Commonwealth Security & Risk Management (CSRM)
This directorate provides information security support to the Commonwealth of Virginia via liaisons with all levels of government entities as well as the private sector to achieve that mission. We provide multi faceted services in the information security arena including providing a framework for Information Security Programs around the factors of confidentiality, integrity and availability. Our responsibilities include various security assurance and oversight activities carried out in support of the Chief Information Officer of the Commonwealth's IT governance role, as defined in the Code of Virginia.
Commonwealth Security and Risk Management include the following major functions:
Commonwealth Information Technology Security Policies, Standards and Guidelines - Provides information security governance by defining the Commonwealth Information Technology and Security program. The information security program is supported by statewide policies, standards and guidelines which provide a framework to enable Commonwealth Agencies to accomplish their missions in a safe and secure technology environment. These COV policies, standards and guidelines provide direction to ensure confidentiality, integrity and availability of Commonwealth information and information technology assets.
Critical Infrastructure Protection & Service Continuity - Coordinates the security required to safeguard the facilities and personnel to include access control and background checks. Coordinates the VITA Continuity of Operations Plan (COOP) to include the IT disaster recovery plan in compliance with the guideline established by Virginia Department of Emergency Management (VDEM).
Information Security Assurance - Assesses the information security posture of the Commonwealth using results of information security audit reports, information security assessments, IT infrastructure vulnerability assessments, remediation and corrective action plans, and risk management.
Incident Management - Serves as information Security Incident Response Team (CSIRT) of the Commonwealth by providing analysis, forensics and disposition of security alerts and incident response. Routinely conducts proactive threat assessments. Partners with law enforcement and other organizations as appropriate in detecting, reporting, response and post-incident analysis. Educates Commonwealth personnel in threat management.
Information Security Architecture - Assesses IT systems and network designs to enable a consistent and secure IT framework that aligns information technology resources with business strategies and fosters effective transaction and delivery of Commonwealth services. Provides standard acceptable security architecture approaches to routine business needs.
Information Security Awareness and Training - Increases awareness of information security using a multi faceted approach at both the Commonwealth and VITA level including Information Security Officers Advisory Group (ISOAG), publishing Information Security Tips, and online Security Awareness Training for all VITA employees. Partners with MS-ISAC and InfraGard to leverage security awareness resources.
Customer Services Project Management Organization (CSPMO)
The CSPMO's goal is to create and maintain productive business relationships with VITA's customers - the executive branch agencies, institutions of higher education, localities and other governmental entities throughout the Commonwealth. We aim for exceptional service by understanding our customers' business opportunities and issues, engaging all the right VITA and partner resources, and aligning or adjusting our technology solutions and performance to meet your needs.
Customer Account Managers (CAMs) are the primary contacts for each customer. Together with providing expertise on technical services and responding to requests for service support and billing questions, CAMs focus on ensuring that VITA and its service partners understand and meet customers' expectations and needs.
Primary CSPMO Functions:
Establishing and maintaining relationships with customers and managing overall customer satisfaction.
Developing an understanding of agency business needs and opportunities to more effectively drive VITA support and planning for upcoming changes.
Providing information about VITA services.
Serving as the escalation point of contact for service issues.
Owning Request for Services (RFS) lead qualification and overseeing RFS performance from requirements through implementation.
Driving resolution of billing, asset management and purchasing questions.
Enterprise Solutions and Governance (ESG)
This directorate provides statewide services and support in three major areas: IT governance activities, Enterprise Initiatives and E-911 emergency response and geographic information systems.
In carrying out its assigned functions, the directorate collaborates with key stakeholders in formulating a strategic vision and direction for IT in the Commonwealth, and then in translating that vision and direction into practical guidance in planning and implementing specific technology initiatives. Staff also provides advice and assistance in preparing organizations to take better advantage of technology opportunities and in dealing with related issues. The directorate performs these functions in support of Commonwealth CIO and Secretary of Technology responsibilities governing the acquisition and use of information technology in state government, as delineated in the Code of Virginia. In addition, ESG develops and supports business applications for VITA's internal business processes, VITA customers and the agency's internet and intranet sites.
ESG and their respective divisions/functions include:
Policy, Practice, and Architecture (PP&A) - this division is responsible for the development and update of the Commonwealth's Strategic Plan for Information Technology. It also publishes all VITA external and internal policies, standards, and guidelines. PP&A develops architectural standards and the accompanying policies and procedures for the enterprise, and advises the CIO on architectural standards and exceptions. It also tracks emerging trends and best practices across the spectrum of technologies, including hardware, operating systems, networking and communications, security, and software applications.
IT Investment Management (ITIM) - this division ensures the Commonwealth makes the most effective and efficient technology investments to meet the needs of our customers. It supports enterprise-level management of the state's technology investments "portfolio", and an ongoing program for improving the skills and capabilities of the state's technology project managers.
Integrated Services Program (ISP) - the goal of the Integrated Services Program is to leverage and expand existing VITA services to localities and the public safety community in furthering VITA's mission and vision. The program encompasses the Code-assigned functions of the Public Safety Communications (PSC) and Virginia Geographic Information Network (VGIN) Divisions as well as VITA's Radio Engineering functions.
Virginia Geographic Information Network (VGIN) - fosters the creative use of geographic information and oversees the catalog of GIS data and services available in the Commonwealth. Functions include: drafting policies, standards, and guidelines to support state and local acquisition, exchange, storage, and use of geographic data and related technologies; development of an enterprise GIS, providing access to electronic state geographic data products for public and private sector uses; and management of projects related to the acquisition or development of geographic and statewide base map data.
Public Safety Communications (E-911) - supports the Wireless E-911 Services Board and encourages, promotes, and assists in the development and deployment of statewide enhanced emergency telecommunications systems. Though the delivery of enhanced 9-1-1 services is a local responsibility, the division coordinates their efforts at a regional and statewide level to ensure ubiquitous service levels in urban and rural areas.
Radio Engineering Services - provides engineering assistance and spectrum management services to state agencies and local governments. The division also manages several VITA contracts for radio equipment that may be used by any government agency within the Commonwealth.
- Enterprise Initiatives - involving multiple agencies, often for systems that all agencies need
- Agency Process Improvement - improving business processes at one or more agencies upon request
- Strategy and Governance - developing a unified approach to application development and governance
- IT Contract Services - managing large enterprise contracts for IT services to ensure that the Commonwealth is getting value for its investment
- VITA's customer-facing applications - developing and supporting applications used by VITA's customer agencies (e.g., billing, broadband availability, contracts, VITA website)
Finance & Supply Chain Management
The Finance Directorate handles all financial and procurement aspects of VITA. It consists of three major functions:
Supply Chain Management - To lead the selection, negotiation, development and management of IT supplier relationships that deliver business value at an appropriate level of risk.
Category Management - this group develops the strategic plan for sourcing and contracting in alignment with business needs and the marketplace to optimize value and reduce risk.
Strategic Sourcing - this group integrates technical, business, financial, and contractual requirements to select suppliers and negotiate agreements that fulfill IT business functions.
Contract Management - this group structures and manages the mutual commitment between two or more parties for the duration of the agreement. This group provides tracking, reporting, analysis, and record keeping for all VITA IT contracts
Procurement - this group manages the processes by which goods and services are identified, ordered, and received. Insuring compliance guidelines and policies.
Supplier Management - this group develops and manages suppliers to achieve consistent value through improved performance and innovation.
Policy and Integration - this group develops policies, researches emerging practices, defines new approaches, to enhance the value of supply chain services throughout the Commonwealth. Leads the analysis and integration of new legislation and emerging procurement methods
Supply Chain Services - this group integrates data and information throughout SCM processes to ensure information is available and accurate to support analysis, planning, and reporting.
Procurement Review - this group determines the effectiveness and compliance of SCM policies and procedures.
Financial Management Services - The organizational units within Financial Management Services are:
Finance and Accounting - Manages and accounts for the flow of VITA financial resources. It performs the following primary activities: revenue management, disbursement management, general accounting and financial reporting, telecommunications billing reconciliation, and PeopleSoft support.
Budget, Planning and Analysis - Plans, submits, executes, and monitors the VITA budget. It also conducts financial analyses as required and maintains a multi-year financial planning process for VITA. It consists of two major sections: Budget, and Planning and Analysis.
Strategic Plans and Metrics - Oversees and develops the agency's performance measurement system, leads the peer group benchmarking process, and provides the agency with an integrated management reporting system focusing on financial and operational results.
Human Resource Management Services (HR)
The Human Resource Management Services team provides comprehensive, practical solutions encompassing human resources management, professional development and training. Core services include, but are not limited to, recruitment/selection, compensation, benefits, employee relations, HR information systems, performance management, policy interpretation and leave administration. In training and professional development, the unit coordinates technical training, professional development training, educational assistance, project management development programs, CommonHealth Coordination and training facility coordination.
Internal Audit Services (IAS)
The mission of this directorate is to assist VITA management, the Chief Information Officer (CIO), and the Information Technology Investment Board (ITIB) through the Finance and Audit Committee, in the effective performance of their responsibilities. VITA Internal Audit Services (IAS) fulfills this mission by providing independent, objective assurance and consulting services. These services are designed to add value and improve the organization's operations using a systematic, disciplined approach to evaluate and improve the effectiveness of the risk management, control and governance process.
The IAS scope of work is to determine whether VITA's network of risk management, control, and governance processes, as designed and represented by management, are adequate and functioning in a manner to provide reasonable assurance that:
Risks are appropriately identified and managed.
VITA's control processes are adequate and functioning as intended.
Interaction with the various governance groups occurs as needed.
Significant financial, managerial, and operating information is accurate.
Actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
Resources are acquired economically, used efficiently, and adequately protected.
Program plans and objectives are achieved.
Significant legislative or regulatory issues impacting the organization are recognized and addressed appropriately.
If you have difficulty reading or accessing documents, please Contact Us for assistance