Strategic Plan
Network Optimization & Transport Services 2013-2018
??Office of the Chief Information Officer
National Oceanic and Atmospheric Administration United States Department of Commerce
Version 2.0
??The NOAA Executive Panel commissioned this Strategic Plan for Network and Transport Services on November 29, 2012. The NOAA CIO Council enacted version 2.0 of the plan on June 11, 2013.
Joseph.F. Klimavicz
NOAA Chief Information Officer
Director, High Performance Computing & Communications
?June 14, 2013
?2
Strategic Plan Network Optimization & Transport Services 2013 – 2018
??Table of Contents
Overview ………………………………………………………………………………………………………………………………. 4 Goal 1: Deliver Enterprise Transport Services …………………………………………………………………………… 6 Action 1: Manage NOAA’s Network at the Enterprise Level …………………………………………………… 6 Action 2: Provide Network Services through the IT Service Portfolio ………………………………………. 6 Action 3: Integrate Enterprise-wide Network Operations Centers …………………………………………… 6 Action 4: Align Network Acquisitions to Enterprise Standards ……………………………………………….. 6 Goal 2: Enhance NOAA’s Network Security ……………………………………………………………………………..7 Action 1: Route Networks Through TICAPs …………………………………………………………………………. 7 Action 2: Improve Security Controls …………………………………………………………………………………….. 7 Action 3: Build a Trusted NOAA Intranet …………………………………………………………………………….. 7 Action 4: Utilize SOC to Monitor Enterprise Services …………………………………………………………….. 7 Goal 3: Scale Network Capabilities ………………………………………………………………………………………….. 8 Action 1: Strategically Acquire Networking Capabilities…………………………………………………………. 8 Action 2: Improve Network Performance ……………………………………………………………………………… 8 Action 3: Build Network Engineering Core Competencies……………………………………………………… 8 Action 4: Deploy NOAA Enterprise Services for Federal Agency Accessibility…………………………..8 Goal 4: Optimize Network Services …………………………………………………………………………………………. 9 Action 1: Identify Opportunities…………………………………………………………………………………………… 9 Action 2: Enhance Service Delivery ……………………………………………………………………………………… 9 Action 3: Continuously Modernize Enterprise Standards ……………………………………………………….. 9 References…………………………………………………………………………………………………………………………… 10
Strategic Plan Network Optimization & Transport Services 2013 – 2018
3
??Overview
In fulfilling its critical mission of science, service, and stewardship, the National Oceanic and Atmospheric Administration (NOAA) generates tremendous value for the Nation – and the world – by advancing our understanding of, and ability to respond to, changes in the Earth’s environment, by improving society’s ability to make scientifically informed decisions, and by conserving and managing ocean and coastal resources.i NOAA’s mission touches the lives of every American and we are proud of our role in protecting life and property and conserving and protecting natural resources.ii
NOAA’s mission and operations span all 50 states and international sites, and so rely on having a secure, resilient network infrastructure. Our current networks have grown organically in response to the needs of the Agency. Increased frequency and volumes of observational data gathering, tighter coupling of computational activities, decreased timeframes for product delivery and emergency response, and the exponential growth of environmental data – each of these dynamics place more demanding requirements and operational dependencies on NOAA’s networks.
This document presents a plan to improve NOAA’s network acquisition, management and security processes. In order to achieve the overall objectives four goals have been identified: Deliver Enterprise Transport Services, Enhance NOAA’s Network Security, Scale Network Capabilities, and Optimize Network Services.
Each of these goals will deliver specific benefits to NOAA, and taken as a whole, will represent the transformation of our networks into an enterprise-managed, secure, agile, and reliable resource. The following sections provide details, including the specific actions designed to ensure achievement of the goals, as well as discrete metrics that will be used to measure our progress. Our strategic approach is not intended as a single set of initiatives, but as a recurring series of activities that build, in successive iteration, on the improvements made in the previous cycle.
Figure 1: NOAA’s Network Optimization Framework
??4
Strategic Plan Network Optimization & Transport Services 2013 – 2018
??Table 1: NOAA’s Enterprise Network Optimization Strategic Goals, Actions, and Metrics
??????Strategic Goal
???????Implementation Actions
??????Metrics (Timeframes)
????Deliver Enterprise Transport Services
?- Manage NOAA’s network at the enterprise level
– Provide network services through the IT Service Portfolio
– Integrate enterprise-wide NOCs
– Align Network Acquisitions to
Enterprise Standards
?- Integrate external NOCs (FY13-14)
– CommonConfigurationManagement – Commontools
– Build NOAA NOC (FY14-17)
– Institute enterprise-level funding (FY16)
– Service Portfolio Management (FY13-18)
– Complete Enterprise Network Services
Standards (FY13-18)
– Implement controls to ensure standards
conformance (FY 14-18)
– Establish Enterprise Network Services
Acquisition Vehicles (FY13-14)
???Enhance NOAA’s Network Security
????- Route networks through TICAPs
– Improve security controls
– Build a trusted NOAA Intranet
– Utilize SOC to monitor enterprise
services
???- Routing through established TICAPS – 50%byendofFY13
– CompliantbyendofFY14
– Common NOC security controls:
– Security processes (FY13)
– Common tools at network edge (FY14-15)
– Common tools for enterprise (FY13-18)
– Standard templates for ISA&SLA (FY14-18)
– Establish Base Trusted Intranet (FY16)
– Establish Multi-zone Trusted Intranet (FY17)
– SOC monitoring border routers (FY14)
– SOC monitoring internal core routers (FY15)
????Scale Network Capabilities
????- Strategically Acquire Networking Capabilities
– Improve network performance
– Build network engineering core
competencies
– Deploy NOAA Enterprise Services
for Federal Agency Accessibility
???- Utilize Strategic Acquisition Vehicles (FY13-18)
– Integrate WAN backbones (FY14-18)
– Improve networking policy, security, and design
engineering core competencies (FY13-18)
– Exchange ideas with other Agencies (FY13-18)
– Publish Inter-Agency Service Level Agreement
for the Enterprise Network Service (FY15)
??????Optimize Network Services
??????- Identifyopportunities
– Enhance service delivery
– Continuously modernize enterprise
standard
?????- Modernize network components of the Enterprise Architecture (FY14)
– Identify opportunities to reduce cost, improve services or security, or improve performance (FY13-18)
– Monitor and integrate industry trends into planning and standards (FY13-18)
??Strategic Plan Network Optimization & Transport Services 2013 – 2018
5
??Goal 1: Deliver Enterprise Transport Services
Action 1: Manage NOAA’s Network at the Enterprise Level
By having an accurate and comprehensive understanding of its environment, agency IT leadership will develop realistic operational network goals, implement plans that adhere to operational and security constraints, and will be able to make informed trade-offs among technical, financial, operational, and security considerations. Managing transport services as an enterprise will allow for quicker response to cyber threats, better monitoring, and improved provisioning of services, while providing improved capabilities and cost- efficiencies.
NOAA’s Information Services Strategic Plan, 2013-2018iii describes the enterprise information services delivery model NOAA OCIO is moving towards. This model has been designed to achieve a number of benefits, including: cost avoidance; increased efficiencies; economies of scale; improved processes; enhanced enterprise-wide security and networking standards; and improved network services. In order to realize these benefits, the Agency must utilize a common set of services, infrastructure, and funding model.
Focus will initially be on external and non-local network connections. As the network service portfolio matures, enterprise standards for management at the local area network level will be developed and implemented.
Action 2: Provide Network Services through the IT Service Portfolio
To reduce duplicative effort, ensure adherence to policy and standards, and provide greater customer service and support, network services need to be offered through the IT Service Portfolio. As a shared enterprise service itself, the IT Service Portfolio is provided through a standardized infrastructure (consisting of processes and technologies). The result is a familiar, reliable method and set of tools for users across NOAA to identify, select, and configure services they need.
Action 3: Integrate Enterprise-wide Network Operations Centers
Network Operations Centers (NOCs) are responsible for the oversight, provisioning, monitoring, tuning, reporting, and responding to events on the network. In addition, the NOC will provide a single point of contact for connectivity issues. The NOC will be constituted of a primary and backup center. By the end of FY14, NOAA will establish and implement a common Configuration Management (CM) system, acquisition methodology, service catalog, and shared engineering for the network’s border services. By the end of FY17, the Integrated NOC will be responsible for all NOAA networks that are “inter-FISMA system” (or between accreditation boundaries).
Action 4: Align Network Acquisitions to Enterprise Standards
IT acquisitions need to enable the adoption of enterprise stands. In order to effectively support the operation and evolution of enterprise network services, NOAA’s Enterprise Architecture artifacts will accurately reflect the agency’s current infrastructure, standards, and technologies, as well as the planned advancement of each. Standards will be documented in the Enterprise Architecture and enforced, a) operationally, through the Configuration Management process and b) strategically, through the system design and acquisition process, IT Investment Authority, and Authorization and Accreditation cyber security processes.
6
Strategic Plan Network Optimization & Transport Services 2013 – 2018
??Goal 2: Enhance NOAA’s Network Security
Action 1: Route Networks Through TICAPs
NOAA has initially established four Trusted Internet Connection Access Providers (TICAPs)iv. In compliance with OMB mandates, NOAA intends to route its external network connections through a TICAP location by the end of FY14. In order to meet our operational requirements for high network availability, NOAA will implement a solution to allow systems to route through multiple TICAPs.
Action 2: Improve Security Controls
The NOC will provide oversight for the routers on the external border of NOAA’s network. Common cyber security controls will be utilized throughout the network infrastructure. NOAA’s backbone Wide Area Network (WAN) will maintain controls appropriate for “moderate impact” systems (as categorized by NOAA, following the NIST FIPS 199v standard). Business policies, processes, and practices (e.g. centralized logging with the SOC, common authentication methods) will be defined and implemented to ensure that cyber attacks are avoided to the extent feasible. When cyber attacks do occur, the N-CIRT will be engaged to quickly perceive, understand, and contain the situation.
As standard templates for Interconnection Security Agreements (ISA), Interface Control Documents (ICD), and Service Level Agreement (SLA) are created, they will be shared to reduce effort and ensure that expectations are appropriately documented.
Action 3: Build a Trusted NOAA Intranet
Within the intranet, behind the TICAPS, the NOC will provision trusted networks for geographically distributed systems and for sharing information between systems. A multi-level “trust model” will be designed and implemented, allowing systems and data stores to be designed and implemented with standards for identifying, sharing, merging, analyzing, disseminating, and storing information assets.
Action 4: Utilize SOC to Monitor Enterprise Services
NOAA’s Security Operations Center (SOC) will deploy its monitoring infrastructure to ensure the cyber- security of the enterprise network and services. The SOC will prescribe counter-measures for ongoing threats. All inter-system border connections will have centralized logging, custom reporting, and active monitoring. NOAA’s Homeland Security Program Office will be appropriately updated when there are major events or outages.
Strategic Plan Network Optimization & Transport Services 2013 – 2018
7
??Goal 3: Scale Network Capabilities
Action 1: Strategically Acquire Networking Capabilities
NOAA will realize the benefits of economies of scale and cost-reduction by employing strategic sourcing initiatives for acquiring network circuits, equipment, and services. Acquisitions will have oversight to ensure observance of enterprise initiatives, security, and procurement objectives. Maintenance and training opportunities will also be combined to reduce cost. NOAA will continue to take advantage of the cost effective capabilities of the N-Wave Science Network and the pre-negotiated bundled services of Federal telecommunication services (e.g. GSA Networx) to provision high-performance networks.
To ensure competition during the acquisition process and our quick adoption of new technology, NOAA will embrace open standards within its enterprise network. Standards will be defined for a core set of services, and they will be enforced as requirements during the acquisition process.
NOAA is comprised of many small field offices, some medium size offices, and a few large campuses. In addition, NOAA has staff located in partner locations. Solutions will need to be designed and acquired with the flexibility to address the diversity of requirements in a cost-efficient and effective way.
Action 2: Improve Network Performance
Network infrastructure will be consolidated, when appropriate, and new capabilities will be deployed. Monitoring will be incorporated to check usage and identify constraints. Concurrently, NOAA will improve our network performance by deploying advanced, but proven, technologies, configurations, and operating approaches. Also, standardization of network management tools and performance analyzers to continuously “tune” the network, adjust configurations and deploy resources to achieve required performance, consistent with cost and security constraints. The network backbone will be designed, constructed, and deployed to accelerate the adoption of new services, keep up with our explosive rate of data growth, and to aid in the data movement related to NOAA’s big data challenge.
NOAA will leverage National Education and Research Networks (NRENs) for both its internal and external network traffic. They will be utilized, when appropriate, to keep up with the data growth, and to route through TICAPs, for international and other external network traffic including satellite, modeling, and radar.
Action 3: Build Network Engineering Core Competencies
Network performance and security is limited by the capability of the engineering staff. Building on the skills of the NOAA Network Committee (NNC), NOAA will foster and ongoing technical dialog to maintain an awareness of industry trends and emerging technologies. This will actively support the OCIO’s workforce positioning strategy, which includes ongoing training and development of industry best practices across the networking community.
Action 4: Deploy NOAA Enterprise Services for Federal Agency Accessibility
Enterprise network services will be designed and implemented with the flexibility to be utilized by other Federal Agencies. This will allow other Government Agencies to leverage the improved services and cost advantages derived by NOAA.
8
Strategic Plan Network Optimization & Transport Services 2013 – 2018
??Goal 4: Optimize Network Services
Action 1: Identify Opportunities
NOAA will regularly explore cost reducing, performance improving, or security enhancing opportunities. The NNC will be responsible for researching and prioritizing these opportunities, and they will be evaluated against mission requirements, enterprise standards and their ability to support special requirements like NOAA’s Primary Mission Essential Functions (PMEF). NOAA-wide programs and teams (e.g., NOAA’s Web Operations Committee, IT Security Committee) will collaborate on identifying, analyzing, prioritizing, and implementing network improvements.
Action 2: Enhance Service Delivery
Selected opportunities will be deployed at the enterprise level and documented in the Enterprise Service Catalog. Services will adhere to the Enterprise Architecture and will be authorized through the Configuration Management process. Solution providers will provide monitoring or reporting to either the Security Operations Center or Network Operations Center, as appropriate. Services and infrastructure will be continuously measured, reviewed and evaluated to identify opportunities to restructure or increase efficiencies.
Action 3: Continuously Modernize Enterprise Standards
NOAA will employ open standards wherever possible. Based upon Agency needs and ongoing market research, the Enterprise Architecture will reflect NOAA’s current network standards. The NNC will regularly review NOAA’s standards and ensure that they are communicated throughout the Line Offices, that they are integrated into operations and planning, and that they are continuously validated and updated.
Strategic Plan Network Optimization & Transport Services 2013 – 2018
9
??References
i National Oceanic and Atmospheric Administration, NOAA’s Next Generation Strategic Plan, December 2010, www.ppi.noaa.gov/wp-content/uploads/NOAA_NGSP.pdf, page v.
ii National Oceanic and Atmospheric Administration, About NOAA, www.noaa.gov/about-noaa.html iii “Information Services Strategic Plan, 2013-2018”, April 2013
iv Homeland Security, Trusted Internet Connections, www.dhs.gov/trusted-internet-connections
v FIPS 199-Standards for Security Categorization of Federal Information and Information Systems, February 2004, Computer Security Division, Information Technology Laboratory, National Institute for Standards and Technology, csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
?????10
Strategic Plan Network Optimization & Transport Services 2013 – 2018
Monthly Archives: May 2016
It Service Portfolio Management
?State of Montana
Strategic Plan for Information Technology 2014
??
This document is prepared under the authority of the Montana Information Technology Act of 2001. It is published biennially unless special interim plans become necessary.
STATE INFORMATION TECHNOLOGY SERVICES DIVISION Ron Baldwin, Montana State Chief Information Officer
April 1, 2014 Montana Strategic Plans for Information Technology can be found at:
mt.gov – Montana’s Official State Website
If you have any questions or comments on this plan, please contact: Kyle Hilmer
Strategic Planning Manager
406-444-5476
khilmer@mt.gov
?2
?STATE OF MONTANA DEPARTMENT OF ADMINISTRATION STATE INFORMATION TECHNOLOGY SERVICES DIVISION
???April 1, 2014
Fellow Montanans:
It is my pleasure to present the State of Montana 2014 Strategic Plan for Information Technology. This plan aligns with the administration’s initiatives: better jobs, better education, and effective state government. We will use/leverage technology to address these areas by:
? Providing mobile access for our citizens and state employees.
? Prioritizing projects that deliver the most effective government services.
? Employing technologies make state service more accessible and secure.
? Sharing systems across agencies, Montana political subdivisions, and other states. ? Maximizing returns on IT expenditures.
We know our destination and the road we want to take to reach that destination. This plan is that road map. It describes the overall direction of information technology throughout Montana state government. Agencies will use it as their guide when they are prioritizing their IT investments and making decisions.
Technology plays a crucial role in all our daily lives. This is especially true for Montana state government. Our lives are better for our willingness to embrace advances in technology. However, we fully realize the benefits of technology only when it is well managed and secure. This strategic plan is the foundation for managing our technology and ensuring it delivers maximum value.
The right technology strategy for Montana is to focus on the services our citizens need, and then deliver those services in the most effective, efficient and secure manner.
This plan directly supports the State’s strategic goals and business requirements. It is a guide through the complex issues and challenges that are part of effectively managing technology. The success of state government rests on our ability to meet the expectations of Montana citizens and businesses with thoughtful technology investments and manageable risks.
Sincerely,
Ron Baldwin, State CIO
Steve Bullock Governor
?3
Table of Contents
Executive Summary 5 State Environment, Success, and Capabilities 5 IT Contribution and Strategies 6 IT Principles 7 IT Governance 8 IT Financial Management 8 IT Metrics 9 IT Services and Processes 9 IT Infrastructure, Staffing and Resources 9
Enterprise IT Initiatives
10
4
1. Executive Summary
Montana has three basic business drivers that shape the state’s programs and IT strategies: jobs, education, and effective/efficient government. Most IT programs and projects will address only one of the three business objectives. The most frequent objective is usually effective and efficient government. New and enhanced IT systems normally generate savings in agency operational costs, or greatly enhance agency service or functions available to the public.
Montana’s IT strategies are designed to directly support and contribute to the success of Montana’s business objectives. Montana’s IT strategies are:
1. Deliver network services that enable online education and remote access to state and local government services.
2. Deliver mobile access to state services for citizens, businesses and state employees.
3. Leverage standards, technical innovations and systems from other government entities.
4. Share systems, components and functionality across agencies, Montana political subdivisions and
other states.
5. Utilize cloud, open source and existing systems; deploy custom built systems only when
absolutely necessary.
6. Implement an enterprise cyber security program.
2. State Environment, Success and Capabilities
Montana weathered the recession better than the rest of the nation. Montana’s unemployment rate has consistently outperformed other states, and the workforce demonstrates high rates of educational attainment, income growth, and increasing job opportunities. In late June 2013 the Legislative Fiscal Division projected almost a $300,000,000 ending general fund balance for the FY2015 biennium. Montana’s economy is healthy, but there is room for improvement.
Technology strategic planning must be based on the needs, goals, and business drivers of the leaders that manage State programs and priorities. Those business drivers have been identified as jobs, education, and effective/efficient government.
? Jobs – Montana’s objective is to ensure job growth and private sector wage growth exceeds the national average. Montana added 10,700 jobs in 2012, a growth rate of 2.3% which exceeded national job growth. Private sector wage growth in Montana increased by 4.2 % in 2012; the second fastest wage growth in the nation. Additional details can be found in the 2013 Labor Day Report at: www.ourfactsyourfuture.org/admin/uploadedPublications/5314_LDR-13.pdf
? Education – Montana’s objective is to increase the percent of Montana’s population with a completed college certificate from 40% to 60% by 2020. In the previous three years Montana led the nation with an increase of 37% to 40% in higher education credentials. Currently 96% of Montana’s labor force has a high school diploma, 4th in the nation.
???5
? Effective Government – Effectiveness is the ability to produce better quality outcomes or higher value. IT can support this goal in two ways. First, by delivering value to state employees and programs. A $100,000 IT investment that saves a state agency $200,000 in personnel time or expenditures, or delivers $200,000 in citizen benefits, would make the state more effective. Second, state IT organizations can reduce their own internal IT costs; reducing them to minimum levels while maintaining high quality service. The state’s objective is more effective government through both paths.
Montana’s goals and objectives lead directly to several state business requirements; requirements that must be met if Montana is to succeed. The state business requirements are the focal points around which the state IT strategy is built.
State Objectives State Business Requirements
?????Education
Increase post-secondary education levels
????????Jobs
Increase employment and compensation levels
????????Efficient and Effective
Government
Minimize government expenditures and increase the value and impact of state delivered services
?????????????????Increase post-secondary education levels
High quality, anywhere/anytime state services that make Montana an attractive business location
Effective budget controls that minimize state expenditures
Rapid implementation process for improved state services
Prioritize projects that maximize effective state service delivery
Maximize returns on IT expenditures
Improve privacy of individuals and information contained within IT systems
?????????????????????????????3. IT Contribution and Strategies
Montana’s IT strategy is designed to support the state’s primary strategies and business requirements. Not all IT programs and projects will address all of the business requirements, but all IT programs and projects will support at least one. Most IT programs and projects will focus on effective/efficient government. By its very nature a new or enhanced IT system will normally drive down agency operational costs or greatly enhance agency service or functions available to the public. Occasionally a new IT system will increase agency costs. This will be a conscious choice because the system benefits to state citizens and businesses will far exceed the state’s incremental IT costs.
?6
Commerce, Labor and Industry, the Office of Public Instruction, and the university system will directly impact Montana jobs and education. Other agencies will have a secondary impact. But all agency IT organizations will have a direct impact on delivering a more effective and efficient state government. Agency IT services and systems will provide value by delivering faster, more informative services to citizens and business, and by reducing the cost of agency operations.
Montana’s IT strategy to contribute to Montana’s success has eight components; found in the tables below.
State Objectives State Business State IT Strategies Requirements
????Education
Increase post- secondary education levels
???????Jobs
Increase employment and compensation levels
???????Efficient and Effective Government Minimize government expenditures and increase the value and impact of state delivered services
????????????????Increase post-secondary education levels
High quality, anywhere, anytime services that make MT an attractive business location
Effective budget controls that minimize State expenditures
Rapid implementation process for improved state services
Prioritize projects that maximize effective service delivery
Maximize returns on IT expenditures
Improve privacy of individuals and information contained within IT systems
??????????????????????????????????Deliver network services that enable online education and remote access to state and local government services
Deliver mobile access to state services for citizens, businesses and state employees
Leverage standards, technical innovations and systems from other government entities
Share systems, components and functionality across MT agencies, MT political subdivisions and other states
Utilize cloud, open source and existing systems; deploy custom built systems only when absolutely necessary
Implement an enterprise cyber security program
???????????????????????????????4. IT Principles
IT principles govern the decisions and operations of the state’s IT community. They provide touch- points and guidelines to ensure that correct decisions are being made; decisions that will provide the greatest value to Montana’s citizens. The majority of Montana’s IT principles have their roots in Montana’s Information Technology Act (MITA).
?7
Montana’s IT principles:
? Resources and funding will be allocated to the IT projects that contribute the greatest net value and benefit to Montana stakeholders.
? Unwarranted duplication will be minimized by sharing data, IT infrastructure, systems, applications and IT services.
? Montana will use shared inter-state systems to minimize IT expenditures, improve service delivery and accelerate service implementation.
? IT will be used to provide educational opportunities, create quality jobs, a favorable business climate, improve government, protect individual privacy and protect the privacy of IT information.
? IT resources will be used in an organized, deliberative and cost-effective manner.
? IT systems will provide delivery channels that allow citizens to determine when, where, and how
they interact with state agencies.
? Mitigation of risks is a priority for protecting individual privacy and the privacy of IT systems information.
5. IT Governance
The state has established in law, by Executive Order and by Agency Executive Order, governance structures such as the Information Technology Board, the Statewide Interoperability Governance Board, the Electronic Government Advisory Council and the Information Technology Managers Council. The purpose of these governance structures is to ensure that the state’s IT investments supporting the business needs of the agencies are done in a cost effective manner.
The state CIO and state agencies will work in a cooperative manner to strengthen these governance structures so they provide the framework for a deliberative approach to making IT investments that support the services the state provides to its citizens.
6. IT Financial Management
Agencies receive their IT expenditure authority from the legislature. IT funding sources include the state general fund, proprietary funds, fees, federal grants, etc. Most of the funding authority originates in an agency’s biennial base budget with House Bill 10 providing supplemental capital funding for major IT projects and programs that cross biennium boundaries. IT line items in HB10 are managed by the Office of Budget and Program Planning (OBPP) with approval by the State CIO. SITSD is funded through a state proprietary fund and receives its revenue through chargebacks to agency customers.
Agencies will document and provide adequate justification for their major IT spending proposals to OBPP and the Department of Administration.
??8
7. IT Metrics
The state recognizes the need to minimize IT expenditures while maximizing the return on IT investments. Establishing a value on our IT infrastructure of software applications and hardware is a necessary step. We must also establish a baseline for IT metrics and then measure progress over time. Reporting on progress occurs in the IT Biennial Report, which is published at the start of each legislative session.
The State CIO will work in cooperation with the established IT governance bodies in developing metrics for assessing the effectiveness and efficiencies in the following IT areas:
– Projects
– Operating expenditures
– Capital investments
– Cyber security
8. IT Services and Processes
Montana’s agencies have hundreds of individual applications and services that support their programs and constituents. Describing agency systems and applications, or even listing them, would be lengthy and inappropriate considering their agency-specific scope. SITSD offers a range of enterprise-wide services available to agencies, university system and local governments. The scope of SITSD’s service offerings is broad and similar to peer states. Outside of a few isolated services such as fax, e-signatures, cell phones, and business analysis, SITSD’s catalog of services is typical for a central state IT organization.
Agencies will look for opportunities to build their program services on shared IT systems: inter-agency systems, SITSD enterprise systems, and interstate systems. Additionally, agencies will provide mobile access to state services for citizens, businesses and state employees.
9. IT Infrastructure, Staffing and Resources
Montana has two primary data centers: the State of Montana Data Center (SMDC) in Helena and the Miles City Data Center (MCDC). MCDC operates as a backup and recovery site. The Department of Justice and Montana State Fund also maintain data centers in Helena. Twelve agencies have moved their equipment into the SMDC. The backbone of Montana’s IT infrastructure is SummitNet, a secure consolidated voice, video and data network that supports approximately 22,000 devices at over 600 locations. Montana has approximately 850 IT positions, 6.48% of all state employees.
Agencies will utilize cloud, open source, and COTS solutions, deploying custom built systems only when absolutely necessary.
???9
10. Enterprise IT Initiatives
Enterprise IT Management seeks to maximize the value of information technology at the enterprise level. The key objective of this initiative is to implement policies, processes and tools that ensure IT is effectively procured, used and shared across state and local government. This will result in operational efficiencies, reduced IT costs and seamless, integrated services for Montana citizens. The Enterprise IT Management group will focus on the portfolio of enterprise projects, initiatives and opportunities.
Strategic Planning
The 2001 State Legislature recognized IT as an enabler of government services and enacted the Montana Information Technology Act. MITA identified the need for a unified vision for IT in state government and required the development of an enterprise-wide strategic plan. The State of Montana Strategic Plan for Information Technology provides the framework and guidance for state agencies to develop and use IT resources to provide state government services.
MITA also requires that each state agency develop an IT plan. Agency IT plans identify specific agency technology goals, objectives and budget requirements for implementing the plans. The Act also requires the Department of Administration to review and approve agency IT plans and provide oversight for the state’s procurement of IT.
IT Service Portfolio Management
IT Service Portfolio Management encompasses the processes for identifying, evaluating, sourcing, modifying and retiring IT services. The objective is to manage a catalog of services to balance the use of resources, deliver maximum value as quickly as possible, and minimize risk. Decisions on IT services are based on customer requirements and economics, not on technology fads.
The Information Technology Manager Council (ITMC) is forming a group to assist SITSD with: ? developing and prioritizing an inventory of potential shared enterprise services
? vetting proposals for new service investments, modifications and retirements
SITSD’s IT Service Portfolio Management strategy includes (1) soliciting service requirements from agencies; (2) continually evaluating shared enterprise services; (3) delivering services that are competitive on price and function; (4) and offering new services that can potentially be used by a large segment of agencies.
Enterprise Records Management / Enterprise Content Management (ECM/ERM)
Montana does not have a standardized approach to ERM/ECM. Multiple systems are used by various agencies. The lack of a single ERM/ECM system contributes to such organizational inefficiencies such as duplicate costs, inability to search multiple systems for related information, limited use of automatic retention schedules and inadequate preservation of historically significant documents.
The initial goal of this effort is to identify the most efficient and effective ERM/ECM solution for the State of Montana based on input from agencies, State CIO, Education and Local Government Committee (ELG) Committee, and other stakeholders. The initial phase of surveying agencies and analyzing RFI responses is complete.
?10
Software Asset Management (SAM)
Currently the state lacks an accurate tool to inventory and manage its software investment. Software licensing terms and conditions are becoming more complex, and software vendors are conducting more audits to ensure compliance with their licensing terms. The risk of an unsuccessful compliance audit threatens financial penalties, loss of staff time, and loss of access to needed software. The purpose of this project is to implement a SAM optimization tool which will improve the state’s control of software spending and license compliance across the enterprise.
Geographic Information Systems (GIS) and Data
Multiple agencies use five separate agreements for Esri’s cloud-based mapping and collaboration platform, ArcGIS Online (AGOL), to create, publish and share maps. Other agencies would like to use GIS tools but lack the funding to acquire them. The state could minimize costs and maximize usage by re-negotiating a statewide agreement in 2014 with unlimited named users.
Cyber Security
Montana has two primary security initiatives: Mobile Device Management (MDM) and Data Protection. Mobile devices are leading to a more efficient and productive working environment. Mobile device usage is forecasted to explode in the future and it is essential to develop a management strategy now. MDM will:
? Implement tracking of mobile assets, secure mobile data transmission and minimize telecommunication and support costs.
? Develop enterprise tools for more efficient mobile device deployment and management. ? Establish enterprise policies to clearly define standards, limitations and use.
In May 2013, the legislature allocated $2,000,000 to the Department of Administration for statewide data protection. The Data Protection Initiative encompasses three enterprise-wide security efforts to protect the state’s data assets.
? Access Control & Verification implements an enterprise system to authenticate the identity of users and their access to data.
? Multi-factor Authentication implements a system to verify the identity of a user in the enterprise access controls system through more than one authentication factor
? Enterprise Risk Assessment will evaluate the security and vulnerability of selected high-profile, high-value state targets.
11
Service Catalog Management Interfaces With And Depends On The Activities Of-
Service Catalogue Management and ITIL V3
The Service Catalog
To enable the service provider and the customer to clearly understand the services available and being delivered
Service Catalog Management interfaces with and depends on the activities of:
Service Portfolio Management
Service Level Management
Service Asset and Configuration Management
Business Relationship Management
Demand Management
Knowledge Management
Service Strategy
Value of Service Portfolio
The Service Portfolio allows the business to make the best decisions related to investments.
The Service Portfolio enables the customer to understand what will be delivered in a service, and under what conditions.
The Service Portfolio is the first step in realizing the benefits of a service, optimizing the risks associated with the service, and optimizing the resources allocated to the service throughout the entire service lifecycle.
Service Portfolio
Terminology (1)
Service Models
A service model is a list or diagram of essential items required to deliver a service. The service model will show how these items are used and how they are related to each other.
A service model will logically demonstrate how service assets interact with customer assets to create value. Service models show:
Structure of a service -physical attributes
Dynamics of a service -activities, flow of information
Service Strategy
Customers, Services, and Service Assets
Customer Satisfaction
Service Strategy
Identifying and Forecasting Demand
Service Design
Activities of Service Level Management
Terminology (1)
Terminology (2)
SLA Life Cycle
Create Service Catalogue
Discuss Service Level Requirements with customer
Map against Service Catalogue
Sign Service Level Agreement
Ongoing (frequent) review of achievements
Appendices (where appropriate)
Review and renew SLA
Service Transition
Service Configuration
Tracking Activities
In addition to configuration information and attributes, the configuration management system will also track activities related to the configuration items it manages, including:
Incidents
Problems
Changes
Known Errors
Changes
Releases
Service Transition
Service Portfolio
Service Design
Service Catalogue Management
GOAL:
To ensure that a Service Catalogue is produced,
maintained and contains accurate information on all
operational services and those ready for deployment.
Scope
The scope of the Service Management process is to provide and maintain accurate information on all services that are being transitioned or have been transitioned to the live environment.
Service Catalogue
The Service Catalogue has two aspects:
The Service Catalogue
Key Activities
Inputs & Outputs
Input sources of information relevant to the Service Catalogue Management process
Output new services, changes to existing services or services being retired
Information Management
The key information is that contained within the Service Catalogue. The main input for this information comes from the Service Portfolio and the business via either the Business Relationship Management (BRM) or Service Level Management (SLM) processes.
All information needs to be verified for accuracy and must be maintained using the Change Management process
Value to the Business
The Service Catalogue:
Provides a central source of information
Ensures all areas of the business can view an accurate, consistent picture of all IT services, their details and status
Contains customer-facing view of IT services in use, how they are intended to be used, business processes they enable and quality of service to be expected.
CSF’ s
The Critical Success Factors (CFS’ s) for the Service Catalogue Management process are:
An accurate Service Catalogue
Business user’ s awareness of the services being provided
IT staff awarenes of the technology supporting the services
KPI’ s
# of services recorded and managed within the Service Catalogue as a % of those being delivered and transitioned in the live environment.
# of variances detected between the information contained within the Service Catalogue and the òreal world’ situation.
Business users’ awareness of the services being provided, i.e. percentage increase in completeness of the Business Service Catalogue against operational services.
Challenges
Maintaining accurate Service Catalogue as part of a Service Portfolio.
Incorporating both the Business Service Catalogue and Technical Service Catalogue as part of the overall CMS and SKMS.
In order to achieve this, the culture of the organization needs
to accept that the Catalogue and Portfolio are essential
sources of information that everyone within the IT organization
needs to use and help maintain.
Risks
Service Portfolio Management
??SERVICE PORTFOLIO MANAGEMENT
SERVICE PORTFOLIO MANAGEMENT
?www.tutorialspoint.com/itil/service_portfolio_management.htm Copyright © tutorialspoint.com
Service Portfolios
Service portfolio contains description of all the services engaged throughout the service lifecycle. It also represents the commitment and investment made by service provider across all customers and market spaces.
Service catalogue is subset of service portfolio and contains presently active services in service operation phase. We will discuss service catalogue in detail as part of service design process.
Service Portfolio Management
Service portfolio management ensures that the service provider is offering right combination of services to meet the customer’s need.
Service Portfolio Manager is the process owner of this process.
The purpose of service portfolio management is to provide answer to the following questions: Why should customer buy this service?
Why should they buy from us?
What form does the pricing structure take?
What are our strengths and weaknesses, priorities and risks? How should we apply our resources and capabilities?
????????Sub Processes
??Service portfolio management includes sub processes as shown in the following diagram:
?Define
The purpose of this process is to define desired results of a service.
Analyze
The purpose of this process is to analyze the impact of proposed new service or changed service on existing services in service portfolio.
Approve
The purpose of this process is to submit change proposal to change management and to initiate the design stage for the new or changed service if change proposal is authorized.
Charter
The purpose of this process is to communicate decisions, allocate resources and charter services.
Service Portfolio Management
Service Portfolio Management.