; Response Information Technology
Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Response Information Technology

VIEWS: 2 PAGES: 9

Response Information Technology document sample

More Info
  • pg 1
									                                                            2011 Excellence In Information Technology
                                                                            Practices

                                                         Response Form: _________________________
                                                                                               Agency



Please answer all of the questions. Incomplete answers will not be given credit. You are welcome to alter the response
form but please make sure that the question number is associated with your answer for easy review. If we can‟t figure out
where the answer is, it is not given credit. Please place all attachments in numbered appendices and refer to those
numbers. Submittals shall include numbered section tabs to organize the submittal based on sections I – XI and
all attachments or reference materials. Response shall refer to the number section tab.

Version 2011

I Budget and Strategic Planning


       1. What percentage of your agency‟s annual general fund budget is related to information technology? Include all
           agency dollars related to technology, even if budgeted in various departments. (Answer shall show calculation
           and state percentage).


       2. Is the information technology manager/director responsible for developing the annual information technology
            budget for the agency? If not, who is responsible? Describe the process and methodologies used to develop
            and manage the budget. Explain how the information technology department or division is involved in other
            departments‟ and divisions‟ information technology budgets.


       3. Explain your agency‟s planning and budget mechanism to replace major hardware, software and other
           infrastructure. Please address both hardware and software in your response, particularly if your procedures
           and/or lifecycle planning differ by type of technology.


       4. How does your agency incorporate new technologies?


       5. Do you have an IT strategic plan? Please provide a copy.


       6. Describe how your agency developed and maintains its strategic plan.


       7. How does the IT strategic plan directly tie into the IT budget? Describe any processes or policies that ensure the
           plan will be funded over its life.


       8. Is the information technology manager/director involved in your agency‟s department head or strategic planning
            meetings?


II Purchasing

       9. Explain how your agency develops standards and keeps them up to date for the following:

              a.   Desktop Computers / Laptops
              b.   Servers
              c.   Desktop Software
              d.   Application Software
Page 1 of 9
                                                            2011 Excellence In Information Technology
                                                                            Practices

                                                          Response Form: _________________________
                                                                                              Agency



              e. Other information technology related equipment.

       10. How does your department/division enforce agency-wide information technology standards?


       11. Explain your technology purchasing procedures and how you ensure low cost and high quality products for all
           types of purchases (i.e., No-Bid, Informal Bid, Formal RFP, Consultant Services and Sole Source). Include an
           explanation of how you rate “value.”


       12. Explain how your agency tracks its information technology inventory.


       13. Does your agency have written plans, policies, or procedures for equipment purchases? Please explain.


       14. Is your agency properly licensed on all your current software applications?


       15. Managing Software Licenses for an IT operation (i.e., desktops, servers, applications) is challenging. Explain
           how IT manages software licensing and verification procedures for all software licensed by your agency.


       16. Do you have policies or procedures to control non-IT approved software purchases? Please explain.


       17. How does your agency dispose of old equipment? Please provide a detailed description, including an
           explanation of any procedures for recycling, donation, and/or environmentally correct disposal of hazardous
           technology-related materials, if applicable. Security concerns should also be addressed.


III Operations and Staffing

       18. Explain how your agency performs a regular backup of all central computer system databases as well as
           operating systems and application software.


       19. Are your agency‟s restore procedures tested on at least an annual basis? Please explain the process, If you do
           not test, explain how you ensure you will be able to restore your data.


       20. Patch management is a critical component in operations, describe your agency‟s methodology to identify,
           evaluate, and apply patches to all the devices on your network (i.e., switches, routers, servers, all operating
           systems, desktops, laptops, printers, and software). Describe your policies and procedures for updates and risk
           assessment, including any testing provisions. Is there a written policy for updating application software? If a
           policy exists, please attach.


       21. Is all of your agency‟s critical information technology equipment covered by a maintenance agreement? Please
           explain. (Your answer should identity hardware and software agreements). For critical equipment not under
           contract, describe any in-house repair capabilities.

Page 2 of 9
                                                           2011 Excellence In Information Technology
                                                                           Practices

                                                         Response Form: _________________________
                                                                                               Agency




       22. Explain how your agency‟s application software maintenance is handled (e.g., vendor contract or in-house
           staff)?


       23. Describe your information technology organization. Describe how your agency ranks and evaluates its IT
           resource needs versus desired results. Does the agency consider metrics and/or others in resource decisions?
           (Possible Metrics/New 2011: ICMA Annual Survey 3.0%, MIX 2008 Survey – 3.48%, Gartner 2010 (loc/state)
           3.5%, Gartner 2010 (utility) 5.5%, 2004 Metric 2.5%).


       24. Describe how many networked PCs per technician your agency has. How does your agency compare with
           proposed metric of 150 workstations per technician? If you are using contractors, outsourced services,
           managed and/or virtual desktops, or other techniques to improve your ratio of desktops to technicians, please
           explain in enough detail to rate the process.


       25. To whom does the head of information technology report? If not a department head, does the head of IT have
           direct communication with the City Manager and department heads? Explain.


       26. Does your agency have a “use of equipment policy?” If so, please attach.


       27. Do you require your employees to sign a “use of technology policy?” If not, please explain.


       28. Do you require your council members and elected officials to sign a “use of equipment policy?” If not, please
           explain.


       29. What procedures are in place to ensure your daily operational policies and procedures documented? What staff
           is assigned to the task, how often is it reviewed, how do you ensure it is kept current?


       30. Please describe what you have identified as critical operational procedures. What staff is assigned to the task,
           how often is it reviewed, how do you ensure it is kept current?


       31. Describe the type of documentation you have for major application systems.


       32. Do you have a document or file retention schedule? Explain if it is considered on maintaining your backups.
           Please attach your records retention schedule.


       33. Does your agency provide a Help Desk? If yes, please explain. If not, how does your agency handle this
           function?


       34. Have you evaluated ITIL (Information Technology Infrastructure Library), NIST (National Institute of Standards
           and Technology) or other best practices guides for use in your organization? If you have evaluated any, what
Page 3 of 9
                                                            2011 Excellence In Information Technology
                                                                            Practices

                                                         Response Form: _________________________
                                                                                               Agency



              have you implemented? If you have not evaluated any, what do you use to guide your organization to utilize
              best practices?



IV Customer Satisfaction

       35. Explain how your agency measures internal customer/end user satisfaction related to information technology
           within your organization?


       36. How does your agency measure customer satisfaction, as related to IT, in external customers (e.g., external
           agencies, website users, constituents, etc.)?


       37. If your agency measures customer satisfaction, please explain how you use the data to improve your
           organization, in particular the IT function. How is internal and/or external customer satisfaction relative to
           technology measured and used for improvement?


       38. Does your agency provide users with regular information regarding the information technology operation within
           your agency?


       39. Does your agency have an internal users group?


V Internet


       40. Does your agency monitor or control Internet use among users? Please explain, addressing both access and
           acceptable use concerns.


       41. Does your agency have a written Internet policy? If yes, how does your policy address web browsing and email
           use? Please attach.


       42. Does your agency have an internal position assigned to the function of “webmaster?” If so, please explain
           position title and duties; if not, how are these duties handled?


       43. How would you describe your agency‟s web site? Static – information only, Dynamic – provides real time
           information from internal systems to the Internet, Transactional – provides both information from internal
           systems and accepts input into internal systems from outside users. Please explain and give specific
           examples.

       44. How often does your agency continue to improve the web site and the services offered on the site? Identify the
           existing transactional services available to public and staff. Identify any planned improvements for the web site
           over the next 12 -18 months along with any budgets available to complete the project.


Page 4 of 9
                                                              2011 Excellence In Information Technology
                                                                              Practices

                                                            Response Form: _________________________
                                                                                                   Agency



       45. Explain how often the web site is updated and by whom. Can your users update their own sections?


       46. Has your agency developed a policy for social networking sites or social media? If so, please attach.


VI Project Management and Application Development

       47. Please explain how your agency implements major information technology projects.


       48. Does your agency typically involve user and/or departmental committees in the development of RFPs, selection
           of vendors, evaluation of proposals, and project implementations? Please explain the process used.


       49. Does your agency have written policies and procedures for major project implementation? Please attach.


       50. Please describe the quality control/improvement processes employed in your projects.


       51. How does the agency stay current on project management procedures and standards?


       52. How does your agency ensure security issues are part of the software development life cycle
           (new/maintenance)? Is security considered before and during the development? What procedures are in place
           to ensure a layered and integrated security model is used?


       53. Describe any line of business applications that are managed by users or „power‟ users. Describe how those
           applications are controlled or developed. How does the IT organization support those applications?


       54. How is change management implemented for ongoing applications?


VII Professional Development and Training

       55. Does your agency track information technology training within its organization? If yes, please explain.


       56. Does your agency track professional development? If yes, please explain.


       57. Are there established training goals or a training plan for the IT staff? If yes, please explain.


       58. Does your agency have training goals and criteria for both IT staff and agency staff? If yes, please explain
           goals and criteria.


       59. How does your agency measure the need for information technology training?
Page 5 of 9
                                                             2011 Excellence In Information Technology
                                                                             Practices

                                                           Response Form: _________________________
                                                                                                 Agency




       60. Does your agency participate in regional or national product or peer-focused user groups? Please list and
           explain your level of participation (including MISAC).


       61. How is your agency addressing succession planning agency-wide?                How does the plan affect the IT
           organization?



VIII Disaster Preparation and Recovery

       62. Does your agency have an information technology disaster plan that will allow recover of key systems in a local
           or regional disaster? If yes, please attach.


       63. Does your agency‟s plan include provisions for emergency replacement of all IT equipment? Please explain.
           (The explanation should include network devices, hardware, phones, etc.)


       64. Does your agency‟s IT disaster plan include provisions for off-site storage and/or replacement of critical data
           and forms (e.g., payroll checks and purchase orders)? Please explain.


       65. Describe how your agency‟s IT disaster plan is tested. Your explanation should include details as to how IT
           emergency operational capabilities are tested and when the plan was last tested.


       66. Explain how critical IT emergency operational contingency procedures are identified, created and maintained for
           the IT operation.


       67. Does your agency keep a copy of critical documentation off-site? Please explain.


       68. Are backup tapes stored off-site as part of the disaster recovery plan? If so, please describe the procedure.

IX Security


       69. Describe how your agency‟s critical systems are protected from unauthorized access. Please include examples
           of both logical and physical access, intrusion detection, routers, etc., sufficient to rate your defenses. It is not
           necessary to provide passwords, detailed configuration parameters, actual IP addresses, etc.


       70. Identify any components (i.e., firewalls VPN, wireless systems, routers, switches, A-V gateways, IDS/IPS, end
           user systems/clients, web servers, mail servers) and how security is maintained for these devices?




Page 6 of 9
                                                               2011 Excellence In Information Technology
                                                                               Practices

                                                             Response Form: _________________________
                                                                                                   Agency



       71. Do you enforce password use, and/or do you have password use and renewal policies in place? Please explain
           and describe any restrictions in place, password aging, etc. List how all applications enforce password polices
           for non-Microsoft / AD logins.


       72. Has your organization periodically performed a user account review to examine the levels of access of each
           individual? These reviews can be conducted on at least two levels: an application by application basis or on a
           system-wide basis.


       73. Has a general IT security review or Risk Assessment been performed? If yes, please provide details – date,
           who performed, have identified risks been mitigated, etc.


       74. Is there a schedule for future security reviews?


       75. Do you have any method to review unauthorized accesses or attempts, either internal or external, to your
           systems? Explain in sufficient detail to rate the process and include all interfaces that have a login
           (applications/systems). The answer should not include any specifics that an agency feels could undermine
           security.


       76. Do you have a policy regarding installation of remote access software? If yes, please describe and provide a
           copy. If these programs are in use, please describe your practice to prevent outside intrusion. How does staff
           connect remotely? Who manages this in IT?


       77. What is your policy to allow vendors remote access to the agency‟s network? Is there written policy, forms and
           approvals to allow this? Does the vendor sign any agreement – such as a Management Control Agreement?


       78. If your agency uses digital certificates and/or smart cards, describe how the trust model is used, where it came
           from and how it is maintained to ensure it is a valid certification. Is this certification maintained in-house or by a
           Certified Authority?


       79. If remote users employ a VPN, describe that setup, including the IAA and crypto processes (e.g., is the VPN IPSec-
            based or SSL-based? What algorithms are used in the VPN? What does the remote user need to gain access to via
            the VPN?) The answer should not include any specifics that an agency feels could undermine security.



       80. Please describe your anti-virus and malware strategy. If you have had an outbreak, describe how you handled
              the situation and if any steps were put into place to prevent a reoccurrence.



       81. Do you provide training to end users on security issues, such as social engineering or what to do in case you
           suspect a virus?



Page 7 of 9
                                                             2011 Excellence In Information Technology
                                                                             Practices

                                                           Response Form: _________________________
                                                                                                 Agency



        82. Does your agency perform background checks on information technology employees? Please explain the
            process.


        83. When an employee leaves or is fired, what is the process to verify that their ability to access the system is also
            terminated? How is IT informed? What happens if IT is not informed?


        84. Has your agency evaluated your security procedures against PCI Standards and Control Objectives?


        85. Describe any encryption strategy that you have implemented. Do you encrypt information on portable devices
            such as laptops? Do you encrypt information on servers? Do you encrypt communications such as dedicated
            lines to phone or software providers


        86. What are your governance policies or strategies to ensure the security of any cloud based computing
            applications or resources. Do you use tools such as Service Level Agreements, confidentiality agreements,
            indemnification, named as insured, etc.?


        87. What methods are you using to control spam so that the agency will not be designated as a spammer?            The
            answer should not include any specifics that an agency feels could undermine security.


X GIS

        88. Does your agency provide GIS application and data support?


        89. Has your agency developed a strategic plan for GIS? Has your agency included a list of the spatial data
            elements and layers that it would like to develop?


        90. Does the GIS strategic plan include integration with other agency applications?


        91. How does the agency provide for spatial data quality control?


XI Base Level Services

Please indicate on the following questions whether the service is provided in-house or by an outside provider.

        92. Do you support internal and external e-mail?    In-house or Outsourced?

        93. Do you support financial applications?   In-house or Outsourced?

        94. Do you support desktop office applications?    In-house or Outsourced?

        95. Do you support imaging applications?     In-house or Outsourced?

Page 8 of 9
                                                            2011 Excellence In Information Technology
                                                                            Practices

                                                           Response Form: _________________________
                                                                                               Agency



       96. Do you support telecommunications services?      In-house or Outsourced?

       97. Do you support revenue and billing functions?    In-house or Outsourced?

       98. Do you support human resources and payroll functions?     In-house or Outsourced?

       99. Describe any other services your information technology department/division provides to your agency and its
           users.

  XII Other

       100. What is the population or area served by the agency?


       101. Describe any special projects, functions, activities, procedures, or technologies which your information
           technology department/division provides, which have not been covered in this questionnaire but should be
           included for the purposes of evaluating the information technology readiness of your agency.




Page 9 of 9

								
To top