Shared Services Survey........................................................................... 33
           Objective 5. Maximize Buying Power on Commodity Technologies and
            Services ............................................................................................................... 34
                    DIR Cooperative Contracts Program ................................................... 34
                    Best Practices for Acquisition of Goods and Services ......................... 34
           Objective 6. Ensure Maximum Results from State Projects ............................ 35
                    Texas Project Delivery Framework ......................................................... 35
                    Framework Training ................................................................................. 35
           Objective 7. Encourage Business and Technology Architectures that
            Drive Improved Planning and Coordination................................................ 36
                    Reuse........................................................................................................ 36
                    Collaboration .......................................................................................... 37
                    Interoperability ........................................................................................ 38
                    Information Architecture Practices ....................................................... 38
                    Technical Architecture Practices .......................................................... 39
                    Business Architecture Practices ............................................................. 40
                    New Opportunities for Statewide Management or Support .............. 41
           Objective 8. Enhance the Value of State Reviews ......................................... 42
                    Streamlined Reporting............................................................................ 42
                    Management of Technology Assets ..................................................... 43
           Objective 9. Increase the Value of Electronic Data and Information ........ 43
                    Data and Information Management ................................................... 43
                    Electronic Records Management ......................................................... 44
                    Accessibility of Agency Web Sites ........................................................ 44

           PART 3:COMPLIANCE WITH STATE STANDARDS ................................45
           Security Requirements ......................................................................................... 45
           Geographic Information Systems Standards ................................................... 50
           Additional Rules and Requirements .................................................................. 52




ii                                                                                DEPARTMENT OF INFORMATION RESOURCES
                                                                                                                    CONTENTS




               GLOSSARY........................................................................................55




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                                        iii
Introduction


     CHANGES TO THE IRSP INSTRUCTIONS
           The original version of the 2006 Information Resources Strategic Plan (IRSP)
           Instructions was posted on the Texas Department of Information Resources (DIR)
           Web site on May 5, 2006. It provided a background of the purpose and context
           of the plan, along with a preliminary set of questions to enable information
           resources managers (IRMs) to begin development of the IRSP offline.

           This updated version, the 2006 Information Resources Strategic Plan Instructions &
           Template, includes modified instructions and revised or edited questions that
           match those contained in the IRSP Collection Tool (see the Frequently Asked
           Questions, or ―FAQ‖, document on the DIR Web site for details). It replaces the
           original version of the IRSP Instructions and the DIR Data Instruction Template.



     IRSP SUBMISSION REQUIREMENTS AND DIR SUPPORT
           IRMs must submit responses to all required IRSP questions by August 22, 2006. A
           response is required for each IRSP question unless otherwise indicated. The two
           questions on e-mail costs, for example, are optional (questions 2.4.13 and 2.4.14).
           While this instruction document may be used to aid IRMs and subject matter
           experts in gathering information offline, the IRSP Collection Tool must be used to
           submit final IRSP responses to DIR (see Collection Tool Instructions, on the DIR Web
           site, for details).

           Texas Government Code (TGC) Chapter 2054, the Information Resources
           Management Act, or ―IRMA,‖ specifies that all agencies and institutions of higher
           education are required to complete IRSPs. These agencies should have received
           detailed instructions from DIR on using the hosted Web survey system for IRSP
           reporting. If an agency is required to complete the IRSP but did not receive these
           instructions, or if an agency would like to complete this plan on a voluntary basis
           to improve its deployment of information and communications technology, the
           agency IRM, or a representative, should contact David Dennis at 512-475-0577 or
           at david.dennis@dir.state.tx.us.

           The IRSP homepage, www.dir.state.tx.us/irsp/, which includes an FAQ page and
           other support documents, will also include any future amendments to these
           instructions. Additional guidance materials will be posted periodically throughout
           the reporting period. In addition, IRMs may retrieve data submitted by the
           agency in the 2004 IRSP through SITAR: https://sitar.dir.state.tx.us/itar/login.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                               1
INTRODUCTION




          Specific IRSP-related questions should be sent to irsp@dir.state.tx.us. DIR staff will
          respond to these questions as soon as possible, usually within two business days.

          The IRM is responsible for the preparation of the IRSP; however, state law requires
          that it be ―signed by the presiding officer of the governing body of the state
          agency if the agency is governed by one or more fully paid full-time state
          officials, and otherwise by the executive director of the agency‖ (or the
          president, chancellor, or vice chancellor if the agency is an institution of higher
          education). DIR will not require the submission of ―hard copy‖ plans or signature
          pages as part of the approval process; options such as e-mail certifications by the
          executive director/university head are being explored. DIR will provide detailed
          instructions to IRMs by e-mail once instructions are finalized.

          In the meantime, each IRM should ensure that their executive leadership,
          including the executive director/university head, is aware that a review and
          approval process must be completed before the IRSP submission deadline of
          August 22, 2006. Ideally, the IRM will seek the full support and collaboration of
          business units within the agency or institution of higher education as early as
          possible to ensure that the IRSP fully aligns technology with the business needs,
          mission, and goals of the agency.


     BACKGROUND
          Every two years, each Texas state agency and institution of higher education is
          required to develop an Information Resources Strategic Plan (IRSP) and send it to
          DIR and the Quality Assurance Team (QAT) for review. The QAT comprises
          representatives from DIR, the Legislative Budget Board (LBB), and the Texas State
          Auditor’s Office. Each agency’s information resources manager is responsible for
          completing the IRSP.

          DIR, in coordination with the QAT, must report to the agency or institution of
          higher education, and may report to the governor and the presiding officer of
          each house of the legislature, when an IRSP or plan amendment is not in
          compliance with the state strategic plan for information resources management
          (state strategic plan, or SSP). IRMA contains specific content requirements for the
          IRSP (TGC §2054.096).

          DIR conducted a focus group with 19 representatives from agencies and
          institutions of higher education on April 12, 2006, to review IRSP questions, format,
          and direction. In response to the review and to input from other stakeholders, DIR
          reduced the number of questions and adjusted the scope in some areas. The
          resulting IRSP avoids requesting information already provided to the state through
          other data collection instruments.




2                                                       DEPARTMENT OF INFORMATION RESOURCES
                                                                                    INTRODUCTION




           Throughout this document, all references to agencies apply to state-supported
           institutions of higher education as well, unless otherwise indicated. In addition, all
           references to the state strategic plan refer to the 2005 plan, Shared Success:
           Building a Better Texas through Shared Responsibilities.



     PURPOSE
           The 79th Texas Legislature signaled a clear mandate for the state to restructure
           the roles and responsibilities for its investment in information and communications
           technology. The key elements of this change include a focus on advancing
           services to citizens, supporting the core missions of individual agencies, simplifying
           technology management, and maximizing the value of the state’s investment in
           hardware, software, services, data, and personnel.

           The IRSP is one of several mandated planning and reporting tools that enable
           oversight entities to monitor and evaluate how effectively agencies are delivering
           on legislative mandates and requirements. The 2006 IRSP also helps agencies
           establish a roadmap for improving service delivery to citizens and in performing
           agency administrative functions more efficiently. It contains questions in various
           formats, including yes/no, single select, multiple select, survey, and text. While the
           IRSP is developed every two years, the required planning horizon for each plan is
           five years.

           Questions in the 2006 IRSP are limited to information that cannot be gathered
           through other sources. For example, although TGC §2054.096 requires DIR to
           collect project-specific information from agencies, there is sufficient project
           information in the Information Technology Detail (ITD) reported to the LBB, and
           the Texas Project Delivery Framework to meet these requirements. Therefore, the
           2006 IRSP has no project-specific questions. Similarly, agencies involved in data
           center assessments and the data center consolidation project (institutions of
           higher education and 27 prioritized state agencies) will not be required to answer
           certain questions because they have already provided extensive information on
           their data center operations.

           The 2006 IRSP fully aligns with the 2005 SSP and provides the basis for agencies to
           collaboratively develop technology solutions that support individual, mission-
           critical agency business processes. To ensure alignment of information and
           communications technology planning with agency missions, goals, and
           objectives, the IRSP should be developed in concert with agency strategic plans
           (state agencies only) and the legislative appropriations request process. DIR will
           use agency responses to questions in the IRSP to fulfill research responsibilities,
           gauge future agency and statewide needs, and help compile the 2006 biennial
           performance report for information resources management.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                  3
INTRODUCTION




          Additionally, the Legislature requires DIR to provide the LBB with a list of agencies
          that have not complied with standards, provisions in the SSP, or corrective action
          plans. Each listed agency must develop corrective action plans, approved by
          DIR, that specify how the agency will correct the deficiencies before
          components of the agency biennial operating plan can be approved by the LBB.



     APPROACH
          The 2005 SSP articulates five strategic goals that will govern the state’s technology
          investment. These goals are to

          •    Reduce government costs
          •    Drive effective technology contracting
          •    Leverage shared technology operations
          •    Promote innovative use of technology that adds value
          •    Protect technology and information assets

          These goals will require substantial coordination
          among all levels of government. The Texas Model
          of the Enterprise, as discussed in the 2005 state
          strategic plan, supports these goals through ten
          objectives. The structure of the 2006 IRSP
          reflects the Model by addressing all of
          the objectives, promoting effective
          technology planning and service
          delivery at the agency level that
          also advances shared success
          throughout the state.

          The base of the Texas
          Model—the statewide
          infrastructure layer—
          delivers shared
          functions that, similar to utility services, are needed by all agencies, but are not
          unique or specific to an individual agency. These functions include those
          addressed by Objectives 1–5 of the 2005 SSP: Data Center, Security, Network,
          Shared Applications, and Commodity Procurements. The collaboration layer
          supports the shared development of guidelines and practices that contribute to
          effective enterprise management of information and communications
          technology. These guidelines and practices include those addressed by
          Objectives 6–9: Project Delivery, Architecture, State Reviews, and Data
          Management and Access. The collaboration layer includes guiding the
          development of integrated architectures that advance data and information
          sharing among agencies, establishing a collaborative approach for evaluating




4                                                      DEPARTMENT OF INFORMATION RESOURCES
                                                                                   INTRODUCTION




           opportunities to standardize agency business processes where common needs
           exist, and supporting the adoption of statewide technology rules and standards.

           Leveraging each of the preceding layers, the most important is the agency layer,
           which supports the unique functionality that an agency must deliver to
           successfully support its core mission. By unifying Texas government through
           coordinated commitments and shared responsibilities, the state can strategically
           align its significant investment in information and communications technology
           with agency business needs.



     IRSP ORGANIZATION
           The 2004 IRSP was primarily an inventory of agency goals and objectives, projects,
           applications and databases, and compliance status. While the 2006 IRSP includes
           these elements, as required by TGC §2054.096, it is also a roadmap to help the
           state transform technology as a shared responsibility among all agencies. It also
           supports collaboration among agencies and DIR to build an enterprise
           infrastructure that supports individual, mission-critical agency business processes.

           The 2006 IRSP is organized into three parts:

           Part 1, Agency Environment, represents the agency layer of the model (Objective
           10). It describes how the agency aligns information and communications
           technology with its business goals and objectives, how it manages its information
           resources, and how it manages its portfolio of applications and databases.

           Part 2, Support of 2005 SSP Goals and Objectives, represents the statewide
           infrastructure layer (Objectives 1-5) and the collaboration layer (Objectives 6-9). It
           describes how the agency’s technology plans and operations support, and are
           supported by, the statewide objectives contained within the 2005 state strategic
           plan.

           Part 3, Compliance with State Standards, describes the status of agency
           compliance with key technology-related statutes and rules.

           The IRSP includes a glossary of key terms to orient agencies completing the
           questions.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                5
INTRODUCTION




6              DEPARTMENT OF INFORMATION RESOURCES
Part 1:            Agency Environment

           Objectives 1 through 9 of this plan present key functions of the statewide infrastructure
           and collaboration layers of the Texas Model of the Enterprise. The most critical layer of the
           model—the agency layer—builds on this foundation of shared technology and business
           solutions.

           Agencies will achieve their core missions by aligning their specific technology solutions
           with their unique business functions. Additionally, by integrating shared technologies and
           best practices into their processes, agencies will be empowered to take advantage of a
           full spectrum of resources made available through the statewide infrastructure and
           collaboration layers of the Texas Model. In so doing, agencies will be positioned to serve
           their customers more quickly, efficiently, and at a lower cost.

                                                                       2005 SSP, Shared Success, p. 26.


           The alignment of technology with an agency’s mission, goals, objectives, and
           strategies ensures that information and communications technology efforts
           (projects, operations, and systems) are based on a full understanding of business
           objectives. This level of alignment between business and technology is known as
           ―enterprise architecture,‖ a comprehensive approach used to manage and
           coordinate an organization’s business processes and information systems so that
           they align with the organization’s core goals and strategic direction.

           The 2006 IRSP seeks to identify how agencies approach enterprise architecture
           from the perspective of the IRM. DIR will use information gathered to develop
           guidelines, policies, training, and support for improved alignment to achieve the
           following goals:

           •   Produce measurable cost savings for state agencies
           •   Promote service-delivery innovation and efficiency for state agencies
           •   Promote interoperability, collaboration, and reuse, both across agency
               divisions and statewide



     ALIGNING TECHNOLOGY WITH AGENCY MISSION, GOALS, AND OBJECTIVES
           Agencies should describe how information and communications technology is
           deployed in direct support of their agency mission, goals, and objectives, as
           described in their agency strategic plans (ASPs) for fiscal years 2007-2011 and/or
           through requests for funding through their legislative appropriations requests
           (LARs) for fiscal years 2008-2009, including Information Technology Detail (ITD)
           information.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                      7
PART I: AGENCY ENVIRONMENT




          DIR will use agency responses to understand how each agency uses technology
          to fulfill its mission, goals, and objectives and how it governs its enterprise strategy
          and impact. Such understanding will aid DIR in its efforts to promote enterprise
          architectures within Texas agencies in order to facilitate interoperability, reuse,
          and collaboration.

          1.1.1      Describe how technology is deployed in direct support of the agency
                     mission, goals, and objectives. Summarize the agency mission, goals, and
                     objectives, and address both strategic and tactical perspectives as
                     applicable. Enter answer in paragraph form.

                     [ ]


          1.1.2      Describe technology deployments that are NOT directly supporting agency
                     goals and objectives. Enter answer in paragraph form.

                     [ ]


          1.1.3      Has agency executive leadership from both business and technology
                     divisions/units identified a need for improving alignment
                     (communications and interaction) of business and technology? Choose
                     one.

                     ( ) Yes
                     ( ) No


          1.1.4      If an agency plan is in place for improving the alignment of business and
                     technology in terms of communications an interaction, how is it managed?
                     Choose one.

                     ( ) Business Divisions/Units (including executive leadership)
                     ( ) Technology Divisions/Units (including IRM and technology directors)
                     ( ) Collaborative Group or Committee (a combination of business and
                           technology)
                     ( ) Not Applicable



     INFORMATION AND COMMUNICATIONS TECHNOLOGY MANAGEMENT PRACTICES
          The state strategic plan supports the development of standards, rules, guidelines,
          and practices that contribute to effective enterprise management of information
          and communications technology. The 2006 IRSP will identify current collaboration,
          reuse, and interoperability practices, while providing a forum for agencies to
          identify opportunities for improvements in these areas.




8                                                       DEPARTMENT OF INFORMATION RESOURCES
                                                                     PART I: AGENCY ENVIRONMENT




           DIR will use agency responses to the following questions to scope and develop
           the approach to fulfilling SSP objectives and strategies that direct DIR to improve
           technology management, operations, and project delivery.


           INFORMATION RESOURCES MANAGER
           1.2.1      Does the IRM report directly to a person with a title functionally equivalent
                      to executive director or deputy executive director (president, chancellor,
                      or vice chancellor for institutions of higher education)? Choose one.

                      ( ) Yes (skip 1.2.1a)
                      ( ) No


           1.2.1a     Describe the level of the IRM in the agency’s organizational chart and the
                      title of the IRM’s supervisor. Enter answer in paragraph form.

                      [ ]


           1.2.2      Describe the IRM’s business role, including alignment of business and
                      technology and the development of the agency strategic plan (state
                      agencies only) and/or requests for funding through the legislative
                      appropriations request process (LAR). Enter answer in paragraph form.

                      [ ]


           1.2.3      Does the agency’s IRM also serve as IRM for one or more other agencies?
                      Choose one.

                      ( ) Yes
                      ( ) No (skip 1.2.3a)


           1.2.3a     List the additional agency or agencies (please use standard agency
                      acronyms). Enter answer in paragraph form.

                      [ ]



           PROJECT AND PORTFOLIO MANAGEMENT
           Project management includes the methods and disciplines used to define goals,
           plan and monitor tasks and resources, identify and resolve issues, and control
           costs and budgets for a specific project.

           Portfolio management is a business process in which organizations make
           investment decisions to determine and select the mix of active projects, along
           with the budget, staffing, and other resource allocations for each project.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                 9
PART I: AGENCY ENVIRONMENT




          1.2.4     What is the status of implementing a standard project management
                    methodology for technology projects in the agency? Choose one.
                    ( ) Implemented
                    ( ) Implementation in Progress
                    ( ) Planned or Planning in Progress
                    ( ) Not Implemented and Not Planned


          1.2.5     What is the status of implementing a standard portfolio management
                    methodology for technology projects in the agency? Choose one.

                    ( ) Implemented
                    ( ) Implementation in Progress
                    ( ) Planned or Planning in Progress
                    ( ) Not Implemented and Not Planned


          NOTE: If both of the above questions (1.2.4 and 1.2.5) are answered ―Not
          Implemented and Not Planned‖, the appropriate answer to questions 1.2.6
          through 1.2.11 would be ―Not applicable‖, and the appropriate answer to
          question 1.2.12 would be ―None‖.

          1.2.6     Are any Texas Project Delivery Framework tools used as part of the
                    agency’s project/portfolio management methodology? Choose one.

                    ( ) Yes
                    ( ) No
                    ( ) Partial
                    ( ) Not Applicable


          1.2.7     Does the project/portfolio management methodology define the sequence
                    of activities (the project life cycle) necessary to complete the project?
                    Choose one.

                    ( ) Yes
                    ( ) No
                    ( ) Not Applicable


          1.2.8     Does the project/portfolio management methodology monitor and control
                    key project activities? Choose one.

                    ( ) Yes
                    ( ) No
                    ( ) Not Applicable




10                                                     DEPARTMENT OF INFORMATION RESOURCES
                                                                   PART I: AGENCY ENVIRONMENT




           1.2.9      Does the project/portfolio management methodology document
                      successes and failures and determine how future projects will benefit from
                      these findings? Choose one.

                      ( ) Yes
                      ( ) No
                      ( ) Not Applicable


           1.2.10     Does the project/portfolio management methodology verify that project
                      risks are identified? Choose one.

                      ( ) Yes
                      ( ) No
                      ( ) Not Applicable


           1.2.11     Does the project/portfolio management methodology ensure that costs
                      and benefits for the project have been identified? Choose one.

                      ( ) Yes
                      ( ) No
                      ( ) Not Applicable


           1.2.12     List any automated tools being used for project/portfolio management
                      (Enter “None” if no automated tools are being used). Enter answer in
                      paragraph form.

                      [ ]


           1.2.13     Describe project-level and portfolio-level governance practices, including
                      change management and issue resolution. Enter answer in paragraph
                      form.

                      [ ]



           SOFTWARE DEVELOPMENT LIFE CYCLE METHODOLOGIES
           1.2.14     What is the status of implementing a standard software development life
                      cycle (SDLC) in the agency? Choose one.

                      ( ) Implemented
                      ( ) Implementation in Progress
                      ( ) Planned or Planning in Progress
                      ( ) Not Implemented and Not Planned




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                            11
PART I: AGENCY ENVIRONMENT




          1.2.15    Describe current SDLC practices and status. Enter answer in paragraph
                    form.

                    [ ]


          1.2.16    If the agency has implemented an SDLC methodology, does it incorporate
                    the Texas Project Delivery Framework SDLC deliverable templates and
                    guidelines? Choose one.

                    ( ) Yes
                    ( ) No
                    ( ) Partial
                    ( ) Not Applicable



          PERFORMANCE MANAGEMENT
          1.2.17    What is the status of implementing a standard product and/or service
                    performance management process for use by all technology projects in
                    the agency? Choose one.

                    ( ) Implemented
                    ( ) Implementation in Progress
                    ( ) Planned or Planning in Progress
                    ( ) Not Implemented and Not Planned


          1.2.18    Describe any performance management products and/or services the
                    agency has implemented, or is planning. Specify any “best practices”
                    elements, including tools used or developed. Enter answer in paragraph
                    form.

                    [ ]



          REQUIREMENTS/CHANGE/CONFIGURATION MANAGEMENT
          DIR will use agency responses to the following questions to scope and develop
          the state’s approach to enterprise architecture standards, including requirements
          management, change management, and configuration management, which
          have been demonstrated to improve the alignment of business and technology.
          See the Glossary for a more detailed description.

          1.2.19    What is the status of implementing a standard requirements management
                    process for the agency? Choose one.

                    ( ) Implemented
                    ( ) Implementation in Progress
                    ( ) Planned or Planning in Progress




12                                                   DEPARTMENT OF INFORMATION RESOURCES
                                                                      PART I: AGENCY ENVIRONMENT




                      ( ) Not Implemented and Not Planned


           1.2.20     What is the status of implementing a standard project change control/
                      change management structure and process for the agency? Choose one.

                      ( ) Implemented
                      ( ) Implementation in Progress
                      ( ) Planned or Planning in Progress
                      ( ) Not Implemented and Not Planned


           1.2.21     What is the status of implementing a standard configuration management
                      process for the agency? Choose one.

                      ( ) Implemented
                      ( ) Implementation in Progress
                      ( ) Planned or Planning in Progress
                      ( ) Not Implemented and Not Planned


           1.2.22     Describe current requirements management, change control/management
                      and configuration management practices and status, along with future
                      plans in these areas. List any automated tools used. Enter answer in
                      paragraph form.

                      [ ]



           TELECOMMUTING
           1.2.23     Does the agency have a policy regarding telecommuting or AWA
                      (alternative workplace arrangements) that allows employees to work one
                      or more days per week at home or at alternate locations? Choose one.

                      ( ) Yes
                      ( ) No (skip 1.2.23a)


           1.2.23a    Describe the agency’s telecommuting and/or AWA policy. Enter answer in
                      paragraph form.

                      [ ]


           1.2.24     Does the agency incorporate telecommuting or alternative workplace
                      arrangements in its disaster recovery and/or business continuity plans,
                      related to potential scenarios which could limit the use of central facilities?
                      Choose one.

                      ( ) Yes
                      ( ) No (skip 1.2.24a)




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                13
PART I: AGENCY ENVIRONMENT




          1.2.24a    Describe how the agency addresses telecommuting and AWA in its
                     disaster recovery and/or business continuity plans. Enter answer in
                     paragraph form.

                     [ ]



          INTRANET
          1.2.25     List all applications and/or applets that are hosted on an agency intranet,
                     which may be useful to other agencies through reuse. Enter answer in
                     paragraph form.

                     [ ]



     ENTERPRISE ARCHITECTURE AND GOVERNANCE PRACTICES
          DIR will use agency responses to the following questions to scope and develop
          the approach to fulfilling state strategic plan objectives and strategies that direct
          DIR to promote enterprise architectures in state agencies; this includes business,
          technical, and information architectures, focusing on alignment. See the Glossary
          for detailed definitions of business, technical, and information architectures.
          Additional information on DIR’s Enterprise Architecture program is available at
          www.dir.state.tx.us/ea/.

          1.3.1      Describe the agency’s practice of Enterprise Governance. Indicate whether
                     strategic direction, impact analysis, and issue resolution for technology
                     and business divisions/units are addressed collaboratively. Enter answer
                     in paragraph form.

                     [ ]


          1.3.2      Describe the agency’s practice of technical architecture modeling,
                     including development, testing and production environments, hardware,
                     software, database management systems (DBMSs), infrastructure, and
                     other technology assets. Indicate if technical architecture modeling is
                     managed or coordinated at an enterprise level (across business and
                     technology divisions/units). Enter answer in paragraph form.

                     [ ]


          1.3.3      Describe the agency’s practice of Business Architecture modeling,
                     including business divisions/organizational structure, business processes
                     and requirements, and business re-engineering efforts. Indicate if
                     business modeling is performed at the enterprise level (across business
                     divisions/units). Enter answer in paragraph form.




14                                                     DEPARTMENT OF INFORMATION RESOURCES
                                                                    PART I: AGENCY ENVIRONMENT




                      [ ]


           1.3.4      Describe the agency’s practice of information architecture modeling,
                      including data models, taxonomies, and databases. Indicate if data
                      modeling is managed or coordinated at an enterprise level (across
                      systems, applications, and/or business divisions/units). Enter answer in
                      paragraph form.

                      [ ]


           1.3.5      For all new applications being created at the agency, what technology
                      platforms are being used (include hardware, software, programming
                      languages, DBMSs, tools, and commercial off-the-shelf (COTS) products)?
                      Enter answer in paragraph form.

                      [ ]



     AGENCY DATABASE AND APPLICATION PORTFOLIO
           Agency responses to questions in this section will help the state facilitate agency
           collaboration and reuse by making information about data and applications
           centrally available, part of the enterprise architecture effort underway at DIR. In
           addition, this information will facilitate business-asset and technical-asset reuse, as
           well as statewide efforts to identify key taxonomy elements. Finally, DIR and other
           oversight agencies will use database information to support the Statewide
           Technology Management and Reporting Initiative (see the report, Statewide
           Technology Management: Opportunities for Improvement, available on the DIR
           Web site, for more details), which will evaluate methods to eliminate
           redundancies in reporting, eliminate taxonomy conflicts, and establish
           opportunities for virtual data warehouse capabilities across state agencies.

           Agencies prioritized to participate in the data center consolidation project and
           institutions of higher education required to answer database portfolio questions
           (1.4.1 through 1.4.8) are exempt from answering application portfolio questions
           (1.4.10 through 1.4.16). This is because the application inventories that were
           reported by these agencies included a level of detail that is comparable to these
           questions. However, while the application inventories included related database
           information, they did not include the same level of detail as did the IRSP
           database questions. Therefore, all agencies are required to respond to database
           portfolio questions.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                               15
PART I: AGENCY ENVIRONMENT




          DATABASES
          DIR will use agency responses to the following questions to identify and evaluate
          requirements and opportunities to streamline reporting, including redundant
          reporting, eliminate taxonomy conflicts, and establish opportunities for shared
          virtual data warehouse capabilities. All agencies must complete questions 1.4.1
          through 1.4.8 for EACH existing database that holds ―of record‖ information. ―Of
          record‖ information includes any data or information that is official, may be
          reported to oversight agencies, or is required to meet the mission, goals, and
          objectives of the agency. Databases that hold copies or replications of data
          used for analysis or reporting do NOT need to be listed.

          Institutions of higher education may limit reporting to those databases typically
          managed by the institution’s chief information officer, IRM, or equivalent position.

          1.4.1     DATABASE NAME. List primary database name and acronym, if used. Enter
                    text answer.

                    [ ]


          1.4.2     DBMS AND VERSION. Identify the database management system and
                    version (e.g., Oracle, SQL Server, Sybase, Access, Excel Spreadsheet, etc.).
                    Enter text answer.

                    [ ]


          1.4.3     PURPOSE. Brief description of the purpose of the database. Enter answer in
                    paragraph form.

                    [ ]


          1.4.4     DATA MODELS, DATA DICTIONARIES, AND TAXONOMIES. Indicate if an up-
                    to-date data model exists for this database, and if an up-to-date data
                    dictionary or taxonomy exists for this database. Enter text answer.

                    [ ]


          1.4.5     ASSOCIATED APPLICATIONS. List all applications that are associated with
                    this database. Enter answer in paragraph form.

                    [ ]


          1.4.6     ANALYSIS AND REPORTING TOOLS/VERSIONS. List all analysis and/or
                    reporting tool(s) being used with this data. Include version information.
                    Enter answer in paragraph form.

                    [ ]




16                                                    DEPARTMENT OF INFORMATION RESOURCES
                                                                      PART I: AGENCY ENVIRONMENT




           1.4.7      DATA SHARING AND DATA EXCHANGE. Describe any current data
                      sharing/data exchange practices. Enter answer in paragraph form.

                      [ ]


           1.4.8      AGE OF DATABASE. Describe the age of the database and indicate if
                      sunset, rewrite, or replacement projects are planned or underway. Enter
                      text answer.

                      [ ]



           APPLICATIONS
           After answering question 1.4.9, institutions of higher education and the 27
           agencies prioritized to participate in the data center consolidation project may
           skip the questions in this section because DIR has already collected this data
           through other processes. All other agencies must complete questions 1.4.10
           through 1.4.16 for EACH existing application of the types listed in question 1.4.11.

           DIR will use agency responses to the following questions to identify and evaluate
           collaboration, reuse, and interoperability standards, and to facilitate
           development of statewide business-asset and technical-asset reuse inventories
           and repositories. They will also be used to identify opportunities for collaboration
           across agencies. However, responses to this section will not establish a
           comprehensive statewide applications inventory. Based on analysis of the data
           received, DIR will evaluate the need to request complete application inventories
           in the future.

           1.4.9      Is the agency one of the 27 agencies prioritized to participate in the data
                      center consolidation or an institution of higher education? Choose one.

                      ( ) Yes (skip 1.4.10 - 1.4.16)
                      ( ) No


           1.4.10     APPLICATION NAME AND ACRONYM. Primary application name and
                      acronym, if used. Enter text answer.

                      [ ]


           1.4.11     APPLICATION TYPE. Choose all that apply.

                      ( ) Data Warehousing/Business Intelligence
                      ( ) Citizen-Facing Core Business Application
                      ( ) Internal-Facing Core Business Application
                      ( ) ERP/Human Resources
                      ( ) ERP/Financial
                      ( ) Help Desk




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                              17
PART I: AGENCY ENVIRONMENT




                    ( ) CRM


          1.4.12    PURPOSE. Brief description of the purpose of the application; specify
                    business outcomes supported by this application. Enter answer in
                    paragraph form.

                    [ ]


          1.4.13    PLATFORM. Brief but clear descriptions of application platform, including
                    hardware, OS, and COTS version information, as applicable. Enter answer
                    in paragraph form.

                    [ ]


          1.4.14    PROGRAMMING LANGUAGE(S). Primary and secondary programming
                    languages. Enter answer in paragraph form.

                    [ ]


          1.4.15    AGE OF SYSTEM. Age of the system, and indicate if sunset, rewrite, or
                    replacement projects are planned or underway. Enter answer in paragraph
                    form.

                    [ ]


          1.4.16    INTEROPERABILITY DESCRIPTION/CONSTRAINTS. Brief description of
                    interoperability requirements or constraints involving other applications or
                    major databases within the agency or with external entities. Enter answer
                    in paragraph form.

                    [ ]




18                                                    DEPARTMENT OF INFORMATION RESOURCES
Part 2: Support of 2005 SSP Goals and
Objectives


     OBJECTIVE 1. REDUCE COST, ELIMINATE DUPLICATION, AND IMPROVE
     PERFORMANCE OF DATA CENTER SERVICES

           Agencies have been given critical missions to fulfill in addition to new responsibilities
           resulting from House Bill 1516 (HB1516). Through collaboration and strong project planning,
           all of these missions and responsibilities will be met. The result will be new infrastructure and
           collaboration practices that will allow agencies to spend more of their time fulfilling their
           core missions.

                                                                           2005 SSP, Shared Success, p. 5


           The 79th Texas Legislature enacted a series of technology bills that support the
           continued implementation of a shared technology infrastructure. Part of this
           legislation directed DIR to accelerate consolidation of the state’s data center
           and disaster recovery services. Part 2 of the IRSP reflects new legislation and the
           vision of greater cost efficiencies, improved services, and a shared technology
           infrastructure that is flexible, innovative, and supports agencies in meeting their
           missions.

           Since institutions of higher education and the 27 agencies prioritized to
           participate in the data center consolidation project have already submitted
           pertinent data through other processes, they may skip questions 2.1.2 through
           2.1.8 after answering 2.1.1, but must still answer questions 2.1.9 and 2.1.10.

           DIR will use agency responses to the following questions to support its evaluation
           of data center operations and service level requirements. Responses will also help
           provide the basis for developing statewide standards for service level agreements
           and for evaluating the status of data center and critical server programs.


           SERVICE LEVEL AGREEMENTS/REQUIREMENTS
           2.1.1       Is the agency one of the 27 agencies prioritized to participate in the data
                       center consolidation or an institution of higher education? Choose one.

                       ( ) Yes (skip 2.1.2 through 2.1.8)
                       ( ) No


           2.1.2       Does the agency have a data center (see Glossary)? Choose one.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                         19
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




                    ( ) Yes
                    ( ) No


          2.1.3     Does the agency have documented service level agreements (SLAs) or
                    service level requirements for data center services and/or server functions
                    (including system availability measures for the agency’s main application
                    to support critical agency functions)? Choose one.

                    ( ) Yes
                    ( ) No (skip 2.1.4 through 2.1.8)


          2.1.4     Does the agency have documented service level agreements or
                    requirements for systems availability? Choose one.

                    ( ) Yes
                    ( ) No (skip 2.1.4a)


          2.1.4a    Describe the documented service level agreements or requirements for
                    systems availability. Enter answer in paragraph form.

                    [ ]


          2.1.5     Does the agency have documented service level agreements or
                    requirements for problem resolution? Choose one.

                    ( ) Yes
                    ( ) No (skip 2.1.5a)


          2.1.5a    Describe the documented service level agreements or requirements for
                    problem resolution. Enter answer in paragraph form.

                    [ ]


          2.1.6     Does the agency have documented service level agreements or
                    requirements for incident response time? Choose one.

                    ( ) Yes
                    ( ) No (skip 2.1.6a)


          2.1.6a    Describe the documented service level agreements or requirements for
                    incident response time. Enter answer in paragraph form.

                    [ ]


          2.1.7     Does the agency have documented service level agreements or
                    requirements for customer satisfaction? Choose one.

                    ( ) Yes




20                                                      DEPARTMENT OF INFORMATION RESOURCES
                                               PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




                        ( ) No (skip 2.1.7a)


           2.1.7a       Describe the documented service level agreements or requirements for
                        customer satisfaction. Enter answer in paragraph form.

                        [ ]


           2.1.8        If the agency does NOT have documented service level agreements or
                        requirements for data center or server functions, how does the agency
                        address availability and efficiency of operations in these areas? Enter
                        answer in paragraph form.

                        [ ]



           DISASTER RECOVERY
           2.1.9        Does the agency maintain a written disaster recovery plan for information
                        resources? Choose one.

                        ( ) Yes
                        ( ) No


           2.1.10       If the agency maintains a written disaster recovery plan, describe its scope
                        and status. OR, if the agency does NOT maintain a written disaster
                        recovery plan, describe the strategy and timeline for developing and
                        implementing one. Enter answer in paragraph form.

                        [ ]



     OBJECTIVE 2. SAFEGUARD INFORMATION AND COMMUNICATIONS
     TECHNOLOGY ASSETS
           In a large and decentralized state government environment, it is challenging to
           respond in a coordinated fashion to security threats. To adequately secure state
           assets, the state must establish processes and infrastructure through which all
           government entities can coordinate the use of limited resources to effectively
           respond to security threats.

           DIR will use responses to questions in this section to help identify steps that will help
           ensure that agency information resources are safe from destruction, unauthorized
           access, or loss. Such steps will include those needed to define and measure
           performance levels and optimize both employee and agency cyber security best
           practices.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                21
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




          SECURITY RESPONSIBILITIES
          2.2.1     Does the information security officer (ISO) have additional job
                    titles/responsibilities (e.g., IRM, technology director)? Choose one.

                    ( ) Yes
                    ( ) No (skip 2.2.1a)


          2.2.1a    What are the additional job titles/responsibilities? Enter answer in
                    paragraph form.

                    [ ]


          2.2.2     To whom does the ISO report in the agency? Choose one.

                    ( ) Information Resources Manager (IRM)
                    ( ) Executive Director (or equivalent)
                    ( ) Technology Division Director
                    ( ) Other (specify) [ ]


          2.2.3     Who in the agency is primarily responsible for setting security policy?
                    Choose one.

                    ( ) Information Security Officer (ISO)
                    ( ) Information Resources Manager (IRM)
                    ( ) Executive Director (or equivalent)
                    ( ) Technology Division Director
                    ( ) Other (specify) [ ]


          2.2.4     Who in the agency is primarily responsible for reviewing/approving
                    projects for security features? Choose one.

                    ( ) Information Security Officer (ISO)
                    ( ) Information Resources Manager (IRM)
                    ( ) Executive Director (or equivalent)
                    ( ) Technology Division Director
                    ( ) Other (specify) [ ]


          2.2.5     Who in the agency is primarily responsible for analyzing agency security
                    risks? Choose one.

                    ( ) Information Security Officer (ISO)
                    ( ) Information Resources Manager (IRM)
                    ( ) Executive Director (or equivalent)
                    ( ) Technology Division Director
                    ( ) Other (specify) [ ]




22                                                     DEPARTMENT OF INFORMATION RESOURCES
                                                PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




           2.2.6      Who in the agency is primarily responsible for determining budget
                      requirements to address security risks? Choose one.

                      ( ) Information Security Officer (ISO)
                      ( ) Information Resources Manager (IRM)
                      ( ) Executive Director (or equivalent)
                      ( ) Technology Division Director
                      ( ) Other (specify) [ ]


           2.2.7      Who in the agency is primarily responsible for identifying cyber security
                      violations? Choose one.

                      ( ) Information Security Officer (ISO)
                      ( ) Information Resources Manager (IRM)
                      ( ) Executive Director (or equivalent)
                      ( ) Technology Division Director
                      ( ) Other (specify) [ ]



           SECURITY FUNDING
           2.2.8      Is security funding set by analyzing risks and determining the appropriate
                      investment needed to address the risks? Choose one.

                      ( ) Yes
                      ( ) No


           2.2.9      Does the agency budget include security-specific funding levels as a
                      percentage of either the overall agency budget or the technology budget?
                      Choose one.

                      ( ) Yes
                      ( ) No


           2.2.10     Does the agency budget include line item(s) for security training and/or
                      education? Choose one.

                      ( ) Yes
                      ( ) No


           2.2.11     Does the agency fund some security functions and/or initiatives for which
                      there are no security-specific cost categories or line items in the agency
                      budget? Choose one.

                      ( ) Yes
                      ( ) No




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                23
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




          2.2.12    Describe the process the agency utilizes to determine security funding
                    requirements. Include the level of funding and/or the percentage of
                    security funding compared to overall budget (for FY 2008-09) if this
                    information is available. Enter answer in paragraph form.

                    [ ]



          SECURITY CAPABILITIES
          2.2.13    What is the status of the agency’s capabilities in the area of automated
                    security tools, including patch management, risk assessment, and incident
                    reporting? Choose one.

                    ( ) Currently in place
                    ( ) Planned within the next 1 to 3 years
                    ( ) Not planned, but will be considered
                    ( ) Not feasible for agency


          2.2.14    What is the status of the agency’s capabilities in the area of computer
                    incident response mechanisms and related training? Choose one.

                    ( ) Currently in place
                    ( ) Planned within the next 1 to 3 years
                    ( ) Not planned, but will be considered
                    ( ) Not feasible for agency


          2.2.15    What is the status of the agency’s capabilities in the area of cyber
                    vulnerability detection and remediation methods? Choose one.

                    ( ) Currently in place
                    ( ) Planned within the next 1 to 3 years
                    ( ) Not planned, but will be considered
                    ( ) Not feasible for agency


          2.2.16    Are security staffing levels sufficient to meet statutory requirements and
                    agency needs? Choose one.

                    ( ) Yes
                    ( ) No


          2.2.17    What is the status of the agency’s capabilities in the area of security
                    training and awareness programs for all levels of the organization (users,
                    management, technology professionals, and security professionals)?
                    Choose one.

                    ( ) Currently in place
                    ( ) Planned within the next 1 to 3 years




24                                                     DEPARTMENT OF INFORMATION RESOURCES
                                               PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




                      ( ) Not planned, but will be considered
                      ( ) Not feasible for agency


           2.2.18     Provide a general description of the agency’s overall security capabilities,
                      and describe any plans for expanding or improving these capabilities over
                      the next five fiscal years. Enter answer in paragraph form.

                      [ ]



           SECURITY ASSISTANCE SURVEY
           DIR is currently engaged in several projects and services designed to assist
           agencies in the area of technology security. Responses to the following questions
           will help identify and evaluate opportunities to achieve maximum agency and
           statewide benefit.

           2.2.19     Rank the following security services and functions based on which would
                      provide the greatest benefit to the agency. Click the greatest benefit item
                      first, etc. (1 = greatest benefit, 7 = least benefit). Rank the following from
                      1 to 7.

                      [ ] Periodic external IT security assessments to help identify information
                            resource strengths and weaknesses
                      [ ] State Cyber Security Response System that rapidly identifies, contains,
                            and recovers from any attack or attempt to disrupt critical information
                            and communications technology infrastructure
                      [ ] Identification, development, and maintenance of best practice rules,
                            standards, and guidelines to help reduce agency workload while
                            providing more timely, complete, and accurate data for internal and
                            external monitoring and management
                      [ ] Shared network security services and solutions provided by a network
                            security and operations center (NSOC)
                      [ ] Improved cyber security information sharing and enhanced security
                            communication and collaboration throughout the state by leveraging
                            new technologies
                      [ ] Development of comprehensive cyber security training program
                            requirements to ensure IT security professionals, agency leadership,
                            and network users at all levels are able to perform cyber security
                            responsibilities
                      [ ] Cyber security integration into state homeland security exercises and
                            promotion of tailored exercises to help reduce network vulnerabilities
                            and minimize the severity of cyber attacks




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                 25
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




          2.2.20    Provide additional detail if needed, and describe how DIR could help
                    improve the security capabilities of the agency. Enter answer in paragraph
                    form.

                    [ ]



     OBJECTIVE 3. LEVERAGE SHARED NETWORK OPERATIONS AND RESOURCES
          Providing a shared communications network that reduces statewide costs and
          delivers exceptional performance is essential for Texas government to continue to
          serve state employees and customers. A shared communications network allows
          agency-level infrastructure and resources that overlap the needs of other
          agencies to be integrated, expanded, or adapted to benefit the entire state.


          VOICE NETWORK UPGRADES
          2.3.1     What is the agency’s Voice Network Infrastructure upgrade status? Choose
                    one.

                    ( ) Upgraded within the past year (skip 2.3.2)
                    ( ) Plan to upgrade within one year
                    ( ) Plan to upgrade within three years
                    ( ) Plan to upgrade within five years
                    ( ) No plans to upgrade at this time (skip 2.3.2)


          2.3.2     In the agency’s Voice Network Infrastructure upgrade plan, has the agency
                    considered (or will it consider) a shared service arrangement through DIR
                    to support agency efforts in this area? Choose one.

                    ( ) Yes
                    ( ) No



          DATA NETWORK UPGRADES
          2.3.3     What is the agency’s Data Network Infrastructure upgrade status? Choose
                    one.

                    ( ) Upgraded within the past year (skip 2.3.4)
                    ( ) Plan to upgrade within one year
                    ( ) Plan to upgrade within two years
                    ( ) Plan to upgrade within three years
                    ( ) No plans to upgrade at this time (skip 2.3.4)




26                                                    DEPARTMENT OF INFORMATION RESOURCES
                                             PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




           2.3.4      In the agency’s Data Network Infrastructure upgrade plan, has the agency
                      considered (or will it consider) a shared service arrangement through DIR
                      to support agency efforts in this area? Choose one.

                      ( ) Yes
                      ( ) No



           VOICE OVER INTERNET PROTOCOL (VOIP)
           2.3.5      What is status of any Voice over Internet Protocol (VoIP) initiative in the
                      agency? Choose one.

                      ( ) No plans to adopt VoIP (skip 2.3.6)
                      ( ) Evaluating VoIP
                      ( ) Planning a VoIP implementation
                      ( ) Have an active VoIP pilot project
                      ( ) Have an operational VoIP installation


           2.3.6      Has the agency considered, or will it consider, a shared service
                      arrangement through DIR to support agency VoIP efforts? Choose one.

                      ( ) Yes
                      ( ) No



           INTERACTIVE VOICE RESPONSE
           2.3.7      What are the agency’s plans for Interactive Voice Response (IVR)? Choose
                      one.

                      ( ) No plans to adopt IVR (skip 2.3.8)
                      ( ) Evaluating IVR
                      ( ) Planning an IVR implementation
                      ( ) Have an operational IVR system


           2.3.8      Has the agency considered, or will it consider, a shared service
                      arrangement through DIR to support agency IVR efforts? Choose one.

                      ( ) Yes
                      ( ) No



           CALL CENTERS
           2.3.9      What is the status of any telephone call center in the agency? Choose one.

                      ( ) No plans to implement a call center (skip 2.3.10)
                      ( ) Evaluating call center operations and technologies
                      ( ) Planning a call center implementation




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                  27
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




                    ( ) Have an operational call center


          2.3.10    Has the agency considered, or will it consider, a shared service
                    arrangement through DIR to support agency call center efforts? Choose
                    one.

                    ( ) Yes
                    ( ) No



          VIDEO CONFERENCING
          2.3.11    What is the status of any video conferencing system in the agency? Choose
                    one.

                    ( ) No plans to implement video conferencing (skip 2.3.12)
                    ( ) Evaluating video conferencing systems and technologies
                    ( ) Planning a video conferencing implementation
                    ( ) Have an operational agency video conferencing system
                    ( ) Utilize a shared video conferencing system among a number of
                       institutions of higher education (skip 2.3.12)


          2.3.12    Has the agency considered, or will it consider, a shared service
                    arrangement through DIR to support agency video conferencing efforts?
                    Choose one.

                    ( ) Yes
                    ( ) No



          WIRELESS DATA SERVICES AND INFRASTRUCTURE
          2.3.13    What is the status of any wireless data service initiative in the agency?
                    Choose one.

                    ( ) No plans to adopt wireless data services (skip 2.3.14)
                    ( ) Evaluating wireless data services and infrastructure
                    ( ) Planning a wireless data service implementation
                    ( ) Have an active wireless data service pilot project
                    ( ) Have an operational wireless data service


          2.3.14    Has the agency considered, or will it consider, a shared service
                    arrangement through DIR to support agency wireless data service efforts?
                    Choose one.

                    ( ) Yes
                    ( ) No




28                                                     DEPARTMENT OF INFORMATION RESOURCES
                                             PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




           TEX-AN CONTRACTS
           2.3.15     Does the agency use TEX-AN contracts for purchasing
                      telecommunications services? Choose one.

                      ( ) Always (skip 2.3.16)
                      ( ) Sometimes
                      ( ) Never


           2.3.16     What is the agency’s rationale for purchasing these services through other
                      sources? Enter answer in paragraph form.

                      [ ]



           SHARED NETWORK OPERATIONS SURVEY
           DIR is involved in several projects and services to assist agencies in the area of
           shared network operations. Responses to the following questions will help identify
           and evaluate opportunities to achieve maximum agency and statewide benefit.

           2.3.17     Rank the following network operations/services based on which would
                      provide the greatest benefit to the agency and whether or not the agency
                      provides or plans to provide these operations or services. Click the
                      greatest benefit item first, etc. (1 = greatest benefit, 7 = least benefit).
                      Rank the following from 1 to 7.

                      [ ] Upgrades to voice network
                      [ ] Upgrades to data network
                      [ ] Voice over Internet Protocol (VoIP)
                      [ ] Interactive Voice Response (IVR)
                      [ ] Call centers
                      [ ] Video conferencing
                      [ ] Wireless data services and infrastructure


           2.3.18     Please provide additional detail if needed, and describe how DIR could
                      help improve the network capabilities of the agency. Enter answer in
                      paragraph form.

                      [ ]



     OBJECTIVE 4. SOLVE COMMON BUSINESS PROBLEMS THROUGH SHARED
     APPLICATIONS
           Some agency processes overlap and even replicate processes of other
           agencies. Without coordination, agencies develop duplicative and occasionally
           conflicting solutions.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                   29
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




          The state strategic plan calls for state agencies to partner with DIR and other
          agencies where common business problems can be solved through shared
          opportunities. The following questions address shared application solutions
          available to agencies.


          RECEIVING PAYMENTS OVER THE INTERNET
          2.4.1     Does the agency currently take, or would it be interested in taking
                    payments for services over the Internet (see “Payment Services” in
                    Glossary)? Choose one.

                    ( ) Agency currently offers this service
                    ( ) Agency is interested in offering this service
                    ( ) Agency has no need or interest in this service (skip 2.4.2 and 2.4.3)


          2.4.2     What payment services vendor does the agency use? What is the agency
                    plan for receiving payments, including any provisions for security and
                    performance measures? Enter answer in paragraph form.

                    [ ]


          2.4.3     Describe any barriers or limitations that could inhibit the taking of
                    payments for agency services over the Internet. Enter answer in paragraph
                    form.

                    [ ]



          COLLECTING FEES OR FINES OVER THE INTERNET
          2.4.4     Does the agency currently collect, or would it be interested in collecting
                    fees or fines over the Internet (see "Collection of Fees/Fines" in Glossary)?
                    Choose one.

                    ( ) Agency currently provides this service
                    ( ) Agency is interested in providing this service
                    ( ) Agency has no need or interest in this service



          FORMS OVER THE INTERNET
          2.4.5     Does the agency currently offer or accept online applications or forms that
                    can be filled in and transferred to the agency over the Internet? Choose
                    one.

                    ( ) Yes
                    ( ) No (skip 2.4.6 and 2.4.7)




30                                                     DEPARTMENT OF INFORMATION RESOURCES
                                                PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




           2.4.6      Describe the agency’s policies for offering or accepting applications or
                      forms over the Internet, including any provisions for security and
                      performance measures. Enter answer in paragraph form.

                      [ ]


           2.4.7      Does the agency require a mailed copy of the application or form with a
                      signature? Choose one.

                      ( ) Yes
                      ( ) No



           TAKING APPLICATIONS THROUGH INTERACTIVE VOICE RECOGNITION (IVR)
           2.4.8      Does the agency currently take, or would it be interested in taking,
                      applications through IVR via the telephone? Choose one.

                      ( ) Agency currently offers this service
                      ( ) Agency is interested in offering this service
                      ( ) Agency has no need or interest in this service



           E-MAIL ENVIRONMENT
           2.4.9      What is the approximate number of e-mail mailboxes currently in use
                      within the agency? Choose one.

                      ( ) 0 - 100
                      ( ) 101 - 500
                      ( ) 501 - 1,000
                      ( ) 1,001 - 2,500
                      ( ) 2,501 - 5,000
                      ( ) 5,001 +


           2.4.10     What e-mail rich client type is used on the majority of desktops within the
                      agency? Choose one.

                      ( ) Microsoft Outlook
                      ( ) IBM Lotus Notes
                      ( ) Novell GroupWise
                      ( ) Other (specify) [ ]




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                               31
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




          2.4.11    What is the status of the agency’s participation in DIR’s voluntary,
                    Enterprise Messaging Services contract (see
                    www.dir.state.tx.us/messaging for details)? Choose one.

                    ( ) Currently in place
                    ( ) Planned within the next 1–3 years
                    ( ) Not planned, but will be considered
                    ( ) Not feasible for agency


          2.4.12    Is the agency planning an upgrade of its current e-mail/messaging system
                    in FY2008-09 (maintenance renewal, upgrade, or replacement of an
                    existing messaging system) at a cost of $50,000 or more? Choose one.

                    ( ) Yes
                    ( ) No



          E-MAIL COSTS (OPTIONAL)
          Total Cost of Ownership (TCO) is a method for identifying all of the one-time and
          ongoing costs associated with the evaluation, acquisition, implementation,
          maintenance, operation/ usage, and management of an e-mail system.
          Agencies that have volunteered to participate in DIR’s Enterprise Messaging
          Services contract may have TCO calculations that could be used to respond to
          questions 2.4.13 and 2.4.14. However, DIR has determined that it is not necessary
          for all agencies and institutions of higher education to calculate these costs.
          Agencies interested in DIR support for conducting a TCO analysis or analyzing
          feasibility for participating in DIR’s Enterprise Messaging Services contract should
          visit www.dir.state.tx.us/messaging/ for information. Agencies may also submit
          questions on messaging to messaging@dir.state.tx.us.

          2.4.13    What is the agency’s estimated Total Cost of Ownership for messaging (e-
                    mail) services, expressed in dollars per mailbox per month? Enter text
                    answer.

                    [ ]


          2.4.14    Describe the agency’s costs for messaging (e-mail), how they were
                    calculated, and any comparative analysis completed by the agency. Enter
                    answer in paragraph form.

                    [ ]



          EVENT REGISTRATION
          2.4.15    Does the agency currently offer, or is it interested in offering, event
                    registration over the Internet? Choose one.




32                                                     DEPARTMENT OF INFORMATION RESOURCES
                                             PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




                      ( ) Agency currently offers this service
                      ( ) Agency is interested in offering this service
                      ( ) Agency has no need or interest in this service (skip 2.4.16)


           2.4.16     Describe the types of events for which the agency offers, or is interested
                      in offering registration over the Internet. Enter answer in paragraph form.

                      [ ]



           GRANTS SYSTEMS
           2.4.17     Does the agency currently manage, authorize, and/or issue grant monies
                      over the Internet to other governmental entities, public service
                      organizations, or citizens? Choose one.

                      ( ) Yes
                      ( ) No



           SHARED SERVICES SURVEY
           DIR is involved in several projects and services to assist agencies in the area of
           shared services. Responses to the following questions will help identify and
           evaluate opportunities to achieve maximum agency and statewide benefit.

           2.4.18     Rank the following shared services based on which would provide the
                      greatest benefit to the agency and whether or not the agency provides or
                      plans to provide these services. Click the greatest benefit item first, etc. (1
                      = greatest benefit, 6 = least benefit). Rank the following from 1 to 6.

                      [ ] Receiving payments over the Internet
                      [ ] Collecting fees or fines over the Internet
                      [ ] Offering or accepting forms over the Internet
                      [ ] Providing e-mail/messaging and collaboration services
                      [ ] Offering event registrations
                      [ ] Managing, authorizing, and/or issuing grant monies


           2.4.19     Please provide additional detail if needed, and describe how DIR could
                      help improve the shared services capabilities of the agency. Enter answer
                      in paragraph form.

                      [ ]




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                33
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




     OBJECTIVE 5. MAXIMIZE BUYING POWER ON COMMODITY TECHNOLOGIES AND
     SERVICES
          The DIR Cooperative Contracts Program enables government entities to pool
          their purchasing power to drive down technology product and service costs. The
          program provides an effective procurement channel to thousands of public
          sector entities across Texas. However, it has yet to reach its full potential.


          DIR COOPERATIVE CONTRACTS PROGRAM
          2.5.1      How does the agency benefit from the Cooperative Contracts Program?
                     Choose all that apply.

                     ( ) Enhanced contract terms and conditions
                     ( ) Reduced staff time and time to receive goods and services
                     ( ) Actual monetary savings
                     ( ) Higher level of negotiating expertise
                     ( ) Agency could get better pricing through other means
                     ( ) Agency does not find the Cooperative Contracts Program beneficial
                     ( ) Other [ ]


          2.5.2      Describe the agency’s experience with the Cooperative Contracts Program.
                     Enter answer in paragraph form.

                     [ ]


          2.5.3      What future improvements (2-5 years) to the Cooperative Contracts
                     Program would benefit the agency and the state? Include areas where DIR
                     could provide additional services/support to improve the program. Enter
                     answer in paragraph form.

                     [ ]



          BEST PRACTICES FOR ACQUISITION OF GOODS AND SERVICES
          2.5.4      Describe any strategies used by the agency for acquiring technology
                     and/or non-technology goods and services that could provide a best
                     practices model for the state’s information and communications
                     technology procurement processes and practices, such as reverse auctions
                     and external contracting. Enter answer in paragraph form.

                     [ ]




34                                                      DEPARTMENT OF INFORMATION RESOURCES
                                               PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




     OBJECTIVE 6. ENSURE MAXIMUM RESULTS FROM STATE PROJECTS
           Successful project delivery requires alignment of business and technology goals
           among stakeholders under the direction of agency executives. The Texas Project
           Delivery Framework (Framework) provides strategies and tools for tying
           technology projects to clearly defined business needs and outcomes, a clear
           scope, and solid cost-benefit estimates. The Framework will be refined over time
           to incorporate new and successful tools, techniques, and processes.

           DIR will use agency responses to the following questions to scope and prioritize
           improvement opportunities for project delivery in the state.


           TEXAS PROJECT DELIVERY FRAMEWORK
           2.6.1      Does the agency use the Texas Project Delivery Framework (deliverable
                      templates and instructions)? Choose all that apply.

                      ( ) Yes, for major technology projects (life cycle costs of $1 million or
                            more)
                      ( ) Yes, for non-major technology projects (life cycle costs of less than $1
                            million)
                      ( ) No, Framework is not being used


           2.6.2      Describe the benefits and/or any recommendations or challenges
                      associated with use of the Framework templates and instructions. Enter
                      answer in paragraph form.

                      [ ]



           FRAMEWORK TRAINING
           2.6.3      DIR is establishing a Texas Project Delivery Framework Training Program.
                      Does the agency have a training need within any of the following areas?
                      Choose all that apply.

                      ( ) Portfolio and project management practices
                      ( ) Portfolio and project governance
                      ( ) Systems Development Life Cycle (SDLC)
                      ( ) Executive leadership practices
                      ( ) Performance management
                      ( ) Business case analysis


           2.6.4      Describe details of agency Framework training needs and interests. Enter
                      answer in paragraph form.

                      [ ]




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                35
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




     OBJECTIVE 7. ENCOURAGE BUSINESS AND TECHNOLOGY ARCHITECTURES THAT
     DRIVE IMPROVED PLANNING AND COORDINATION
          Architectural standards start with a structured understanding of the key business
          functions the agency must fulfill to achieve its mission and support the goals of
          the state. With business needs established as a baseline, technology architectures
          can be developed that directly support those priorities. This objective is further
          reinforced when agencies build reuse and interoperability strategies into their
          development and deployment standards.

          DIR will use agency responses to the following questions to scope and develop
          the approach to fulfilling SSP objectives and strategies that direct DIR to promote
          the alignment of business and technology and to provide opportunities for reuse,
          collaboration, and interoperability. Additional information on DIR’s Enterprise
          Architecture program is available at www.dir.state.tx.us/ea/.


          REUSE
          2.7.1     Describe current or planned reuse or adaptation of existing business
                    assets (requirements, models) and/or technology assets (designs, code)
                    from other projects, within or outside the agency. Enter answer in
                    paragraph form.

                    [ ]


          2.7.2     Describe the factors that reflect success in reuse of business and
                    technology assets, and indicate which of those success factors are
                    currently met at the agency. Enter answer in paragraph form.

                    [ ]


          2.7.3     Describe any plans to produce reusable business or technology assets that
                    may be valuable to other state agencies or institutions of higher
                    education. Enter answer in paragraph form.

                    [ ]


          2.7.4     Which resource(s) would help the agency to identify and/or evaluate reuse
                    opportunities, or to produce more reusable assets? Choose all that apply.

                    ( ) Business asset reuse guidelines and training
                    ( ) Technology asset reuse guidelines and training
                    ( ) Information asset reuse guidelines and training
                    ( ) Reuse asset inventory (with contact info, but without repository)
                    ( ) Reuse asset inventory and repository
                    ( ) Statewide business asset standards facilitating reusability
                    ( ) Statewide technology asset standards facilitating reusability




36                                                    DEPARTMENT OF INFORMATION RESOURCES
                                              PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




                      ( ) Statewide information asset standards facilitating reusability
                      ( ) Support resources to mentor and support agency reuse efforts


           2.7.5      Describe the types of services, systems, and applications that the agency
                      would like to find and reuse that may have already been developed by
                      other governmental entities. Enter answer in paragraph form.

                      [ ]


           2.7.6      Describe any other ideas or suggestions for improving agency capabilities
                      for reuse. Enter answer in paragraph form.

                      [ ]



           COLLABORATION
           2.7.7      Describe current collaborations with other agencies, institutions of higher
                      education and/or local governments. Enter answer in paragraph form.

                      [ ]


           2.7.8      Describe any planned collaboration initiatives with other agencies,
                      institutions of higher education and/or local governments. Enter answer in
                      paragraph form.

                      [ ]


           2.7.9      Which resource(s) would help the agency to identify and/or evaluate
                      collaboration opportunities with other agencies, institutions of higher
                      education, local governments and/or private entities? Choose all that
                      apply.

                      ( ) Interagency collaboration guidelines and training
                      ( ) Public-private collaboration guidelines and training
                      ( ) List describing agency projects and applications
                      ( ) List of public-private collaboration opportunities
                      ( ) Statewide standards for technology project collaboration (including
                            collaboration governance)
                      ( ) Support resources to mentor and support agency collaboration efforts


           2.7.10     Describe any other ideas or suggestions the agency has for improving
                      capabilities for collaboration on technology projects. Enter answer in
                      paragraph form.

                      [ ]




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                              37
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




          INTEROPERABILITY
          2.7.11    Describe significant interoperability constraints and requirements that
                    exist with other agencies, local or federal government, and institutions of
                    higher education, stakeholder groups, or private sector entities. These
                    include systems and/or applications outside the agency with which data
                    must be integrated and/or shared. Enter answer in paragraph form.

                    [ ]


          2.7.12    Describe any potential interoperability opportunities that could add value
                    within the agency or outside the agency. Indicate the value associated with
                    each opportunity. Enter answer in paragraph form.

                    [ ]



          INFORMATION ARCHITECTURE PRACTICES
          2.7.13    Has the agency developed and implemented standards for information
                    (data) architecture, including standards for data modeling, database
                    design, and taxonomies? Choose one.

                    ( ) Yes
                    ( ) No


          2.7.14    Describe the key areas of focus on any existing data modeling, database
                    and/or taxonomy standards. Indicate if the agency’s data-focused
                    standards may be valuable to other agencies. Enter answer in paragraph
                    form.

                    [ ]


          2.7.15    Has the agency undertaken an enterprise data modeling effort? Choose
                    one.

                    ( ) Yes
                    ( ) No (skip 2.7.16)


          2.7.16    How much of the agency’s enterprise data modeling effort is complete?
                    Choose one.

                    ( ) More than 50%
                    ( ) Between 10% and 50%
                    ( ) Less than 10%
                    ( ) Not Applicable




38                                                    DEPARTMENT OF INFORMATION RESOURCES
                                             PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




           2.7.17     How many agency data models (enterprise and/or application-specific)
                      include data dictionaries or taxonomies? Choose one.

                      ( ) More than 50%
                      ( ) Between 10% and 50%
                      ( ) Less than 10%
                      ( ) Not Applicable


           2.7.18     Describe the agency’s policy and practice of keeping data models,
                      database designs, and/or data dictionaries/taxonomies (enterprise or
                      application-specific) up to date. Enter answer in paragraph form.

                      [ ]


           2.7.19     What could DIR do to support the agency’s information architecture
                      practices? Enter answer in paragraph form.

                      [ ]



           TECHNICAL ARCHITECTURE PRACTICES
           2.7.20     Has the agency developed and implemented coding and design standards
                      for technical architecture? Choose one.

                      ( ) Yes
                      ( ) No


           2.7.21     Describe the key areas of focus on any existing coding and design
                      standards (security, interfaces, etc.). Indicate if the agency’s coding and
                      design standards may be valuable to other agencies. Enter answer in
                      paragraph form.

                      [ ]


           2.7.22     How much of the agency’s technical architecture has been modeled
                      (development, testing and production environments, hardware, software
                      DBMS, infrastructure, and other technology assets)? Choose one.

                      ( ) More than 50%
                      ( ) Between 10% and 50%
                      ( ) Less than 10%
                      ( ) Not Applicable




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                  39
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




          2.7.23    Describe the agency’s policy and practice of keeping technical architecture
                    models and/or system requirements and designs up to date. Enter answer
                    in paragraph form.

                    [ ]


          2.7.24    What could DIR do to support the agency’s technical architecture
                    practices? Enter answer in paragraph form.

                    [ ]



          BUSINESS ARCHITECTURE PRACTICES
          2.7.25    Does the agency gather business requirements separately and in advance
                    of gathering system requirements? Choose one.

                    ( ) Yes
                    ( ) No


          2.7.26    Has the agency developed and implemented business modeling and
                    business requirements gathering methodology and standards? Choose
                    one.

                    ( ) Yes
                    ( ) No


          2.7.27    Describe the key areas of focus on any existing business
                    modeling/requirements standards and/or methodology. Indicate if the
                    agency’s business modeling/requirements standards and/or methodology
                    may be valuable to other agencies. Enter answer in paragraph form.

                    [ ]


          2.7.28    How much of the agency’s business architecture (across all business
                    divisions) has been modeled (enterprise service delivery and/or business
                    process models)? Choose one.

                    ( ) More than 50%
                    ( ) Between 10% and 50%
                    ( ) Less than 10%
                    ( ) Not Applicable


          2.7.29    Describe the agency’s policy and practice of keeping business models
                    and/or business requirements up-to-date or current. Enter answer in
                    paragraph form.

                    [ ]




40                                                   DEPARTMENT OF INFORMATION RESOURCES
                                                PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




           2.7.30     If the agency currently practices business architecture/modeling/
                      requirements separate from system requirement efforts, which group(s)
                      are responsible for producing the business models/requirements? (Note:
                      “business analysts” and “system analysts” are generic role names, not job
                      titles.) Choose all that apply.

                      ( ) Business analysts who work WITHIN a particular business division
                      ( ) Business analysts who work ACROSS business divisions, but are NOT
                            technology staff
                      ( ) Business analysts who work ACROSS business divisions, but ARE
                            technology staff
                      ( ) Systems analysts who work ACROSS business divisions, and ARE
                            technology staff
                      ( ) Systems analysts who work WITHIN a particular business division, and
                            ARE technology staff
                      ( ) Business or solution architects who work WITHIN or ACROSS business
                            divisions, and are NOT technology staff
                      ( ) Business or solution architects who work ACROSS business divisions,
                            and ARE technology staff
                      ( ) Not applicable
                      ( ) Other (specify) [ ]


           2.7.31     What could DIR do to support the agency’s business architecture process?
                      Enter answer in paragraph form.

                      [ ]



           NEW OPPORTUNITIES FOR STATEWIDE MANAGEMENT OR SUPPORT
           DIR will use agency responses to identify agency level of interest in new
           opportunities for shared or consolidated management or support.

           2.7.32     In which technology areas could shared or consolidated management
                      and/or support help the agency better accomplish its mission? Choose all
                      that apply.

                      ( ) E-mail/messaging/collaboration services
                      ( ) Human resources applications
                      ( ) Financial applications
                      ( ) Help desk
                      ( ) Web services
                      ( ) None of the above
                      ( ) Other (specify) [ ]




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                              41
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




          2.7.33    Describe the agency’s interest in the technology area(s) indicated above
                    (question 2.7.32). Enter answer in paragraph form.

                    [ ]



     OBJECTIVE 8. ENHANCE THE VALUE OF STATE REVIEWS
          Oversight of the success and status of the state’s investment is primarily focused
          on mitigating risk, identifying and documenting best practices, and ensuring that
          state leadership is kept well informed. To effectively oversee and manage the
          state’s technology investment, agencies and decision-making authorities require
          current and reliable information. At present, Texas collects and analyzes
          technology information and monitors agency projects through a number of
          processes and reporting applications.

          DIR will use agency responses to the following questions to develop streamlined
          reporting program scope and priorities. See the report, Statewide Technology
          Management: Opportunities for Improvement, available on the DIR Web site, for
          additional information.


          STREAMLINED REPORTING
          2.8.1     Describe the extent to which the agency experiences redundancies in
                    technology reporting to oversight agencies and groups, including LBB,
                    Comptroller of Public Accounts, Contract Advisory Team, DIR, Quality
                    Assurance Team, and/or the Texas Building and Procurement
                    Commission. Enter answer in paragraph form.

                    [ ]


          2.8.2     Describe the extent to which the agency experiences inconsistent
                    technology terminology and definitions among different oversight
                    agencies. Enter answer in paragraph form.

                    [ ]


          2.8.3     Describe challenges in technology reporting to oversight agencies,
                    including manual reporting requirements and/or the inability to directly
                    export existing datasets. Enter answer in paragraph form.

                    [ ]


          2.8.4     Describe any other challenges the agency faces in reporting technology
                    information to oversight agencies. Enter answer in paragraph form.

                    [ ]




42                                                   DEPARTMENT OF INFORMATION RESOURCES
                                                PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




           MANAGEMENT OF TECHNOLOGY ASSETS
           2.8.5      Describe the agency’s strategy and approach to technology asset
                      management. Indicate if automated tools are used to discover, track,
                      and/or manage asset usage and status information. Technology assets
                      include hardware, software, licenses, and service contracts. Enter answer
                      in paragraph form.

                      [ ]



     OBJECTIVE 9. INCREASE THE VALUE OF ELECTRONIC DATA AND INFORMATION
           Information held by government resides in abundant quantities, in multiple
           versions, and in various formats within mainframes, network servers, desktop hard
           drives, e-mail systems, and mobile devices. Without tools and processes to locate
           and retrieve required files, data is effectively useless. To enhance their value,
           data and information must be controlled systematically from creation to
           disposition. Managing information consistently will minimize redundancy in data
           collection and storage, improve data accuracy, increase staff productivity, and
           improve system performance.


           DATA AND INFORMATION MANAGEMENT
           2.9.1      What types of automated tools does the agency currently use to manage
                      data and information? Choose all that apply.

                      ( ) Automatic classification systems
                      ( ) Business intelligence
                      ( ) Content management
                      ( ) Document management
                      ( ) Enterprise search engines
                      ( ) Records management
                      ( ) Imaging systems
                      ( ) Information life cycle management
                      ( ) Data warehouse
                      ( ) Web content management
                      ( ) Workflow
                      ( ) E-mail archiving
                      ( ) None of the above
                      ( ) Other (specify) [ ]


           2.9.2      Which of the data and information management tools listed above is the
                      agency considering or planning to purchase during the 2008-09
                      biennium? Enter answer in paragraph form.




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                             43
PART 2: SUPPORT OF 2005 SSP GOALS AND OBJECTIVES




                    [ ]


          2.9.3     Would the agency benefit from DIR support or shared services in the data
                    and information management areas cited in question 2.9.1? Choose one.

                    ( ) Yes
                    ( ) No (skip 2.9.3a)


          2.9.3a    Describe how the agency would benefit from DIR support or shared
                    services in data and information management. Enter answer in paragraph
                    form.

                    [ ]



          ELECTRONIC RECORDS MANAGEMENT
          2.9.4     Describe the agency’s strategy and approach for creating, retaining, and
                    disposing of electronic records as detailed in the Electronic Records
                    Standards and Procedures [13 TAC §§6.93-6.97]. Enter answer in
                    paragraph form.

                    [ ]


          2.9.5     Describe the agency’s strategy and approach for protecting the citizens’
                    personal data in content that is published on the agency’s Web site or on
                    publicly available information systems. Enter answer in paragraph form.

                    [ ]



          ACCESSIBILITY OF AGENCY WEB SITES
          2.9.6     How often are agency Web sites (Internet and intranet) and public-facing
                    Web-based applications checked/tested for accessibility compliance?
                    Choose all that apply.

                    ( ) Upon modification of existing content or functionality
                    ( ) Upon development of new content or functionality
                    ( ) Monthly
                    ( ) When a problem is identified
                    ( ) Accessibility compliance has not been tested (skip 2.9.7)


          2.9.7     Who performs accessibility compliance testing? Choose all that apply.

                    ( ) Agency Web/application design staff using test and evaluation tools
                    ( ) Other state or public resources (e.g., the UT Accessibility Institute)
                    ( ) A design/accessibility assessment contractor (e.g., Knowbility)




44                                                     DEPARTMENT OF INFORMATION RESOURCES
Part 3:            Compliance with State Standards

           Agencies should review technology-related statutes and rules referenced in this
           part of the IRSP and identify the status of compliance with each. DIR will use
           agency responses to each compliance requirement to identify and evaluate the
           extent to which each agency, and the state as a whole, is complying with key
           statutes and rules related to technology.

           For each requirement, select the answer that best represents the agency’s
           current compliance status. When selecting ―In Progress‖ or ―Planned‖, indicate
           the month and calendar year in which the requirement will be fully implemented.

           •   Implemented – The agency has implemented the requirement.
           •   In Progress – The agency has begun an activity that will lead to
               implementation
               of the requirement. Indicate the estimated date (month and calendar year)
               that the requirement will be implemented.
           •   Planned – The agency is planning to implement the requirement, but has not
               yet begun activity toward implementation. Indicate the estimated date
               (month and calendar year) that the requirement will be implemented.
           •   Not Planned – The agency is not planning to implement the requirement.
           •   Not Applicable – The requirement is not applicable to the agency.



     SECURITY REQUIREMENTS
           3.1.1      The agency head or a designated representative must review and approve
                      ownership of information resources and their associated responsibilities
                      [TAC §202.21(a), §202.71(a)].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                           45
PART 3: COMPLIANCE WITH STATE STANDARDS




          3.1.2     Each agency must designate a full-time information security officer [TAC
                    §202.21(d), §202.71(d)].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}


          3.1.3     Each agency must have annual reviews of their security program for
                    compliance with the TAC 202 Security Standards [TAC §202.21(e),
                    §202.71(e)].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}


          3.1.4     Each agency must perform a security risk analysis of information
                    resources [TAC §202.22, §202.72].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}




46                                                    DEPARTMENT OF INFORMATION RESOURCES
                                                      PART 3: COMPLIANCE WITH STATE STANDARDS




           3.1.5      Each agency must have documented Physical Security measures in place
                      [TAC §202.23, §202.73].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}


           3.1.6      Each agency must have a Business Continuity Plan [TAC §202.24,
                      §202.74].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}


           3.1.7      Each agency must take measures to ensure that designated confidential
                      information is accessible to only authorized users [TAC §202.25(2)(A),
                      §202.75(2)(A)].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                             47
PART 3: COMPLIANCE WITH STATE STANDARDS




          3.1.8     Each agency must utilize the DIR monthly incident reporting system [TAC
                    §202.26, §202.76].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}



          3.1.9     Each agency must have controls in place to ensure that test functions for
                    systems development, acquisition, and testing are either physically or
                    logically separated from production functions [TAC §202.25(6)(A),
                    §202.75 (6)(A)].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}


          3.1.10    Each agency must establish a perimeter protection strategy [TAC
                    §202.25(8), §202.75(8)].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}




48                                                    DEPARTMENT OF INFORMATION RESOURCES
                                                      PART 3: COMPLIANCE WITH STATE STANDARDS




           3.1.11     All System Identification/Logon Banners must have the appropriate
                      warning statements [TAC §202.25(9), §202.75(9)].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}


           3.1.12     All authorized users of agency information resources must be required to
                      formally acknowledge that they will comply with security policies and
                      procedures before they are granted access to information systems [TAC
                      §202.27, §202.77].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}


           3.1.13     Each agency must create, distribute, and implement information security
                      policies [TAC §202.25(7), §202.75(7)].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                            49
PART 3: COMPLIANCE WITH STATE STANDARDS




     GEOGRAPHIC INFORMATION SYSTEMS STANDARDS
          •   Indicate which GIS standards listed below have been implemented [TAC
              §201.6].
          •   If ―In Progress‖ or ―Planned‖, estimate the year/month that implementation
              will be completed.
          •   If the agency does not use, or plan to use, GIS technology to conduct any
              part of its business, select ―Not Applicable‖ for questions 3.2.1 through 3.2.5.

          3.2.1      The agency must coordinate in advance with the Texas Geographic
                     Information Council on expenditures of over $100,000 to acquire,
                     enhance, or develop a GIS base map dataset.

                     Status: Choose one.

                     ( ) Implemented
                     ( ) In Progress
                     ( ) Planned
                     ( ) Not Planned
                     ( ) Not Applicable


                     Estimated Date (if “In Progress” or “Planned”)

                     {Choose date between 09/2006 and 12/2009}


          3.2.2      If the agency originates or adds content to a digital geospatial dataset and
                     distributes it to other agencies or the public, it must offer the dataset in at
                     least one format that is readily usable by a variety of GIS software
                     packages.

                     Status: Choose one.

                     ( ) Implemented
                     ( ) In Progress
                     ( ) Planned
                     ( ) Not Planned
                     ( ) Not Applicable


                     Estimated Date (if “In Progress” or “Planned”)

                     {Choose date between 09/2006 and 12/2009}




50                                                      DEPARTMENT OF INFORMATION RESOURCES
                                                      PART 3: COMPLIANCE WITH STATE STANDARDS




           3.2.3      If the agency acquires a federal or other public domain geospatial dataset,
                      it must make it available to other agencies and the public via the agency’s
                      Web site and/or the Texas Natural Resources Information System.

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}


           3.2.4      If the agency originates or adds content to a digital geospatial dataset and
                      distributes it to other agencies or the public, it must prepare standardized
                      metadata documentation for each dataset, and distribute this metadata
                      with the dataset.

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}


           3.2.5      If the agency generates or contracts for positional data using field
                      measurement techniques, it must utilize the North American Datum of
                      1983 (NAD83) for horizontal positional data and the North American
                      Vertical Datum of 1988 (NAVD88) for vertical elevation data.

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                             51
PART 3: COMPLIANCE WITH STATE STANDARDS




     ADDITIONAL RULES AND REQUIREMENTS
          3.3.1     The agency must adhere to the published standards when wiring or
                    rewiring state-owned or state-leased space [TAC §208.10, §208.20].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}


          3.3.2     If the agency holds an open or closed meeting by video conference call,
                    the systems used must comply with the approved standards [TAC §209].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}


          3.3.3     The agency must purchase commodity software in accordance with
                    contracts developed by the department or obtain an approved waiver [TAC
                    §212].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}




52                                                    DEPARTMENT OF INFORMATION RESOURCES
                                                      PART 3: COMPLIANCE WITH STATE STANDARDS




           3.3.4      If the agency receives information resources technologies under a contract
                      from another state entity, it must solicit bids or proposals for the
                      procurement of such technologies by giving public notice of a request for
                      proposals or a request for bids [TAC §204, TGC §2054.119].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}


           3.3.5      Each agency must manage electronic records according to the Electronic
                      Records Standards and Procedures adopted by the Texas State Library and
                      Archives Commission [13 TAC §§6.91-6.97].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}


           3.3.6      Each agency must ensure that electronic records in its custody that have
                      historical value to the state are properly preserved [TGC §441.186].

                      Status: Choose one.

                      ( ) Implemented
                      ( ) In Progress
                      ( ) Planned
                      ( ) Not Planned
                      ( ) Not Applicable


                      Estimated Date (if “In Progress” or “Planned”)

                      {Choose date between 09/2006 and 12/2009}




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                           53
PART 3: COMPLIANCE WITH STATE STANDARDS




          3.3.7     Each agency must remove restricted personal information from any
                    associated storage device before selling or transferring data processing
                    equipment to a person who is not a state agency or other agent of the
                    state [TGC §2054.130; TAC §202.28, §202.78].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}


          3.3.8     Each agency’s IRM should at a minimum have a four-year degree from a
                    fully accredited post-secondary institution (if appointed after September
                    1, 1992) [TAC §211.11, §211.21].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}


          3.3.9     Each agency’s IRM should meet or exceed the IRM continuing education
                    requirements for FY2005 [TAC §211.11, §211.21].

                    Status: Choose one.

                    ( ) Implemented
                    ( ) In Progress
                    ( ) Planned
                    ( ) Not Planned
                    ( ) Not Applicable


                    Estimated Date (if “In Progress” or “Planned”)

                    {Choose date between 09/2006 and 12/2009}




54                                                    DEPARTMENT OF INFORMATION RESOURCES
Glossary

Architecture. Refers to either hardware or software, or to a combination of hardware and software. The
  architecture of a system always defines its broad outlines, and may define precise mechanisms as
  well. An open architecture allows the system to be connected easily to devices and programs
  made by other manufacturers. Open architectures use off-the-shelf components and conform to
  approved standards. A system with a closed architecture, on the other hand, is one whose design is
  proprietary, making it difficult to connect the system to other systems. [Source: Webopedia.com:
  www.webopedia.com/TERM/a/ architecture.html]

Automatic Classification Systems. Automatic classification systems use mathematical constructs to
  identify key concepts by analyzing the frequency and placement of words and concepts within
  documents for the purpose of tagging the documents, organizing them into categories and
  improving retrieval success.

Best Practice. A term used to describe generally agreed-upon processes, derived from experienced
  industry experts, which should be undertaken when deploying projects in order to decrease
  operational and financial risk. [Source: 2005 SSP Glossary]

Business Architecture. Refers to the landscape of business units or divisions and the services and
  processes they perform to fulfill the agency’s mission, goals and objectives. Business architecture
  encompasses:
   Standards for business modeling, business requirements gathering, and business process re-
    engineering
   Practices of business modeling, business requirements gathering, and business process re-
    engineering at the business unit/division level
   Practices of business modeling and business re-engineering at the enterprise level
   Development of business-based service level agreements (SLAs) with regard to information and
    communications technology support
   Impact analyses and governance of business models, requirements and re-engineering proposals
    across divisions or enterprise-wide

Business Continuity Management. A holistic management process that identifies potential impacts that
  threaten an organization and provides a framework for building resilience with the capability for an
  effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-
  creating activities. [Source: Business Continuity Institute: www.thebci.org/ Glossary.pdf. Also, see the
  DIR Web site for Business Continuity Planning Guidelines: www.dir.state.tx.us/IRAPC/bcpg/index.htm]

Business Intelligence. Business intelligence (BI) is a broad category of applications and technologies
  for gathering, storing, analyzing, and providing access to data to help enterprise users make better
  business decisions. BI applications include the activities of decision support systems, query and
  reporting, online analytical processing (OLAP), statistical analysis, forecasting, and data mining.
  [Source: www.whatis.com]

Change Control. Any alteration of the functional or physical characteristics of a project work product.
  This includes both defect repairs and enhancements.

Change Management. Addresses changes to requirements, operational systems, and/or procedures.
  These changes may originate within or outside the agency. An effective agency-wide change
  management/change control practice can enable a thorough impact analysis.

Collaboration Software. Software that allows user groups to share information and applications online.
  [Source: 2005 SSP Glossary]



20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                      55
GLOSSARY




Collection of Fees/Fines. Collection of any fee or fine for enforcement actions or failure to perform to
  agency requirements or standards. The result is a printable receipt of the funds.

Commodity Items (Technology). Technology commodity items are defined in legislation as
  commercially available hardware, software, and technology services that are generally available to
  businesses or the public. See the DIR Web site for details:
  www.dir.state.tx.us/commodities/program.htm#II.

Computer Incident Reports. Agencies and universities are required by TAC 202.26 and TAC 202.76 to
  provide summary reports that contain information concerning violations of security policy of which
  the agency has become aware. For more detail, see the DIR Web site for reported incidents in
  published documents: www.dir.state.tx.us/security/reports/.

Configuration. Functional and physical characteristics of hardware or software as set forth in technical
  documentation or archived in a product; requirements, design, and implementation that define a
  particular version of a system or system component.

Configuration Management. Subset of project management that includes the processes for formally
  identifying and controlling project configuration items. Includes version control of project
  deliverables and other text documents, as well as code and build procedures. Technology project
  artifacts and deliverables must be versioned if they are to be kept up to date, including business and
  system requirements, designs, and data models. An agency-wide configuration management
  practice can support the ongoing maintenance of standards and requirements and code bases
  within an agency.

Content Management. Content management systems consist of technologies used to capture,
  manage, store, preserve, and deliver content such as images, office documents, graphics, drawings,
  print streams, Web pages, e-mail, video, and rich media assets.

Contract Advisory Team (CAT). The Contract Advisory Team consists of a representative from the
  Comptroller of Public Accounts, Office of Attorney General, Office of the Governor, DIR, and the
  Texas Building and Procurement Commission. Its role is to review project solicitation plans based on
  risk assessment results and to grant approval to an agency to proceed with solicitation plans.

Cooperative Contracts Program. In accordance with TGC §2157.068, and 1 TAC Chapter 212, each
  state agency must purchase technology commodity items through contracts established by DIR
  unless the agency first obtains an exemption. For more details on the program, see the DIR Web site:
  www.dir.state.tx.us/commodities/program.htm#I.

Cyber Security. The branch of security that protects data and information against unauthorized
  disclosure, transfer, modification, or destruction, whether accidental or intentional.
  [Source: 2005 SSP Glossary]

Data Center. A centrally managed computing facility that houses servers or mainframe(s) and storage
  devices to serve as a centralized processing center. Typically, such a facility is constructed or
  modified with separate climate controls and electrical connections that are adequate to support
  the computing environment. [Source: 2005 SSP Glossary]

Data Management. Data management ensures data integrity and availability through methodologies
  such as data warehousing, cleansing, profiling, stewardship, modeling, and definition. Effective
  business decisions rely on data accuracy and reliability. [Source: BetterManagement.com:
  www.bettermanagement.com/topic/subject.aspx?f=10&s=1266]

Data Warehouse. A data warehouse is a collection of data designed to support management decision
  making. Data warehouses contain a wide variety of data that present a coherent picture of business
  conditions at a single point in time. Data warehousing generally refers to the combination of many




56                                                           DEPARTMENT OF INFORMATION RESOURCES
                                                                                                 GLOSSARY




  different databases across an entire enterprise.
  [Source: Webopedia.com ]

Disaster Recovery Services. Services usually provided by a third party that include developing
  advance arrangements and procedures to enable an organization to either maintain or quickly
  resume mission-critical functions within a specified time, minimizing loss to the organization. [Source:
  2005 SSP Glossary]

Document Imaging Systems. Document imaging systems consists of various configurations of hardware
  and software components used to render paper documents into computer readable digital images.
  These images can then be transferred onto a variety of electronic storage media and can be
  stored, retrieved, and managed electronically.

Document Management. Document management systems consist of technologies used to control the
  life cycle of documents from their point of creation by providing indexing, profiling, routing, check-in
  and checkout, revision, and version control capabilities. The primary concern of electronic
  document management systems is the authoring and approval process.

Electronic Records Management Systems. Electronic records management systems consist of
   technologies that collect, organize, categorize, store, retrieve, use, and dispose of electronic
   records, managing them throughout their complete life cycle. Basic functionality supports the
   development of retention schedules, implementation of disposition and retention requirements,
   calculation of disposal eligibility dates, ability to place holds on disposition when necessary, and
   generation of disposal logs.

E-mail Archiving System. E-mail archiving systems capture and store all e-mail in read-only form. Both
  sent and received e-mail is indexed on header information and stores captured messages to disk,
  optical storage, or tape storage. E-mail archive systems are used by organizations to manage e-mail
  for compliance, storage management, legal discovery, and knowledge management.

Enterprise. Concerning the broadest scope of the agency, including all business and technology
  divisions.

Enterprise Architecture. A comprehensive approach used to manage and coordinate an agency’s
  business processes and information systems so that they align with the agency’s core goals and
  strategic direction.

Enterprise Impact. Effect of one variable across all business and technology divisions of the agency.

Enterprise Resource Planning. A term for the broad set of activities supported by multi-module
  application software that helps a business manage its business processes, including operational
  planning, inventory, procurement, customer service, finance, and human resources. Typically, an
  ERP system uses or is integrated with a relational database system.

Enterprise Search Engines. Enterprise search engines are programs designed to help find information
  stored inside corporate or proprietary networks or intranets. A search engine employs a variety of
  strategies, such as thesauri, dictionaries, and probabilistic analysis, to discover documents that
  match a user’s interests.

Enterprise Strategic Governance. Encompasses the structures and processes for defining and ensuring
  fulfillment of agency mission, goals, and objectives through consideration of both business and
  technology services within a common forum.

Geographic Information System (GIS). A system of computer hardware, software, and procedures used
  to store and manipulate electronic maps and related data to solve complex planning and
  management problems. [Source: 2005 SSP Glossary]




20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                        57
GLOSSARY




Global Positioning System (GPS). A satellite-based navigation system developed by the U.S.
  Department of Defense. GPS receivers can determine one’s position on the earth’s surface.

Impact Analysis. Analysis of the relative harm or damage to a project if a risk becomes a problem,
  usually expressed either as a dollar amount or on a scale from 1 to 10.

Information Life Cycle Management. Information life cycle management is an approach to managing
   information and storage that recognizes that the value of information, based on its purpose and
   content, changes over time.

Information Architecture. Refers to the landscape of data models, taxonomies, databases, data
   warehousing, business intelligence, data retention/archiving and reporting, and the services and
   processes they perform to fulfill the agency’s mission, goals, and objectives. Information architecture
   encompasses
   Standards for all aspects of information architecture mentioned above
   Practices for all aspects of information architecture mentioned above
   Impact analyses and governance of information architecture elements across technology divisions
    and across business divisions, or enterprise-wide

Information Resources Management Act (IRMA). Section 2054 of the Texas Government Code.

Information Resources Manager (IRM). Responsible to the State of Texas for management of the
   agency’s information resources. The designation of an agency information resources manager (IRM)
   is intended to establish clear accountability for setting policy for information resource management
   activities, provide for greater coordination of the state agency’s information activities and ensure
   greater visibility of such activities within and between state agencies. See DIR Web site:
   www.dir.state.tx.us/oversight/index.htm.

Information Security. Effective information security practices requires executive management support,
   effective policies and procedures that are appropriate for the environment, staff training, risk
   assessment, employee awareness, appropriate and effective controls, and comprehensive audit
   and testing. The goal is to protect the agency’s critical missions by reducing risks, complying with
   laws and regulations, and ensuring business continuity, information integrity, and confidentiality.
   [Source: Practices Protecting Information Resources Assets on the DIR Web site:
   www.dir.state.tx.us/IRAPC/practices/pdf/practices-pt1.pdf]

Information Security Officer (ISO). Responsible to the information resources manager for administering
   the information security functions within the agency. The ISO is the agency’s internal and external
   point of contact for all information security matters. See DIR Web site:
   www.dir.state.tx.us/security/policies/incident_mgmt_policy.doc.

Information Technology Detail (ITD). TGC 2054 (IRMA) directs that an agency’s strategic planning
   process coincide with the state’s budget cycle. As part of that process, agencies must prepare an
   ITD to substantiate their capital project information and show how they will manage their information
   resources technology, implement their IRSP, and use their information resources budget in the next
   biennium. See the LBB Web site: www.lbb.state.tx.us/ITD/ITD_Manual_0604.pdf.

Infrastructure. The physical hardware used to interconnect computers and users, as well as the
   software used to send, receive, and manage transmitted signals.

Interactive Voice Response (IVR). A computerized system that allows a person, typically a telephone
   caller, to select an option from a voice menu and interact with a computer system. Generally, the
   system plays pre-recorded voice prompts to which the person presses a number on a telephone
   keypad to select an option or speaks simple answers such as ―yes,‖ ―no,‖ or a number. [Source: 2005
   SSP Glossary]




58                                                           DEPARTMENT OF INFORMATION RESOURCES
                                                                                                 GLOSSARY




Interoperability. The ability of two or more systems or products to work together without special effort.
   For example, routers and switches in a network require interoperability.

Intrusion Detection System. Software and/or hardware that detects and logs inappropriate, incorrect,
   or anomalous activity on a network and that identifies suspicious patterns that may indicate an
   attack from someone attempting to break into or compromise a system.
   [Source: 2005 SSP Glossary]

Messaging. Services that use a network to send, receive, and combine messages, faxes and large
 data files. Examples are electronic mail and enhanced fax.

Modeling. Generally, the process of representing a real-world object or phenomenon as a set of
 mathematical equations. [Source: Webopedia.com]

Network Convergence. The integration of voice, data, and video networks. [Source: 2005 SSP Glossary]

Network Security and Operations Center (NSOC). HB3112 (79th Texas Legislature) authorizes DIR to
  establish NSOC on a cost-recovery basis to manage and deliver network security system services to
  state agencies.

Patch Management. Patch management is an area of systems management that involves acquiring,
  testing, and installing multiple patches (code changes) to an administered computer system. Patch
  management tasks include: maintaining current knowledge of available patches, deciding what
  patches are appropriate for particular systems, ensuring that patches are installed properly, testing
  systems after installation, and documenting all associated procedures, such as configurations
  required. [Source: Whatis.com:
  http://searchwindowssecurity.techtarget.com/sDefinition/0,,sid45_gci901422,00.html]

Payment for Services. Refers to a payment accepted by an agency that will result in the providing of a
  service, license, registration, permit, or product of transferable value to its constituency that could be
  revoked, confiscated or cancelled, or that might lapse at a later date.

Performance Management. Subset of project management that includes the processes for measuring
  the performance of the product and/or service delivered by the project.

Planned Procurement Schedule. A legislatively mandated data collection instrument that identifies
  planned procurements for technology commodities and data center equipment and services by
  agencies. The information is used by DIR to plan future vendor solicitations of commodity items and
  as a vehicle to review and approve data center-related procurements.

Portfolio Management. A business process in which investment decisions are made to determine and
  select the mix of active projects and the budget, staffing, and other resource allocations for each
  one. [Source: 2005 SSP Glossary]

Project. As defined in Texas Government Code, Chapter 2054, a program to provide information
  resources technologies support to functions within or among elements of a state agency that ideally
  is characterized by well-defined parameters, specific objectives, common benefits, planned
  activities, a scheduled completion date, and an established budget with a specified source of
  funding.

Project Management. System of procedures, practices, technologies, and know-how that provides the
  planning, organizing, staffing, directing, and controlling necessary to successfully manage a project.

Project: Major Information Resources . As defined in Texas Government Code, Chapter 2054, any
  information resources technology project identified in a state agency’s biennial operating plan
  whose development costs exceed $1 million and that requires one year or longer to reach
  operations status; involves more than one state agency; or substantially alters work methods of state



20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                       59
GLOSSARY




  agency personnel or the delivery of services to clients; and any information resources technology
  project designated by the legislature in the General Appropriations Act as a major information
  resources project.

Quality Assurance. A critical review process to ensure that a task is adequately and correctly
  performed.

Quality Assurance Guidelines. The Guidelines explain and identify project management processes and
  procedures that address quality assurance compliance for major information resource projects.

Quality Assurance Team (QAT). The QAT is composed of representatives from DIR, the Legislative
  Budget Board, and the State Auditor’s Office. The Team is responsible for reviewing, approving, and
  overseeing major information resources projects.

Requirements Management. Addresses requirements that have an enterprise impact, including
  legislative statutes, business requirements, system requirements, design requirements, and test
  requirements.

Requirements Management Policy. An agency-level (as opposed to project-level) requirements
  management policy that establishes the various requirement types, as well as critical traceability
  guidelines for those requirements; allows for effective impact analyses to be performed when
  changes are proposed.

Reuse. Reuse is the inclusion of previously designed components (blocks of logic or data) in software
  and hardware. The term is more frequently used in hardware development. Design reuse makes it
  faster and cheaper to design and build a new product, since the reused components will not only
  be already designed but also tested for reliability. Developers can reuse a component in both similar
  and completely different applications. [Source: Whatis.com: http://whatis.techtarget.com/definition/
  0,289893,sid9_gci759468,00.html]

Reverse Auction. A type of auction in which the role of the buyer and seller are reversed. In a typical
  reverse auction, a buyer specifies what is to be purchased and, through an auction process, awards
  the procurement to the lowest bidder.

Risk. The possibility of an act or event occurring that would have an adverse effect on the state, an
  organization, or an information system. Risk involves both the probability of failure and the possible
  consequences of a failure.

Seat Management Services. A method of standardizing installation, operation, and maintenance of
  hardware and software at each desktop across an enterprise. [Source: 2005 SSP Glossary]

Service Level Management. Service Level Management negotiates and monitors line-of-business
  technology consumption and service quality to ensure alignment with business objectives and
  maximize the business benefits of technology investments. [Source: BetterManagement.com:
  www.bettermanagement.com/topic/
  subject.aspx?f=486&s=1252]

Service-Oriented Architecture. A collection of self-contained services that communicate with each
  other by passing data or coordinating activity among two or more services. [Source: 2005 SSP
  Glossary]

Software Development Life Cycle. The process used to develop an information system, including
  requirements, validation, training, and user ownership through investigation, analysis, design,
  implementation, and maintenance. Also known as Systems Development Life Cycle. [Source: 2005
  SSP Glossary]




60                                                           DEPARTMENT OF INFORMATION RESOURCES
                                                                                                 GLOSSARY




Stakeholder. Any individual or group who cares about the effort and cost of a project, wants to see the
  agency use the results of the product, and needs to provide time and effort to make the product
  usable.

Standard. An approved, documented, and available set of criteria used to determine the adequacy
  of an action or object.

Statewide Information Technology Asset Report (SITAR).       A Web-based reporting tool developed by
  DIR for state agencies to report their technology assets to support development of a consolidation
  plan directed by the legislature. The original SITAR application was adapted to support submission of
  the agency Information Resources Strategic Plans (IRSP) in 2004. SITAR will not be used for 2006
  submissions of agency IRSPs.

Strategic. Important or essential in relation to a plan of action; what is to be accomplished.

Tactical. Method or plan for attaining a particular goal; how something will be accomplished.

Taxonomy. The science of categorization, or classification, of things based on a predetermined system.
  In reference to Web sites and portals, a site’s taxonomy is the way it organizes its data into
  categories and subcategories, sometimes displayed in a site map.
  [Source: Webopedia.com: www.webopedia.com/TERM/t/taxonomy.html]

Technical Architecture. Refers to the landscape of applications, environments, hardware, software,
  and infrastructure, and the services and processes they perform to fulfill the agency’s mission, goals
  and objectives. Technical architecture encompasses
   Standards for all aspects of the technical architecture, including development and deployment
    methodologies
   Practices of modeling, requirements gathering and re-engineering of applications, environments,
    hardware, software and infrastructure
   Management of business-based service level agreements (SLAs)
   Impact analyses and governance of technical standards, models, requirements, and re-
    engineering proposals across technology divisions and across business divisions, or enterprise-wide

TEX-AN. Texas Agency Network

Texas Project Delivery Framework. The Texas Project Delivery Framework (Framework) establishes a
  consistent, statewide method for project selection, control, and evaluation based on alignment with
  business goals and objectives. The Framework consists of five review gates with guidance and tools
  for each of the gates:
   Business Justification–initial review gate for selection and approval of the project
   Project Planning–planning for both project management and technology-related activities and
    deliverables
   Solicitation and Contracting–development and management of technology solicitations and
    contracts
   Project Implementation–development, testing, and deployment based on project planning
    deliverables
   Benefits Realization–final review gate for measurement and evaluation of all project outcomes

  See the DIR Web site: www.dir.state.tx.us/pubs/framework/overview.htm.

Voice over Internet Protocol (VoIP). A technology used to transmit voice over a data network using the
  Internet.
  [Source: 2005 SSP Glossary]

Web Content Management. Web content management systems provide an automated approach to
 implementing content management processes, controls and policies within a Web site, a Web-



20 JUN 06 | 2006 IRSP INSTRUCTIONS                                                                     61
GLOSSARY




  based application or a Web-based network. Most major Web content management systems include
  authoring tools, workflow tools and templates, and approval workflow processes.

Work Breakdown Structure (WBS). The complete list of activities that need to be done for a project,
 used for estimation and scheduling the work.

Workflow. Workflow management products automate tasks, procedural steps, organizations or people
 involved, required input and output information, and tools needed for each step in a business
 process. These products manage and enforce work progression consistently focusing on processes
 rather than documents.




62                                                         DEPARTMENT OF INFORMATION RESOURCES
20 JUN 06 | 2006 IRSP INSTRUCTIONS   63
Department of Information Resources
P.O. Box 13564
Austin, TX 78711-3564
www.dir.state.tx.us




             Visit www.TexasOnline.com, the Official Web Site of the State of Texas

								
To top