Volume 14, Number 2
CIO Nelson Moe
The approved update of the Risk Management Standard SEC520-01 is posted on VITA's website at: https://www.vita.virginia.gov/it-governance/itrm-policies-standards/.
The purpose of SEC520-01 is to establish a risk management framework with the minimum program activities applicable to of Virginia agencies. This document defines the lowest acceptable level of information risk management program activities and data objects required for agencies in scope to this standard. The risk management framework aligns with methods set forth by the National Institute of Standards and Technology (NIST) cybersecurity framework.
Registration for the 2019 Commonwealth of Virginia Information Security Conference is open. Additionally, the deadline for the call for papers has been extended to Friday, Feb. 15.
This year's conference will be held April 11-12 at the Altria Theater in Richmond. Confirmed keynote speaker Steve Uzzell, an internationally renowned photographer and inspirational speaker, will present to conference attendees. He has taken his message of creativity and the power of ideas to more than 500 organizations, associations, corporations and colleges including the U.S. Naval Post Graduate School, Merrill Lynch, J.P. Morgan Chase, Marriott, BNY Mellon and Adobe.
The personal computer (PC) refresh has resumed using the existing process. On July 1, the new PC refresh process will eliminate the need for spreadsheets and will improve visibility into the refresh process. VITA has authorized five devices to be offered to customers for new orders and PC refreshes until July 1. At the start of the new fiscal year, a new, fuller suite of PCs (approximately 25 choices) will be available. Agency personnel wishing to check refresh eligibility or to begin the PC refresh process are asked to contact their agency’s agency information technology resource (AITR).
Verizon is developing the schedule to retire West Communications (Intercall) audio conferencing and introduce Verizon Cisco WebEx for voice, video and data conferencing.
VITA and Verizon will begin reaching out to agencies in the coming weeks to discuss the transition. Verizon is also planning for network refreshes at agency sites. Network refreshes are expected to begin in the first half of the year. More information will be shared with agencies in the near future.
Science Applications International Corporation (SAIC), VITA’s MSI, has assumed the day-to-day operations of the service portfolio life cycle management (SPLM) process.
SPLM is the process that manages the life of an IT service, from initiation and aligning business strategy, through the design and delivery of the IT service, to its ongoing operation and support through the retirement of the service. VITA will serve in an oversight role.
Overview sessions on the process were held with service tower suppliers and service owners to share information on the process and discuss specific requirements for each phase of the process. SPLM forums will be held monthly, taking the place of service management group (SMG) meetings. Agency business relationship managers (BRM) can answer questions related to SPLM services.
VITA is providing an optional Keystone Edge reporting class to AITRs and ISOs. The two-hour class will include hands-on activities and a question-and-answer session with SAIC subject matter experts. The class is designed to cover roles and processes for working with the SAIC reporting team and the specific support they can provide, and detailed guidance on building homepages, reports and dashboards.
To attend the class, AITRs and ISOs must have previously attended an introductory Keystone Edge class. This reporting class will not cover basic navigation or functionality. In-person attendance is strongly encouraged for individuals in the Richmond area. A WebEx is also available if needed. Registrants will receive communications directly from email@example.com.
Individuals who have used VITA’s IT contingent labor (ITCL) contract with Computer Aid Inc. (CAI) over the past six months to engage IT contractors may have noticed a reduction in the number of resources available with the technical skills and experience you need versus a year ago.
The availability of IT contractors across the commonwealth and in the Richmond area is limited due to high demand and low unemployment rates. While great for the economy, the limited availability poses challenges in recruiting and competing for the quality IT contract labor needed to conduct the business of the commonwealth.
The most highly recruited job categories through the contract are programmers/analysts, project managers and business analysts. Costs will fluctuate and likely increase in a market where the demand for services is constant and/or increasing and there is a diminishing supply of quality resources. Please keep this in mind when planning timelines and budgets for upcoming recruitments.
The ITCL program policy is in place to provide guidance on state procurement policy and industry best practices for utilizing contingent workers. Agencies work with CAI to manage the recruitment process and engage IT contract labor to meet their business needs.
Customers are encouraged to follow the program policy requirements for competition to ensure best price and value are obtained for the skills and experience needed. Rare instances when unique and hard-to-find skills need to be recruited outside of the competitive process are possible, but not a routine practice since lack of competition creates risk and unnecessarily inflates costs to the commonwealth.
For more information on the ITCL program policy or industry best practices contact Sonia Hicks, ITCL program manager. Your human resources representative can provide additional guidance to assist with managing your contingent workers.