Your browser does not support JavaScript!

Archived Page: COVA Strategic Plan for IT: 2012-2018

Hello. You have reached an archived page. Content and links on this page are no longer being updated. Looking for a service? Please return to our home page.


COVA Strategic Plan for IT: 2012-2018

Introduction

Strategic plan for technology website navigation

Welcome to the third edition of the Commonwealth of Virginia (COV) Strategic Plan for Information Technology. The plan presents the commonwealth's information technology strategy for the years 2012-2018, and draws on the previous two editions (covering the years 2002-2006 and 2007-2012 respectively) as well as the Information Technology Advisory Council (ITAC) Technology Business Plan published in December 2011.

This edition of the plan is published as a website to enable timely updates to the resource links and agency examples and allow the plan to remain current and responsive to changes in commonwealth and agency business needs. The plan will be reviewed at the same time agency information technology (IT) strategic plans are reviewed and updated annually as required by Code.

Technology and the business of state government

The numerous technology advances in recent years have left commonwealth agencies and citizens alike awash in technology choices. The challenge for both groups is to select technology that helps them achieve their business or personal objectives. For the commonwealth, the fundamental principle that investments in technology are made to support the commonwealth's business priorities remains as central to this Strategic Plan for Technology as it was to the preceding editions and the ITAC Technology Business Plan. Briefly stated, information technology is a means, not an end in itself.

In the sections that follow, this introduction to the 2012-2018 edition of the plan will trace the derivation of technology guidance from the agency mission and programs, through the state government business environment, to identify a set of technology trends and emerge with a set of strategic directions for agencies to consider when planning their technology investments. The business environment will highlight the ITAC Technology Business Plan and its four business environmental factors and five initiatives. The current plan includes descriptions of the four technology environmental factors and seven technology trends identified as having a significant impact on agencies and citizens, a commonwealth goal for utilizing each technology trend, and suggested strategic directions to guide agencies in leveraging the trend to address their business needs.

Business environment and ITAC technology business plan

The flow from the state government business environment to this edition of the plan begins with the mission and programs of the Commonwealth agencies. In September 2011 the Council on Virginia's Future completed a collaborative effort with Cabinet secretaries to arrange the secretaries' designated business priorities according to the Council's seven long-term goals with the publication of the "Commonwealth of Virginia Enterprise Strategic Priorities-Agency Strategic Planning Version."

Also in 2011, ITAC was tasked by the General Assembly to work in consultation with the Council on Virginia's Future to develop a technology business plan. ITAC began by identifying four significant business environmental factors which affect the business plan development and substantially impact how the plan is actually carried out. These factors remain relevant and are described in the environmental factors page. Shaped by these factors and the Commonwealth of Virginia Enterprise Strategic Priorities, the council developed the Technology Business Plan by determining the commonwealth's high-level business priorities and identifying the key initiatives that could become technology focal points in support of those business priorities. The Technology Business Plan five Initiatives are stated below, along with a parenthetical short identifier used elsewhere in this plan:

  • Initiative 1 - Emphasize programs and tools that enable all citizens to interact with government 24x7-safely and securely, and when, how and where they want it. (Citizen access)
  • Initiative 2 - Improve information-sharing to optimize current business functions and supporting systems. (Information sharing)
  • Initiative 3 - Leverage technology to improve worker productivity and make state employment more attractive to the future workforce. (Workforce productivity)
  • Initiative 4 - Support educational attainment initiatives—key to achieving state economic development and quality of life goals. (Support education)
  • Initiative 5 - Expand and support back-office platforms and productivity tools that support Governor's Reform Commission recommendations on streamlining government operations. (Streamline operations)

The relationship between the enterprise strategic priorities, business environmental factors, and the Technology Business Plan and its five initiatives are illustrated below.

Technology Business Plan diagram

The ITAC Technology Business Plan and the five initiatives therein provide a logical link to, and a business-based platform for, this edition of the COV Strategic Plan for Information Technology.

Technology environment, trends, and strategic directions

Just as the ITAC Technology Business Plan began with consideration of significant environmental factors, so this edition of the COV Strategic Plan for Information Technology begins with identification of technology environmental factors. Based on discussion with Virginia Information Technologies Agency (VITA) and executive branch agency IT leaders, along with ITAC and Information Technology Investment Management (ITIM) Customer Council members, two separate streams emerged for consideration: broad technology environmental factors and specific emerging technology trends. The technology environment factors, described in the environmental factors page, are the increasing pace of technology expansion and change, the "consumerization" of technology, and the emergence of the Internet of Things. This plan considers these three factors likely to have influence the evolution of the technology trends noted in the plan.

The discussions identified seven emerging technology trends that are playing, or likely to play, a role in agency efforts to address the five Technology Business Plan initiatives. The technology trends, along with a parenthetical short identifier used elsewhere in this plan, are:

  • Social Media (SM)
  • Mobility (M)
  • Cybersecurity (CS)
  • Enterprise Information Architecture (EIA)
  • Enterprise Shared Services (ESS)
  • Cloud Computing Services (CSS)
  • Consolidation\Optimization (C\O)

For each trend the plan states a commonwealth goal for leveraging the trend and identifies several strategic directions, specific activities that agencies can use to harness the trend to fulfill the initiatives. Each technology trend is detailed in a separate page. The subsections on each technology trend page contain a description of the trend and the role it can play in fulfilling the initiatives, strategic directions for agency consideration, current examples of agency use of the technology trend, and resource links for further information. The description subsection includes a brief explanation of the technology, key business drivers for considering the technology, how the technology supports achieving the five ITAC initiatives, and the challenges to incorporating the technology into the commonwealth or agency technology portfolio.

The plan recommends 48 strategic directions, activities that the commonwealth and agencies can pursue to leverage the technology trends to address their business needs and the ITAC initiatives. The strategic directions are evenly split between establishing policy and governance to promote use of a technology trend and recommending actions to leverage a specific technology trend. The strategic directions associated with each technology trend are listed under the third tab of each technology trend page, and are summarized in the following table.

Strategic Directions for Each Technology Trend
Technology Trend Number Percent (%)
Social Media 4 8.3
Mobility 8 16.7
Cybersecurity 6 12.5
Enterprise Information Architecture 10 20.8
Enterprise Shared Services 5 10.4
Cloud Computing Services 4 8.3
Consolidation\Optimization 11 23.0

The plan also identifies the strategic directions that support each of the ITAC Business Technology Plan initiatives. The following table summarizes the number of strategic directions associated with each initiative, while the ITAC business technology plan page lists the strategic directions for each initiative.

Strategic Directions Supporting ITAC Initiatives
Initiative Number Percent (%)
1. Citizen Access 18 37.5
2. Information Sharing 11 22.9
3. Workforce Productivity 7 14.6
4. Support Education 5 10.4
5. Streamline Operations 7 14.6

The relationship between the ITAC Technology Business Plan initiatives, business and technology environmental factors, and the technology trends and related strategic directions is summarized in the diagram below.

Next steps

The publication of this edition of the COV Strategic Plan for Information Technology establishes the framework for several follow-up activities, including the following:

ITAC Technology Business Plan diagram

Publicize the plan
Through presentations and workshops, publicize the emergence and use of the technology trends and promote consideration of the recommended strategic directions.

Conduct agency capability survey
Survey agencies to assess the importance of the technology trends and strategic directions to their business strategies and their current and desired capability to use the technology trends and implement the strategic directions.

Develop an implementation plan
Build on the results of the Capability Survey to develop a prioritized plan for implementing the strategic directions deemed most important to the commonwealth and agency business strategies.

Environmental Factors

Business Environmental Factors

The Information Technology Advisory Council (ITAC) Technology Business Plan identified four significant business environmental factors which affect its development and will substantially impact how the plan would be implemented. While some of the details have changed since the plan was adopted in late 2011, the factors will continue to impact the 2012-2018 version of the Commonwealth of Virginia (COV) Strategic Plan for Information Technology. The four factors, along with a summary of their impact, are reproduced below:

Financial Outlook
Between FY 1996 and FY 2006, the commonwealth's inflation and population-adjusted revenue growth was 28.8 percent, an average annual growth rate of 2.6 percent. By contrast, the overall state budget increased from $39.0 billion in FY 2011 to $39.6 billion in FY 2012, a non-adjusted increase of only 1.5 percent.

Continued Population Growth
In terms of its population, Virginia continues to be one of the fastest growing states in the nation. The long-term trend for significant state population growth is expected to continue. Population growth inevitably adds to demands for public services. Over the next 20 years, as the "Baby Boom" population cohort reaches retirement age, the increasing percentage of older Virginians will further add to service requirements. Coupled with the aforementioned bleak state revenue outlook, pressures upon state agencies to "do more with less" are likely to only increase.

Aging of the State Government Workforce
As a corollary to the aging of Virginia's population in general, the state government workforce is also on average getting older. Data from the Department of Human Resource Management (DHRM) reveal that state workers' average years of service has increased 17.6% in last 20 years and 10.7% of the state workforce is currently eligible for unreduced retirement. By 2016 that percentage will jump to 23.9%. When an experienced state worker retires or otherwise leaves state employment, more than just manpower is often lost. All too frequently substantial institutional knowledge and in-depth understanding of long-standing systems and processes leaves as well.

Attractiveness of Government Careers to Younger Generations
One impact of state government's response to current economic conditions is an overall reduction in the state's workforce. DHRM statistics indicate that the number of full-time-equivalent (FTE) state positions has decreased by eight percent from 2008 to 2011. That decrease, coupled with the above-noted exodus of knowledge and experience, puts even greater emphasis on the need to bring qualified younger workers into the state workforce. Attracting and keeping new workers is in fact an overall challenge for the commonwealth. DHRM data indicates that the highest turnover rate among state employees is in the first five years of service, when 53% of all separations occur.

Technology Environmental Factors

Discussion with the Virginia Information Technologies Agency (VITA) and executive branch agency IT leaders, along with ITAC and Information Technology Investment Management (ITIM) Customer Council members identified three broad trends in the technology environment, the "consumerization" of technology, the increasing pace of technology expansion and change, and the emergence of the Internet of Things. This plan considers these three factors to likely have pervasive influence across the technology trends identified in this plan.

Consumerization of Technology
Consumerization of technology is the growing tendency for new information technology to initially emerge in the consumer market and then move into business and government organizations. The rise of consumer markets as the primary arena of information technology innovation represents a major shift in the IT industry away from the dominance of large business and government organizations as drivers of technology adoption. Whether it is utilizing a personal smartphone for work or communicating with citizens through social media, today state employees and organizations are leveraging tools that originated in the consumer market to communicate, collaborate, and share knowledge in the workplace as well as with those outside the organization. While the adoption of consumer oriented technologies can be challenging to organizations, early experience suggests that, implemented properly, the results are more productive, engaged employees and improved relationships with citizens and partners.

Increasing Pace of Technology Expansion and Change
The introduction of new technologies is now a common feature of today's marketplace, and it is widely accepted that the overall pace of technology change has increased over the past decade. However, this broad sense of increasing pace encompasses several specific, often reinforcing, trends, including the proliferation of technologies with new capabilities, the "disruptive" nature of these technologies, and the resulting creation of new activities and groups of users. Consider, for example, smart phones and their "apps" expanding citizen outreach. A significant consequence of this complex technology change is an increase in uncertainty; uncertainty about the evolution of the technologies, uncertainty about the opportunities they present, and uncertainty about the degree of risk accompanying the adoption of the technologies. In turn, these uncertainties challenge organizations, including state government, to develop the managerial innovation, flexibility, adaptability, and rapid responses required to successfully identify and incorporate technologies that best address their business needs.

Internet of Things
According to a 2013 article published in McKinsey Quarterly, the Internet of Things is proliferating at an "astounding rate" and expected to "explode in number" over the next decade. The Internet of Things, first defined in 1999 by British technology pioneer Kevin Ashton, represents the addition to the Internet of smart devices, such as sensors, security cameras, automobiles, and just about any device with a processor and the ability to be networked. Cisco projects that by 2017 there will be about 1.7 billion such smart devices connected to the Internet, not counting mobile phones and tablets! The availability of such ubiquitous data sources has the potential to "disrupt" many aspects of state government information technology use. At a minimum, all such devices implemented by state government will need to be secured, managed, and supported. Due to the pervasive nature of this technology, Gartner recommends organizations approach the Internet of Things not as a single activity, but broadly, taking an integrative and holistic view when examining opportunities and building potential business cases.

Technology Trends

Commonwealth Goals

  • Technology Trend: Social media
    Provide a policy framework for social media use and utilize a Commonwealth Center of Excellence to promote and coordinate the adoption of social media to meet citizen communication expectations, improve transparency, and support collaboration and knowledge sharing among the commonwealth workforce.

  • Technology Trend: Mobility
    Establish a Commonwealth Center of Excellence to manage and direct the proliferation of mobile device and "apps" usage in order to enhance and expand citizen services, ensure governance and security compliance, gain greater productivity within the commonwealth workforce, and increase the attractiveness of commonwealth employment to younger workers.

  • Technology Trend: Cybersecurity
    Implement technologies, practices, and monitoring to protect commonwealth data and infrastructure, reduce the commonwealth's attack surface area, maintain cyber security situational awareness, effectively respond to cyber security attacks, identify and remediate IT security risks, maintain a knowledgeable cyber security workforce, and maintain citizen trust in the commonwealth's commitment to the securing of their personal information.

  • Technology Trend: Enterprise information architecturestrong>
    Implement an enterprise information architecture that promotes availability of consistent, secure, high quality, timely and accessible information to enhance public value and enable quality service to citizens of the commonwealth.

  • Technology Trend: Enterprise shared services
    Continue to support, and where appropriate, extend the model of enterprise shared services to improve efficiency and effectiveness in commonwealth operations where business functions and data cross departmental boundaries, a shared service is more cost-effective, or the service facilitates the transfer of information or worker knowledge.

  • Technology Trend: Cloud computing services
    Manage and direct the evaluation and adoption of cloud computing infrastructure and services to address agency business requirements for a secure, flexible, and rapidly scalable computing environment.

  • Technology Trend: Consolidation\Optimizationstrong>
    Continue the cost and service benefits achieved by consolidation to date, while pursuing an enterprise-wide approach to optimize the mix of central, agency, and partner infrastructure and services to provide an adaptive and cost effective IT environment.

Technology Trend - Social Media

Commonwealth Goal

Provide a policy framework for social media use and utilize a Commonwealth Center of Excellence to promote and coordinate the adoption of social media to meet citizen communication expectations, improve transparency, and support collaboration and knowledge sharing among the commonwealth workforce.

Why This Trend

Over 50 commonwealth agencies have established a presence on at least one social media site.

In the NASCIO 2012 Sate CIO Survey, over 80% of state CIOs rate the future value of social media as high or essential.

Research reveals a high failure rate of state social media initiatives due to focus on technology or lack of senior management leadership.

The commonwealth is one of the 23% of states that have no statewide standards or policies governing agency use of social media.

Overview

Even judged by the lofty standards of previous advances in information technology, the rapid evolution and adoption of social media has been impressive. The migration of social media tools onto mobile platforms, such as tablets and smartphones, has further enhanced the potential for social media to transform agency relationships with citizens, employees and the users of their services.

The federal website on use of social media, howto.gov/social-media (website is no longer available), defines social media as the integration of "technology, social interaction, and content creation to collaboratively connect online information. Through social media, people or groups can create, organize, edit, comment on, combine, and share content, in the process helping agencies better achieve their mission goals."

While social network sites like Facebook and Twitter are well known, social media encompasses a growing array of applications, including:

  • Blogs (conversational webpages)

  • Microblogs (extremely short blog posts)

  • Podcasts (publishing MP3 audio files on the web)

  • Photo/Video sharing

  • RSS Feeds (means for alerting users to new content

  • Collaboration tools, such as discussion forums (places for online communities), Wikis (collaborative web work space), and Employee Ideation Programs (brainstorming or ideation tools to collect and share innovative ideas).

Key Business Drivers

Business drivers for considering use of social media include widespread use among citizens and employees, growing citizen expectations to engage online, and successful use in the private sector, federal government and other states.

Given the popularity of social media, it is not surprising that citizens expect to communicate with commonwealth agencies using the same media. A recent NASCIO white paper reflects this citizen interest, noting that "social media clearly affords governments at all levels a significant opportunity to engage with citizens and the direct and indirect users of their services across a wide array of programs." Further, there is increasing evidence that the characteristics of social media, including timely interaction and rich content (written, audio, and video) lay a foundation for improving transparency and citizen understanding of the operation of state government (for example, see several articles in Government Information Quarterly).

Within state government, social media can play a role in supporting collaboration and knowledge sharing among the commonwealth workforce and help achieve process improvements. In addition to employee-oriented pages on social network sites, agencies are exploring the use of internal blogs, podcasts, and collaboration tools to enhance internal communication, offer training, and promote exchange of ideas and "lessons learned."

Support for Information Technology Advisory Council Technology (ITAC) Business Plan Initiatives

Use of social media can potentially support agency actions to achieve any of the initiatives. The breadth of social media applications is one reason the commonwealth goal highlights establishing a Center of Excellence to assist agencies in identifying the types and use of social media that best match their business needs. Examples of support for each Initiative are noted in the box below.

Support for Technology Business Plan Initiatives

  • Initiative 1 – 24/7 Citizen access
    Citizens now expect to interact with agencies through this popular and established communication channel.

  • Initiative 2 – Information sharing
    The rapid evolution of social media is providing agencies new opportunities to effectively and efficiently share information.

  • Initiative 3 – Workforce productivity
    An effective social media strategy can help agencies attract and retain younger workers.

  • Initiative 4 – Support education
    Use of social media is a component of the commonwealth's educational initiatives.

  • Initiative 5 – Streamline operations
    Information sharing through social media can play an important role in improving worker productivity.

Challenges

The enthusiasm surrounding social media must be constrained by the challenges to the commonwealth and agencies in the areas of policy, security, privacy, legal issues associated with terms of service, records management, and acceptable use. Recognition of these challenges is one of the reasons for the strategic direction to establish a policy framework for social media use. Research on state use of social media suggests a high failure rate of social media initiatives due to over emphasis on technology or lack of senior management (i.e., agency heads, deputies, and directors) leadership and involvement. Key success factors for successful agency social media initiatives include recognition that social media is an important channel for both external and internal communications, the need to specify the business activities that the social media initiative seeks to improve, and the involvement of employees in crafting and executing the initiative. The proposed Center of Excellence can serve as a clearinghouse for training, guidance, and lessons learned in addressing these issues.

Supporting Strategic Directions

The four strategic directions associated with the social media goal are designed to provide a policy framework for social media use, inaugurate a Commonwealth Center of Excellence to support agency efforts and share experiences, and establish commonwealth citizen-facing and employee-facing social media presence.

Below are the strategic directions related to the social media technology trend.

  • SM.A - Establish social media policy for information needs of citizens and partner with customers and private industry to develop statewide social media policies, standards, and best practices training.

  • SM.B – Consider creation of an overall "Commonwealth of Virginia" presence on social media and dedicate resources to monitoring and maintenance.

  • SM.C - Establish a Commonwealth Center of Excellence to assist agency use of social media and sharing of experiences and lessons learned, to be supported by agency employees with appropriate skill sets and expertise.

  • SM.D - Establish a social media environment for state government employees.

Agency Examples

DMV

Before the advent of social media, the Virginia Department of Motor Vehicles (DMV) had numerous tactics to engage, contact and communicate with its external audiences. These tactics included its website, mailers, text messages and phone call reminders, advertisements, traditional media outlets, and face-to-face contact at customer service centers. As the use of social media rapidly expanded, Virginia DMV realized that social media presented an opportunity to provide additional channels through which the agency can reach customers and stakeholders with news, promotional programs and resources.

Prior to launching its social media program, Virginia DMV reviewed other Virginia state agencies and DMVs throughout the nation that are using social media to better understand staffing resources, communication planning and expectations. Virginia DMV concluded that social media is an important and proven effective form of communication, but is not all-inclusive and should be a part of a larger communications effort. To that end, the agency developed the Virginia Department of Motor Vehicles Social Media Plan 2012-2013. The plan documented the goal, target audiences, objective, and strategy of the social media program, identified the immediate and potential long-term opportunities, and outlined nine tactics to guide the implementation of the program. In addition, the plan presented means for measuring and monitoring the effectiveness of the social media program as an outreach tool.

The program was launched in May 2012.

For further information, contact Pam Goheen, Assistant Commissioner for Communications, Virginia Department of Motor Vehicles.

DRPT

To increase awareness of the transportation services offered by their grant recipients, the Department of Rail and Public Transportation has established a YouTube channel to post transportation videos provided by the recipients, such as The Tide, GRTC, and Amtrak Virginia. View the videos at http://www.youtube.com/user/vadrpt

For further information, contact Jason Cheeks, Web Application Developer, Department of Rail and Public Transportation.

SCHEV

The Research Section at the State Council of Higher Education for Virginia is using social media to support its research activities. The Section operates @SCHEVResearch on Twitter to broadcast updates and news relevant to their data collection and reporting activities.

In addition, the Research Section recently unveiled a new social network platform that integrates blogs, forums, wikis, and gamification for registered users. The platform includes tool that allows users to create wiki pages in a private space, adding data objects from the SCHEV site and their own textual analysis and commentary. Other users will be able to rank it and comment on the results.

For further information contact Tod R. Massa, Director, Policy Research and Data Warehousing, State Council of Higher Education for Virginia.

Resource Links

Virginia.Gov Social Media Directory

The official website of the commonwealth maintains a directory of agencies that have established a presence on Facebook, Flickr, Twitter and YouTube. The directory can be found at https://www.virginia.gov/agencies

NASCIO 2010 Survey on State Government Adoption of Social Media

Friends, Followers, and Feeds: A national survey of social media use in state government reports the results of NASCIO's 2010 survey of social media adoption by state governments. Report includes recommendations for next steps that states need to take as they adapt these tools to expand engagement with citizens and improve government programs. The report can be downloaded from http://new.nascio.org/Content/Publications-View/PID/652/evl/0/CategoryID/48/CategoryName/Social-Media

Govloop.com Guide on the Social Media in Government: Elements of Excellence

GovLoop.com is a popular social networking site for government employees. There are over 45,000 members, multiple blog posts daily, training webinars, active discussion forums, and specialized groups based on topic or location. In April 2013, GovLoop published a guide titled "The Social Media Experiment in Government: Elements of Excellence." The guide is broken down into three sections that cover Importance (Are government agencies viewing social media as a priority or a peripheral activity?), Impact (When social media is prioritized, what is its demonstrable value?), and Implementation (How can agencies replicate these successful social media experiments across government?) The guide can be downloaded at https://www.govloop.com/resources/the-social-media-experiment-in-government-elements-of-excellence-new-govloop-guide/

Federal Government Portal on Social Media

The General Services Administration of the federal government launched a website called "howto.gov" to help government workers "deliver a better customer experience to citizens." A section of the website focuses on social media. Among the topics covered are types of social media and using social media in government. The portal is located at https://www.digitalgov.gov/resources/

Technology Trend - Mobility

Commonwealth Goal

Establish a Commonwealth Center of Excellence to manage and direct the proliferation of mobile device and "apps" usage in order to enhance and expand citizen services, ensure governance and security compliance, gain greater productivity within the commonwealth workforce, and increase the attractiveness of commonwealth employment to younger workers.

Why This Trend

By 2016, smartphones are projected to account for 78% of mobile phones in use. (1)

Shipments of tablet computers are expected to exceed those of portable PCs in 2013 and outpace the entire PC market by 2015. (2)

In 2012, mobile data traffic was nearly 12 times the size of the entire global Internet in 2000. (3)

VITA now offers a new "BYOD" service that permits state employees to access work information from personal mobile devices.

(1) Gartner, Inc.; (2) IDC, Inc.; (3)-Cisco Systems, Inc.

Overview

Mobile devices, such as smartphones and tablet computers are small hand-held computing devices that have a display screen, touch or keyboard input, an operating system, and can run various types of application software, commonly known as "apps." The combination of Internet connectivity, increasing capability, and decreasing cost have led to the rapid proliferation of mobile devices. According to a September 2013 study by the Pew Internet and American Life Project, "91% of all Americans now own a cell phone, this means that 57% of all American adults are cell internet users." Further, one in three U.S. adults now owns a tablet computer.

As these statistics suggest, the unprecedented adoption of mobile devices has firmly established these devices as a new communications platform. One consequence is the dramatic change in the way citizens and agency employees can access information and services. Citizens can have access to real time information like road and traffic conditions. For those living in areas with limited broadband access, such as southwest Virginia, Smartphones offer access to Internet-based agency services. For commonwealth employees in the field, use of mobile devices can improve delivery of services as well as boost employee productivity.

In response, organizations are revising their communication and service delivery strategies and undertaking new initiatives. Since a mobile device has become the device a citizen or employee always has, some are developing a "mobile – first" communication and service delivery strategy, while others are moving to a multi-channel strategy, focusing on developing an environment where communication and services can be implemented across multiple platforms. Regardless of the strategic approach, to take advantage of the opportunities presented by mobile devices, agencies need to develop plans that align with business needs while creating value for citizens or employees.

One example of the latter that has gained considerable attention is permitting agency employees to access work information from personal mobile devices, sometimes referred to as BYOD (Bring Your Own Device). In February 2013 the commonwealth established a policy enabling state employees to use their personal mobile devices to access Commonwealth voice and email systems to conduct official state business (see the agency examples tab for details).

Finally, it should be noted that there is more to the mobility trend than tablets and smartphones. As described under Technology Environmental, the "Internet of Things", also known as machine-to-machine connections, is emerging with significant implications and opportunities for expanding the mobility trend.

Key Business Drivers

Several factors are driving agencies to consider how best to respond of the widespread use of mobile devices. Increasing citizen comfort with using mobile devices for personal communication is reflected in their expectations for similar communication and interaction with commonwealth agencies. Agencies are now expected to provide information 24x7 and, increasingly, deliver real time, context specific (i.e., location, time-of-day) services. Increased cell phone network speeds now make web browsing and application use on mobile devices more practical and efficient. In response, agencies are adopting their websites to operate mobile devices and developing specialized apps to delivery information and services. This is particularly significant for rural users with limited or no access to broadband Internet service.

For agency operations, factors driving consideration of mobile devices include the need for more employees to be connected while outside agency offices, addressing the commonwealth commitment to balancing work and home life, and the desire to attract younger workers. Further, the increasing power of mobile devices combined with reductions in their cost and the cost of the associated data plans are altering the cost-benefit consideration.

Support for Information Technology Advisory Council Technology Business Plan Initiatives

Delivering citizen services through mobile devices and using mobile devices within the agency can contribute to the achievement of any of the Initiatives. The broad range of potential uses and rapid adoption of mobile devices is one reason the Commonwealth Goal highlights establishing a Center of Excellence to assist agencies in identifying the devices and applications that best match their business needs. Examples of support for each Initiative are noted in the box below.

Support for Technology Business Plan Initiatives

  • Initiative 1 – 24/7 Citizen access
    Citizens now expect to interact with agencies through this popular and established communication channel.

  • Initiative 2 – Information sharing
    Mobile devices provide a means to effectively and efficiently share just the right information at just the right time.

  • Initiative 3 – Workforce productivity
    An effective social media strategy can help agencies attract and retain younger workers.

  • Initiative 4 – Support education
    Use of social media is a component of the commonwealth's educational initiatives.

  • Initiative 5 – Streamline operations
    Information sharing through social media can play an important role in improving worker productivity

Challenges

While the availability of mobile devices presents agencies with several opportunities to improve communication with citizens and employee productivity, acting on those opportunities requires agencies to address several business and technical issues.

Successfully capitalizing on mobile device opportunities involves time and resources to develop a mobile device strategy that aligns with the agency priorities and objectives. Because incorporating mobile devices will likely necessitate changes in critical business procedures, employee participation and senior management (i.e., agency heads, deputies, and directors) leadership are essential.

Technical issues include addressing the needs of diverse users (i.e., employees, customers, partners) with different device and app requirements, meeting somewhat contradictory user expectations for a richer information environment accessed through a simpler apps interface, maintaining apps across a range of mobile device platforms, and reengineering current websites and applications to operate effectively in the mobile device environment. As agencies evolve their use of mobile technologies, they, along with the commonwealth, will be forced to add new layers of network protection and increase their security capabilities.

Supporting Strategic Directions

The eight strategic directions associated with the mobility goal develop governance and strategy, establish a Commonwealth Center of Excellence to manage and direct mobile device and "apps" usage, provision infrastructure to support online services, and promote expansion of core curricula through an apps store. Below are the strategic directions related to the mobility technology trend.

  • M.A - Establish a standard for mobile apps development and list of targeted applications (include security component).

  • M.B - Develop usage policy for mobile technology enabled applications (include security component).

  • M.C - Develop technology roadmap for infrastructure to support expansion of online services/mobility.

  • M.D - Provision infrastructure to support expansion of online/mobility services.

  • M.E - Establish a Commonwealth Center of Excellence to assist agency development and use of internal and citizen-facing mobile applications, and to share results and lessons learned. The Center would be supported by agency employees with appropriate skill sets and expertise.

  • M.F - Develop a mobility strategy for in scope Executive Branch agencies using ITP services; establish governance for mobility to include a policy for BYOD; develop and implement policies and technologies to enable a mobile workforce that is both attractive to next-generation workers and cost-effective and productive for the commonwealth.

  • M.G - Expand technology offerings to enhance the mobile employee experience.

  • M.H - Promote the expansion of core curricula that meet SOLs or university core curricula via an apps store concept that offers standardized curricula; COV role could be provision of infrastructure.

Agency Examples

BRING YOUR OWN DEVICE - Enterprise Handheld Services

To improve productivity, collaboration and efficiency among commonwealth employees, the Virginia Information Technologies Agency (VITA) is offering a new service that permits state employees to access work information from personal mobile devices such as smartphones. This service enables state employees to securely access work email accounts, calendars, contacts and tasks from personal smart devices such as iPhones, iPads, Droids, Windows mobile devices and more. To support employee use, agencies may provide stipends. To obtain this service, an agency must be on the commonwealth infrastructure and have completed messaging transformation.

For further information, see VITA FS - Bring Your Own Device

DMV Mobile

DMV Mobile allows citizens to access their MyDMV account while "on the go" to perform over 20 transactions including vehicle registration renewal, driver license renewal, address change and more. The Virginia DMV app enables citizens to locate the nearest Customer Service Center, check wait times, take sample licensing exams, and select, customize, and purchase special license plates.

For further information, contact Pam Goheen, Assistant Commissioner for Communications, Virginia Department of Motor Vehicles

eVA 4 Business and eVA Mobile 4 Approvers

The Department of General Services has published two apps for users of eVA, Virginia's innovative e-Procurement system. The eVA 4 Business app provides real-time access to business opportunities with Commonwealth of Virginia State Agencies, Universities, Colleges, Local Governments and other Virginia Public Bodies. The eVA Mobile 4 Approvers app affords eVA approvers an easy/simple way to review and approve requisitions.

For further information, contact Marion Lancaster, Information Technology Manager, Department of General Services

DOC VirginiaCORIS

With the completion of a major initiative to upgrade all legacy systems to a .NET environment that can support the use of mobile apps, the Department of Corrections (DOC) is piloting the use of tablets and apps to address high priority business needs. The initial effort focuses on supporting probation officers and offers mobile access to the Department's Correctional Information System (VirginiaCORIS). DOC is working closely with VITA to incorporate the appropriate security environment.

For further information, contact Rick Davis, Chief Information Officer, Department of Corrections

Resource Links

Virginia.Gov Mobile Apps Directory

The Commonwealth's official website, Virginia.gov, contains a directory of agency mobile apps. Each entry contains the publishing agency, brief description, and links to the Google Play and Apple IPhone app stores. The directory can be found at:
http://www.virginia.gov/connect/mobile-apps-directory

Enterprise Architecture Standard (EA 225-13)

Section 5.6, ETA Platform Domain, defines the mobile communication use requirements that enable state employees to use their personal mobile communications devices to access Commonwealth voice and email systems to conduct official state business. The standard is available at:
Enterprise Architecture Standard - EA225-15

NASCIO State Mobile Apps Catalog

National Association of State Chief Information Officers (NASCIO) has developed a new State Mobile Apps Catalog, a collection of over 160 state and territory native mobile apps. According to NASCIO, "This tool offers a convenient way to see what other states are producing in terms of mobile apps, and allowing states to generate ideas for their own state or territory." The catalog can be found at: http://www.nascio.org/apps/

Technology Trend - Cybersecurity

Commonwealth Goal

Implement technologies, practices, and monitoring to protect commonwealth data and infrastructure, reduce the Commonwealth's attack surface area, maintain cyber security situational awareness, effectively respond to cyber security attacks, identify and remediate IT security risks, maintain a knowledgeable cyber security workforce, and maintain citizen trust in the commonwealth's commitment to the securing of their personal information.

Why This Trend

Over half of agencies lack acceptable policies, standards, and procedures to control security threats.

65% of agency business functions using IT systems are considered mission essential.

2012 saw a 21% increase in the number of security incidents and a 150% increase in the number of discovered vulnerabilities.

Source: 2012 Annual Report on Information Security in the Commonwealth

Overview

Security threats, in the form of malicious hacking, viruses, malware, unsecured devices, data breaches, among others, are an unfortunate, and all too prevalent, feature of today's computing environment. According to the Privacy Rights Clearinghouse, in 2012 Government was the number 2 target of cyber-attacks. The Commonwealth of Virginia is no exception; during FY 2013 commonwealth transformed agencies were the target of over 118 million attack attempts and the recipient of 759 million spam messages (Source: Privacy Rights Clearinghouse, A Chronology of Data Breaches, Aug 2013).

The policy of the commonwealth is to secure its electronic information using methods based on the sensitivity of the information and the risks to which the information are subject, including the dependence of critical agency business processes on the information and related systems. The Information Security Policy (ITRM Policy SEC519-00) and related standards establish that each agency head is responsible for the security of the agency's electronic information and for providing the security framework that agencies use to establish and maintain their information security program.

The policy establishes the Commonwealth Information Security Program as the comprehensive framework for agencies to follow in developing agency security programs that protect their information. The program recognizes that commonwealth sensitive information is a critical asset and establishes that information security is:

  1. A cornerstone of maintaining public trust;
  2. Managed to address both business and technology requirements;
  3. Risk-based and cost-effective;
  4. Aligned with agency and COV priorities, industry best practices, and government requirements;
  5. Directed by policy but implemented by business owners; and
  6. Applied holistically irrespective of medium.

The Virginia Information Technologies Agency (VITA) Commonwealth Security & Risk Management (CSRM) Directorate is tasked with ensuring a safe, secure technology environment that enables the commonwealth and agencies to accomplish their respective missions. The directorate develops and manages an ever changing portfolio of tools and processes designed to secure commonwealth data and systems. These include establishing security architecture and standards and protecting commonwealth data 24 x 7 x 365 through intrusion detection and vulnerability scanning, antivirus and firewalls, spam and web content filtering, centralized and automated software patching, secure remote network access, and encrypted internal email. The directorate collaborates with the FBI, DHS, and others to share security intelligence and information.

In 2012, the Commonwealth IT Risk Management Program was created. The purpose of this program is to identify where the most significant risks to the commonwealth exist, prioritize resources and efforts based on risk, ensure the agency leadership understands risks, and set a risk threshold for the commonwealth as a whole.

Key Business Drivers

In light of the increasing amount of sensitive information, including personally identifiable information and personal health information, required by commonwealth agencies to perform their missions, the dominant business driver for the cyber security trend is the imperative to protect citizen data and provide a safe, secure technology environment. Other major business drivers are citizen expectations to conduct business with commonwealth agencies as they now do with commercial organizations, 24 x7 anywhere they might be, and accommodating the rapid emergence of mobile devices as the platform of choice for citizen and employee online interaction.

Support for Information Technology Advisory Council Technology (ITAC) Business Plan Initiatives

Successful management of cyber security risks and threats is a prerequisite for the success of all five Initiatives. Continuing to maintain citizen trust in the commonwealth's information environment encourages agencies to use information technology as a means of achieving the Initiatives and citizens to take advantage of new technology-based service offerings. Examples of support for each initiative are noted in the box below.

Support for Technology Business Plan initiatives

  • Initiative 1 – 24/7 Citizen access
    Provides a secure online environment for citizens to interact with agencies.
  • Initiative 2 – Information sharing
    Establishing a comprehensive security framework promotes and protects information sharing.
  • Initiative 3 – Workforce Productivity
    Up to date security will be recognized by tech savvy younger workers.
  • Initiative 4 – Support education
    Secure computing is essential for online courses.
  • Initiative 5 – Streamline operations
    Effective security is integral to improving back-office platforms and productivity tools.

Challenges

The 2012 Information Security Report states that "58 percent of agencies have not implemented acceptable policies, standards and procedures to control unauthorized uses, intrusions and other security threats. The failure of implementation results in unknown levels of risk in the commonwealth IT environment." A significant challenge facing CSRM is working with agencies to identify how much risk they are subject to and making decisions concerning prioritization and allocation of resources to address the risks.

The report also notes that "Security is not being adequately included in the lifecycle planning of IT systems. End-of-life planning for IT systems and applications is not sufficiently addressing the need to upgrade hardware and software that is no longer supported by a vendor. Continued use of unsupported hardware and software is costly and puts commonwealth information at a high risk level."

The continued move of the commonwealth's citizen-facing services to an online service model is accompanied by additional security challenges, such as identity and authentication management and the need to raise citizen awareness of potential security risks. Beyond delivering traditional services online, the commonwealth technology environment is also characterized by employees spending more time conducting commonwealth business using mobile devices and agencies increasingly interacting with citizens on third-party social networks. While delivering productivity and service improvements, these approaches raise their own security concerns which must be addressed. Addressing these security issues will require improved risk analysis and assessment, enhancements to access security, increased security awareness and training for employees and citizens, and an upgraded capability to conduct security compliance.

Supporting Strategic Directions

The six strategic directions associated with the cyber security goal are designed to enhance the cyber security governance framework and improve cyber security operations.

Below are the strategic directions related to the cyber security technology trend.

  • CS.A – Manage the IT Risk Management program for the commonwealth, including implementation of a risk management portfolio tool.
  • CS.B - Enhance the commonwealth's cyber security posture.
  • CS.C - Continue to enhance the cyber security governance framework to include:
    1. Implementation of a method framework to ensure compliance with security PSGs,
    2. Monitoring of commonwealth data and assets for threats and vulnerabilities and remediation of any issues identified,
    3. Identification, mitigation, and management of IT security incidents,
    4. Development of cyber intelligence based on research of current cyber trends as well as analysis of cyber data within the commonwealth, and
    5. Provision of cyber security data and information to commonwealth entities and other partners of the commonwealth.
  • CS.D - Develop security governance requirements for commonwealth identity management.
  • CS.E - Deploy a single identity management system (CAS) for all public-facing state government apps.
  • CS.F - Provide adequate cyber security training and education for commonwealth leaders, IT professionals, information security personnel, and commonwealth employees.

Agency Examples

DMV/VITA: Commonwealth Authentication Services (CAS)

Through the collaboration of the Technology, Health and Human Resources, and Transportation secretariats, an on-line identity authentication service has been deployed for all commonwealth agencies to use. The DMV led project implemented a solution that enables agencies to leverage a common authentication system for users to gain access to selected customer-facing systems. The CAS system will be hosted, operated and maintained by VITA as a shared service.

For further information, contact Michael Farnsworth, Project Manager, Department of Motor Vehicles

Information Security Officer Manual

The Commonwealth Information Security Council recommends strategic direction on commonwealth information security and privacy-related initiatives. Members must be an agency Information Security Officer (ISO) or part of their agency's IT security team. The council has established a multi-agency ISO Manual Committee to prepare an ISO Manual. The manual will provide information on IT security requirements for newly hired ISOs, a quick reference material for all ISOs, and a central location for newly implemented requirements.

For further information, contact Bill Freda, Committee CSRM Support, Virginia Information Technologies Agency

Resource Links

VITA Commonwealth Security and Risk Management

The Virginia Information Technologies Agency Commonwealth Security site is the entry point for security related information. Among the topics covered are:

Multi-State Information Sharing and Analysis Center (MS-ISAC)

MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the nation's state, local, territorial and tribal (SLTT) governments. The center can be found at: http://msisac.cisecurity.org

United States Computer Emergency Readiness Team (US-CERT)

US-CERT's mission is to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the nation while protecting the constitutional rights of Americans. The US-CERT site is located at: http://www.us-cert.gov

Technology Trend: Enterprise Information Architecture

Commonwealth Goal

Implement an enterprise information architecture that promotes availability of consistent, secure, high quality, timely and accessible information to enhance public value and enable quality service to citizens of the commonwealth.

Why This Trend

Item 427 C of the 2012 and 2013 Appropriation Acts requires the Secretary of Technology to develop data standards for information commonly used by state agencies.

In August 2012, Commonwealth Data Governance implemented the Enterprise Information Architecture (EIA) Scorecard – a survey instrument designed to capture information on the "current state" of EIA across the commonwealth.

In spring 2013, 120 participants from over 30 agencies attended stakeholder sessions to draft an EIA strategy, which was approved by the Secretary of Technology in August 2013.

Overview

In July 2012, the Secretary of Technology adopted into Enterprise Architecture (EA) Policy 200-02, a more robust definition of enterprise information architecture (EIA) that promotes availability of consistent, secure, high quality, timely and accessible information to enhance public value and enable quality service to citizens of the commonwealth. The EIA definition and strategy resides within the broader Enterprise Architecture (EA) framework, which is a strategic asset used to manage and align the commonwealth's business processes and IT infrastructure and solutions with the state's IT strategy.

The Commonwealth EIA Strategy represents the next step toward a mature EIA approach and a formal statement of Virginia's vision for maximizing its information assets. The strategy has been developed to align this plan and respond to key business drivers. The strategy articulates an approach that promotes availability of consistent, secure, high quality, timely and accessible information to enhance public value and enable quality service to citizens of the commonwealth.

The strategy identifies four program areas and establishes goals for each:

  • Data Governance: Forge a disciplined approach to data governance across the Commonwealth with formal roles for data stewards and other stakeholders.
  • Data Standards: Promote the use of standardized data and shared data definitions as a means of supporting information exchange across agency systems, government domains, and levels of governance.
  • Data Asset Management: Manage information as an enterprise asset, with an emphasis on quality, security, efficiency, accessibility, reduced redundancy, and a higher return on investment.
  • Data Sharing: Leverage the sharing of information based on business need and in compliance with governing laws, statutes, and regulations to increase government performance, improve service to citizens and more effectively achieve business outcomes.

In August 2012, the Virginia Information Technologies Agency (VITA) implemented the EIA Scorecard, a survey instrument designed to assess the current state of EIA across executive branch agencies based on a set of business and technical performance measures. Using the results of the initial survey and EA best practices, VITA staff drafted the EIA strategy based on input from agency data stewards and other stakeholders. A series of three stakeholder engagement sessions, held from February through April 2013, were attended by 120 participants representing over 30 agencies, refined the draft and ensured it addressed agency business needs. The draft was adopted by the Secretary of Technology in August 2013.

Key Business Drivers

The Commonwealth EIA Strategy has been designed in response to four key business drivers impacting the state's information management activities: data quality, standardized data and shared definitions, data accessibility, reuse, and reduced redundancy, and informed decision making and public service.

The National Association of State Chief Information Officers (NASCIO) has referred to information as the "currency" of state government (NASCIO 2011, Capitals in the Clouds). Data may be considered "high quality" if they present an accurate and reliable reflection of the "real world" entities they describe. High quality data is crucial for delivering effective citizen services. Accordingly, ensuring data quality continues to be a primary objective for the commonwealth's information management initiatives.

Commonwealth agencies must work across lines of business and share information with partners at multiple levels of governance to deliver the services required by citizens. However, such information-sharing and business partnerships are hindered by disparate data definitions, specifications and terminology. At the organizational level, such partnerships are also impacted by cultural and institutional barriers, such as agency or system "silos." Without standardized data and shared data definitions and specifications, supported by collaboration between agencies and their business partners, the commonwealth lacks the information sharing capacity needed for meeting business performance outcomes and effective delivery of services.

Commonwealth agencies spend millions of dollars each year to collect, manage and utilize data on persons and other entities. Agencies frequently collect the same data from the same persons as other agencies, storing these data in agency or system-centric data "silos." Such data redundancy presents an unnecessary cost, negatively impacts the value of government's data assets, and hinders meeting citizen service demands.

The public and their governmental leaders expect accurate, timely, and reliable data to make informed decisions. This requires transparency and engagement between agencies and their stakeholders. Demand for collaborative, informed decision making cuts across branches and levels of government, with the emphasis on getting the right information into the right hands at the right time for public service.

Support for Information Technology Advisory Council Technology Business Plan Initiatives

Implementation of the EIA Strategy directly addresses Initiative 2 – Improve information sharing to optimize current business functions and supporting systems. Actions taken to implement the strategy also can support agency achievement of the other initiatives. Examples of support for each Initiative are noted in the box below.

Support for Technology Business Plan Initiatives

  • Initiative 1 - 24/7 Citizen access
    Implementing the EIA Strategy is the basis for delivering high quality data to citizens.
  • Initiative 2 - Information sharing
    The EIA Strategy targets removal of barriers to data sharing.
  • Initiative 3 - Workforce productivity
    Younger workers, educated in an information rich environment, expect to have the right information at the right time.
  • Initiative 4 - Support education
    High quality data is essential for tracking educational attainment initiatives.
  • Initiative 5 - Streamline operations
    Reducing data redundancy improves agency productivity.

Challenges

The results of the August 2012 EIA Scorecard point to key challenges the commonwealth faces in achieving the goal for this technology trend, including:

  • Agency data is currently maintained in "silos". While most agencies have implemented data standards, the majority of these tend to be internal standards rather than commonwealth or external standards.
  • There is no inventory or registry of enterprise data assets.
  • The governance of enterprise data is currently informal, mostly at the agency level.
  • While there in increasing data sharing among agencies, such data sharing is governed via agency point-to-point agreements.

The goals and objectives identified in the EIA Strategy represent the required steps and milestones for addressing these challenges and achieving an enterprise, commonwealth-wide approach to information management through the 2020 planning horizon of the EIA strategy and this plan.

Supporting Strategic Directions

The related strategic directions seek to establish a governance framework for EIA, improve information sharing, align management of information resources to support industry trends such as "big data" and business analytics, and promote business-driven integration of existing education and workforce data sets.

Below are the ten strategic directions related to the Enterprise Information Architecture technology trend.

  • EIA.A - Develop an enterprise approach to data management that addresses emerging business needs and citizen expectations for "open data" (i.e., data accessible through an approved application).
  • EIA.B - Develop an enterprise plan for "big data" using the four program areas and goals defined in the EIA strategy to: 1) identify commonwealth, agency, and partner business needs that can be efficiently and effectively addressed by applying innovative forms of IT and analysis to appropriate enterprise data; and, 2) define and implement applications incorporating the necessary advanced IT and analytical capabilities.
  • EIA.C - Develop an enterprise information architecture strategy and roadmap covering data governance, data standardization, data asset management, and enterprise data sharing.
  • EIA.D - Implement information sharing program, standards, and guidelines (PSGs) and a data sharing framework for acceptable use of publishing public datasets.
  • EIA.E - Establish a trust agreement framework, defined by PSGs, to support commonwealth-wide information exchange across domains and levels of government.
  • EIA.F - Adopt and implement information exchange and vocabulary standards to provide a common basis for governmental information sharing (based on existing PSGs).
  • EIA.G - Develop an enterprise approach to data management to enable the effective governance of information assets aligned with industry trends, including "big data," business analytics, and emerging toolsets.
  • EIA.H - Establish a Commonwealth of Virginia data governance stewardship body with defined roles and responsibilities.
  • EIA.I - Expand services such as the Virginia Longitudinal Data System beyond education data and beyond public K-12/ public colleges and universities.
  • EIA.J - Integrate/link emerging workforce skills needs and course learning objectives databases statewide to better match educational opportunities to occupational titles.

Agency Examples

VITA's Process Model for Data Standardization

From August-November 2012, the Virginia Information Technologies Agency (VITA) engaged with the Department of Accounts (DOA) and the Cardinal project team to implement the new process model for development of the Chart of Accounts Data Standard. The adopted standard, which received final approval by the Secretary of Technology on January 24, 2013, leveraged DOA's expertise with regard to financial accounting and control and the State Comptroller's statutory authority to "direct the development of a modern, effective, and uniform system of bookkeeping and accounting" and ensure it is adopted by state agencies (§2.2-803). In keeping with the new process model, VITA prepared the data standard's documentation and managed the public comment and adoption phases, thus reducing the burden on DOA and expediting the standard's adoption.

VITA's New System Review for Compliance

The Department of Behavioral Health and Developmental Services (DBHDS) recently completed the procurement process for a new Electronic Health Record (EHR) system for the agency's health facilities, which is one of the projects cited in Item 427 of the 2012 Appropriation Act that set requirements for data standardization. VITA Commonwealth Data Governance (CDG) and Project Management Division (PMD) staff worked closely with DBHDS staff to review the vendor proposals and confirm that the new EHR system will comply with applicable health IT standards. This implementation of the new VITA project review process resulted in the selection of a compliant system and will enhance interoperability between DBHDS and the commonwealth's other health IT systems.

VDH's Use of Services Oriented Architecture (SOA)

The Virginia Department of Health (VDH) in partnership with the Department of Medical Assistance Services (DMAS) and the Virginia Information Technologies Agency (VITA) has been tasked with developing and implementing a Birth Registry Interface (BRI) and Death Registry Interface (DRI) in support of the Medicaid Information Technology Architecture (MITA) Care Management business process. The objective is to increase the efficiency of government employees who provide assisted services by use of the technology supporting the self-directed service model. SOA is the core technical concept of the MITA Technical Architecture. The Interface projects will facilitate access to Care Management Services via the Commonwealth of Virginia (COV) Gateway ESB and COV Health Information Exchange (HIE). This project will use a "publish and subscribe" model. This is a method used to synchronize activities around an event like a birth or a death. A source system at the Vital Records office will publish a document for a discrete "event" to the SOA technology. The SOA technology in turn, will distribute the event document to the subscribers. This model allows agency and multi-agency business processes to be coordinated by the technology. For example, a birth notification document can be published by Vital Records and the subscribing agency (for example, Department of Social Services) can take action for enrollment, if applicable, based on business rules.

Resource Links

Enterprise Architecture (EA) Policy 200-02

The Commonwealth's Enterprise Architecture is a strategic asset used to manage and align the Commonwealth's business processes and Information Technology (IT) infrastructure/solutions with the state's overall strategy. The Enterprise Architecture Policy establishes the governance framework for the implementation of the enterprise architecture. The policy can be found at:
Enterprise Architecture Policy - EA200

EIA Scorecard

In August 2012, VITA implemented the EIA Scorecard – a survey instrument designed based on Gartner's IT Score for EA methodology – to assess the current state of EIA across executive branch agencies and identify strategies for moving the commonwealth toward its desired future state in the EIA Maturity Model. For a full set of summary tables for the EIA Scorecard results, visit EIA Scorecard.

Commonwealth Enterprise Information Architecture (EIA) Strategy: 2014-2020

As discussed above, in 2012-2013 Commonwealth Data Governance completed an eight-month planning process to develop an enterprise information architecture strategy. The strategy was adopted by the Secretary of Technology in August 2013. The strategy is available at: Commonwealth EIA Strategy

Data.Virginia.Gov

Data.Virginia.gov is an online portal that provides both easy access to Virginia's open data and keeps Virginians informed of major Commonwealth initiatives that utilize big data. The key objectives of this site are to increase transparency, encourage innovation, and enhance state operations. Further information can be found at: http://data.virginia.gov/

Enterprise Data Standards Repository

All adopted Commonwealth Data Standards are located in the Enterprise Data Standards Repository at COV Adopted Standards

National Information Exchange Model (NIEM) Core Person Data Elements

To meet the statutory requirements under Item 427 of the 2012 Appropriation Act, which requires the standardization of "all citizen-centric" data, the Commonwealth is in the process of adopting as a Commonwealth ITRM Standard the NIEM Core Person data elements. For general information on NIEM, please visit www.niem.gov

Technology Trend - Enterprise Shared Services

Commonwealth Goal

Continue to support, and where appropriate, extend the model of enterprise shared services to improve efficiency and effectiveness in commonwealth operations where business functions and data cross departmental boundaries, a shared service is more cost-effective, or the service facilitates the transfer of information or worker knowledge.

Why This Trend

While this technology trend is fostering a new generation of services, agencies have participated in enterprise shared services for several years through Virginia Information Technologies Agency (VITA).

The commonwealth is leveraging federal funding to establish enterprise services that can be used by all agencies, including the Commonwealth Authentication Service (CAS), Enterprise Data Management tool (EDM) and Service Oriented Architecture Platform (SOA).

Implementation of new enterprise shared services is an important tool for addressing agency business needs while managing long-term technology costs.

Overview

Enterprise Shared Services (ESS) is a delivery model in which a shared-service center (either physical or virtual,) supported by dedicated people, processes, and technologies, acts as a centralized provider of a defined business function for use by multiple enterprise constituencies. Shared services typically involve standardizing and streamlining data, processes, and infrastructure, as well as implementing financial disciplines around the services being delivered.

While advances in this technology trend are fostering a new generation of services, commonwealth agencies have participated in enterprise shared services for several years through the IT Partnership and the Virginia Information Technologies Agency (VITA). Both were established to bring a business-like approach to managing IT services across the enterprise of state government. Current IT infrastructure enterprise shared services include:

  • Data center (mainframes, storage, servers).
  • Network (routers, firewalls, Enterprise Internet connection with redundant circuits).
  • Desktop computers with hardware/software refresh.
  • Desktop software (Office, virus scan, remote support, and asset inventory management).
  • Enterprise Email with full redundancy, hot fail-over and full security scans in/out.
  • Help desk and incident management (storms & outages).
  • Monitoring of servers, security, and network): 24 x 7 x 365.

In addition to IT infrastructure services, VITA offers several enterprise services for agencies, such as Hosted Mail Archiving, Point-in-time Data Duplication, Enterprise Handheld Services, Unified Communications as a Service (UCaaS) and Geospatial (GIS) Services.

In 2012 the Electronic Health and Human Resources (eHHR) Program Office was formed under Secretary of Health and Human Resources Dr. William A. Hazel, Jr. While the primary purpose of the eHHR Program is to align the commonwealth with federal health care initiatives and health care reform in the commonwealth, a significant benefit is leveraging federal funding to establish enterprise services that can be used by all state agencies. Enterprise services under development include the Commonwealth Authentication Service (CAS), Enterprise Data Management tool (EDM) and Service Oriented Architecture Platform (SOA).

Under a project led by the Department of Motor Vehicles (DMV) in collaboration with VITA, CAS will provide improved verification of identity, expediting citizens' access to commonwealth services while protecting against identity theft and fraudulent activities. Enterprise Data Management tools will provide a single, unified and trusted view of data entities for any user or application. The tools can be used by agencies anywhere a single trusted view of data is required and can also be applied to merging multiple sets of data into a single view. SOA is a suite of tools that will expedite connecting agency legacy applications to new online services, support sharing and reuse of web services across agencies, facilitate the automation of business rules, and share development environments, expertise and support.

Key Business Drivers

Several business drivers have been identified whose presence merits designating a service as an enterprise shared service. Among these drivers are:

  • Where services support business functions and data that cross departmental boundaries.
  • Where a shared service is more cost-effective.
  • Where the shared service facilitates the transfer of information or worker knowledge.
  • Where consistent qualities of service are required.
  • Where a shared service is foundational to other needed shared services.
  • Where a common approach is recommended by best practices.

For Virginia, health care reform has proved a significant driver for adoption of enterprise shared services. The Patient Protection and Affordable Care Act of 2010 and the American Recovery and Reinvestment Act presented significant funding opportunities to improve the quality and value of Virginia healthcare, while establishing technical foundations for the future transformation of Virginia government services beyond healthcare. Specific to the ESS technology trend, the Federal funding enables the Commonwealth to achieve the following outcomes:

  • Modernize information technology infrastructure as an enabler for future business transformation.
  • Provide a technical environment where standards-based interoperability is possible between new and legacy systems.
  • Provide web-based, self-directed options for citizen services.
  • Maximize the efficiency and effectiveness of administrative and operational staff.
  • Manage overall long-term technology costs.

Support for Information Technology Advisory Council Technology Business Plan Initiatives

As noted in the box below, supporting and expanding the model of enterprise shared services directly supports agency achievement of Initiatives 2, 4 and 5, while indirectly supporting initiatives 1 and 3.

Support for Technology Business Plan Initiatives

  • Initiative 1 - 24/7 Citizen access
    Enterprise shared services expands the technology options available to agencies for communicating with citizens.
  • Initiative 2 - Information sharing
    Enterprise shared services enables cost effective sharing of information between agencies.
  • Initiative 3 - Workforce productivity
    By supporting an up-to-date technology and information infrastructure, enterprise shared services helps attract and retain younger workers.
  • Initiative 4 - Support education
    Educational shared services, such as Blackboard, are already supporting the commonwealth's educational initiatives.
  • Initiative 5 - Streamline operations
    Enterprise shared services is a key element for improving worker productivity by providing access to shared information.

Challenges

As noted under the description, the commonwealth is already applying the concept of enterprise shared services through current VITA services and the development of new services through the eHHR Program. The implementation of new services such as CAS, EDM and SOA present technical, security and organization challenges. The development of these services requires understanding and mastering new technologies and platforms, as well as addressing new security issues. The involvement of multiple agencies results in increased levels of project and program management. Concurrent with the implementation of new services, the commonwealth must establish policy and processes to govern agency use or non-use of enterprise or collaborative shared solutions, as well as address lingering concerns about the shared services approach.

Supporting Strategic Directions

The five strategic directions associated with the enterprise shared services goal focus on extending the shared services model and expanding the Service Oriented Architecture (SOA) component.

Below are the strategic directions related to the enterprise shared services technology trend.

  • ESS.A - Expand use of the central SOA shared infrastructure to enable better standardized exchange of information between agencies and partners.
  • ESS.B - Implement a COV payment portal.
  • ESS.C - Offer commonwealth-wide instructional software, such as Blackboard.
  • ESS.D - Promote SOA for the student/teacher interaction, both instructional and administrative.
  • ESS.E - Establish governance for the use of a central Service Oriented Architecture (SOA).

Agency Examples

DMV/VITA: Commonwealth Authentication Services (CAS)

Through the collaboration of the Technology, Health and Human Resources, and Transportation secretariats, on-line identity authentication services will be built for all Commonwealth agencies to use. The DMV led project implemented a solution that can enable agencies can leverage a common authentication system for users to gain access to selected customer-facing systems. The CAS system will be hosted, operated and maintained by VITA as a shared service.

VITA: Service Oriented Architecture (SOA)

The purpose of the Commonwealth Service Oriented Architecture (SOA) project is to procure, install, maintain and configure an infrastructure to support an SOA model for providing shared services. The underlying components include an Enterprise Service Bus (ESB), Universal Description Discovery & Integration (UDDI), Business Process Execution Language (BPEL), Business Activity Monitoring (BAM) and Web Service Manager. The SOA infrastructure will enable agencies to develop modular, swappable functions, separate from, yet connected to an application via well-defined interfaces to provide agility.

VITA: Commonwealth Enterprise Data Management (EDM)

The Commonwealth Enterprise Data Management (EDM) project will provide an enterprise data management solution that will store enterprise data and facilitate data sharing at an enterprise level. The EDM solution will be deployed in the SOA enabled infrastructure. In addition, the project team will establish a competency center and related governance.

DSS: EDSP Program

The Department of Social Services (DSS) Enterprise Delivery System Program (EDSP) represents the following major projects:

  1. The Eligibility Modernization Modified Adjusted Gross Income (MAGI). This is a single Medicaid case management system for MAGI Medicaid and CHIP/FAMIS categories.
  2. The Migration Project consists of ADAPT and the Energy system replacement, as well as the inclusion of the final Medicaid category of ABD/LTC. The Migration project leverages an external rules engine (IBM WODM) and other VITA SOA components as well as Document Management and Imaging that includes centralized printing and mailing services.
  3. The Eligibility Modernization Conversion project converts data for Families & Children's Medicaid, CHIP, and FAMIS systems into the VaCMS.

The EDSP program represents the continued efforts to implement the Department's and HHR Secretariat IT Strategic Plan vision of a self-service benefits and services model that is efficient, effective and provides a customer friendly experience. The EDSP promotes a business process model and information technology that is enterprise-wide, interoperable, secure and expandable across HHR departments in the Commonwealth.

For further information, contact Robert Hobbelman, Chief Information Officer, Division of Information Systems, Virginia Department of Social Services.

Resource Links

VITA Services

The list of current VITA services can be found at: Technology Services

eHHR Program Description

The appendix to the 2012 Required Technology Investment Projects (RTIP) Report presents the details of the eHHR Program and the commonwealth's approach for leveraging federal funding to establish enterprise services that can be used by all state agencies.
RTIP 2012 - Appendix G - HIT MITA Program

Enterprise Service Opportunities from the MITA Program

This presentation to the Information Technology Advisory Council (ITAC) on August 1, 2011 outlines the elements of the Medicaid IT Architecture (MITA) component of the eHHR Program that will yield enterprise services that can be used by all commonwealth agencies.
ITAC Aug 2011 MITA

Service Oriented Architecture (SOA) Topic Report – January, 2013

The purpose of this report, part of the Enterprise Technical Architecture Integration domain, is to establish an overarching technical and governance framework for the state's service-oriented architecture. The document provides principles, requirements and recommended practices to help ensure SOA-based services are designed to meet agency and state business needs and are architected for tier one enterprise use.
Service Oriented Architecture (SOA) Topic Report

Technology Trend: Cloud Computing Services

Commonwealth Goal

Manage and direct the evaluation and adoption of cloud computing infrastructure and services to address agency business requirements for a secure, flexible, and rapidly scalable computing environment.

Why This Trend

Cloud computing services are attracting considerable attention by offering an alternative to the traditional acquisition of hardware, software, and support/administrative personnel.

Typical service models are Infrastructure as a Service (IaaS) and Software as a Service (SaaS).

The IT Partnership with Northrop Grumman currently provides a private infrastructure cloud for Commonwealth agencies.

The benefits of cloud computing services have to be balanced against the technical and business requirements, such as data security and terms of use.

Overview

According to the 2012 NASCIO State CIO Survey, over 70 percent of states are "highly invested" or "have some applications" in the cloud. This is an increase of 22 percent over responses to the 2011 survey, suggesting that cloud computing services is moving from a "leading-edge" to an accepted technology.

The National Institute for Standards and Technology Special Publication SP800-145 defines cloud computing as a model for enabling universal, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management efforts or service provider interaction. Put another way, cloud computing is a subscription-based service that provides Internet access to information and computing services. A common example of cloud computing is Internet email, where firms such as Google, Microsoft, and Yahoo provide all the hardware and software necessary to support an email account which can be accessed anytime and anywhere through the Internet.

Common characteristics of cloud computing include:

  • On-Demand Services – agencies can directly provision and configure appropriate solutions that meet their business needs without going through a "traditional" procurement process.
  • Broad Network Access -services that are made available through standard Internet-enabled devices (e.g. mobile phones, tablets, laptops, and workstations).
  • Pay As You Go – agencies pay only for the resources they consume on a variable-fee basis.
  • Rapid Scalability – agencies can increase or decrease their resource capacity at will, according to their needs.
  • Higher Level of Automation – agencies reduce staff time spent on routine administrative tasks, such as configuration management, manual troubleshooting, software updates, or backups.

Common deployment models include:

  • Public Cloud - a cloud made available for the use by the general public. This is the most common type of cloud. The user has little control over how resources are shared or allocated, and has limited insight into the virtualized cloud environment. Google, Amazon, and Microsoft are examples of vendors offering public cloud services.
  • Private Cloud – the cloud provider dedicates and customizes the resources and administration of a defined environment to each organization. The IT Partnership currently provides a private infrastructure cloud for the Commonwealth.
  • Community Cloud – a cloud made available to a certain group of individuals for their exclusive use. A government cloud refers to a particular type of community cloud where members are government organizations, typically from the same jurisdictions or domains (i.e., defense, human resources). Vendors such as Google, Microsoft, IBM and Amazon have deployed and pre-certified government clouds.

The typical service models offered by cloud computing vendors are:

  • Software as a Service (SaaS) - delivers common applications, such as email and collaboration software, or agency provided application software running on a cloud infrastructure.
  • Infrastructure as a Service (IaaS) - delivers computing hardware, storage, networking, and backup. IaaS allows agencies to provision processing, storage, networks, and other fundamental computing resources to deploy and execute applications.
  • Platform as a Service (PaaS) - delivers an application framework that supports design and development, testing, deployment, and hosting. Agencies rent infrastructure and programming tools hosted by the cloud vendor to create their own applications.

Through the IT Partnership with Northrop Grumman, VITA provides a number of SaaS and IaaS services. An example of the former is a suite of enterprise shared service offerings (see "Technology Trend: Enterprise Shared Services" above), while the provision of the common computing infrastructure is the primary example of the latter.

Key Business Drivers

Several business issues facing agencies are driving interest in the use of cloud computing services, including the need to quickly deploy services with the ability to rapidly increase speed of service delivery and flexibility for service changes, improve support for business continuity, enable agency IT staff to focus on mission-critical tasks instead of traditional infrastructure maintenance and operations activities, and provide agency business owners more options in selecting the most appropriate and cost-effective technology solution to meet a business need.

A widely perceived benefit of cloud computing is the ability to rapidly reduce infrastructure expenses. Although some organizations may see immediate cost savings, the goal of deploying cloud computing services should focus on adding business value. The 2012 National Association of State Chief Information Officers (NASCIO) survey referenced above notes that 29 percent of responding CIO's indicate that cost of cloud computing services is a concern, "indicating that there is no general acceptance that cloud services are less costly."

Support for Information Technology Advisory Council Technology (ITAC) Business Plan Initiatives

The deployment of cloud computing services may contribute to agency achievement of all the initiatives. Examples of support for each Initiative are noted in the box below.

Support of Technology Business Plan initiatives

  • Initiative 1 – 24/7 Citizen access
    Cloud computing services supports 24/7 citizen access to agency information and services.
  • Initiative 2 – Information sharing
    Cloud computing services provides new approaches to sharing information.
  • Initiative 3 – Workforce productivity
    Younger workers, familiar with using personal cloud services, such as email and document and photo storage, will be comfortable using agency cloud computing services.
  • Initiative 4 – Support education
    Cloud computing services, such as Blackboard, are already contributing to meeting the Commonwealth's educational initiatives.
  • Initiative 5 – Streamline operations
    Use of cloud computing services can be an element in improving employee productivity as well as enabling agencies to redistribute their human resources.

Challenges

While the potential benefits of utilizing cloud computing services to enhance service delivery and business value can be substantial, there are business, technical, and security requirements that must be addressed to realize those benefits. Business requirements may include process reengineering, changes in staff responsibilities, and negotiating terms of use. Technical requirements encompass customizing software or services, credentialing, and establishing service levels and remedies. Since requirements and conditions may change, any service being used should be under the control of a written contract to protect the agency.

In December 2012 the Commonwealth Information Security Council published a white paper describing cloud computing and the security controls to be considered when evaluating the use of cloud computing services (see "Resources Links" below). As noted in the paper,

"Certain steps must be taken to ensure the appropriate level of security is used, depending on the sensitivity and classification of the agency data. More controls will be required if the data has been classified as sensitive than if it is considered public information. Once the data classification has been completed, the system owner must determine how best to safeguard the information through the use of physical and logical access controls. Systems containing sensitive data should include the highest level of appropriate controls based on the confidentiality and integrity of the data. If the system includes data that is sensitive with respect to confidentiality, the agency should strongly consider not using a cloud computing service other than a commonwealth provided service."

Supporting Strategic Directions

The four strategic directions associated with the cloud computing services include developing strategy, policy, and a technology roadmap for public cloud computing, establishing and branding the COVA government cloud, and creating an agile provisioning model for launching new services.

Below are the strategic directions related to the cloud computing services technology trend.

  • CCS.A - Develop strategy and PSGs for public cloud computing.
  • CCS.B - Incorporate public cloud computing into the technology roadmap
  • CCS.C - Formally establish and brand the COVA government cloud; include Software as a Service (SaaS) and keep vendor agnostic.
  • CCS.D - Develop a flexible provisioning model for launching new services.

Agency Examples

VITA: Hosted Mail Archiving

Hosted mail archiving is an example of a current cloud service made possible because of the IT infrastructure, a shared services cloud, operated by Northrop Grumman for the commonwealth with oversight by VITA. Details of the service can be found here: VITA FS - Hosted Mail Archiving.

VITA: Workplace Collaboration Service

VITA offers Workplace Collaboration Services (WCS) featuring Microsoft SharePoint 2010, a Web-based project collaboration system that provides a single integrated location where employees can efficiently collaborate, find organizational resources, manage content and workflows, and leverage business insight to make better informed decisions. This service includes disaster recovery (DR) services for the production environment at the tier 6 level. The service is available to any customer receiving standard COV messaging services through VITA's IT Infrastructure program. Details of the service are available at: Workplace Collaboration Services (WCS)

VGIN: Geospatial (GIS) Services

The Virginia Geographic Information Network (VGIN) Geospatial (GIS) Services provides Geospatial Data Catalogue service for public access service and state/local government data documentation service. Public services include open, one-stop Internet access to a catalogue of all state agency geospatial data layers. Documentation includes information on the data's spatial extent, scale, format, content, currency and accessibility. Services available to state agencies and local governments include secure user-friendly access to Internet data documentation tool and clearinghouse services. Further information can be found at: VGIN Geospatial Services

Resource Links

Cloud Computing: Security Considerations and Recommendations for Agencies

This December 2012 white paper from the Commonwealth Information Security Council describes cloud computing and examines the security controls to be considered when evaluating the use of cloud computing services. (Cloud Computing - Security Considerations and Recommendations for Agencies)

NASCIO "Capitals in the Clouds" Publications

The National Association of State Chief Information Officers (NASCIO) has published a series of reports on the use of cloud computing by state governments:

  • The Case for Cloud Computing in State Government Part I: Definitions and Principles
  • The Case for Cloud Computing in State Government Part II: Challenges and Opportunities to Get Your Data Right
  • Capitals in the Clouds Part III – Recommendations for Mitigating Risks: Jurisdictional, Contracting and Service Levels
  • Capitals in the Clouds Part IV – Cloud Security: On Mission and Means
  • Capitals in the Clouds Part V: Advice from the Trenches on Managing the Risk of Free File Sharing Cloud Services

The reports can be downloaded from the NASCIO publications site: http://www.nascio.org/publications

Cloud First Buyers Guide for Government

To spur federal government agencies to take advantage of the benefits that cloud computing enables, the Obama Administration has issued a Cloud First policy. This buyer's guide is designed to assist government agencies as they evaluate and purchase cloud services and solutions in response to that policy. The guide, which includes case studies and "Myths & Realities", is available at: https://www.isaca.org/Groups/Professional-English/cloud-computing/GroupDocuments/Cloud%20First%20Buyers%20Guide%20for%20Gov%20July%202011.pdf

Technology Trend: Consolidation & Optimization

Commonwealth Goal

Continue the cost and service benefits achieved by consolidation to date, while pursuing an enterprise-wide approach to optimize the mix of central, agency, and partner infrastructure and services to provide an adaptive and cost effective IT environment.

Why This Trend

Capitalizing on the other Technology Trends cited in this plan is enhanced by adopting an enterprise-wide approach for delivering an integrated suite of IT services to agencies and citizens.

Extending consolidation to embrace an enterprise-wide managed shared services environment promotes and facilitates creation and sharing of innovative technology solutions.

The Comprehensive Infrastructure Agreement (CIA) expires in 2019; January 2013 marked the mid-way point of contract. Preparing for rebidding the CIA is a strategic effort that will require significant time and resources.

Overview

Given the pressure of the past few years on all state governments to "do more with less", it is not surprising that states are exploring several means, including consolidation of IT services, to provide new or improved services at reduced cost. In 2003 Virginia moved past exploration to become a leader in leveraging consolidation when the General Assembly approved legislation establishing the Virginia Information Technologies Agency (VITA) as the Commonwealth's consolidated information technology organization. In 2005 Virginia extended its leadership in consolidation by concluding the Comprehensive Infrastructure Agreement (CIA), which formed a partnership with Northrop Grumman to modernize the state's information technology infrastructure. As the Commonwealth Chief Information Officer noted in a September 2013 presentation to the Joint Legislative Audit and Review Commission, VITA and Northrop Grumman have established a standardized, reliable, and secure enterprise infrastructure that includes two data centers and about 59,000 PCs, 3,300 servers, and 27,000 printers across 2,247 locations.

The strength of this enterprise infrastructure positions the Commonwealth to take advantage of emerging technologies and service models, such as those identified in the other Technology Trends, to enhance and optimize consolidation by implementing a fully managed service model. Pursuing this logical extension of consolidation offers several benefits, including development and implementation of cost-effective enterprise applications and shared services, increased interoperability of enterprise applications, effectively addressing the evolving and increasing IT security threats to the Commonwealth, improved customer service from VITA and its partners, expansion of citizen self-directed service capabilities, and establishment of a service framework that facilitates creation and sharing of innovative technology solutions. As the National Association of State Chief Information Officers 2013 State CIO Survey notes, "Whether it is IT shared services, security vulnerability monitoring, or SaaS (Software as a Service), many of the most critical initiatives under way today require an enterprise-wide approach in order to be effective."

Key Business Drivers

The commonwealth initially pursued consolidation and established the CIA in response to several business drivers, including the need to modernize and integrate the commonwealth IT infrastructure, gain control and stabilize IT spending, and improve services and employee productivity. Key business drivers for extending consolidation to implement an enterprise-wide managed shared services environment while maintaining the cost and service benefits achieved by consolidation to date are:

  1. continued pursuit of cost containment by exploiting economies of scale and implementing enterprise-shared services,
  2. operating the commonwealth IT environment as a fully-managed service providing efficient and cost effective centralized monitoring, management, support, and delivery of infrastructure and shared services,
  3. meeting agency requests for a more flexible and responsive IT environment that supports development and delivery of innovative solutions to agency and citizen needs,
  4. addressing business and mandated requirements for improved information sharing among agencies and partners, and
  5. supporting the McAuliffe administration's initiatives for "energizing our government" and "innovating our future". (see "Resource Links" below)

The planning and execution of the CIA contract rebid represents a key business driver in the latter part of the plan's 2012-2018 timeframe. As noted under the Technology Environmental Factors section on the plan, rapid and significant change in the technology landscape is now the norm. This complicates and expands the planning and preparation effort. A presentation by the Commonwealth CIO to the Joint Legislative Audit and Review Commission (see "Resource Links" below) provides the preliminary timeline:

  • 2013 – 2014 Preparation
  • 2014 – 2015 Request and plan
  • 2016 – 2017 Procure
  • 2018 legislative session – Obtain approval

Support for Information Technology Advisory Council Technology (ITAC) Business Plan Initiatives

Pursuing consolidation and optimization, along with the rebidding of the CIA contract, will provide agencies and partners with new tools and services to address business issues in support of all the Initiatives. Examples of support for each Initiative are noted in the box below.

Support of Technology Business Plan initiatives

  • Initiative 1 – 24/7 Citizen access
    Fully managed enterprise infrastructure and services expands the technology options available to agencies for communicating with citizens.
  • Initiative 2 – Information sharing
    Fully managed enterprise infrastructure and services promotes cost effective sharing of information between agencies.
  • Initiative 3 – Workforce productivity
    Providing an up-to-date enterprise technology and information infrastructure supports improved productivity and helps attract and retain younger workers.
  • Initiative 4 – Support education
    A fully managed service environment provides a cost effective way to expand applications and services that support educational attainment initiatives.
  • Initiative 5 – Streamline operations
    Consolidation and optimization will streamline operations by supporting enterprise-wide collaboration and standardization, while constraining IT operations cost.

Challenges

In a January 2013 presentation to the House Appropriations Subcommittee on Technology Oversight and Government Activities & Senate Finance Subcommittee on General Government/Technology, Commonwealth CIO Sam Nixon addressed the challenges facing the Commonwealth and VITA in moving forward with consolidation, optimizing the mix of central, agency, and partner infrastructure and services, and planning for the CIA contract rebid. Among the challenges he noted are lingering resistance to the shared services approach, continuing work to improve VITA customer service, meeting citizen and agency expectations for faster technology innovation, and dealing with the Commonwealth's aging legacy applications.

Strategic Directions

The majority of Strategic Directions associated with the Consolidation\Optimization Trend focus on activities that achieve the benefits of an enterprise-wide managed shared services environment, while the final strategic direction targets the major planning initiative to rebid the Comprehensive Infrastructure Agreement.

Below are the recommended commonwealth Strategic Directions related to the Consolidation\Optimization Technology Trend.

  • C\O.A - Support re-engineering and local consolidation of E-911 centers to upgrade technology, reduce cost and streamline citizen access.
  • C\O.B - Develop a roadmap to implement no wrong door (single point of entry) for citizen services.
  • C\O.C - Procure applications toolset that will support the applications development lifecycle and promote collaborative toolset use among agencies.
  • C\O.D - Develop training plans and programs to ensure the Commonwealth's information technology and administrative workforce has the knowledge and skills to support the state's information technology.
  • C\O.E - Establish a group to identify and promote innovative uses of technology in the commonwealth.
  • C\O.F - Identify a strategy for a more efficient solution for printing services.
  • C\O.G - Improve Commonwealth Technology Portfolio services to agencies and stakeholders.
  • C\O.H - Inventory, prioritize and develop a roadmap for replacement or elimination of legacy systems that are old, inefficient and unsecure, and that inhibit innovation and reform.
  • C\O.I – Realize the economic, service delivery, and reliability benefits of "virtualization" by requiring new enterprise and agency applications to utilize virtual computing and storage hardware, unless an exemption has been granted by the commonwealth CIO.
  • C\O.J - Require executive branch agencies to use enterprise infrastructure and applications provided through VITA unless an exemption has been granted by the commonwealth CIO.
  • C\O.K - Develop and execute a strategy for establishing requirements and rebidding the Comprehensive Infrastructure Agreement.

Resource Links

VITA Update: House Appropriations Subcommittee on Technology Oversight and Government Activities & Senate Finance Subcommittee on General Government/Technology

The January 23, 2013 update by Sam A. Nixon Jr., Chief Information Officer of the Commonwealth, noted some of the challenges facing the commonwealth and VITA in moving forward with transformation and planning for the CIA contract rebid. The presentation is available at:
VITA Update - Jan 22, 2013 - HAC SFC

CIO 2013 Presentation to the Joint Legislative Audit and Review Commission

On September 9, 2013 Sam A. Nixon Jr., Chief Information Officer of the Commonwealth, made his annual presentation to the Joint Legislative and Audit Review Commission (JLARC). In addition to detailing the work of VITA and needs in the areas of security and staffing, his presentation outlines the timetable for the CIA contract rebid. The presentation can be viewed at: Joint Legislative Audit and Review Commission

Strategic Directions Supporting Technology Business Plan Initiatives

Support for Technology Business Plan Initiatives

The Supporting Strategic Directions section in each Technology trend page identifies the strategic directions that derive from the technology trend. This page lists the strategic directions that align with and support each of the five Technology Business Plan initiatives.

The letters in front of each strategic direction identify the related technology trend using the following codes:

SM Social Media
M Mobility
CS Cyber security
EIA Enterprise Information Architecture
ESS Enterprise Shared Services
CCS Cloud Computing Services
C\O Consolidation\Optimization

Initiative 1 - Citizen Access

Emphasize programs and tools that enable all citizens to interact with government 24x7 – safely and securely, and when, how and where they want it.

  • SM.A - Establish social media policy for information needs of citizens and partner with customers and private industry to develop statewide social media policies, standards and best practices training.
  • SM.B - Consider creation of an overall "Commonwealth of Virginia" presence on social media and dedicate resources to monitoring and maintenance.
  • SM.C - Establish a Commonwealth Center of Excellence to assist agency use of social media and sharing of experiences and lessons learned, to be supported by agency employees with appropriate skill sets and expertise.
  • M.A - Establish a standard for mobile apps development and list of targeted applications (include security component).
  • M.B - Develop usage policy for mobile technology enabled applications (include security component).
  • M.C - Develop technology roadmap for infrastructure to support expansion of online services/mobility.
  • M.D - Provision infrastructure to support expansion of online/mobility services.
  • M.E - Establish a Commonwealth Center of Excellence to assist agency development and use of internal and citizen-facing mobile applications, and to share results and lessons learned. The center would be supported by agency employees with appropriate skill sets and expertise.
  • CS.B - Enhance the commonwealth's cyber security posture.
  • CS.D - Develop security governance requirements for COV identity management.
  • CS.E - Deploy a single identity management system for all public-facing state government apps.
  • EIA.C - Develop an enterprise information architecture strategy and roadmap covering data governance, data standardization, data asset management, and enterprise data sharing.
  • ESS.B - Implement a commonwealth payment portal.
  • CCS.A - Develop strategy and policies, standards and guidelines (PSGs) for public cloud computing.
  • CCS.B - Incorporate public cloud computing into the technology roadmap.
  • CCS.C - Formally establish and brand the Commonwealth of Virginia government cloud; include Software as a Service (SaaS) and keep vendor agnostic.
  • C\O.A - Support re-engineering and local consolidation of E-911 centers to upgrade technology, reduce cost and streamline citizen access.
  • C\O.B - Develop a roadmap to implement single point of entry for citizen services.

Initiative 2 - Information Sharing

Improve information sharing to optimize current business functions and supporting systems.

  • CS.A - Manage the IT Risk Management program for the commonwealth, including implementation of a risk management portfolio tool.
  • CS.C - Continue to enhance the cyber security governance framework to include:
    1. Implementation of a method framework to ensure compliance with security PSGs,
    2. Monitoring of commonwealth data and assets for threats and vulnerabilities and remediation of any issues identified,
    3. Identification, mitigation and management of IT security incidents,
    4. Development of cyber intelligence based on research of current cyber trends as well as analysis of cyber data within the commonwealth, and
    5. Provision of cyber security data and information to commonwealth entities and other partners of the commonwealth.
  • EIA.A - Develop an enterprise approach to data management that addresses emerging business needs and citizen expectations for "open data" (i.e., data accessible through an approved application).
  • EIA.B - Develop an enterprise plan for "big data" using the four program areas and goals defined in the EIA strategy to: 1) identify commonwealth, agency, and partner business needs that can be efficiently and effectively addressed by applying innovative forms of IT and analysis to appropriate enterprise data; and, 2) define and implement applications incorporating the necessary advanced IT and analytical capabilities.
  • EIA.D - Implement information sharing PSGs and a data sharing framework for acceptable use of publishing public datasets.
  • EIA.E - Establish a trust agreement framework, defined by PSGs, to support commonwealth-wide information exchange across domains and levels of government.
  • EIA.F - Adopt and implement information exchange and vocabulary standards to provide a common basis for governmental information sharing (based on existing ITRM PSGs).
  • EIA.G - Develop an enterprise approach to data management to enable the effective governance of information assets aligned with industry trends, including big data, business analytics and emerging toolsets.
  • EIA.H - Establish a Commonwealth of Virginia data governance stewardship body with defined roles and responsibilities.
  • ESS.A - Expand use of the central Service Oriented Architecture (SOA) shared infrastructure to enable better standardized exchange of information between agencies and partners.
  • C\O.C - Procure applications toolset that will support the applications development lifecycle and promote collaborative toolset use among agencies.

Initiative 3 - Workforce Productivity

Leverage technology to improve worker productivity and make state employment more attractive to the future workforce.

  • SM.D - Establish a social media environment for state government employees.
  • M.F - Develop a mobility strategy for in scope executive branch agencies using ITP services; establish governance for mobility to include a policy for Bring Your Own Device (BYOD); develop and implement policies and technologies to enable a mobile workforce that is both attractive to next-generation workers and cost-effective and productive for the commonwealth.
  • M.G - Expand technology offerings to enhance the mobile employee experience.
  • CS.F - Provide adequate cyber security training and education for commonwealth leaders, IT professionals, information security personnel, and commonwealth employees.
  • CCS.D - Develop a flexible provisioning model for launching new services.
  • C\O.D - Develop training plans and programs to ensure the Commonwealth's information technology and administrative workforce has the knowledge and skills to support the state's information technology.
  • C\O.E - Establish a group to identify and promote innovative uses of technology in the Commonwealth.

Initiative 4 - Support education

Support educational attainment initiatives-key to achieving state economic development and quality of life goals.

  • M.H - Promote the expansion of core curricula that meet SOLs or university core curricula via an apps store concept that offers standardized curricula; commonwealth role could be provision of infrastructure.
  • EIA.I - Expand services such as the Virginia Longitudinal Data System beyond education data and beyond public K-12/ public colleges and universities.
  • EIA.J - Integrate/link emerging workforce skills needs and course learning objectives databases statewide to better match educational opportunities to occupational titles.
  • ESS.C - Offer commonwealth-wide instructional software, such as Blackboard.
  • ESS.D - Promote Service Oriented Architecture (SOA) for the student/teacher interaction, both instructional and administrative.

Initiative 5 - Streamline operations

Expand and support back-office platforms and productivity tools that support Governor's Reform Commission recommendations on streamlining government operations.

  • ESS.E - Establish governance for the use of a central Service Oriented Architecture (SOA)
  • C\O.F - Identify a strategy for a more efficient solution for printing services.
  • C\O.G - Improve Commonwealth Technology Portfolio services to agencies and stakeholders.
  • C\O.H - Inventory, prioritize and develop a roadmap for replacement or elimination of legacy systems that are old, inefficient and unsecure, and that inhibit innovation and reform.
  • C\O.I - Realize the economic, service delivery, and reliability benefits of "virtualization" by requiring new enterprise and agency applications to utilize virtual computing and storage hardware, unless an exemption has been granted by the commonwealth CIO.
  • C\O.J - Require in-scope executive branch agencies to use enterprise infrastructure and applications provided through VITA unless an exemption has been granted by the commonwealth CIO.
  • C\O.K - Develop and execute a strategy for establishing requirements and rebidding the Comprehensive Infrastructure Agreement.

Statutory Authority

Section 2.2-2007 of the Code of Virginia requires the Commonwealth Chief Information Officer (CIO) to "develop a comprehensive six-year commonwealth strategic plan for information technology". The complete Code citation is as follows:

Section 2.2-2007 of the Code of Virginia - Powers of the CIO

  1. In addition to such other duties as the Secretary may assign, the CIO shall:
    1. Monitor trends and advances in information technology; develop a comprehensive six-year commonwealth strategic plan for information technology to include:
      1. specific projects that implement the plan;
      2. a plan for the acquisition, management, and use of information technology by state agencies
      3. a report of the progress of any ongoing enterprise information technology projects, any factors or risks that might affect their successful completion, and any changes to their projected implementation costs and schedules; and
      4. a report on the progress made by state agencies toward accomplishing the commonwealth strategic plan for information technology.

The commonwealth strategic plan for information technology shall be updated annually and submitted to the Secretary for approval.

The Commonwealth of Virginia (COV) Strategic Plan for Information Technology is one component of a system of information technology governance put in place to meet the requirements of Section 2.2-2007 and related Code sections. Information technology governance is implemented through the following policy and standards:

The complete list of Information Technology Resource Management (ITRM) policies, standards, and guidelines can be found on the Virginia Information Technologies Agency website at: ITRM Policies, Standards & Guidelines.