Office of of Information Information Management and Technology
Information Technology Strategic Plan 2015‐2018 Version 1.0, September 2015
Current State & Customer Perception Multiple fragmented IT environments, lacking defined interconnecting processes and workflows and a mission aligned enterprise architecture. This has led to reactive, unpredictable outputs, increased complexity, a lack of standardization, role misalignment and costly and unfocused system duplication.
OIMT does not OIMT does understand our business needs
OIMT does not OIMT does communicate effectively or effectively or deliver deliver consistent results consistent results
Though the challenges are real, both OIMT OIMT staff staff and the and the Centers recognize great great strides strides overs the the past past few years few years
OIMT costs OIMT costs too much and and moves moves too slow OIMT does OIMT does not keep up with the latest technologies latest technologies
2
Current State & Customer Perception Multiple fragmented IT environments, lacking defined interconnecting processes and workflows and a mission aligned enterprise architecture. This has led to reactive, unpredictable outputs, increased complexity, a lack of standardization, role misalignment and costly and unfocused system duplication.
OIMT does not OIMT does understand our business needs
OIMT does not OIMT does communicate effectively or effectively or deliver deliver consistent results consistent results
Though the challenges are real, both OIMT OIMT staff staff and the and the Centers recognize great great strides strides overs the the past past few years few years
OIMT costs OIMT costs too much and and moves moves too slow OIMT does OIMT does not keep up with the latest technologies latest technologies
2
To provide effective and fiscally responsible technology services in a manner which promotes high standards.
Improve Customer Satisfaction
Improve Program Outcomes Increase Security
Improve Awareness and Accountability of of Services Services Improve Collaboration and Communication Improve Delivery of of Service Service Improve Partnership with Customers Improve Skill Sets of of Staff Staff
Reduce Costs
Improve FISMA Compliance
Improve Asset Management Fully Leverage Consumption Based Cost Model Improve Internal Process Efficiency and Effectiveness Improve Communication Improve Utilization of Technology
3
OIMT Approach Our strategic initiatives can be bundled into three general areas:
5
ADCIO Collaboration
PEOPLE
Contract Management Role Alignment Training & Development Staffing Field Offices
6
Internal Milestone
ADCIO Collaboration
External Milestone
PROBLEM:
OIMT customers do not trust us as a business partner.
SOLUTION:
OIMT will develop a transparent and customer centric approach with the ADCIOs, designed to identify and satisfy their requirements, as well as allow the ADCIOs to drive the strategic direction. We need to focus on results, driving value, lowering costs and improving service. OIMT will allow business to drive IT, and leverage the expertise of the ADCIOs and their respective teams.
MILESTONES:
Utilize a Project Management Methodology that begins with defining business requirements and
•
ends with an expected result.
Develop Subcommittees that tactically execute and identify business process innovations and
•
deliver innovative business solutions; not simply IT solutions.
Develop a balanced scorecard quarterly to report on different areas of the IT environments.
7
Internal Milestone
Contract Management
External Milestone
PROBLEM:
OIMT does not have centralized management, defined processes and the appropriate skillsets to manage all IT contracts.
SOLUTION:
OIMT will implement a repeatable, centralized process for all IT contracts to facilitate the efficient and transparent acquisition of IT services and prevent duplicative contracts.
MILESTONES: Enhance IT Contracts Team that will be responsible for managing contract acquisitions. The team will work with the Office of Acquisitions and Grants (OAGS) to make the acquisitions process more efficient, and ensure that CORS are managing contracts to defined performance service levels.
Streamline Procurement Activities by developing workflows and processes to promote efficient,
•
transparent and effective management of IT acquisitions and contracts.
Build a Procurement Portfolio to streamline our approach and consolidate the number of contracts and contract vehicles. OIMT will assess the IT contracts inventory to find opportunities for consolidation and ways to leverage buying power. OIMT will continue to collaborate with OAGs on alternate contracting approaches and strategic sourcing opportunities.
Develop standard templates for procurement documents such as SOWs, IGCEs, etc. as well as
•
templates for measuring contract performance.
Develop a comprehensive, centralized contract management model that focuses on management,
•
oversight and accountability.
8
Internal Milestone External Milestone
Role Alignment
PROBLEM:
OIMT has not adequately defined functional roles and the required skillsets needed to support IT projects and services.
SOLUTION:
OIMT will perform resource planning activities to include a functional gap analysis and role definition in order to align the skills and abilities of the staff to those roles.
MILESTONES: Develop an organizational chart based on the functional role for each position that can be used to align functions and improve OIMT’s effectiveness and efficiency. •
Develop a skills matrix to give managers greater visibility of employees’ strengths and developmental needs, and enable them to provide more targeted and timely coaching and training.
•
Perform an organization assessment and staff rationalization to identify and redeploy staff with the requisite skills. Develop a roles and responsibilities matrix based on primary, secondary and tertiary expertise.
•
Conduct a comprehensive review of critical IT positions including the ones that may become vacant in the next 3‐5 years.
•
Develop a role‐based competency model to meet future business needs, and create a process to track progress and update succession plans on an ongoing basis.
•
Assess and refine performance work plans to ensure that they accurately reflect the expected performance in order to ensure accountability.
9
Internal Milestone External Milestone
Training & Development
PROBLEM:
OIMT lacks a consistent, holistic approach to ensure that training and development appropriately align with mission, roles and responsibilities.
SOLUTION:
OIMT will establish a centralized role‐based training and development management program with a training roadmap that identifies training needs by role and technology, and is monitored to ensure progress and compliance.
MILESTONES:
Leverage FDA University to help implement and execute new and ongoing training for OIMT staff,
•
and work with them to build a professional development program.
Develop a mentoring program which will provide new hires with the opportunity to understand the
•
complexities that exist within FDA, as well as have the opportunity for collaboration. The ability to connect with IT professionals will establish a strong foundation for a fulfilling career at FDA.
Establish a mandatory role‐based curriculum to provide guidance for staff to take essential training
•
•
such as FAC‐ COR, FAC‐ P/PM, CISSP, MCSE, etc.
Develop an Individual Development Plan (IDP) for each employee that offers employees greater opportunity for career development and cross‐training.
10
Internal Milestone External Milestone
Staffing
PROBLEM:
OIMT lacks a comprehensive, enterprise ‐wide succession and retention plan and approach.
SOLUTION:
OIMT will develop and consistently maintain a comprehensive recruitment, retention and succession plan and approach. At a minimum, the plan will account for prioritizing and hiring the skill sets that are missing, and ensure that position descriptions and communication plans are up to date.
MILESTONES:
•
•
•
•
•
Develop a catalog of IT resources and perform a skills gap analysis that will assist managers in developing existing employees, as well as assist in recruitment efforts. Develop a career growth program that will provide transparent and clearly defined IT career paths with criteria for progression to the next level in both technical and leadership positions. Right size the staff level and FTE to contractor ratio for cost savings and agility. Identify areas that do not have at least one backup, provide cross training and hire additional staff as appropriate. Review Position Descriptions (PD) for updates, using common PDs where applicable (for similar positions). Provide support for a position management system that will provide a consistent, standard tool for managing all FDA positions.
11
Internal Milestone
Field Offices
External Milestone
PROBLEM:
OIMT focuses more on headquarters and less on the field offices.
SOLUTION:
OIMT will maintain a balanced focus on headquarters and field offices to ensure they can meet their mission in an equivalent manner.
MILESTONES: Implement VOIP in 100% of the field offices to ensure consistency and mitigate phone related issues.
Develop high speed connections to remote offices to facilitate data transfer to and from the
•
laboratories and field offices.
Schedule quarterly meetings to increase communication and provide better customer service to the
•
field.
12
Openness and Transparency
PROCESSES
Governance
Uniform and Shared Capabilities
Cybersecurity
Customer Service
Project Management
13
Level 5 Level 4
Level 3
Defined Level 2
WE ARE HERE
Managed
Level 1
Initial
Process characterized for projects and is often reactive.
Quantitatively Managed
Optimizing Focus on process improvement
Process measured and controlled.
Process characterized for the organization and is proactive. Projects tailor their process from organizational standard.
Processes unpredictable, poorly controlled and reactive.
14
Internal Milestone External Milestone
Openness and Transparency
PROBLEM:
OIMT doesn’t have systematic processes and procedures to track and communicate with customers and OIMT Staff.
SOLUTION:
OIMT will develop a two way communication approach with the Centers through a comprehensive catalog of systems, technologies, and projects that is updated regularly, monitored and available to all.
MILESTONES: Develop Service Level Agreements (SLAs) and Operation Level Agreements (OLAs) to ensure that customers are provided services in a timely manner.
•
•
•
Employ a balanced scorecard methodology to inform our customers about IT initiatives and on‐going activities, and measure our adherence to the established SLAs and OLAs. Build a reporting mechanism, in the form of executive dashboards and high level reports, that will provide end‐to‐end monitoring and reporting of important key metrics. Provide transparency of cost via the cost allocation model using refined consumption‐based billing.
15
Internal Milestone External Milestone
Governance
PROBLEM:
FDA lacks IT policies and end‐to‐end processes and procedures that facilitate consistency, and ensure that the products delivered meet predefined integrity standards.
SOLUTION:
OIMT will develop an effective FDA‐wide IT governance structure that includes the Centers, promotes accountability and adherence to government ‐wide capital planning directives such Clinger‐Cohen, FITARA and FISMA.
MILESTONES:
•
•
Establish an Office of Enterprise Portfolio Management to provide oversight for all IT projects investments, using standard review and reporting procedures to measure the performance and compliance of projects.
Institutionalize an Investment Review Board (IRB) to improve acquisition and fiscal managem accountability for capital planning execution.
•
Develop processes, policies, SOPs and constructs that ensure consistent and quality results.
•
Implement quality management processes to baseline, and begin routine reporting on the performance of projects, key metrics and budget formulation activities. Enforce a project management methodology to ensure that IT projects are managed using a methodology.
Internal Milestone External Milestone
Uniform and Shared Capabilities
PROBLEM:
FDA lacks a unified IT strategic direction, governance policies and communication methods to prevent redundancies and duplication of efforts.
SOLUTION:
OIMT will establish an IT strategic direction using a target architecture that leverages the business capability model and the CIO Council and subcommittees to deliver uniform and shared solutions.
MILESTONES: •
•
Assess existing enterprise architecture to determine existing capabilities that can be shared. Rationalize capabilities to reduce redundant systems. Establish a comprehensive, holistic, standardized approach to multi‐functional printers to reduce costs, such as maintenance and supplies.
•
Empower Center ITIRBs to redirect Center development efforts to leverage shared capabilities when possible.
17
Internal Milestone External Milestone
PROBLEM: SOLUTION:
Cybersecurity
Cybersecurity compliance requirements are perceived as an impediment to agility and IT innovation. Improve Center engagement to address cybersecurity and IT challenges by developing innovative solutions, providing effective communications of Federal statutory requirements, and enhancing collaboration and situational awareness.
MILESTONES: Implement Continuous Diagnostics and Mitigation (CDM) using government‐wide Information Security Continuous Monitoring (ISCM) tools to enhance our ability to identify and respond, in real time or near real time, to the risk of emerging cyber threats. •
•
Implement Independent Verification and Validation (IV&V) for high‐risk systems, taking advantage of the wealth of information security expertise. Enhance the FDA security posture by moving to a next‐generation network security architecture that accommodates public and private cloud services. Develop a comprehensive patch management governance strategy.
•
Review and streamline the Security Authorization process.
•
Build a cadre of cybersecurity professionals ready to engage and implement a synchronized response across the enterprise.
•
Develop an account management policy.
•
Integrate cybersecurity governance requirements into the service and project management workflows and OIMT governance model. 18
Internal Milestone External Milestone
Cybersecurity (continued)
MILESTONES: Develop data a loss prevention strategy for end point systems. Establish best practices for implementation of security control requirements to assist system owners on security control implementation. •
•
•
Develop an Identity and Access management strategy for internal and external users to address long standing audit weaknesses. Develop both a dynamic and static application security testing and validation strategy to allow system developers the ability to test their systems and applications through all phases of the lifecycle. Develop an enterprise wide encryption policy for both internal and external data at rest and in transit.
19
Internal Milestone External Milestone
Customer Service
PROBLEM:
OIMT is a customer service organization that does not always consider and account for custom service delivery, customers’ expectations and perceptions in our day‐to‐day activities, communications and method of service delivery to the FDA community.
SOLUTION:
Enhance outreach to our customers in an effort to identify customer needs earlier, and provide interactive method that invites constructive criticism, comments and suggestions.
MILESTONES:
Develop multiple levels of communication to help OIMT deliver the appropriate level of custom service.
•
Enhance the centralized internal knowledgebase that documents issues or problems, and how support agents solved them.
•
Create an interactive self ‐help portal to allow users to identify solutions themselves.
•
Enhance processes and procedures to provide timely updates to customers about any disruptio and outages.
Internal Milestone External Milestone
Project Management
PROBLEM:
IT Project Managers do not use a standard method of tracking and reporting for their projects. IT Project Managers do not have a formal forum to present their projects and escalate high probability risks and high impact issues.
SOLUTION:
OIMT will establish a PMO to develop and implement project management policies that require project managers and project leads to track and report status in a consistent manner and in a centralized location. Conduct regular project reviews to review risks, issues and schedules.
MILESTONES:
Develop a project review process to ensure that projects are within scope, on time, and on budget,
•
and help mitigate high probability risks and high impact issues.
Enforce the use of the Clarity application as a centralized repository for tracking and reporting on all
•
IT projects and contracts.
Develop an Enterprise Project Management team to manage select strategic enterprise programs,
•
and provide oversight, guidance and mentorship to other OIMT projects.
Develop a project management process that governs intake through delivery and ensures that
•
customers receive the highest quality and expected results.
21
Infrastructure Stabilization & Modernization
Business Continuity
TECHNOLOGY
Mobility
Cloud
Application Development
Enterprise Architecture
Data
Scientific Computing 22
Internal Milestone External Milestone
Infrastructure Stabilization
PROBLEM:
OIMT does not have a systematic approach for monitoring and managing the current infrastructure, and lacks a plan to streamline processes and procedures, perform capacity management and modernize the infrastructure to meet our customers’ increasing needs.
SOLUTION:
OIMT will define, manage, and quantify performance and customer expectations. OIMT will identify the parts of the infrastructure that are unstable and create a plan to systematically improve. OIMT will establish and communicate SLA’s, as well as, proactively manage infrastructure through better monitoring, cross team reporting and root cause analysis.
MILESTONES: Hire a Chief Technology Officer. •
•
Adopt a “capacity on demand” model to support evolving technology based on business needs. Leverage enterprise architecture and asset management tools to collect a complete inventory of assets and applications to enhance asset management. Develop an infrastructure stabilization plan by identifying areas of the infrastructure that need improvements in order to provide better services.
•
•
Adopt ITIL methodologies for release management, configuration management and unified monitoring. Develop a strategy to provide Network as a Service by using network carriers that provide secure network connections. 23
Internal Milestone External Milestone
Business Continuity
PROBLEM:
FDA lacks a comprehensive disaster recovery strategy that would ensure the continuity of business operations and maintain the availability of mission critical systems, infrastructure and vital records.
SOLUTION:
OIMT will develop a strategy that includes a disaster recovery solution that provides business continuity for critical applications and vital records.
MILESTONES: •
Build redundancy at server and application levels to ensure business continuity.
•
Enhance and improve backup processes to ensure that OIMT can meet business needs to return to operations.
•
Develop a disaster recovery strategy to enable the FDA to withstand a regional disaster.
•
Move applications to the Ashburn Data Center to reduce operational complexity.
•
Perform capacity management and IT forecasting to ensure that the IT infrastructure is able to meet anticipated business growth.
•
Ensure that continuity is integrated into the OIMT governance strategy and embedded in the service and project workflow so that continuity will be assured in every deliverable.
•
Improve knowledge of and use of telework tools.
24
Internal Milestone External Milestone
Mobility
PROBLEM:
FDA lacks a comprehensive mobility strategy and the capabilities to support the increasing mobile work needs of FDA staff as well as address changing technologies.
SOLUTION:
OIMT will develop, communicate and implement a comprehensive, standardized mobility strategy that accounts for business requirements.
MILESTONES:
•
•
•
Provide internal and external stakeholders with timely access to information and data to support the need for access to Agency data at any time, from any place, on any FDA approved device. Implement enhanced mobile device management functionality to provide a Choose Your Own Device option for customers. Build an enterprise wide mobile application program to provide a mechanism to develop mobile applications that adhere to OIMT standards. Create a mobility security team to develop strategies and polices to protect and secure mobile assets. Develop a framework for a records management strategy for mobile devices, including texts and voicemails.
25
Internal Milestone External Milestone
Cloud
PROBLEM:
OIMT is not providing enough cloud services to meet our customers’ needs. OIMT lacks an overall strategy for the resources, policies, processes, acquisition vehicles, governance and security approval process to fully support cloud solutions.
SOLUTION:
OIMT will develop and implement a comprehensive cloud strategy, including funding, acquisitions and a cost allocation model, processes and procedures for obtaining resources and security approvals, and governance processes to meet the requirements of our customers.
MILESTONES: Build a secure provisioning solution to allow provisioning of servers in a hybrid cloud environment.
•
•
•
Perform an assessment of available cloud‐based services to identify solutions to meet business requirements at a lower cost. Evaluate and implement Platform as a Service (PaaS). Leverage Software as a Service (SaaS) to provide a platform for hosting FISMA low applications in the cloud (Salesforce). Develop a consumption based model strategy where the customer pays according to the resources used. Establish secure connections to allow for the use of government community cloud options.
•
Continue to implement public and private Infrastructure as a Service (IaaS) to increase mission effectiveness and efficiency and meet OMB mandates. 26
Internal Milestone External Milestone
Application Development
PROBLEM:
FDA lacks a comprehensive application portfolio and development management process (intake through delivery) which leads to duplication of business capabilities. This lack of governance and standards has led to applications being developed using a wide variety of technologies that are difficult and expensive to maintain.
SOLUTION:
OIMT will perform application rationalization, and create a standardized approach and framework for application development and application and technologies governance.
MILESTONES:
•
Build an application portfolio to identify all applications across the enterprise. Create application development standards to reduce the complexity of the application technology footprint.
•
Perform application rationalization to identify unused, redundant and out of date applications, and trim down the portfolio through application modernization and decommissioning. Establish software metering to track and maintain software licenses in use.
•
Develop an application development process that governs intake from concept through delivery, and ensures that customers receive the expected results. Identify and maintain key artifacts necessary to support our customers which include system documentation, toolsets, application catalog and access control lists.
•
Identify and automate key paper dependent business processes (ex. field inspections and sample collections). 27
Internal Milestone
Enterprise Architecture (EA)
External Milestone
PROBLEM:
FDA lacks integration between the HHS EA Repository (HEAR) framework and other FDA processes and disciplines which support FDA’s IT Portfolio, such as solutions architecture, and Systems Design. Additional challenges exist in integrating the HEAR with Information Security Staff’s (ISS) Trusted Agent FISMA (TAF) repository due to the disparate views and definitions of IT systems between ISS and EA. Finally, FDA’s Target Architecture updates lack integration with new IT Governance bodies now emerging at FDA.
SOLUTION:
OIMT will build a strategy that will adjust the HEAR modeling and ISS’ TAF update activities toward greater integration. OIMT will also work with the Platform Subcommittee to adjust and leverage the target architecture, to help ensure stabilization, modernization, and process improvement across the enterprise. Additionally, the plan will work towards greater alignment of the business requirements with the technology direction.
MILESTONES: •
Utilize enterprise architecture methodologies to stabilize and modernize the infrastructure. Streamline an intake process for the HHS Enterprise Architecture Repository (HEAR) to ensure that all systems are accounted for.
•
Develop a technology roadmap to modernize and more effectively plan for technology refresh.
•
Align technology to the business needs to allow business to drive technology. 28
Internal Milestone External Milestone
Data
PROBLEM:
FDA does not have a comprehensive data governance model. FDA lacks data standards and supporting technologies to ensure availability and integrity in our data. Our current data resides in disparate database systems with no integrated strategy for storing and accessing these data sets.
SOLUTION:
Develop a governance model and a master data management approach that aligns with the governance strategy and integrates with the Agency's enterprise architecture.
MILESTONES: •
Develop a Master Data Management strategy to handle business data and Big Data requirements.
•
Modernize the business objects environment to enhance reporting capabilities.
•
Develop a data governance model and approach to standardize data across the Agency and promote interoperability.
•
Hire a Chief Data Officer to lead Master Data Management efforts.
•
Develop and implement a SharePoint governance strategy.
•
Implement digitalization project across the enterprise.
29
Internal Milestone
Scientific Computing
External Milestone
PROBLEM:
FDA’s scientific computing program is not integrated into the enterprise architecture, and the advanced computing needs in support of Regulatory Science are changing and increasing.
SOLUTION:
OIMT will include the Scientific Computing community into the overall target architecture in order to achieve greater harmonization of needs. This will help ensure customer satisfaction as well as the delivery of quality solutions in a globalized, transforming market place.
MILESTONES: Establish a support plan for Scientific Computing to allow FDA to meet its regulatory mission.
•
•
•
Develop a plan for Next Generation Sequencing (NGS) to allow for on demand access to needed processing capacity. Define enterprise requirements for statistical support & enterprise SAS to increase awareness of the capabilities, and improve the benefits of the tools. Define requirements for a sandbox using non‐public regulatory / scientific data to evaluate new technological solutions prior to purchase. Design a high speed, secure infrastructure to accommodate scientific requirements for data exchange.
•
Integrate the scientific image into OIMT’s image management process.
30
Supporting Documents
A. Strategic Plan Milestone Tracking B. CIO Council Roadmap
31
