TABLE OF CONTENTS
Introduction............................................................... 3 January ? June 2004 Accomplishments ................... 5
Infrastructure Improvement Policies & Standards.......................................... 6 Quality Assurance Methodology ........................ 8 Security.............................................................. 9 E-Government ................................................. 12 Planning & Projects Agency IT Planning.......................................... 13 Project Oversight & Monitoring ........................ 14 Governor's Initiatives 2-1-1 ..................................................... 16 Telecommunications ............................ 17
July ? December 2004 Plans .................................. 20
Infrastructure Improvement Policies & Standards........................................ 20 Quality Assurance Methodology ...................... 21 Security............................................................ 22 E-Government ................................................. 23 Planning & Projects Agency IT Planning.......................................... 24 Project Oversight & Monitoring ........................ 24 Governor's Initiatives 2-1-1 ................................................................ 25 Telecommunications........................................ 25
Future Agency Plans............................................... 27
Infrastructure Improvement Policies & Standards........................................ 27 Quality Assurance Methodology ...................... 28 Security............................................................ 28 E-Government ................................................. 29
-1-
TABLE OF CONTENTS
Planning & Projects Agency IT Planning.......................................... 29 Project Oversight & Monitoring ........................ 30 Governor's Initiatives
Looking Forward ..................................................... 31 Appendix A Performance Measures ................... 32
-2-
ARIZONA:
BUILDING THE FUTURE BASED ON A RECORD OF SIGNIFICANT ACCOMPLISHMENTS
The Government Information Technology Agency (GITA) was established in 1997 to provide state agencies with the leadership and expertise necessary to make Arizona a leader in information technology. Prior to the establishment of GITA, the state lacked an independent, third-party agency responsible for coordinating information technology (IT) development and projects across agencies statewide. Moreover, there was no agency with the expertise or oversight capabilities to ensure that the state was deploying the most cost effective and innovative technology solutions to meet the state's growing needs. The stated mission for GITA is "to maximize IT coordination and connectivity within state government to ensure that technology efficiently and effectively supports each agency's individual mission." GITA fills this role by acting as the State of Arizona's information technology consultant, providing IT strategies to agencies, ultimately, to benefit the citizens of Arizona. In addition, GITA reviews projects during their planning phases and oversees them during implementation. Since its inception, GITA has reviewed over 750 IT projects--over $1.5 billion worth of projects with substantial cost recovery to the state of Arizona. Arizona has been long recognized as a leader in IT and has been honored by several organizations including a first place finish in the Digital States Survey sponsored by the Center for Digital Government. This annual survey ranks each state on the practices, policies and progress achieved in use of digital technologies to better serve citizenry and streamline government operations. GITA plans to build on these successes as it promotes innovative publicprivate sharing to bring technology and the new economy to Greater Arizona and coordinates homeland security initiatives to secure the state against
...Since its inception, GITA has reviewed over 750 projects--with substantial cost recovery to the state of Arizona.
-3-
terrorist threats and natural disasters. The purpose for GITA is to help the State of Arizona navigate the complex arena of IT by developing innovative and cost-effective technology-based solutions to improve government efficiency and responsiveness. GITA achieves its goals by providing education, advice, guidance, monitoring and oversight and by supporting the initiatives of the governor and legislature. During calendar year 2004, the agency has focused on four core areas: 1. Continuing state infrastructure improvement through development of policies and standards to provide a foundation and strategic focus for IT, including ongoing quality assurance methodology and security gap assessments within state agencies along with the development of an enterprise architecture framework. 2. Promulgating e-government to deliver services to the citizens of Arizona and improving the efficiency of government. 3. Expanded planning, oversight, and monitoring of IT projects across the state. 4. Managing and advancing a variety of statewide initiatives, at the Governor's request, through innovative approaches and deployment of strategic initiatives from private sector to state government.
The vision for GITA is to help the State of Arizona navigate the complex area of IT by developing innovative, technology-based solutions......
-4-
JANUARY ? JUNE 2004 ACCOMPLISHMENTS
Accomplishments within these four broad areas are discussed in the first section of this strategic plan covering the first six months of calendar year 2004 in terms of their stated performance measures. The next section deals with plans in these areas for the remainder of the calendar year and beyond. The final section deals with future strategic plans for GITA, covering the last two years of a four-year cycle.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: RURAL INFRASTRUCTURE DEVELOPMENT
Governor Janet Napolitano has identified economic development, especially rural economic development, as one of her top priorities in 2004. Information technology infrastructure is critical for economic development in Greater Arizona. Broadband capabilities help break down time and distance barriers in conducting business and are essential for job creation outside of metropolitan areas. GITA is helping to develop the communications infrastructure to support the Governor's Council on Innovation and Technology in its efforts to expand broadband infrastructure throughout the state and foster job growth in Arizona's rural communities. GITA has already taken the lead in this area through such ventures as the TOPAZ project, which has more than tripled the number of Arizona communities with broadband access in just two years without any cost to the state or burdensome government mandates.
-5-
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: INFRASTRUCTURE IMPROVEMENT POLICIES & STANDARDS
Building the foundation for `best practices' information technology is part of the GITA directive. This is being accomplished through the development and promulgation of statewide IT policies and standards as guidance for over one hundred agencies, boards and commissions under the executive branch of Arizona government. To date, nearly fifty statewide policies, standards, and procedures (PSPs) have been developed in the areas of management of IT practices, web services, and Enterprise Architecture encompassing security, network, platform, software and data/information infrastructures.
To date nearly 50 statewide policies, standards, and procedures have been developed in the areas of IT management practices, web services, enterprise architecture, and security.
Enterprise Architecture (EA) deals with the statewide initiative to move toward a comprehensive framework for IT and business that facilitates a cohesive approach to integrated IT services throughout Arizona. GITA is providing leadership in this area through the creation of a statewide framework or "building code" for information technology to ensure that agencies will be able to use a common computing and network infrastructure to leverage economies of scale and more easily share information. Architectures facilitate change in an orderly, efficient manner by providing a roadmap for the future, along with the principles, standards and best practices needed to arrive at the defined destination. The fundamental principles of EA include interoperability, flexibility, adaptability, scalability, portability, and use of open standards-based technologies. Within Arizona, the purpose of EA is to enhance government services while promoting e-government solutions to improve overall productivity and performance throughout the state agencies at the same time, reducing the total cost of IT ownership.
-6-
In the first six months of 2004, eight PSPs in the area of management of IT practices were revised; covering policy, standard and procedures for GITA PSPs, an IT planning policy and its associated standards dealing with facets of project monitoring. In addition, six policies have been revised in the web services arena covering Web Portal Acceptable Use, Web site Accessibility, Privacy, Intellectual Property, Email and Internet Use. An IT security policy and fifteen standards were also revised in the same timeframe and are enumerated in the security discussion. All GITA PSPs are available on the web site located at www.azgita.gov. Performance measure: Percentage of identified standards and policies revised or created with the Joint Legislative Budget Committee (JLBC) goal of updating 50% of those standards and policies in FY04. This goal was achieved by close of fiscal 2004, wherein 96% of the PSPs were reviewed and updated.
The performance measure in this area is the percentage of standards and policies reviewed of those due for review....
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: PROCESS IMPROVEMENT
INTERNAL POLICIES & PROCEDURES Internal policies and procedures for GITA operations are also under development as a result of management recognition of the complexity of GITA operations. Two overarching policies and procedures were generated to cover the preparation of procedures for each of the internal GITA functions. IP001 deals with internal policy and procedure formulation and IR002 covers internal document development. In accordance with Statute, a Five-Year Rules Review requires GITA to update its administrative rules this calendar year. Text describing the Project Investment Justification and agency IT Planning approval criteria was added to existing rules documentation this spring and is now making its way through
-7-
the proscribed review cycle, which includes a public hearing, council review and ultimately publication in the Arizona Administrative Register.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: INFRASTRUCTURE IMPROVEMENT QUALITY ASSURANCE METHODOLOGY
The Quality Assurance (QA) component of IT is essential to develop solid, repeatable processes which save costs in the long run. Lessons learned from the Software Engineering Institute's Capability Maturity Models and Capability Maturity Model Integration (CMMI) and other methodologies used throughout industry are starting to be applied by other state governments such as Texas, Florida, Georgia, Montana, Minnesota, Virginia, and Washington. At the present time, this component is in its infancy within the State of Arizona. Deming, Crosby and Juran began a movement towards quality following World War II which was adopted by the Department of Defense and applied to IT in the Eighties. The concept of performance measures providing feedback to improve products and services has been extended to IT processes. GITA has initiated conversations with the private sector, made contacts with over twenty-five consultants and researched a variety of methodologies currently being used in the US and Europe. Furthermore, GITA has published a preliminary statement of direction which outlines its basic approach to the development of QA over the coming year. An assessment of state agencies' use of quality processes is being performed this year as part of IT Planning. It is expected to become a central element in future IT strategic planning. Increased awareness of QA methods and techniques should facilitate the deployment of a consistent quality assurance program across state agencies. The objective in this area is to educate and inform the Governor's staff, ITAC, state agency CEOs and CIOs about these methodologies.
The QA component of IT is essential to solid, repeatable processes which save costs in the long run.
-8-
Performance measure: Identification of QA methodologies already in place at 90% of state executive agencies. This survey is currently underway, so no measure is available until later in 2004.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: INFRASTRUCTURE IMPROVEMENT SECURITY
In her 2003 State of the State Address, Governor Napolitano placed Arizona's security as a front-and-center priority for the state. Working with other federal, state, and local agencies, the private sector, and the Governor's Homeland Security Director, GITA is addressing this critical effort from an infrastructure standpoint.
Identification of QA methodologies already in place at 90% of executive state agencies is the performance measure for FY05.
IT Security
As the State of Arizona's information technology consultant, GITA is assessing the current state of agencies' security awareness and preparedness with respect to cyber crimes and terrorism. IT Security covers the areas of both business continuity and disaster recovery as well as security self-assessments at individual agencies. Security self-assessment is performed through TeSA, an online application available on the GITA web site, which identifies IT security vulnerabilities of state agencies provoking plans to resolve them. GITA has partnered with Homeland Security to form the Information Technology Security Advisory Committee (ITSAC). ITSAC's role is development of a statewide blueprint to educate, identify and, prioritize investment strategies for improving enterprise IT security awareness in Arizona.
Business Continuity Planning
-9-
In the event of unforeseen circumstances, it is vital that Arizona state agencies have comprehensive business continuity and disaster recovery plans in place. Sound, consistent plans are essential to continuing essential services in times of crisis, precisely when those services are needed the most. GITA has been assisting agencies in their preparation of Business Continuity Plans (BCPs), which also includes Disaster Recovery Plans, during early 2004. Each agency is required to submit an annual BCP wherein a business impact analysis is performed, core business processes are identified and a strategy developed to address response, resumption, recovery and restoration of the identified core business processes. This year both the legislative and judicial branches are being approached to participate in the statewide BCP program. Performance measure: Participation of at least ninety-eight percent of state executive branch agencies. Since initiation of Business Continuity Planning for agencies in 2002 by GITA, the percentage of agencies reporting has increased from 63 % to 86 %. GITA has accomplished these successes through ongoing agency education. Training attendance by agencies at GITA-held security practices classes has climbed to 55 % from 19 %. To date, 66 agencies have identified IT vulnerabilities in their BCP thanks to the implementation of an IT security policy (P800) and the fifteen standards (S805 ? S895) listed below. The policy covers overall IT security direction and expectations, while the standards address the following specific areas of security: ? ? ?
Since GITA initiated BCPs for agencies in 2002, the percentage of agencies reporting has increased from 63% to 86%....
S805 - IT Risk Management, S810 - Account Management, S815 - Configuration Management,
-10-
? ? ? ? ? ? ? ? ? ? ? ? ?
S820 - Authentication and Directory Services, S825 - Session Controls, S830 - Network Security, S850 - Encryption Technologies, S855 - Incident Response and Reporting, S860 - Virus and Malicious Code Protection, S865 ? Business Continuity/Disaster Recovery Plan S870 - Backups, S875 - Maintenance, S880 - Media Sanitizing/Disposal, S885 - IT Physical Security, S890 - Personnel Security, S895 - Security Training and Awareness.
The JLBC goal of completing 100% of the required security policies and standards by close of FY04 was met by GITA.
Performance Measure: JLBC has given GITA a performance measure of completing 100% of required security policies and standards by FY04. This goal has been met in June 2004. In addition to policies and standards for security, GITA has been collaborating with Office of Homeland Security, Arizona National Guard, Department of Public Safety (DPS) and Department of Emergency Management and Military Affairs (DEMA) along with local safety organizations to enhance support services for 9-1-1 emergency, 2-1-1 nonemergency, and 5-1-1 for travelers' information.
-11-
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: INFRASTRUCTURE IMPROVEMENT E-GOVERNMENT
Through its e-government program, GITA assists state agencies in their efforts to make the Arizona more accessible to citizens and business across the state. In addition to managing the State's Web portal, GITA also provides agency webmaster training, tools to facilitate web site development, design review of intended web sites, shared portal infrastructure and promoting common citizenry access. Arizona is a national leader in e-government services, recently ranking in the top five websites in the country on the Center for Digital Government's Best of the Web. The Arizona @ Your Service Web Portal (AAYS) is a prime example of this innovation, saving countless hours for Arizona businesses and residents alike. This web portal provides agencies with e-government related infrastructure services such as payment processing, Geographic Information Systems (GIS) mapping, and secure access as well as search tools. This contracted service is designed to allow agencies to obtain these facilities at reduced costs compared to procuring such capabilities on their own. To date, nine agencies have taken advantage of this service at a cost reduction of nearly $300 thousand. Costs for transaction processing on the portal's payment engine are as little as 49 cents per transaction---with no associated monthly fees. Two agencies have enrolled for the payment gateway while eight agencies are using the secure gateway as of June 2004. Agencies are required to submit all web development initiatives to GITA in order to ensure the consistent look and feel of government web sites across the state. A total of six agencies have utilized this service since January 2004. A style guide has been designed to assist agencies; 55 have taken advantage of this service so far this year. GITA offers the free use of a standard search engine valued at approximately $25 thousand per web site.
By reviewing all web development initiatives undertaken by agencies, GITA ensures a consistent lookand-feel of web sites across the state.
-12-
Fifty-eight agencies are currently using the search engine representing value of nearly $1.5 million. Performance measure: Number of transactions accessible on the Internet. A JLBC performance measure given to GITA for FY04 is to have at least 40 transactions available on the Internet; by June there were 53. In addition, GITA employs a webmaster who teaches classes on web site development which advocates common standards for State agencies promoting ease of citizenry Internet usage. By end of June 2004, GITA's webmaster had taught individuals from 14 agencies in addition to supporting the implementation of 53 web sites. The GITA webmaster also provides oneon-one web site design assistance to agencies including a standard template for their use. Finally, during the first six months of 2004, movement toward a standard domain name for the state agencies was also initiated. Each agency can now request a .gov domain name for their web sites through GSA, which in turn asks GITA to approve the request on behalf of the agencies. By standardizing naming of state government entities, accessibility to web sites is enhanced to citizenry. This procedure is part of GITA's overriding concern to make government more user-friendly to citizens as well as more effective.
A JLBC performance measure given to GITA for FY04 is to have at least 40 transactions available on the Internet, by June there were 53.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: PLANNING & PROJECTS
AGENCY IT PLANNING Some of the primary ways of improving the goal of agency effectiveness is through strategic planning and by crystallizing information, so that it is better understood by policymakers. Agencies have been required to submit annual IT plans and inventories since 1999. Since 2001, the GITA web site has offered two online applications that facilitate 1) the development of an agency
-13-
IT plan and 2) update of the current IT inventory holdings. Each agency IT plan identifies agency mission, vision, business goals and related IT goals. For each IT goal, objectives are enumerated along with performance measures supporting each objective. Almost one hundred agencies provide a four-year projection of their objectives. GITA develops an annual summary report of the statistics gleaned from the agency IT plans and inventories. In addition, this data is used to construct future initiatives and directives to further benefit IT within the state. During the first half of 2004, 93 agencies' IT plans were reviewed in detail with changes requested of 36 submittals. Following reminders to late agencies in February, letters of approval were sent to all but nine agencies. Three letters of disapproval were sent out in May to tardy agencies. The Statewide Strategic IT Plan was prepared and published in the April ? May timeframe. Performance measure: Percentage of IT plans submitted and the number of agencies formulating IT objectives in terms of their business objectives. By June, 91 of 93 agencies had submitted IT plans (98%) and a total of 75 agencies (81%) formulated their IT objectives in terms of their business.
Percentage of IT plans submitted by the executive agencies was 98% with a total of 81% of these agencies formulating their IT objectives in terms of their business.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: PLANNING & PROJECTS
PROJECT OVERSIGHT & MONITORING From January through June 2004, GITA reviewed and made recommendations on fifty-three IT projects, representing budgets in excess of $47 million. One of the great financial risks in any large organization is having a technology project careen out of control. Having a project fail to meet intended objectives or experience an excessive overrun in costs can create large financial problems for the state. Moreover, the publicity surrounding project failures can have unintended political consequences.
-14-
To help prevent project failures, GITA monitors large-scale and high-risk projects utilizing a highly developed Project Investment and Justification (PIJ) review process. GITA reviews outstanding issues and makes recommendations for improvements and/or corrective actions. Focal points of the review include: project scope, management, roles, responsibilities, change control, cost containment and utilization of resources. These reviews help ensure projects are planned in an appropriate manner and sound business practices are being followed, from technology, risk and financial perspectives. The goal of project monitoring is to review all IT projects prior to their initiation to help ensure their technological and financial success. Since start of FY00, some 245 projects have been reviewed by GITA, 87% of were completed on time and 96% completed at or under budget. These statistics are a very positive indication of the success of the GITA oversight and monitoring process as well as the dedication of agency IT staffs. Of the 19 new IT projects initiated in the first six months of 2004, 14 were approved, two received conditional approval and the remaining three were not approved. Performance measure: JLBC gave GITA a performance measure in FY04 to take less than 18 days to review the average IT project. The average time to review a project during the first six months of 2004 was only nine calendar days. An additional performance measure levied upon GITA was to assure that at least 90% of IT projects are completed on time and within budget. 83% of the IT projects reviewed in FY04 met these criteria.
Average time to review an IT project during FY04 was only nine calendar days thus halving the performance measure levied by JLBC.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: GOVERNOR'S INITIATIVES
2 -1 -1 Communication with the public in times of crisis is extremely important. Recognizing this, Governor Napolitano has called for the creation of a
-15-
statewide 2-1-1 system to assist in the dissemination of vital public safety information. The State of Arizona draws on GITA's expertise in technology infrastructure and coordination to ensure that Arizona's residents have access to information in times of crisis. The 2-1-1 project will provide both public and private health and human information services in addition to a link to a centralized disaster information network. Citizens will access the system by dialing 2-1-1 on their phone or by visiting the dedicated web site at www.az211.gov. 2-1-1 will be a `onestop shop' for accessing timely information. The system is to be rolled out in three phases. A web-enabled database will constitute the first phase to be closely followed by a decentralized network of call centers throughout the state as the second phase. The third phase will include enhancements to the database and the creation of additional call centers to supplement those already in use. By June 2004, GITA had partnered with AHCCCS, the Governor's Office, and the Departments of Economic Security and Health Services to complete a state infrastructure report, a strategic plan and held a variety of stakeholder and advisory committee meetings to gain wide support and input to the effort. The RFP for the web-enabled database was also released in June.
The 2-1-1 project will be rolled out in three phases: web-enabled database, followed by a decentralized network of call centers and then additions to the above...
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: GOVERNOR'S INITIATIVES
TELECOMMUNICATIONS Seamless communication is central to any crisis response, whether that crisis is a terrorist attack or a wildfire. GITA is working to ensure the interoperability of state communication systems, not just among themselves, but between other governmental jurisdictions as well. The vertical integration of video, audio, and data communications systems is considered to be an important part of the interoperability. Three initiatives are being worked
-16-
concurrently in this area: 1) the Telecommunications Privatization Project; 2) the CANAMEX Corridor development and 3) E-rate subsidy for telecommunications in disadvantaged school districts.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: LEGISLATIVE INITIATIVES
TELECOMMUNICATIONS PRIVATIZATION
Telecommunications privatization has the potential to save the State of Arizona considerable sums through elimination of duplicated systems and services as well as update the existing antiquated telecommunications infrastructure. The initiative will outsource the management of telecommunication services, including the Capitol Mall fiber ring, laying the foundation for a single, converged, statewide voice, video and data network. In early April 2004, JCCR reviewed the Telecommunications Privatization RFP generated by GITA with stipulations. Following JCCR review, the task was transferred (by statute) to the Arizona Department of Administration (ADOA) for subsequent action. The RFP was significantly modified and released in mid-April by ADOA, with responses expected from at least three bidders by August.
hough it primarily addresses government connectivity, parallel development of commercial broadband capacity is possible via the same conduit.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: GOVERNOR'S INITIATIVES
CANAMEX CORRIDOR PROJECT
The CANAMEX Corridor Project involves improving the telecommunications infrastructure within the state of Arizona along the trade route that crosses its borders. Mapping of all forms of fiber routes, Fixed Wireless capacity (WiFi), rights of way ownership, power line routes, cellular towers and capacities, and census information was the first step. GITA is coordinating the mapping project with the Department of Land. Purchase of ARCMap as the Geographical Information System (GIS) software application occurred in the
-17T
spring of 2004. A substantial GIS database of telecom assets has already been mapped and additional database work is underway. Essential to progress in broadband deployment is an increase of fiber infrastructure. Substantial fiber build-out by Qwest and other carriers has occurred, completing key fiber loops in Santa Cruz, Pima, and Cochise Counties. A consortium of counties is planning a video conferencing connection between all county seats in southern Arizona as the first phase. About 150 miles of the CANAMEX Corridor is affected by this initiative. Though it primarily addresses intra-governmental connectivity, parallel development of commercial broadband capacity is possible via the same conduit. Broadband assets have been deployed or increased so far this year in Wickenburg, the White Mountains and on various tribal lands. Creation of WiFi "hot spots" along portions of the CANAMEX Corridor is in progress. Costs for such deployment are relatively low with a potential quick payback as applications for public safety, trucking, local commerce, and tourism are implemented. GITA has applied for two government grants to create hot spots along two segments of the Corridor. Awards should be announced this summer. Thirteen additional segments are being defined in anticipation of possible future grants.
JANUARY ? JUNE 2004 ACCOMPLISHMENTS: GOVERNOR'S INITIATIVES
E-RATE SUBSIDIES By the end of June, GITA had identified an alarming downward trend in Erate subsidies in Arizona schools and libraries and proposed a solution to the Governor. As part of an effort to maximize use of Federal subsidies at the local school district level, GITA helped formulate a process to achieve this goal in support of the Governor's Rev-Max initiative.
-18-
JULY ? DECEMBER 2004 PLANS
The start of the new fiscal year brings many new opportunities. Annual reports are due at the close of the business year and agency submittals in the areas of IT planning and inventory start their annual cycle.
JULY - DECEMBER 2004 PLANS: INFRASTRUCTURE IMPROVEMENT
POLICIES & STANDARDS Based upon progress achieved earlier this year, the remaining six months of calendar year 2004 will be devoted to updates of standards and policies according to the biennial review cycle and identification of any necessary new ones. Focus will be in the platform and software domains of Enterprise Architecture (EA), specifically the platform infrastructure standard, applications and related software standard and the software productivity tools standard. Because of the completeness and implementation of EA, the overarching IT policy may be eliminated due to redundancy. Development of internal GITA procedures is continuing as well especially in the area of IT Planning and Project Oversight. The administrative Rules Review process mentioned earlier will continue with a public hearing slated for August 4th. Following the hearing, rules changes will be submitted to the Governor's Regulatory Review Council (GRRC) for approval and then to the Secretary of State for publication in the Arizona Administrative Register. Goal: To maintain the current updated PSPs.
-19-
JULY - DECEMBER 2004 PLANS: INFRASTRUCTURE IMPROVEMENT
QUALITY ASSURANCE METHODOLOGY The QA program internal to GITA has been divided into three major phases extending from FY04 through FY07. The first phase, which began in 2003, deals primarily with researching current QA information and developing agency awareness as part of the initial education process. The second phase will place emphasis on external (vendor) project management and/or QA requirements focusing on vendor and third-party contracts. The third phase will deal with internal project management and QA requirements within each agency. The first of four objectives encompassed by Phase I should be completed this year. That objective, the collection of an inventory of QA initiatives within each state agency, is currently underway. Data should be collected by October of this year followed by a 6 week assessment period prior to determination of direction on the next steps toward QA within state agencies. The second objective, that of the development of individual GITA employee skill sets and knowledge base in both advanced project management methods and techniques as well as system and software quality assurance models, will be initiated in September. QA education and outreach to Governor's staff, ITAC, and state agency CEOs and CIOs, the third objective of the QA program, will also get underway this year. Transfer of QA knowledge from the private sector, the fourth QA objective, was begun in January and is continuing with meetings and conferences held by GITA staff. Two staff members are also studying for their certification by ASQE as Certified Software Engineers. Goal: Finish the QA assessment and analysis in Calendar Year 2004
Collection of an inventory of QA initiatives within each state agency is currently underway.
-20-
JULY - DECEMBER 2004 PLANS: INFRASTRUCTURE IMPROVEMENT
SECURITY Security gap reporting formats (as a result of TeSA) have been updated for FY05 and are now in alignment with existing IT Security PSPs. Agencies will respond from June through July to a series of 98 questions covering 22 security topics in evaluating their own security practices. Agencies will then perform gap analyses, thereby, revealing areas of vulnerability. GITA expects to complete analysis of TeSA results and gap reports by November 2004, with a confidential statewide report summarizing security trends and gaps to be presented to the State CIO in December.
During the next six months, GITA plans to train an additional 40 to 50 agency IT personnel in current security practices and technology....
Business Continuity Planning
The statewide Business Continuity Plans, co-managed by GITA and DEMA, involve identification of risks and associated costs to avoid and/or manage those risks as well as a prioritization of critical business processes and systems. Both the Disaster Recovery and Business Continuity Plans are due by September 1st.
IT Security
By the end of 2004, all critical agency business processes and work will have been validated by the statewide BCP review team which includes GITA and ADOA. This review will support DEMA and the Arizona National Guard in conducting a vertical alignment analysis of criticality. In addition, all executive agencies will have tested their BCP and reported their results for readiness scoring. Goal: During the next six months, GITA plans to train an additional 40 to 50 agency IT personnel in current security practices and technology. Ten classes have been scheduled to date.
-21-
JULY ? DECEMBER 2004 PLANS: INFRASTRUCTURE IMPROVEMENT
E-GOVERNMENT GITA's e-government staff continues to train additional agency users on web site development and now offers an advanced class. Two advanced sessions are slated for the first week of July. In addition to classes, the webmaster provides graphic design assistance to agencies, maintains three agency web sites and provides help desk support. The web site receives an average of 67 inquiries per month on state services from citizens at the Arizona @ Your Service Web Portal. E-government planners provide consulting and are developing applications which will use the portal as a means to support common online professional license renewal at several different agencies, as well as a Citizens' forum coordinating with the Ombudsman. Furthermore, an approach will be developed to make additional portal infrastructure capacity available to host future agency applications. Opportunities exist to aid the Governor's Office of Highway Safety in their development of an online drug recognition expert system. Nine other potential web site projects involving the Department of Insurance premium tax filing and/or address changes, Department of Administration LINUX hosting, Department of Public Safety web site redesign, Homeland Security demonstration, payment using the Uniform Commercial Code with the Secretary of State, State Land Department permit application, online reservations via Department of Parks website, Arizona Industries for the Blind use of e-government and City of Glendale citizen water payments are also planned. Goal: To increase participation in the web portal and improve web site utilization by state agencies.
...an average of 67 inquiries per month on state services is received from Arizona citizens via AAYS.
-22-
JULY - DECEMBER 2004 PLANS: PLANNING & PROJECTS
AGENCY IT PLANNING Two new agencies will be added to the suite of agencies, boards and commissions reporting their IT strategies and plans to bring the total IT plans to be reviewed by year end to 95. Review of the IT plans and inventories includes requests for modifications and a large degree of daily interaction with agency users. The annual IT inventory submittal occurs during June and July, while annual IT plan submittals run from June through August. Many questions are fielded from new and returning users regarding use of the online tools, procedures, forgotten passwords, etc. A two-year summary of agency IT plan statistics and findings will be provided in the IT Plan Summary Report, underway and expected to be published midsummer 2004. Activities will also include ITAC presentations and strategy meetings for a revamping of the Statewide Strategic IT Plan for FY05. Goal: To streamline and improve the IT planning and inventory process.
...e-government opportunities exist in web site development for Departments of Insurance, Public Safety, State Land, and others...
JULY - DECEMBER 2004 PLANS: PLANNING & PROJECTS
PROJECT MONITORING & OVERSIGHT Project oversight will continue with at least 12 new IT projects anticipated for the second half of 2004. The team will also attempt to reduce the average PIJ review time to eight calendar days or less. Training of State personnel in PIJ preparation and draft project reviews will continue as will analysis and identification of process improvements related to PIJ and project monitoring. The Project Oversight manager prepares and conducts the monthly ITAC meetings serving as the primary interface with that committee. A fall retreat is planned to refine the activities and interactions between GITA and ITAC and expand the horizons of the current PIJ efforts.
-23-
Goal: To improve review times for projects and project timeliness.
JULY - DECEMBER 2004 PLANS: GOVERNOR'S INITIATIVES
2 -1 -1
...project oversight continues this year with at least twelve new IT projects anticipated...
The 2-1-1 Project, providing both public and private health and human information services in addition to a link to a centralized disaster information network is underway. Responses to the RFP are expected in August with an evaluation and vendor selection by October. Phase one of the project is expected to be finished in early 2005. GITA will continue to provide strategic planning consulting to the project through the remainder of the calendar year. Completion of the second phase of 2-1-1 involves opening of several call centers. Goal: To have an operational web site by April 2005.
JULY - DECEMBER 2004 PLANS: GOVERNOR'S INITIATIVES
TELECOMMUNICATIONS The telecommunications privatization RFP is expected to be awarded later this year. However, the PIJ must still be developed by ADOA and submitted for ITAC review. Middle-mile segments and last-mile broadband infrastructure need to be deployed or improved in 47 of Arizona's rural communities as part of the CANAMEX Corridor Project. These efforts are underway and being coordinated through GITA.
...development of policy and standards requiring agencies to address advanced project management methods and/or system and software QA models....
JULY - DECEMBER 2004 PLANS: GOVERNOR'S INITIATIVES E-RATE SUBSIDIES
A task force is being impaneled and GITA will support future efforts through education of school and library personnel on the E-rate processes,
-24-
attempting to centralize and streamline the procurement and application processes, and searching for new telecommunications contracts. The window for application for Federal e-rate subsidies opens in November and extends through mid-January of 2005. This places a sense of urgency on ongoing efforts to increase the participation of rural Arizona school districts and libraries relative to telecommunications. The newly formed panel including GITA will be working with school boards and business officers to educate and support their applications. The drop from $68 million to $40 million in subsidies in FY04 makes this a particularly important activity to improve Federal support.
-25-
FUTURE AGENCY PLANS
Arizona has led so well, in fact, that other states have adopted many of its innovations. Technology will play a major role in reengineering business processes to create the efficiencies necessary to preserve quality of service in the face of limited budgets. In this spirit, Governor Napolitano has created the Governor's Efficiency Review Initiative to identify areas where improved efficiency and potential budget savings can be found without sacrificing vital services. She has called on GITA to join this effort. While there may be costs associated with efficiency-enhancing technology improvements, GITA will search for opportunities to create public-private relationships, such as gain-sharing agreements, that will allow efforts to move forward without turning to the state's coffers. The Governor's Council on Innovation and Technology will provide leadership on improving the state's infrastructure in the future as well as addressing technology transfer and venture capital enrichment in IT.
FUTURE PLANS: INFRASTRUCTURE IMPROVEMENT
POLICIES & STANDARDS
Plans for the last two quarters of FY05 include update of the PIJ and Webrelated Initiatives Policies, Enterprise Architecture Policies, and the IT Planning Policy. Those standards developed in FY04 will continue to be maintained and updated. Moreover, standards and policies in additional areas will be developed as required in the years ahead.
-26-
FUTURE PLANS: INFRASTRUCTURE IMPROVEMENT QUALITY ASSURANCE
METHODOLOGY Phase II of the GITA QA program extends through June 2006 and addresses two important objectives. The first of these objectives is the potential development of policy and standards requiring agencies to address advanced project management methods and/or system and software QA models within the scope of work of major projects using external staff. This objective serves to initiate the use of methodology, either project management or QA, with third-party contracts external to the agencies themselves. The second objective deals with the possible modification of the PIJ process requiring agencies to use advanced project management methodology and/or system and software QA models within the scope of work of major projects, again using external third party vendors. Phase III of the GITA QA program incorporates two objectives and extends through the fourth quarter of FY06. The first of these objectives covers the possible development of policy and standards requiring agencies to use advanced project management methodology and/or system and software QA models within the scope of work of major projects using third party vendors, or possibly, internal agency staffing. The second objective deals with potential modification of PIJ process requiring agencies to include advanced project management methodology and/or system and software QA models within the scope of work of major projects using external third party vendors, or possibly, internal agency staffing.
Phase III of the GITA QA program extends through June 2006...
FUTURE PLANS: INFRASTRUCTURE IMPROVEMENT SECURITY
Disaster recovery and business continuity planning may be combined with security gap assessments of agencies for rankings of vulnerability and risk management purposes. Implementation of IT security policies and
-27-
standards, including random audits of various agencies, may be initiated. Annual online self-assessments of security vulnerabilities will continue as part of IT planning. In addition, GITA will continue to support DEMA with analysis and review of the statewide readiness scoring of agencies' BCPs. A monthly security vulnerability report will also be initiated to the State CIO beginning in March 2005. The business continuity policy is being re-engineered to shift primary responsibility to DEMA, per their request, by May 2005. GITA will retain responsibility for disaster recovery, specifically for IT infrastructure not already addressed by DEMA. Another IT Security Awareness campaign is planned with a feedback survey targeting all state employees. The first phase of the Tri-Agency Disaster Recovery Project should have completed with a lessons learned document by mid-October 2005.
Top twenty agencies in IT spending will be given more detailed direction and attention in future years...
FUTURE PLANS: INFRASTRUCTURE IMPROVEMENT
E-GOVERNMENT
Future plans for e-government in Arizona include the online web site implementations of a virtual State Park permit shop and a centralized vital records search capability for Department of Health Services. In addition, a common licensing user interface for online renewal and permitting that can be easily customized is currently being constructed to aid citizens at multiple agency web sites by early 2005. Introductory and advanced classes for webmasters have been developed by GITA in conjunction with IBM. These courses will continue to be held periodically for agency webmasters in the use of State of Arizona user interface guidelines, portal templates and the portal shared services of search, secure gateway and payment processing.
-28-
GITA will provide consulting services to the following projects: new screening suggestions for the Department of Education for a school district locator as well as payment processing for teacher recertification. GITA has opportunities for several portal GIS enhancements, in addition to a screen allowing agencies to check their compliance with State accessibility standards. The Department of Revenue may use its web site for registration as well as payment processing for its tax seminars. The Department of Environmental Quality is developing budgetary estimates for three different enhancements to its screens. The Department of Administration is evaluating hosting its web application on one of their mainframes using LINUX.
FUTURE PLANS: PLANNING & PROJECTS AGENCY IT PLANNING
GITA is considering streamlining the current agency IT planning process to encompass three different levels of strategic IT planning. The top twenty agencies in IT spending will be given more detailed direction and attention in future years to improve their overall efficiency, cost-effectiveness and realize true enterprise architecture within the state. The smaller boards, commissions and agencies, that lack even full-time IT support, will be allowed a more free-form submission of their strategic IT planning. The remaining agencies will continue with the current structured IT plan that has trends, issues, goals, objectives, and performance measures. A survey instrument is intended to be structured in such a manner that GITA can determine the rate and state of convergence of the executive agencies IT operation to the statewide EA and QA standards. The idea is to make the IT plan focus on the success of the state's standards and policies, using the IT plan as a vehicle.
...Access to information technology will be at the heart of economic development throughout rural Arizona...
-29-
FUTURE PLANS: PLANNING & PROJECTS PROJECT MONITORING &
OVERSIGHT Monitoring and oversight of IT projects in excess of $25 thousand will continue as before with ITAC approving those projects in excess of $1 million. Additional policies and standards are being developed to extend the review of projects and consideration given to possible sanctions for failure to comply with statewide standards.
FUTURE PLANS: GOVERNOR'S INITIATIVES
GITA will continue to respond to Governor Napolitano's initiatives with its seasoned staff of IT professionals encompassing over 500 years of experience among them.
-30-
LOOKING FORWARD
The challenges facing the State of Arizona are great but no greater than the opportunities. Technology has been at the core of much of the phenomenal growth Arizona experienced over the last two decades and future growth will depend on technology as well. IT has moved from the sole domain of large firms to an integral part of almost every business in Arizona. Access to information technology will be at the heart of economic development throughout rural Arizona, and GITA intends to be at the center of bringing that technology outside of metropolitan areas. Information plays an integral part of keeping Arizona safe from both natural and manmade disasters. When such disasters do occur, information plays an even greater role in mitigating the impact of the disasters. GITA will be at the heart of Arizona's efforts to prevent and respond to threats against Arizona.
-31-
APPENDIX A PERFORMANCE MEASURES
JLBC Performance Measures
Percentage of IT projects completed on time and within budget Number of transactions accessible on the Internet Administrative costs as a percentage of total cost Additional 15.4 15.2 40 53 90 83
FY04 Goal
18
Actual
9
Average calendar days to review IT projects
OSPB Performance Measures
60 50 100 11 78 96 100 31
Percentage of approved agencies aligning PIJ with architectural technology targets Percentage of identified policies and standards revised or created Percentage of security policies and standards completed Number of large-scale, high-risk projects that GITA directly oversees GITA Sunset Factor Performance Measures Number of agencies reporting IT Plans Number of agencies reporting IT inventory Number of agencies submitting Notices of Intent
90 89 9 55 58 67
Number of agencies using AAYS Design standards Number of agencies using Google Search tool Average monthly citizen queries via AAYS
-32-
