-1- Note from State CIO Cummiskey: Arizona’s FY 2009 Statewide Strategic Information Technology Plan addresses the major initiatives, both potential and already underway, that will move the State to an innovative future Information Technology environment. This plan provides guidance to State agencies on statewide information technology issues related to:  Aligning State infrastructure to a common architecture  Improving public service delivery through electronic means  Increasing government accessibility  Saving resources through technology  Enhancing security and privacy of State resources The 21st century demands high levels of service from State government and has initiated a new era in secure information technology and raised citizens’ expectations. Many state agencies are caught in a conundrum of competing needs: shrinking budgets, customer demands for increased technology and services, a lack of technical staff, and heightened concerns regarding IT security and privacy protection. This plan is a guide for agencies to follow as they continue to evolve their information technology infrastructure. If you have any questions related to this plan, please contact GITA’s Strategic Information Technology Planning Manager at 602-364-4784. Chris Cummiskey State CIO, Director Government Information Technology Agency -2- Table of Contents Executive Summary ..................................................................... ………3 State of Arizona's Information Technology Vision ................................... 5 Core Values & Guiding Principles .......................................................... 5 Arizona Statewide IT Goals .................................................................. 6 Goal 1: Align State IT infrastructure…………………………………………………8 Goal 2: Improve Public Service Delivery ............................................ 12 Goal 3: Expand Accessible Government ............................................. 18 Goal 4: Cost Savings through Advanced Technology .......................... 22 Goal 5: Promote Secure State Information and Data. ......................... 26 Summary of Executive Agency IT Plans ............................................... 31 Summary of Executive Agency IT Trends ............................................ 32 Summary of Executive Agency IT Issues ............................................. 37 Agency IT Goals & Objectives............................................................. 38 Agency IT Plan Synopsis .................................................................... 40 Findings from Agency IT Plans ........................................................... 41 Recommendations based on Agency IT Plans…………………………………….42 TABLES Table 1 Top Agency IT Trends FY 2006 - FY 2008……………………..……….36 Table 2 Top Agency IT Issues FY 2006 - FY 2008…………………..…………..37 Table 3 Top Agency IT Goals FY 2006 - FY 2008………………………………...39 APPENDICES Appendix A State Agencies by Group………………………………………43 Appendix B Top Ten IT Projects within State Agencies…………………..46 Appendix C Summary of Active IT Projects by Category & Cost………..51 -3- EXECUTIVE SUMMARY In her 2008 State of the State address, Governor Janet Napolitano enumerated key areas that will determine the State’s future success: education, economic growth, health care, secure and safe communities and continued innovation. According to the Governor, “success in our future economy will depend on innovation”. This year’s statewide IT plan addresses these key areas and more from a strategic perspective. Five statewide strategic IT goals have been identified for FY 2009. These goals were derived as a continuation of efforts begun in previous years, supplemented by an extraction of agency IT goals and objectives submitted in the past year, and Governor Napolitano’s statewide goals. Stakeholder consultations have also revealed a list of potential issues and suggested directions for the future. As these goals are long-term and may not be accomplished in a single year, this plan addresses last year’s accomplishments and new initiatives and any deviations from strategic direction. “People are getting better and better at using the Internet, and it is propelling government to provide more timely information and better online services.“ Governor J. Napolitano Goal 1: Align State IT Infrastructure towards a common Architecture: guide the State toward a common architecture for technology enhancing inter-agency operability. GITA is improving government efficiency through the identification of common services across agencies that will eventually form the backbone of a service-oriented architecture for the State. This direction is expected to not only increase accuracy and information timeliness but to reduce future development costs of technology through reuse and the elimination of redundancies. Major state agencies rely on mission-critical legacy software systems, many of which are more than twenty years old. These systems will require replacement or major upgrades within the next five to seven years at an estimated cost of between $350 to 400 million. GITA is in the process of identifying and prioritizing these system replacements. Goal 2: Improve Public Service Delivery: enrich the quality of life for Arizonans through improved automation of health and human services, e-health initiatives, and development of rural telecommunications infrastructure. Arizona is taking a novel approach toward alleviating the isolation of rural Arizona through the use of online communication, especially the use of broadband. Responsive communication also plays a great role in mitigating the impact of disasters, particularly in Arizona’s annual fire season. The implementation of Arizona 2-1-1 online and the 2-1-1 emergency call center are key examples of Arizona’s sharing of information on health and human services and timely updates during emergencies. The Governor states that “leading-edge work in electronic health care systems” will “promote care that is efficient and effective”. “Arizona’s health care system should be simple and smart and base decisions on prevention and staying well.” Arizona was the first state to generate a roadmap to achieve a statewide electronic health data exchange. Other states and the federal government are vitally interested in Arizona’s approach to this daunting task. -4- Goal 3: Expand Accessible Government: To broaden citizen access to government through e-government technologies including common licensing and enhanced search capabilities. The sophistication and sheer number of Internet users has necessitated increased capability and intelligence at websites. Growing computer knowledge on the part of the public is propelling government to provide better and more current information and online services. Arizona has been at the forefront of e-government services development. Ongoing enhancements to the State Web Portal drive agencies toward common online licensing and payment processing for their constituency. The Governor’s Business One-Stop will also expedite new business growth. Goal 4: Cost Savings through Advanced Technology and Best Practices: To increase productivity through application of advanced technology and reduce risk through use of best practices in IT methodologies, saving State IT resources in the long term. Continuing Governor Napolitano’s insight into key areas of education and infrastructure growth, GITA launched a statewide certification program for IT project managers in partnership with the Arizona Government University (AZGU). This best practice is being supplemented along with an alignment of strategic business planning with IT planning, new document imaging and statewide email consolidation programs. Other IT enhancements include strategies for web-conferencing, telecommuting, and virtual offices to A new statewide certification program for IT project managers was recently established… both decrease the need for travel yet increase productivity. Goal 5: Promote Secure State Information & Data to protect and secure IT systems in the State especially personal citizen information. Since identity theft and privacy protection have become every Arizonan’s concern, efforts are being focused on both IT security and privacy through continuity of government planning and formation of a new statewide information security and privacy office. In addition, the development of a secure interoperable first responder system throughout the state is planned in coming years. The State is leading initiatives to prevent and respond to threats against Arizonans, employees, and its assets. This statewide strategic IT plan also summarizes state executive agencies’ FY 2006 – 2008 IT plans in terms of trends, issues, goals and objectives. Statewide agency trends have been consolidated and agency strategic IT goals are compared across the last three years. This year, two new statewide IT goals were the result of renewed emphasis on consolidation and improved methodology. Based on review of the agencies’ IT plans, key recommendations are identified at the end of this document. Through successful strategic IT planning, the State will reap the benefits of agency IT programs that play a more cohesive role in each agencies’ fulfillment of their mission and future vision. -5- STATE OF ARIZONA'S IT VISION “This year’s budget shortfall is an opportunity to do what business does: invest in infrastructure so that we are fully prepared to capitalize on the economic good times, when they return.” Governor Janet Napolitano, State of the State January 2008 Arizona’s IT vision is based on the use of technology as a tool to improve both processes and infrastructure. To achieve the statewide IT vision for FY 2009 and beyond, effort converges on three foci; namely 1) thought leadership, 2) efficiency and accessibility and 3) oversight and compliance. Themes under thought leadership include the transformation of government through innovation, improvement of IT infrastructure, and introduction of best practices for project management; thereby setting a statewide strategic direction and continuing to provide consulting efforts with state agencies. The efficiency and accessibility theme encompasses user-friendly customer service delivery, responsiveness and accessibility to both agency and public needs through breaking down barriers and finding ways to improve automation. Oversight and compliance themes address protection of state assets and securing the IT infrastructure as well as privacy protection for vital data. CORE VALUES Values influence how decisions are made, reflecting which qualities are held important, how the world is Themes for accomplishing the statewide vision for FY 2009 include thought leadership, efficiency and accessibility and oversight and compliance. viewed and what beliefs are significant. The core values for GITA are: Effectiveness – focus on productivity and the power of intention to produce the desired effect. Freedom of access – conviction that the public has a right to ease of access to public information. Efficiency – view that State government should constantly strive to act efficiently with minimal waste. Right to privacy – recognition that State government holds information, which is private, and that unauthorized release of that data is a violation of the public trust. -6- ARIZONA STATEWIDE IT GOALS “In this competitive and fast-moving world, we must continue to write our own story.” Governor Janet Napolitano, State of the State January 2008 The Statewide information technology goals reflect the desired end result of using IT in targeted areas over the next decade; thereby setting the strategic direction for the State of Arizona in 2008 and years to come. Governor Napolitano has indicated that the state must magnify Arizona’s innovation capacity to ensure that all agencies of state government are working together on critical growth issues and to invest in research and development that is focused on using technology to make a difference in people’s lives. 1. Align State IT Infrastructure toward a common Architecture: guide the State toward a common architecture for technology enhancing inter-agency operability. “In this competitive and fastmoving world, we must continue to write our own story” 2. Improve Public Service Delivery: enrich quality of life for Arizonans through improved automation of health and human services, e-health initiatives, and development of rural telecommunications infrastructure. Governor Janet Napolitano For FY 2009, GITA extends the FY 2008 statewide strategic IT goals with the addition of improved government effectiveness and efficiency through the use of technology, thought leadership, introduction of best practices and methodology, as follows: 3. Expand Accessible Government: broaden citizen access to government through e-government technologies including common licensing and enhanced search capabilities. 4. Cost Savings through Advanced Technology and Best Practices: increase productivity through advanced technology and reduce risk through use of best practices in IT methodologies, saving State IT resources over the long term. 5. Promote the Security and Integrity of State Information & Data: protect and secure IT systems within the State especially citizens’ personal information. Working in concert with the executive branch agencies and other stakeholders in the State, GITA is committed to achieving these goals by adhering to the objectives and initiatives outlined in this strategic plan. Information technology support for the executive branch of Arizona will eventually lead to operation as a seamless enterprise, delivering consistent, cost-effective, reliable, accessible and secure services that satisfy the needs of its diverse public and private customers, including its citizenry, its business communities, and its public sector agencies. -7- GOAL 1: ALIGN STATE IT INFRASTRUCTURE TOWARDS A COMMON ARCHITECTURE: guide the State towards a common architecture for technology enhancing overall state agency interoperability. Arizona’s IT infrastructure includes its hardware (mainframes, servers and attached platforms), interconnecting networks, all associated software (operating systems, applications, both custom and off-the-shelf) and the databases interacting with clients (both web and local). Agencies have been upgrading their hardware infrastructure as technology has matured in the last few decades. Through modernization of the state’s IT infrastructure, inter-agency efficiencies can be achieved. Arizona’s concept of an enterprise architecture (EA) was developed five years ago as a pragmatic roadmap for addressing digital innovation opportunities for Arizona. The roadmap evolved into a suite of statewide policies and standards to promote a common strategic direction and framework for agencies, encouraging interoperability, flexibility, scalability and open-standards based technologies. Since that time, giant steps have been taken to promote interagency collaboration and sharing of data within Arizona executive agencies under a new Service-Oriented Architecture (SOA) philosophy. The effectiveness of a Service-Oriented Architecture has been proven in industry and now will thrust the state of Arizona towards a more efficient infrastructure. Migration towards a Service-Oriented Architecture across the enterprise will not only promote better information sharing, but improve overall cost effectiveness through software reuse. The ease of implementation of a SOA through today’s software technologies makes it feasible, even within legacy systems as long as they are well-documented. Since this is an ‘assemble and reuse’ strategy rather than an ‘add-on effort’, SOA holds promise in quickly streamlining systems as well as providing Migration towards a SOA across the enterprise will not only promote better information sharing but improve overall cost effectiveness. desired flexibility for future upgrades. A majority of state agency IT plans mentioned improved efficiency as an IT goal for FY 2008, in addition to their goals for staying ahead of the technology curve. Resource and information sharing is a key ingredient in achieving overall interagency efficiencies. The transition to a statewide enterprise architecture is accelerated by an online technology table supporting agencies in their assessment of new IT purchases at www.azgita.gov/enterprise_architecture/ which includes both target platforms and target software. Agencies are strongly encouraged to use common products, not only for volume cost savings, but to enhance interoperability and diminish overall maintenance costs. Communities-of-interest are in initial stages of common data element identification and formatting for future information sharing. -8- Statewide Objectives  Leverage IT resources across agencies.  Enable interagency deployment of customer services.  Decrease the complexity and improve the connectivity of the State’s IT environment by streamlining agency business processes and services.  Align new IT projects with target architecture Statewide Performance Measures  Promote open policies and standards for hardware, software, and associated infrastructure to drive the state infrastructure toward an inter-communicating, interoperable enterprise architecture. Statewide IT standards in the areas of management practices, web development, enterprise architecture and security have been developed and are published on the GITA website. Overall adherence of major state agencies to the Enterprise Architecture standards was just over 92% in FY 2007, exceeding our target of 80%. The goal for FY 2008 and all years thereafter is an overall agency compliance to Enterprise Architecture standards of at least 95%.  Encourage agencies to implement target technologies when upgrading infrastructure. The ultimate goal is to have at least 95 percent of agencies using both the Target Technology standard and the assessment form. Due to limited funding and hardware refresh cycles generally extending over three years, this goal is far from being met. The goal has been replaced by a new drive towards implementation of a more standard service-oriented architecture across agencies.  Ensure all IT organizations follow the Enterprise Architecture through the Project Investment Justification (PIJ) process. The goal is to assess 100 percent of incoming PIJs to comply with the Enterprise Architecture standard. Although all incoming IT projects are assessed as to ... large-scale and high-risk projects are monitored toward successful implementation using lifecycle analysis as well as quality assurance methodologies and industry best practices. compliance with EA standards, overall adherence to the domains is increasing very slowly due to limited IT funding. In FY 2008, all approved PIJs complied with the EA standards.  Streamline agency business processes. The goal is to implement SOA pilot projects, through either software reuse and/or business process reengineering, at two agencies in FY 2009. The target in subsequent years is to increase use of SOA at state agencies by at least 100% each year. -9- Current Initiatives Underway Service-Oriented Architecture Pilot program: A fresh look at service delivery architecture models is underway, whereby agencies are encouraged to consider the web services behind a ServiceOriented Architecture (SOA) as a viable approach toward reaching an ultimate statewide enterprise architecture. The goal of the program is to continuously evolve and improve state services through the use of emergent information technology. With the implementation of SOA using the State web portal and proliferation of agency websites and services, business processes and services will ultimately be able to cross agency application boundaries and significantly improve service delivery. In late 2007, monthly SOA sessions were held with the CIO Council to cultivate broad exposure to industry’s current offerings. Presently, the State of Arizona is developing and implementing initial SOA pilot projects for proof-ofconcept, wherein overlapping business processes and redundancy can be reduced and/or eliminated being replaced with common service modules using an Enterprise Service Bus. The five SOA pilot projects and participating state agencies are as follows: Arizona Department of Economic Security (DES) - Vital Statistics Data for the Enterprise This project will allow the state to consolidate processes and information for accessing and utilizing vital statistics managed by the Department of Health Services (DHS). Vital statistics include birth and death records, health care licensing information for hospitals and labs, WIC recipients, fraud, etc. This enterprise system will replace current redundant systems and processes currently performed by DES and other health care organizations. Arizona Department of Education – Arizona Institutions of Higher Learning SAIS Student Locator Agencies are strongly encouraged to use common IT products, not only for volume cost savings but to permit interoperability and reduce overall training and maintenance costs. The project establishes a web service with SOA enablers that will enable Arizona institutions of higher learning such as state universities and community colleges to automatically retrieve and/or validate a student’s SAIS (Student Accountability Information System) Identifier. This effort will further improve the authentication and accuracy of a student’s status and other information within the state’s educational system in response to a legislated mandate for Arizona colleges and universities to retain accurate SAIS IDs for student applicants and registered students at Arizona schools. Arizona Department of Revenue (ADOR) – Electronic Filing of Corporate Withholding Taxes SOA concepts will be incorporated in the newly developed Tax Accounting System by ADOR. The submission of corporate personnel withholding tax filings will use a web-based Employer -10- Withholding e-File Service interface to this system. Both single and batch filings of returns will be accommodated using the Federal/State Employment Taxes (FSET) communications protocol, which promotes the use of SOA toolsets, workbenches, and application suites. This new service will provide a proactive web service interface for the transmission, receipt, and acknowledgement for taxing recipients ensuring filing acceptance, time-date stamping, and official recorded returns by the state. Use of this standard protocol allows reuse of the service for other e-filing services. Arizona Health Care Cost Containment System (AHCCCS) – Health-e Medicaid Health Information Exchange & Electronic Health Record Utility (HIE/EHR) This project will provide patient health information at the point of service and transmit health information through SOA business applications for other health care providers. The Health-e system will ultimately provide a central repository of health information and services for all members to access and update through web services resulting in a more efficient and effective health care system. Electronic access to medical records will result in the reduction of medical errors, a reduction of redundant testing and procedures, improve coordination of care for chronic diseases, increased preventive measures, reduction in the use of emergency rooms, and lower administrative costs. Department of Administration – Statewide Email and Enterprise Wide Imaging Two different IT projects will incorporate different aspects of SOA within the ADOA infrastructure; namely the statewide email system and an enterprise-wide imaging system. Based on the Governor’s initiative for the ability to contact every state employee by email, ADOA has identified Microsoft Exchange and Novell Group Wise as the statewide standards for addressing state email systems as an enterprise. The sharing of address books from both systems through SOA applications will provide a centralized system for executive leadership to contact all state personnel and other third party organizations. The second project is a response to a growing need to image paper documents for electronic storage and archiving, ADOA has partnered with GITA, the Arizona Library, Archives & Public Records (ASLAPR) and the Office of Efficiency Review to create, develop …Health-e system will ultimately provide a central repository of health info and services accessible through the web and implement an enterprise solution for digital documents. This effort will further promote a paperless environment as well as digital archiving through SOA applications, another key initiative for e-government solutions. Policies, Standards and Procedures (PSPs): The State’s strategic perspectives are reflected in the statewide IT policies and standards that, in turn, provide a framework for individual agencies to establish their own policies, standards, and procedures. Development and updating of statewide policies, standards, and procedures continues with the development of a new standard on web conferencing, addition of a privacy policy and a complete revamp of the encryption standard this -11- year with planned updates to the security-related standards. Policies, Standards, and Procedures (PSPs) were designed to improve the timeliness, quality, consistency, and efficiency of State government IT systems as well as provide direction to agencies on IT architectures, infrastructure, strategies, usage, and operations. Most of the PSPs address IT security and/or privacy concerns in one form or another due to recent statewide concerns. -12- GOAL 2: IMPROVE PUBLIC SERVICE DELIVERY: enrich quality of life for Arizonans through improved automation of health and human services, e-health initiatives, and development of rural telecommunications infrastructure. Governor Napolitano identified improved education and comprehensive growth planning as two of her top priorities in 2008. An improved information technology infrastructure is crucial for economic development in Greater Arizona while broadband availability helps to breakdown both time and distance barriers in conducting business. [Broadband is defined to be a telecommunications connection of at least 1 Megabit per second (1 Mbps).] Such advanced telecommunications is also a key factor in job creation outside the metropolitan areas. By treating broadband telecommunications as a critical state infrastructure, the State will foster the expansion of broadband capabilities throughout the State and thus build job growth in Arizona’s rural communities. Such ventures as the Telecommunications Privatization Program, wherein state agencies use a common infrastructure, have also successfully improved communications between state agencies and slashed costs over the past three years. Substantially improved service through the application of IT to the medical sector will lead to a reduction in health care costs. Healthcare at every level is negatively affected by the absence of readily available, comprehensive, patient-centric health information and lack of timely access to clinical knowledge. Almost one-quarter of Arizona physicians use either full or partial Electronic Medical Records (EMRs) in their practice, although statistics indicate less than ten percent of physicians currently use their full capability. By automation of the four basic EMR functions; namely, 1) computerized orders for prescriptions, 2) electronic orders for tests, 3) automated reporting of test results and 4) compilation of physician notes electronically, medical practices stand to truly improve service while reducing overall costs. Application of IT security to electronic medical record keeping in A statewide roadmap for e-health involved hundreds of medical stakeholders was developed through GITA in FY 2007 association with the Arizona Health-e Connection initiative is underway. In FY 2007, GITA spearheaded the development of a statewide roadmap for e-health involving hundreds of medical stakeholders, which eventually led to the FY 2008 establishment of a not-forprofit organization; namely, Arizona Health-e Connection. This organization provides governance for the implementation of the recommendations from the statewide roadmap. An associated study of the inherent privacy issues involved with electronic medical record keeping was recently completed by GITA under a Federal grant. In addition, the Rural Health IT Adoption Grant program has awarded seven grants in 2007 to implement healthcare IT and healthcare information exchange statewide. Arizona's 2-1-1 system currently combines information from a wide variety of health and human service providers through a single information network easily accessible to caseworkers and the -13- public. Arizona citizens may also access disaster response and homeland security information through this system, which includes assistance in locating disaster relief organizations and services, providing accurate up-to-the-minute updates dealing with threats and disasters besides identifying opportunities to volunteer in the community. Statewide Objectives  Promote sharing and consolidation of telecommunication networks, both public and private.  Aggregate cross-jurisdictional government and private sector needs for broadband services with emphasis in rural Arizona.  Solicit demand through community activism, including commercial and residential interests, to 2-1-1 provides assistance in locating disaster relief organizations and services through its website. speed broadband deployment.  Support deployment of broadband infrastructure as a key component of economic development and expansion  Foster competition to encourage better services at lower broadband prices to underserved areas of Arizona; i.e., at least two providers within every zip code.  Improve funding for K-12 education and libraries by increasing the State’s total receipts of E-rate subsidies for schools.  Promulgate use of electronic record keeping by medical facilities and physicians as part of improvement of health services.  Educate and expose IT personnel and businesses to newer technology and improved IT processes. Statewide Performance Measures  Total amount of Federal grant monies obtained for broadband deployment. A tentative goal of $1.5 M in Federal grant monies was set for FY 2007, up from the $500K obtained in the previous fiscal year. With heavy reductions in available Federal grant monies, Arizona captured nearly $750K of the above $1.5 M goal. The target for subsequent fiscal years is to continue to increase Federal grants for telecommunications. So far in FY 2008, Arizona -14- received $610K in Federal grants towards its telecommunications goals (both USDA RUS and USDA economic development grants).  Number of successful broadband infrastructure projects underway or implemented in Arizona. Successful broadband implementation was the measure of success of economic growth for FY 2008. Not only did Arizona achieve its stretch goal for FY 2007 with ongoing broadband projects in Superior, Peoria School District and towns of Goodyear, Sahuarita and the Copper Square project in the City of Phoenix, the optimistic goal of an additional ten projects in FY 2008 was also reached. USDA RUS loans and grants totaling over $4M were approved for 15 new communities. This was in addition to the six projects already underway in Pinal County alone; namely, Eloy, Dudleyville, Casa Grande, Florence, Coolidge, and Arizona City. However rising costs, economic downturn and right-of-way issues continue to slow growth statewide, so the goal for FY 2009 and subsequent fiscal years is to target at least three new broadband projects statewide each year.  Percentage of participation of eligible school districts and libraries in applying for E-rate subsidies within Arizona. Once education officials determined their eligibility for obtaining Federal Communication Commission (FCC) E-rate subsidies, the goal for participation by eligible schools and libraries in FY 2007 was 80%. Over the past year, due to eligibility At least 6 broadband projects are underway in Pinal County alone. changes by the Federal government which limit a school to applying in only two out of every five years, Arizona’s eligible schools dropped by nearly 50%. The target for subsequent fiscal years is to double again Arizona’s participation in this important program through consolidation and tighter administration of the schools’ application process.  Number of Health Information Exchanges (HIE) developed or underway. The target for FY 2008 was to have at least one HIE under development. This goal was surpassed with the addition of SAHIE (Southern Arizona Health Information Exchange) in Tucson and the recent initiation of the AHCCCS HIE-EHR Project described in Appendix B. In future years, the target is to have at least one additional HIEs implemented or under development each year. Current Initiatives Underway Statewide Strategic Telecommunications Plan: Community and regional telecommunication assessments have been funded by the Legislature in past years. Findings from these assessments have been incorporated into a Statewide Strategic Telecommunications Plan enumerating priorities, identifying policy changes and highlighting areas of telecommunications deficit to set a course for long-term solutions over the next decade. The Arizona Telecommunication & Information Council -15- (ATIC), as well as many regional business and planning councils, are key partners in the effort to develop an effective statewide telecommunications infrastructure. Due to this year’s budget issues, the proposed establishment of an Arizona Broadband Development Authority, along with a Broadband Infrastructure Revolving Fund, has been delayed until the 2009 Legislature. Active strategies for enacting telecommunications improvements for 2008 include addressing right-of-way obstacles and developing support for policy enhancement at the State level through the Communications Infrastructure Advisory Committee (CIAC). Communications Infrastructure Advisory Committee (CIAC): This Public/Private committee was formed to focus on issues related to the deployment of Broadband capability to all of Arizona. Since broadband deployment is both a state and local community issue, one of CIAC’s goals is to provide leadership and aid to interested communities in applying for grants, subsidies and loans directed at broadband. A new program has been defined to provide grants from Arizona sources; namely, the Arizona Broadband Connect initiative. These grants will fund middle-mile extensions (off-ramps) to nearby towns and communities helping to justify a last-mile implementation. Middle-mile includes high capacity trunk lines and their associated infrastructure connection via Internet Service Providers (ISPs) to the Internet while last-mile covers the Internet connection between the ISP and end users. Middle-mile development has been an obstacle to rural linkage in the past due to the reluctance of telecommunications providers to spend the prolonged development time and costs to achieve their return on investment. Although an increasing Changes to right of way policy are based on the premise that the citizen pays only once. number of companies have expressed interest in providing last-mile services in rural areas, the lack of reasonably priced middle-mile connection currently thwarts broadband success. Right of Way Policies impacting Telecommunications. The exploration of numerous right of way access issues related to broadband and telecommunications is essential to advancement of the broadband infrastructure in the State. Recommended changes to rights-of-way policies are based on the key premise that the citizen pays only once. E-rate Subsidies: This Federal E-rate program provides 20% to 90% discounts on telecommunications services and equipment targeting eligible schools and libraries that participate in Title I federal school lunch program. State subsidies, based on the percentage of participating students, are funded through annual federal allocations of $2.25 Billion from consumer phone taxes collected by the Universal Service Administrative Company (USAC), under the auspices of the FCC. Recent Federal rule changes have reduced potential E-rate subsidies for Arizona schools by limiting school district eligibility to apply for network equipment funding to only two of every five -16- years. In addition, delay in renewal of the statewide carrier service contract allowed insufficient time for school districts to apply as qualified USAC-470 contractees. With the newly eligible statewide contract award, the cost for schools to qualify for E-rate subsidies in the future will be substantially reduced. In addition, formation of a statewide E-rate coordination group has not only consolidated today’s dispersed efforts identified other potential application process improvements. The task group estimates nearly $100 M in new E-rate subsidies can still be captured in Arizona. Arizona Telemedicine Program: The Arizona Telemedicine Program (ATP) recently won top awards in the area of telemedicine. The Silver award for Excellence in Distance Learning was presented to ATP for their unique efforts in coordinating the Rural Faculty Development Fellowship for rural preceptors in the state involved with the telemedicine network. In addition, the Federal Communications Commission (FCC) has recently awarded a $15.56 M grant to the University of Arizona’s College of Medicine in Tucson to upgrade the broadband network used to deliver critical health services to Arizona’s remotest communities. The FCC grant funding originates from the FCC Universal Service Fund fee, collected from long-distance and wireless telephone subscribers. These proceeds help to offset payment for Internet service to schools, libraries, low-income populations and rural communities. Arizona E-health Initiative: The Arizona Health-e Connection project was created in 2005 to adopt a statewide e-health infrastructure which will both improve the quality and reduce the cost of health care in Arizona. By ensuring health information is available at the point of care for all patients, medical errors will be reduced and duplicative medical procedures avoided. Coordination of care between hospitals, physicians, and other health professionals will be improved, health care research advanced and by providing consumers with their own health information, they will be encouraged to actively participate in their own health care decisions. The Arizona Health-e Connection, now privatized into a not-for-profit corporation, is also key to reducing state expenditures by endeavoring to control health care costs as well as enhance the Savings of nearly 10% of total health spending is achievable through health information technology. business environment for large and small employers. Savings of nearly 10% of total health spending can be achieved through health information technology (HIT) by lowering health care administrative costs, avoiding errors in care and reducing duplicative medical care and practices, according to the US Dept of Health and Human Services. Furthermore, this statewide initiative coincides with President Bush’s vision calling for widespread adoption of interoperable electronic health records by 2014. A Federal grant for exploration of potential solutions to privacy problems in sharing health care records, in partnership with the National Governor’s Association, provided resources to assess -17- business practices affecting legal and privacy obstacles, as part of the Arizona Health Privacy project. Reduction of healthcare costs through the use of e-records will not only aid Arizonans in keeping medical expenses down but will facilitate safety through accurate, timely, and secure data exchange. In 2007, the Federal grant was extended to focus on a model participation agreement and policies to permit secure access for healthcare providers in an HIE. The plan for 2008 includes working with ten other states to set requirements for basic HIE information exchange policies across state lines. In addition, GITA recently awarded $1.5 M in Rural Health IT Adoption grants to seven different communities across the state. These grants are intended to facilitate adoption of health IT by rural health care providers in an attempt to improve both quality and efficiency of their health care delivery. The intent is to start the cycle of health care improvement for a rural healthcare provider by supplying seed money for enhancements to care delivery and reductions in administrative costs. Matching funds can then be leveraged to obtain additional funding from federal and specialized sources. Building on the success of the Arizona Health-e project, AHCCCS recently received $12M in Federal grant monies to modernize their medical delivery system through development of a secure webbased electronic health records system. Arizona 2-1-1 Project: Governor Janet Napolitano created the Governor’s Council on 2-1-1 to plan and build a statewide 2-1-1 system to facilitate public access to community, social service and homeland security information. Phase I involved the development and implementation of a webenabled database, resulting in www.az211.gov. In the future with the completion of Phase II, anyone During last year’s TOPOFF 4 exercise, Oregon often referred its citizens to Arizona’s 2-1-1 website. in the state will be able to dial 2-1-1 to gain access to a network of community-based call centers, in addition to the web-enabled database. In January 2008, management of the 2-1-1 system was transitioned to GITA to be aligned with the revamped State web portal. Since both the State web portal and Arizona 2-1-1 Online serve the public in a similar fashion, some efficiencies in managing the two programs together can be achieved. However, the AZ 2-1-1 Emergency Bulletin System will be continued under the auspices of the Department of Emergency Management. In fact, during the October 2007 TOPOFF 4 multi-state emergency response exercise, Oregon often referred its citizens to Arizona’s 2-1-1 website for up-todate information. -18- GOAL 3: EXPAND ACCESSIBLE GOVERNMENT: making services more accessible to the public and state agencies through e-government solutions. In partnership with the Efficiency Review Board, GITA strives to serve as a conduit for state agencies to share ideas regarding technology and new processes including e-government and the ease of connecting with government for citizens. E-government not only increases the public’s accessibility to government but enables government to run more efficiently by making services more widely available through multiple delivery channels. The State’s goal is to provide accessible, reliable, and cost-effective government services to the public electronically. The following four ongoing activities promote accessible government:  Collaboration and communication among agencies and municipalities;  Architecting of a framework to support both enterprise and distributed e-services delivery with an emphasis on online licensing;  Development of statewide standards for web-related initiatives;  Leveraging of enterprise technical resources through the implementation of an e-services framework; Since 2001, the State of Arizona Web Portal at www.AZ.gov has offered Arizonans improved access to government agency information and services over the Internet. The state portal is now the center of the state’s e-government initiative providing the public access to Arizona’s government organizations from a single web site. Currently, more than 150 Arizona state, county, and municipal agencies leverage the capabilities of the Arizona Web Portal. Migrating selected functions to the Internet can be evaluated through review of an agency’s primary business functions. Not only can agencies save money but better service can be achieved through use of proven web application development expertise and the infrastructure of the Portal. In 2007, “Ultimately, the State will provide Arizonans and businesses with ‘one face’ to Arizona government.” the Web Portal infrastructure was moved to Arizona for improved disaster recovery and program management purposes. With the expiration of the previous State Portal operations contract, a nationwide competition was held in 2007 to support the expansion and acceleration of Arizona’s award-winning e-government program. NIC, a Kansas-based e-government services provider, was the final choice possessing a dominant presence in over twenty other state’s web portals and providing e-government solutions for 2600 state and local agencies in the United States. To further augment agency needs, GITA provides the services of its webmaster to state agencies both for training and website enhancement services. These services promote government efficiency and accessibility through the practical application of technology in support of the Governor’s directive to reduce costs and improve service delivery to the public. One of the state agencies’ key trends in -19- recent years has been the use of the Internet to provide information and services as well as the growing recognition of the power of e-government. Statewide Objectives  Encourage agency use of the State Web Portal.  Provide a sound business model for online service delivery.  Improve the look-and-feel of the navigation, consistency, usability and search capabilities of State websites.  Enable agencies to use online E-Licensing services, in addition to such enterprise technical resources as a custom Google search engine, credit card payment processing services, Geographic Information Systems processing and secure access control. Statewide Performance Measures  Number of transactions accessible on the Internet via the web portal. The goal for FY 2008 was to have at least 80 transactions available on the Internet. An increase of at least ten transactions for each succeeding fiscal year is anticipated. As of April 2008, there were 81 transactions available on the web.  Support agencies in development of online licensing initiatives. The goal for FY 2008 was to have at least 22 agencies providing online license renewal services. In succeeding years, an increase of seven agencies each year is desired. Thus far in 2008, there are 13 agencies using various One of the state agencies leading trends was the use of the Internet to provide information and services… components of the portal for online licensing. Reaching this goal was affected by the transition between contractors.  Promote the use of a standard ‘look-and-feel’ to yield a positive experience for the public. The goal for FY 2008 was to have 75 agencies using the standard web design style guide with an increase of ten agencies in each succeeding fiscal year. At present, there are exactly 75 agencies using the standard web design style guide.  Number of agencies using the standard Internet designation to the .gov format. Currently 123 .gov domains are in use representing 76 state agencies. The Governor’s request for a more standard addressing scheme for state agencies is driving this initiative. The target for FY 2009 is -20- to have all of the 120 agencies using a standard .gov naming convention for their Internet designations. Activities Underway Arizona Business One-Stop is a new initiative being combined with the online licensing system to encourage new business growth. Six agencies in conjunction with GITA plan to create a website consolidating all the initial needs of a small business in a single online location. The Corporation Commission, Secretary of State, Departments of Revenue, Economic Security and Commerce along with the Industrial Commission all get involved in the process of forming, owning or operating a business in the State. By allowing new businesses to access information and pay fees at a single online portal, not only will bureaucracy be reduced but also the time and effort to explore new options and business opportunities. Web Portal: Through use of the web portal, agencies can realize substantial benefits from reengineering and streamlining their business processes by implementation of the common payment and registration services provided by the web portal. Identification of common needs among agencies has identified opportunities for a shared component architecture to promote the following capabilities:  Increase accessibility to information and services through 24/7 access to state government resources   Promote economic development through ease of access to timely data sharing. Enhance government efficiency and public convenience through secure electronic transactions. The shared architecture now includes a Google search engine, custom application development as well as a secure authentication gateway, secure payment processing, GIS services and hosting. Any egovernment initiative should be based upon principles of convenience, efficiency, security, accessibility… Online Licensing: Bolstered by the successes of online renewals for both the Department of Real Estate and the Registrar of Contractors; several new agencies have added online license renewal via the state web portal. The licensing application, Common Licensing System, unifies online licensing at a single website. Using this strategy, to implement online licensing truly enhances government efficiencies as studies indicate that more than 30% of electronic transactions occur outside of agency regular business hours. -21- The state provides licensing services for over half a million occupational and professional licensees. Growth of the Common Licensing System has made it possible for over 70% of licensees to renew their credentials over the Internet. The target for FY 2009 and in subsequent years is to increase the percentage of online license renewals by ten percent. Arizona must continue to innovate in the area of IT and adopt industry-wide best practices and standards, if it is to continue to lure business to the state. Moreover, the need for education in key areas of information technology has been identified repeatedly by state agencies in their IT plans. In fact, during FY 2008 more than half of the objectives listed in the agency IT plans were concerned with staff IT training. Notice of Intent (NOI): All agencies coordinate web development initiatives through GITA by submission of a Notice of Intent of a website development or maintenance effort. This directive ensures that agencies are:  Adhering to published statewide policies and standards,  Maintaining a consistent look-and-feel in website designs,  Evaluating and expanding services already offered through the State Web Portal,  Employing cost-efficient means in deploying all web-related services. During 2007, there were 18 NOIs submitted to GITA. Arizona Business OneStop is a new initiative being combined with the online licensing system to encourage new business growth. Agency E-mail Naming standards: As part of Governor Napolitano’s policy regarding government efficiency, standardization of agency e-mail and website addresses has nearly been achieved. The .gov naming convention is recommended for all Arizona State agencies, boards and commissions to standardize web addresses and e-mail, giving the public assurance that they are accessing an official state government website. An approval process was created to limit domains to Arizona government organizations at the state and local level. azagencyname.gov is now the standard for all state agencies. -22- GOAL 4: COST SAVINGS THROUGH ADVANCED TECHNOLOGY & BEST PRACTICES: increase productivity through advanced technology and reduce risk through use of best practices in IT methodologies will save State dollars in the long term. More consistent project management practices not only improve productivity but ensure the efficiencies necessary to preserve quality of service in the face of limited budgets. Risks of exceeding schedule and/or costs as well as developing the desired system are reduced by following state-of-the art methodologies. Agencies, both small and large, are being exposed to new IT methodologies and concepts geared to better manage IT as a key resource. State certification for IT Project managers will not only provide consistent project management to a common methodology in the future but standardized training will improve risk profile, schedules and overall planning in this important area. In addition, the development of effective IT systems and timely procurement of quality IT products and services is also a measure of movement toward more efficient government in Arizona. Advanced technology is being employed to further government efficiencies with several new initiatives; namely, document imaging, a statewide email system, web-conferencing, virtual office and other innovations. Several agencies have initiated or are planning document imaging systems to Project management training increases professionalism, ensures that benefits are realized and improves the likelihood that projects are delivered on time and within budget. better store and retrieve visuals and/or paper-based items. An eventual statewide email system allowing agencies to intercommunicate more effectively and the governor more easily broadcast to all agencies would serve to streamline today’s awkward network of competing ISPs and mail servers. Web-conferencing offers the potential to cutback on travel budgets, while a virtual office environment can allow telecommuters to proliferate thus saving office costs, traffic congestion, fuel expense and improve overall productivity. Statewide Objectives  Advance use of new technology and best practices statewide.  Improve the project management process by training and certifying qualified state employees in current best practices in project management methodology.  Integrate both the IT and business planning processes to ensure better alignment of IT with business goals.  Ensure IT project success by providing increased project oversight for high-risk projects. -23- Statewide Performance Measures  Increase certified project managers for IT projects. The goal is to have a pool of qualified project managers to draw from for large IT projects within the State. In FY 2008, classes in effective IT project management were initiated by GITA in partnership with Arizona Government University (AZGU) to promote state-certification in project management for desiring agencies. The target for FY 2008 was to have at least twenty certified IT project managers available for critical projects at Group 1 agencies (Group 1 agencies listed in Appendix A correspond with high IT expenditures and/or essential state operations) with an increase of ten certified project managers each year thereafter. By May 2008, more than 200 qualified state, city, county employees and vendors had been certified as project managers in Arizona.  Integrate information technology planning toward alignment with agency business planning. Although the ultimate goal is to eventually have 100 percent of agencies’ business planning in alignment with IT planning, in view of the extensive turnover of State IT staff, this goal may be unrealistic. In FY 2008, 50 percent of major agency IT plans indicated integration with internal business planning. The target for FY 2009 is to have at least 55 percent of agency IT planning integrated with business planning with an increase of at least five percent in each subsequent year leveling off at 90%.  Promote use of strategic planning for IT at state agencies. The goal is to have 100 percent of executive agencies using the strategic planning tool, PARIS (Planning Application for Reporting IT Strategy) on the GITA website. In FY 2008, 100% of all executive agencies updated their IT plans. Each agency maintains a strategic plan for IT looking forward four years into the future. These plans acknowledge current IT trends and issues, attempting to place the agency’s IT vision and mission into context with emerging technology.  Accurate tracking and maintenance of statewide IT inventory. The goal is for all executive branch agencies to use the online inventory tool on the GITA website for updating their IT asset holdings. In FY 2008, 100% of executive state agencies updated their inventory using the Information Services Inventory System (ISIS) online tool. In addition, a reduction in the use of ‘other’ as a category has hugely improved the usefulness of database searches using the tool. New products, More than 200 qualified state, city, and county employees and vendors have been certified as IT project managers in Arizona so far. especially software items, have been added to the existing database thus greatly reducing the need for the ‘other’ category. The continued target for FY 2009 and subsequent years is to have 100% of state executive agencies updating their IT inventory online. -24- Current Initiatives Underway Project Investment Justifications: Agencies are required to submit a Project Investment Justification (PIJ) for all IT projects expending over $25,000. The PIJ elaborates a business case supporting the benefits and plans for a specific IT project. Projects are sorted into two categories for further approval; those under $1 million dollars are reviewed by the GITA director, while those valued at $1 million and over are reviewed and approved through an independent IT Authorization Committee (ITAC). Compliance with statewide SOA and enterprise architecture standards, including security and risk assessments, is a key part of the PIJ as are a detailed schedule and cost projection. Throughout FY 2008 as many as 106 projects at once, encompassing nearly half of a billion dollars in total costs, were being monitored. Strategic IT Planning: All state agencies are required to perform annual IT strategic planning to ensure effective use of their IT resources. As such, an IT plan is required by state statute to be submitted by September 1st of each year. Each IT agency strategic plan identifies the agency’s business goals and associated IT goals along with objectives and performance measures to be met over the next three years. In 2005, changes to this philosophy were introduced to provide a better metric of effectiveness across agencies and to reduce the burden on some of the smaller agencies, boards and commissions. GITA now focuses on the major IT developers and users plus those All Arizona IT projects must pass careful review by GITA before approval. agencies possessing essential state processes, commonly referred to as Group 1. Smaller agencies (Group 2) respond to a streamlined web page questionnaire. A self-assessment by agencies of their levels of current and projected compliance to specific security standards revealed several areas in need of statewide change and common funding. These security areas included the need for a more realistic implementation of encryption standards, better testing of backups, and improved IT security awareness training. Testing of restored backups has been a primary theme for Group 1 agencies for the past two years as has IT security awareness training. Furthermore, GITA collaborated with the State Procurement Office to develop and release an encryption RFP in FY 2008 identifying two potential vendors versed in state-of-the-art encryption products. Encryption services in six categories are covered under this new contract; namely, full disk, file only, backup media, mass storage devices, databases and removable storage devices. At present, any agency planning on using any encryption product must file a Notice of Intent with GITA to assure their readiness per state statute. Project Oversight: IT projects are monitored and mentored toward successful implementation by GITA. Additionally, large-scale and high-risk projects are given special attention encouraging use of successful implementation methodologies including lifecycle analysis and other best practices. Outstanding issues are reviewed by both GITA and ITAC with timely recommendations for improvements or corrections being provided. Focal points of the initial and periodic review include -25- project scope, management, roles, responsibilities, reasonable schedules, change control, cost containment, and effective utilization of resources. These reviews help ensure the projects are managed in an appropriate manner and that sound business practices are being followed from both IT and financial perspectives. Finally, agencies are encouraged to integrate quality assurance (QA) into project development either by designating qualified staff or contracting for third party services. The top ten IT projects during the past year are listed in order of overall development cost in Appendix B. Due to limited budgets this year, many IT projects have been placed on hold so activity is considerably diminished from past years. Appendix C, which summarizes active IT projects by total cost within state agencies, also shows a significant overall reduction from last year. In addition, many state agencies rely on legacy software systems, some of which are twenty or more years old. These systems will require replacement or major upgrades in the next five to seven years at an estimated cost of between $350 - 400 million. GITA is in the process of identifying and prioritizing system replacements based on age, condition, criticality and life and safety concerns. Project Management: In early FY 2008, GITA established a State Project Management certification program for state, county, and city employees and their subcontractors through the Project Management Institute. In recent years, the knowledge and skills required to manage State IT projects has increased dramatically. In response to this need, a new program was created in partnership with the Arizona Government University, wherein qualified agency personnel can become certified project managers following successful completion of a week-long course and a comprehensive exam. Not only does such training increase professionalism, but it improves the Projects are carefully monitored throughout their lifecycle to ensure sound business practices are being followed. likelihood that projects are delivered on time and within budget. The response to this course offering has been phenomenal with monthly classes still not meeting the requested needs of the agencies. In the future, high risk projects will be required to use state-certified project managers. Web-Conferencing Initiative. As part of an enlightened attempt to reduce travel costs and improve productivity, the Governor’s Office of Efficiency Review established the requirements for a web-based video conferencing solution in FY 2005. A pilot was initiated by GITA the following year to evaluate its effectiveness. Not only has employee productivity been enhanced but decreased fuel and maintenance expenses, increased statewide collaboration and a reduction in overhead expenditures have been seen in the last three years. Total annual savings on the order of $2.5 M for the State are estimated with only ten participating agencies at present. The result is the issuance of a new statewide standard on Web Conferencing, P140 dealing with tools, privacy features, and security issues. -26- GOAL 5: PROMOTE THE SECURITY & INTEGRITY OF STATE INFORMATION & DATA: protect and secure IT systems in the State especially personal citizen information. Addressing IT security has become a necessity for government organizations since they are primary custodians of trusted citizen data. As the State continually drives to improve service delivery through e-government, the importance of secure data and privacy increase dramatically. Due to these privacy and security concerns and the fact that Arizona has consistently ranked high in identify theft in the US, the State has taken steps to increase data protection through the implementation of a Statewide Information Security & Privacy Office (SISPO). This office will focus on strategic planning, facilitation and coordination for IT security and privacy protection across the state. In addition, Homeland security efforts are being addressed through the use of technology and common business processes for sharing critical information on physical and cyber threats, both within the state and with other states and federal organizations on a daily basis. Upgrading communications interoperability and improving continuity of operations, IT disaster recovery, and emergency preparedness planning are essential to rapid response and recovery from these threats. By improving the effectiveness of continuity of operations (COOP) and identification of essential business functions at major agencies, State infrastructure protection is being fortified to create a prioritized, coordinated suite of response and recovery capabilities, which can mitigate risk and exposure in the event of an IT security incident. Statewide Objectives  Creation of a statewide IT security and privacy office and the appointment of a dedicated chief information security officer (CISO) to oversee and coordinate IT security efforts including IT security and privacy program development, security standards oversight, privacy policy oversight, compliance management, risk analysis, incident response, and training/awareness.  Both continuity of operations (COOP) and infrastructure protection are being addressed to create a prioritized, coordinated suite of activities at the state agency level. Identification of alternate and/or redundant service delivery means for every essential agency business function throughout the state through continuity of operations planning and IT disaster recovery to maintain uninterrupted service delivery and redundancy by design.  Integration of statewide security and privacy policies, standards, and best practices with a sustainable IT operations and network architecture to strengthen alignment with Homeland Security and business-driven privacy initiatives. -27-  Coordination of a statewide IT disaster recovery plan encompassing all state essential business functions and their related infrastructure within the next two years.  Improved IT security at state agencies based upon security awareness training and adherence to statewide security policies and standards.  Improved Privacy policy implementation at state agencies based upon privacy awareness training and adherence to statewide privacy policies and standards.  Implementation of a standard means for agencies to use encryption for data storage. Statewide Performance measures  Secure statewide IT infrastructure to protect both privacy and data integrity through assessment of key agency IT systems ensuring security standards and procedures are in place and tested regularly. The aim is for the 31 major agencies (Group 1) to assess their current and projected IT processes in over 25 security and privacy categories, ranging from security plans to encryption to IT security awareness training. This target was met through the third year of operation of the online Technology Infrastructure and Standards Assessment (TISA) application on the GITA website. All agencies were able to complete 110 questions of the survey this year, attaining a 94% standards compliance rate. The target for FY 2008 had been an 85% approval rate with 5% increase in each subsequent year. It is expected that this measure will level off in FY 2010 with a value between 95% and 99%, as Newer technologies enable people who are less technical to spend less time gathering data and more time analyzing information. 100% is an unrealistic expectation given the evolving nature of security vulnerabilities and threats.  Increased IT security and privacy standards compliance across state executive agencies from an overall average of 75 to 90 percent, as measured by the application of the annual TISA survey. These surveys placed the large mission-critical agencies at 94% overall compliance level with statewide standards and at a 95.5% compliance specifically with respect to IT security standards in FY 2008. This year’s target was to be at 95% security compliance. Newly introduced privacy standards were assessed at an overall 92% compliance by the Group 1 agencies and while smaller agencies reached an overall 73% compliance level. The target for FY 2009 is an overall 95% compliance level for Group 1 agencies to statewide standards and 90% by Group 2 agencies. This year’s compliance level for Group 2 agencies was 88%. Performance for all agencies in subsequent years should be in the range of 95 to 100 percent. -28-  Improved business recovery capability from disaster through conducting business impact analysis, continuity of operations planning, training, and identification of key essential business functions. The target was to have 95 to 100% of essential business functions and associated IT processes identified and covered by an IT Disaster Recovery Plan by the close of 2007. This stretch goal was met in 2006 with 97% of the State’s large mission-critical agencies having Continuity of Operations Plans (COOPs) in place covering 100% of the State’s critical business functions. Ninety-four percent of the state’s large agencies, encompassing all of the state’s essential business functions have approved COOPs. Furthermore, 48% of the small agencies, boards and commissions have submitted Continuity of Operations Plans with at least a ‘Medium” readiness level. The State will strive to maintain the goal of 95% of the state’s eighteen mission-essential agencies possessing COOPs with high readiness levels. In addition, 60% of the small agencies, boards and commissions and 100% of the state’s large agencies are anticipated to possess tested COOPs with at least a ‘Medium’ readiness level.  Successful disaster recovery testing of state agencies in a simulated emergency situation. This goal has been met at a handful of agencies but needs to be further addressed in FY 2009, especially in the area of backup and recovery testing, which may require design changes to infrastructure and long-term funding at some agencies. Although all major agencies are backing up their information on a daily or weekly basis, not all of these agencies are testing the backup media to ensure that they are actually recoverable. The target for FY 2008 was 95 to 99% of the Group 1 agencies to be testing their backups on at least a weekly basis. The reported percentage was 97% in FY 2008. The goal for FY 2009 remains at the same high level or better. Current Initiatives Underway “In recognition of the increased importance of information security and privacy, a Statewide Information Security Office was established in 2007. Statewide Information Security & Privacy Office (SISPO): In recognition of the increased importance of information security and privacy, a Statewide Information Security Office was established in 2007 to oversee both IT security and privacy across all state agencies within GITA. The Office began strategic planning and policy development in early 2008. In the near future, SISPO will facilitate IT security training, planning and implementation in state agencies although the individual agencies will retain responsibility for their programs and operations. For the past three years, GITA held six hour-long sessions of IT security training, capturing nearly two-thirds of the smaller agencies. The remaining third have been reached through personal discussions in order to address specific IT security or privacy awareness gaps and/or concerns. The intent in this coming year will be to directly contact agencies and determine appropriate training -29- programs assuring that each employee is aware of their individual responsibility for protecting state information and technology resources and the consequences of non-compliance. Following the development of the Statewide Security Plan, already underway, a statewide risk assessment is one of the initial deliverables for the phased implementation of this office. A statewide Information Security & Privacy Certification process is also under development. Executive Order 2008-10, issued by Governor Napolitano in late 2007, identified ten key components for agencies to address in mitigation of Cyber Security threats including appointment of Agency Information Security and Privacy officers as liaisons with SISPO and requiring deployment of encryption technology on all confidential resources or those containing personally identifiable information. All executive branch agencies are required to submit Continuity Plans as well as test and maintain them. In conjunction with these efforts, State CIO Chris Cummiskey participates as a member of the Governor’s Homeland Security Cabinet. Furthermore, the Emergency Preparedness Oversight Council (EPOC) which was established by the Governor in 2006 to determine overall emergency preparedness within Arizona, consolidate emergency activities across agencies, and assign responsibilities for such activities in the future as part of continuity of government efforts continues to forge ahead. Continuity of Operations Planning (COOP): All executive branch agencies are required to submit Continuity Plans as well as test and maintain them. The statewide COOP program, coordinated by the Department of Emergency and Military Affairs (DEMA) working in partnership with the Arizona Department of Administration (ADOA) and GITA, reviews and analyzes the biennially-submitted COOPs to determine potential statewide gaps. IT Disaster Recovery Plans are part of the individual COOPs. In partnership with key agencies, there has been significant progress achieved on IT disaster recovery projects such as MAGNET 2 development, standardization of backup drives, disk mirroring across agencies, statewide disaster recovery tests, and a pilot for Open Systems and servers. Furthermore, three major agencies have been working jointly on the coordination of an out-of-state disaster recovery facility which will eventually include many of the smaller agencies as well. Significant progress was made in collaborative tests at the out-of-state facility in 2008. Some independent Disaster Recovery projects have also been undertaken at small and medium agencies. Communications Security: The need to communicate efficiently and securely, when preparing and responding to emergency situations, is extremely critical for first responders, state government, and the public. Due to the importance of communications interoperability to support statewide emergency -30- response, the State is addressing both long-term microwave (radio and data) infrastructure enhancements and tactical communications procedural gap closure needs. At present, the lack of communications interoperability across emergency management agencies inhibits first responders from safe and effective communication. Under the guidance of the Public Safety Interoperability Communications Commission (PSCC), with input from public safety stakeholders statewide, the Arizona Departments of Homeland Security, Public Safety and GITA created the first Statewide Communications Interoperability Plan for Arizona in 2007. The long-term goal is to create a sustainable PSCC system allowing intercommunication between all of the state, local, federal, and private sector entities in support of planning, preparedness exercises and response to and recovery from emergencies. Funding from the Federal Department of Homeland Security will be leveraged for implementation of the SCIP. Data and intellectual property are the state’s primary assets. In collaboration with the new Arizona Department of Homeland Security, DPS, DEMA, GITA, and local safety organizations are providing consulting support services for three-digit N-1-1 “one call” resource centers; e.g., 2-1-1, 3-1-1, 5-1-1, and 9-1-1. Arizona State government recognizes that an efficient and interoperable information technology infrastructure is essential for a sustainable continuity of operations capability and improvement of collaborative Homeland Security efforts for first responders, emergency management, public safety, welfare, and transportation functions. -31- SUMMARY OF EXECUTIVE AGENCY IT PLANS All executive agencies submit strategic IT plans to GITA annually. In 2007, major agencies identified their concerns and foci for coming years. The increasing professionalism reflected in these strategic plans shows up in the following trends:  Agency recognition of evolving IT technology and its impact on the way business is being conducted, especially process reengineering.  Need for specialized staff and enhancement of their skills.  Growing use of the Internet for improved timeliness of both information and services.  Increased emphasis on better service for stakeholders, their customers, and the general public.  Protection of the IT infrastructure and the data contained within it.  Enhanced automation yet, at the same time, growing frustration due to rapid technology State government can bypass many business inefficiencies by implementing strong quality assurance practices. changes and the costliness of both retention and ongoing training of IT staff. Distinguishing between Goals & Objectives The Governor’s Office for Strategic Planning and Budgeting (OSPB) defines a strategic planning methodology based upon an agency’s mission, vision, goals, and objectives. Arizona employs this methodology for statewide strategic IT planning and this format is in turn reflected by the executive agencies in their IT plans. While mission addresses the organization’s purpose in being and, as such, is all encompassing and rarely changes, whereas vision reflects the agency’s compelling conceptual image of its desired future. Mission is basically the ultimate rationale for the existence of the agency, board or commission while vision represents a global, continuing evolution of the organization’s growth. By contrast, an organization’s goals provide a framework for more detailed levels of strategic planning. Goals are more specific than the mission statement, yet general enough to stimulate creativity and innovation. Goals describe the desired “to-be” state of the agency and are the planning -32- targets. An agency’s strategic issues may lead to strategic planning goals. For example, a strategic issue may be difficulty in dealing with rapid IT technology changes, while the goal might be an IT training program. Objectives reflect the specific and measurable activities necessary for accomplishing agency goals. As opposed to goals, objectives are specific, quantifiable and time-bound. The key word is quantifiable, since performance measures are typically associated with objectives in order to assess progress in achieving the overall goals. Objectives represent activities while goals are desired states. SUMMARY OF EXECUTIVE AGENCY IT TRENDS The use and influence of the Internet through more sophisticated customer expectations has touched almost all agencies at this point. Last year, agencies’ IT plans were focused on customer … The use and influence of the Internet through more sophisticated customer expectation has touched almost all agencies at this point… service, especially through websites and the use of the Internet; while this year increased efficiency dominates. Although 77 percent of agencies have goals dealing with customer service, 83 percent have goals reflecting more efficient operations. Both of these percentages are increases over last year. In addition, some form of productivity was mentioned in 70 percent of agency IT plans. A not unsurprising trend emerged as State agencies referred to web-based content delivery in 84% of their plans while 63% of the agencies are in the process of upgrading or refreshing IT equipment. These statistics primarily reflect the impact of the trends within the smaller agencies, boards and commissions since the major agencies are involved with web-based content to a somewhat lesser degree [73% of the cases]. Larger agencies are spending 47% of their strategic efforts on IT security and privacy. Communications are obviously a key component in these situations. Growth of wireless and broadband is frequently mentioned, especially in connection with remote users. Additionally, the use of statewide enterprise architecture targets and the new service-oriented architecture theme will make agency collaboration a reality in the foreseeable future. Although improvement to agencies’ infrastructures has been prominently called out beginning in FY 2003, this goal has fallen annually as infrastructure upgrades have been implemented. Presently, these goals are addressed in terms of bandwidth expansion, telecommunication improvements for wireless, PDAs, and remote telecommuting capabilities. The application of evolving technology to the rural regions of Arizona has also come to the forefront. Agencies have incorporated new ways of doing business through the use of remote communications and laptops, making jobs more rewarding and their staff more effective. The acceleration of change is apparent, especially in the -33- arena of producing an economy increasingly based on knowledge. Use of new WAN technologies can enable enterprises to use their networks more efficiently. As in past years, Internet delivery of information and services has been an important theme. It was the most often mentioned trend in both FY 2004 and FY 2005 and now again in FY 2007 and FY 2008. However, now management and customer expectations seem to be the drivers. Agencies are more frequently citing lack of budget and IT skills as issues or obstacles. As one major agency CIO put it: “business dependence upon technology is expanding faster than the transfer of resources to IT”. Another agency indicated that “staff are increasingly dependent on technology within job roles not heretofore associated with IT”, hence hampering overall IT resource planning. Key issues across state agencies this year include the following:  60 percent of major agencies foresee IT staffing and training needs as a future concern.  53 percent of major agencies consider IT staff retention an issue.  50 percent of major agencies consider have a problem meeting business needs with current resources.  47 percent of all agencies have identified lack of IT budget as a problem.  43 percent of major agencies foresee a need for increased bandwidth and/or services.  40 percent of all agencies cite lack of adaptability of their organization as a deterrent to future progress. During the planning process, agencies are asked to list any trends that they foresee impacting their IT program’s ability to support the business of the agency. The top IT trend categories for the last four years have been slowly evolving from ‘use of the Internet’ and ‘remote connectivity’ to ‘evolving technology’ and the ‘Internet and/or web-based content delivery’. Gartner stated recently that “collaboration and mobility will be key to driving future productivity, but ironically, because these are soft benefits or reside outside the IT department, expenditures in this area have been slow in … Sharing data and services is seen as the first step in moving towards operating the state as a true enterprise… coming.” -34- EVOLVING TECHNOLOGY Information Technology is continuing to rapidly evolve. A new unexpected area of change is the innovation stemming from increasingly tech-savvy business users rather than IT departments. Integration of multiple web services is replacing in-house functions. Software as a service is now beginning to supplant custom in-house developments. Interactivity is becoming reality rather than a new buzz-word. Two way communication between what were passive users and a web page is now commonplace. Web sites now let people communicate not simply read or inquire. Instead of passive consumers, web surfers have the capability of becoming active creators. An Information Week, Oct 29, 2007 article cites a CIO who found mashups to be so effective in integrating multiple web services that he turned to web-based service providers, cutting his IT staff by 20%. A mashup is a web page or application that integrates complementary elements from two or more sources. Like blogs, vlogs and tagging, mashups are a part of an ongoing shift towards a more interactive and participatory Internet environment with user-defined content and services. Web-based Content Delivery The trend most often by mentioned by agencies in years past dealt with the use of the Internet to provide information and services. However, in the last two years, the focus seems to have moved beyond the Internet alone to evolving technology focusing on content delivery through the Internet. In general, this trend is viewed by GITA as a broadened IT awareness on the part of State agencies that the Internet is only part of a changing paradigm. There is a growing recognition that more than infrastructure improvements are required to truly incorporate IT into the business process. This trend is part of an increasing awareness of the need to re-engineer business processes to better Although the trend most often mentioned by agencies in years past dealt with the use of the Internet to provide information and services, in recent years the focus seems to have moved to evolving technology content delivery through the Internet. incorporate information technology. Nearly 40% of major agencies cited re-engineering and process improvement as goals this year. A common thread of document imaging to solve records retention issues was also noted. IT as a management tool has also crept into agency goals, a new theme altogether. New systems development and connectivity were popular objectives this year, perhaps reflecting innovation and making better use the capabilities of IT. One agency stated “business process owners are increasingly dependent upon IT to refine and improve their efficiencies and effectiveness. IT work now focuses heavily on soft skills…high levels of creativity, fusion of industry knowledge and business process expertise. Impact to the existing legacy staff has been dramatic.” -35- Enhanced Staff & Training Needs Enhanced staffing and training needs was again paramount among trends across state agencies this year leaping over last year. Not only are smaller agencies, boards and commissions in need of higher skilled IT staff but also larger agencies are realizing that increasingly specialized and systems engineering skills are needed rather than their previous focus on hard skills such as mainframe and operations. More personal interaction with end-users, cross discipline, complex procedures, and an understanding of highly integrated systems is required of today’s IT technologists. Moreover, the question is “Do we have the right-skilled people available to implement these major projects?” Strategies need to include both development plans for key people and sourcing methodology that ensures that the right external resources are selected and managed effectively. In particular, experienced project managers are a scarce resource in the state today. New Focus by GITA In the key areas of Project Investment Justification and project oversight, GITA is intensifying its focus on higher risk projects as defined by project size and scope, and essential functionality. Hence, agencies with projects in these categories were required to update their IT plans with specific goals, objectives, and underlying performance measures. Other agencies answered an online checklist covering pre-formatted trends, issues, goals and objectives and brief questions on their current IT privacy and security practices. Additionally, project managers for ITAC-qualified projects will require state certification in the near future. GITA is intensifying its focus on higher risk projects as defined by project size and scope and essential functionality. Appendix A lists all Arizona executive agencies separated into two categories; namely, Group 1 entailing agencies with major IT expenditures over the last four or more years and Group 2 composed of all other agencies. With the new focus on major risk, all statistics reflect the thirty-one Group 1 agencies. As in the past, major agencies set goals for the next three years in their IT plans. In addition, the process still includes identification of one or more objectives associated with each IT goal. Again, objectives are defined as activities necessary to achieve goals and are required to be measurable. The remaining sixty-four smaller boards, commissions, and agencies submit a streamlined IT plan. The streamlined IT plan includes a pull-down list of possible trends, issues, goals and objectives. Additionally, each of the smaller agencies has the option of writing in additional trends, issues, goals or objectives as well. -36- Trend Summarization Citizens embracing new technologies are compelling agencies to improve their websites, a continuing trend across the state. The following table summarizes the top eight most frequently mentioned categories within state agencies across the last three fiscal years. There are several clear trends depicted over the past three years, among them a rising focus on IT security. Agency use of standardized repeatable processes seems to be overcoming their previous concerns over evolving technology. It is also interesting to note that enhanced IT staff and training needs is a diminishing trend although still very present in IT plans. Table 1 Top IT Trends identified by agencies in FY 2006 through FY 2008 FY 2006 FY 2007 FY 2008 48% 72% 84% Enhanced IT staff & training needs 76 63 60 IT security 33 40 47 Citizens embracing new technologies 27 30 44 Remote connectivity to agency network 67 60 40 Evolving technology 52 33 30 Use of standardized repeatable processes n/a n/a 27 Sharing data with other agencies 6 27 23 Infrastructure improvement* 46 25 17 Productivity* 47 10 10 Trend Category Use of Internet to provide information and services Note: *Infrastructure improvement and productivity were included to show the downward and/or static trend in these two categories. -37- SUMMARY OF EXECUTIVE AGENCY IT ISSUES Each year, state agencies list issues having an adverse impact on their IT program’s ability to strengthen and support the business of the agency. These issues, as identified by each agency, are analyzed and categorized into five general concerns. Not surprisingly, many of the same issues emerged as in previous years. Both a lack of funding and a lack of IT staff appear among the top two issues mentioned overall. Interestingly, both new technology and integration of business and IT planning follow closely behind, emphasizing the nature of the skills that are in short supply. The top IT issue categories and response percentages identified by state agencies across the past three fiscal years are listed in the following table: Table 2 Top Agency IT Issues over FY2006 through FY 2008 Issue Category FY 2006 FY 2007 FY 2008 Lack of IT staff 76% 63% 60% Lack of funding 42 63 47 New technology 36 47 43 IT security concerns 48 31 40 Adaptability of organization n/a n/a 40 Lack of qualified IT staff has been among the top four issues for the past four years but had slipped a bit last year, perhaps due to raises for state employees in late FY 2006. This category was often expressed in conjunction with problems in staff retention, recruiting qualified IT staff, and IT training. Several medium and small agencies mentioned that they did not even have full-time positions for information technology. The fact that this issue has been prominent for so long suggests a need for some sort of shared pool of personnel for the smaller agencies in this area. Inadequate IT funding was again often identified as having a negative impact on being able to support the agencies’ missions for all fiscal years. New or evolving technology is still being cited as an obstacle by nearly half of the agencies, primarily the smaller ones now. In addition, a brand new category was mentioned by many agencies this year in respect to the lack of flexibility of their agency to change. A need for adequate IT security was identified by over one third of agencies, an increase from last year. For some agencies, this deficiency means developing and implementing business continuity -38- and disaster recovery while others need to address specific security standards such as backup testing, written procedures, user authentication, awareness training and data exchanges. The annual online Technology Infrastructure and Standards Assessment (TISA) questionnaire answered by agencies appears to be raising overall awareness of the important role of IT security and privacy in today’s Internet and IT world. TISA guidelines now require major agencies to assess their current capabilities by percentage of compliance with each statewide standard. Since more than half of the statewide standards deal with security and/or privacy this area is a primary focus, especially for the Group 2 agencies which receive an optional annual security awareness training class from GITA. AGENCY IT GOALS & OBJECTIVES Summary of Most Frequently Cited Agency Objectives in FY 2008: - 75% of agencies have objectives referring to website improvement - 67% of agencies record objectives concerning development of new systems - 64% of agencies have objectives dealing with upgrading IT equipment - 55% of objectives are concerned with staff training - 53% list objectives related to data connectivity - 48% of agencies plan to use new technology - 47% of agencies are focused on disaster recovery Recognition of need for Strategic IT planning While in FY 2007, agency IT plans became increasingly customer-focused; FY 2008 brought even greater improvements in the arena of customer concerns and aligning technology and business goals. In particular, agencies grew better at articulating their business reasons for IT. New system development and re-engineering of older systems remained important from FY 2007 to FY 2008 with more than two-thirds of the major agencies identifying objectives dealing with system development. -39- The top three agency goals cited in FY 2008 were efficiency at 83%, customer service at 77%, and productivity at 70%. These goals are being achieved through the objectives enumerated above; i.e., development of new systems, website improvement, IT equipment upgrades, and both data connectivity and new technology. In addition, the training of IT staff factors into the overall equation more than half of the time. These objectives underscore nicely the importance of reaching customers through the Internet and the maturity of systems development in both data and service sharing. The following table shows the top goal categories and percentage of agencies with at least one goal in those categories: Table 3 Top IT Goals listed by agencies FY 2006 through FY 2008 Goal Category FY 2006 FY 2007 FY 2008 Improve overall efficiency 59% 66% 83% Improve customer service 58 73 77 Productivity 58 61 70 Communications 12 40 47 Enhance IT security 33 37 47 Enhance IT infrastructure 46 25 43 Enterprise architecture aligned with business 9 34 37 Some of the most popular goal categories have changed dramatically over the past few years, while others have simply decreased in prominence or disappeared entirely. Three clear trends stand out in the agencies’ goals; namely, improved customer service, improved focus on overall efficiency and more emphasis on data sharing. GITA views all of these trends as very positive. The statewide goal of government accessibility was derived in part from agencies’ continuing convergence toward better customer service. The goal of improving overall agency efficiency seems to be on a steady upward trend, possibly a result of the Governor’s focus on Efficiency Review and the fact that it was a statewide goal in the past. The goal category dealing with communications is seeing resurgence from past years, possibly due to breakthroughs in technology such as wireless. In addition, IT security continues to grow, undoubtedly due to increasing identity theft and privacy concerns. Alignment of Enterprise architecture with the business process is a relatively new goal but an important one. New pilot projects in the area of SOA are also placing an emphasis in this area. Surprisingly, the focus on -40- enhancement of agency IT infrastructure bounced back this year to almost its previous FY 2006 level. Overall these IT goals reflect very desirable movement towards a statewide integrated architecture better serving the public. AGENCY IT PLAN SYNOPSIS As a national leader in information technology, Arizona was one of the first states to create a state chief information officer. Not only has Arizona been touted as a national model for open government, but it now has entered into a partnership to enhance citizen access to government information with a prime network search engine provider. This example of innovation in government highlights the use of commercial search engines in public databases to increase public access to vital government information. A sitemap protocol gives citizens direct online access to State databases by allowing an index to be created to database contents to facilitate searching. The State’s IT practices have become a model of efficiency and accountability in state government. Benefits of these efforts have been felt in the State in the form of improved customer service, increased accessibility to State government, and greater access to information technology. National recognition has been achieved for Arizona’s IT accomplishments including several awards from the Center for Digital Government in Information Technology. In addition, the state’s web portal was a Best in the Web finalist in 2006. Building on the foundation laid by the last eight years of planning and oversight, Arizona is focusing As a national leader in information technology, Arizona was one of the first states to create a state chief information officer. on streamlining government efficiency through e-government initiatives. IT planning and coordination is already serving as the cornerstone of Arizona’s homeland security and business continuity efforts. The new strategic direction in IT planning should make the process more objective and measurable in the future thus facilitating progress. Agencies are asked to incorporate goals and objectives set forth in this Statewide Strategic IT Plan into the development of their own business and IT plans. Although the direction of IT planning has been modified, agencies are encouraged to carry on the established process of IT planning started six years ago by GITA. These collaborative efforts will ensure that Arizona sets the standard for excellence in the delivery of government services to its people, enabled by strong processes and stronger information technology practices. Based upon review of agencies’ IT plans, there seems to be a growing recognition of the value of shared services moving them to collaboration and working across boundaries that will ultimately improve overall efficiencies. Communications fits into this equation as a key component. The growth -41- of wireless and broadband has jump-started many new possibilities in this fertile area. The use of statewide enterprise architecture targets will make these attempts more successful in the long run. Recognition of the power of evolving technology and the influence of the Internet seems to have affected almost all agencies. In the past, when agencies’ plans were focused on business issues, they were predominantly customer-service oriented; however, this year the business issues seemed to be broader incorporating the three goals of customer service, improving agency efficiencies as well as data sharing. In summary, information technology has moved from the sole domain of large firms to an integral part of almost every business in Arizona. Access to information will be at the heart of economic development throughout rural Arizona. The importance of bringing information technology to rural Arizona has been recognized. Not only is more information about services and related links being provided to the public but the speed and power of the Internet is also driving more autonomy to the website. FINDINGS FROM AGENCY IT PLANS After careful review of the state agency’s IT plans, the following findings highlight items that need to be addressed as part of their annual IT planning process. 1. Although multi-agency integration of services is still not addressed directly in agency IT plans, these kinds of IT projects have the largest potential for providing enhanced services to the public at the same time as reducing the costs and time to provide those services. Elimination of individual agency perspectives within government thinking is essential to efficient operations as an enterprise. 2. Re-engineering of business processes will accomplish more to truly incorporate IT in the business process than mere infrastructure improvement. This trend is based on the everwidening number of state agencies mentioning re-engineering of their business processes. 3. Growing use of new technologies by the Arizonans is viewed positively by most agencies. These agencies plan to take advantage of this trend by offering more Internet services. Many state agencies acknowledge that they are being driven by expanding Internet maturity and heightened expectations of their customers. 4. Inadequate IT funding was most often identified as having a negative impact on being able to support agencies’ missions over all fiscal years. However, this year differs from years -42- past in that there is recognition on the part of agencies that funding will never be sufficient to do all that is desired and that collaboration and data sharing may provide common answers. 5. Hiring and retention of qualified IT staff has been a prominent issue for the past five years on the part of both larger and small agencies. This year, for the larger agencies in particular, improvements in salary were addressed; now staff education is needed. This issue also emphasizes a need for some sort of shared pool of IT personnel for smaller agencies, boards and commissions. 6. Consideration of shared IT consulting services for the smaller agencies would clearly be in the best interests of the state to improve service delivery as well as the efficiency, security and effectiveness of many of the boards and commissions. RECOMMENDATIONS BASED ON AGENCY IT PLANS These recommendations are meant to guide future IT planning efforts on the part of all executive agencies, boards and commissions. Identification of risks, especially technology-related risks, to delivering strategic outcomes is needed now that agencies are integrating their IT planning with their business planning processes. Addressing risk management is the next logical step following strategic planning since many strategies assume there is only one possible future environment. Robust strategies explicitly spell out the dangers that could be encountered including risks with causes outside the IT organization, including the use of non-standard IT components, poor data quality, architectural inefficiencies, and poor execution. In addition, failures within the IT organization that may adversely affect customers include information security issues and ineffective vendor management. Agencies must continue to explore ways to integrate services and share data to better serve the public. A statewide standard for an enterprise IT architecture to promote consolidation of data and sharing of services has been in place in Arizona for five years. Additionally, the State web portal provides opportunities to expand portal services among smaller boards and commissions. Agencies should consider the use of the Internet and e-government to improve more of their services. State decision makers and financial planners need to recognize and respond to the clearly inadequate salary structure for State IT personnel. Agencies have indicated each year for the past four years, the lack of highly qualified IT personnel to manage the State’s multi-million dollar IT development projects. It is pennywise and pound-foolish to believe that the State agencies can effectively manage the State’s IT agenda without adequate staff to carry out these functions. -43- Appendix A AGENCIES BY GROUP Group 1 Agencies Administration, Arizona Department of Agriculture, Arizona Department of Arizona Health Care Cost Containment System Attorney General, Arizona Office of the Corporation Commission, Arizona Corrections, Arizona Department of Economic Security, Arizona Department of Education, Arizona Department of Emergency and Military Affairs, Arizona Department of Environmental Quality, Arizona Department of Game & Fish Department, Arizona Gaming, Arizona Department of Governor, Office of the Health Services, Arizona Department of Homeland Security, Arizona Department of Industrial Commission, Arizona Juvenile Corrections, Arizona Department of Land, Arizona Department of Liquor Licenses and Control, Arizona Department of Lottery, Arizona Parks, Arizona State Public Safety, Arizona Department of Radiation Regulatory Agency Revenue, Arizona Department of Registrar of Contractors, Arizona Retirement System, Arizona State Secretary of State, Arizona Tourism Office, Arizona Transportation, Arizona Department of Veterans' Services, Arizona Department of Water Resources, Arizona Department of -44- Group 2 Agencies Accountancy Board, Arizona Acupuncture Examiners Board Administrative Hearings, Office of Appraisal, Arizona Board of Arts, Arizona Commission on the Auto Theft Authority, Arizona Barbers, Arizona Board of Behavioral Health Examiners, Arizona Biomedical Research Commission Building, Life, & Fire Safety, Arizona Department of Charter Schools, Arizona State Board for Chiropractic Examiners, Arizona Board of Citizens Clean Election Commission Commerce, Arizona Department of Cosmetology, Arizona Board of Criminal Justice Commission, Arizona Deaf and Blind, Arizona School for the Deaf and Hard of Hearing, Arizona Commission for the Dental Examiners, Arizona Board of Dispensing Opticians Board Early Childhood Development and Education, Arizona Board of Equalization, Arizona Board of Executive Clemency, Arizona Board of Exposition and State Fair, Arizona Financial Institutions Department, Arizona Funeral Directors & Embalmers Board Geological Survey, Arizona Government Information Technology Agency, Arizona Historical Society, Arizona Homeopathic Medical Examiners Board Housing, Department of Indian Affairs, Arizona Commission of Insurance, Arizona Department of Medical Board, Arizona Mine Inspector -45- Group 2 Agencies (Cont’d) Mines & Mineral Resources, Arizona Department of Naturopathic Physicians Examiners Board Navigable Stream Adjudication Commission Nursing, Arizona Board of Nursing Care Examiners Board Occupational Therapy Examiners Board Optometry, Arizona Board of Osteopathic Examiners, Arizona Board of Personnel Board Pharmacy Board, Arizona Physical Therapy Examiners Board Pioneers Home, Arizona Podiatry Examiners Board Postsecondary Education Postsecondary Education, Private Psychologist Examiners Board Racing, Arizona Department of Real Estate, Arizona Department of Regents, Arizona Board of Residential Utility Consumers Office Respiratory Care Examiners Board School Facilities Board Structural Pest Control Commission, Arizona Tax Appeals Board, Arizona Technical Registration, Arizona Board of Treasurer, Arizona State Veterinary Medical Examiners Board, Arizona Water Infrastructure Finance Authority Weights and Measures, Arizona Department of -46- Appendix B TOP TEN AGENCY IT PROJECTS AS OF APRIL 2008 This appendix enumerates the top ten strategic IT projects during the past year at Arizona executive agencies. The projects are listed in order of planned project development costs with a brief description of the type of project, its benefit to the state, past accomplishments and current status. 1. RV01016 – BRITS, Business Reengineering/Integrated Tax Systems - $145M Overview - The Department of Revenue contracted with a vendor in 2003 to replace its legacy systems with a comprehensive integrated revenue processing, collection, accounting and reporting system. The development and operations cost of the project is uniquely funded through a ‘gain sharing’ arrangement, whereby the vendor finances system development and implementation through increased revenues collected by the new system. Payment for the system will come in the form of allocating a percentage of increased tax collections to be split 85% to the vendor/ 15% to State until the complete system is fully paid. Although originally estimated at $124M plus interest; an 18 month extension was approved to extend the contract in 2007. Status - The final tax application, Individual Income Tax, was successfully implemented in early 2008. Training of Revenue personnel in maintenance and operation of the new system is underway. 2. DE07013 – ASRP Arizona Systems Replacement Project $52M Overview - In mid-2007, Department of Economic Security began development of an integrated system to replace three major legacy systems developed independently over past years. The Arizona Technical Eligibility Computer System (AZTECS) software, currently supporting 5000 users on a mainframe using COBOL on an ADABAS database with terminal emulation, will be combined with the Jobs Automated System (JAS) software and the Arizona Child Care Case Automated Tracking System (AZCCATS) web-based software using a business process reengineering approach. -47- Status – As of January 2008, the reengineering of the AZTECS was begun and will continue throughout the next two fiscal years including functionality from the other systems; namely JAS and AZCCATS. An RFP will be issued following the collection and analysis of new system requirements. 3. RT01001 – PERIS, Public Employees Retirement Information System - $30M Overview - In 2001, the Arizona State Retirement System (ASRS) began the process of implementing a comprehensive plan to upgrade its legacy systems and move completel y off its Unisys platform to an ORACLE-based solution. In addition to eliminating data redundancy inherent in maintaining multiple systems, ASRS sought to enhance data integrity, improve responsiveness to members and streamline operational processing while enabling the flexibility and growth potential to better support the state’s growing retirement population. Status –With the completion of its last application, Contribution Posting, ASRS will have achieved their original objectives, having increased productivity, timeliness and quality throughout the agency and will no longer require its legacy Unisys platform. To date, sixteen applications have been completed, many in multiple phases. The target date for completion of the last application is early FY 2009. 4. PS06011 – Analog Microwave Replacement System - $10M Overview – The Arizona Department of Public Safety (DPS) plans to adapt and/or replace all of its analog radio towers and microwave equipment in the State to accommodate digital transmission. Each of the new sites will be fully compatible and interoperable with the DPS network as well as with Federal, county and municipal law enforcement agencies and first responders. The full system replacement has been estimated to take more than five years, at a total cost of $52.7M of which 11.1M is allocated for technology. Status – The Analog Microwave Replacement Project was begun in 2007. Although progress has been hampered by funding and procurement issues as well as obtaining building permits from various landowners, the necessary equipment for the first nine hops of microwave has been ordered and planned for implementation by end of October 2008. -48- 5. DT05028 – Intelligent Transportation System - $7.4M Overview – The first phase of this Arizona Department of Transportation (ADOT) project was completed in June of 2005. The ITS employs closed circuit television cameras, electronic variable message signs, detectors, ramp meters, Traffic Operation Center monitoring, the AZ511 web site, and the 5-1-1 phone system as needed in both Urban and Rural areas around the State. The continuation of this multi-year project will allow ADOT to install this technology on additional miles of freeways and roadways, continuing to expand and update the system to improve traffic flow and emergency response, and to enhance communication of adverse conditions to the public. Status – Design and construction must complete before installation of system components at various locations throughout the state can be fully integrated. Although priorities and schedules have continued to change, a number of implementations are underway. The project is still scheduled to complete by the end of FY 2010. 6. PS06004 – AZAFIS Upgrade, Automated Fingerprint Identification System - $7.3M Overview - The Fingerprint Identification Bureau of Arizona’s Department of Public Safety (DPS) operates the Arizona Automated Fingerprint Identification System (AZAFIS) to support DPS and other law enforcement agencies throughout the State. Fingerprints are collected from numerous sources and stored in AZAFIS databases, which can then be searched and transmitted electronically as needed for various public safety functions. Since the system was initially implemented in 1995 and last upgraded in 2001, a major upgrade was needed. The new system will provide faster and more accurate search and identification capabilities, thus improving law enforcement efforts, criminal investigations and public safety in Arizona once it is fully implemented. Status – The AZAFIS project officially started in November 2006 and implementation of the upgraded system was completed in March 2008. An ancillary effort to add hardware and software modifications for the Crime Laboratory’s FASTID systems for DNA purposes will extend the original effort until close of FY 2008. -49- 7. AG04003 – AGO Case Management System - $5.7M Overview - The Arizona Office of the Attorney General (AGO) decided to replace its existing application software with an integrated case management system, consisting of nearly 80 applications interacting with an Oracle 8i database. The project began with a complete business reengineering of the business processes of the AGO in 2004. Vendor selection was made in May 2005. Status – The new case management system has been realigned in the past four years, primarily due to requirements that weren’t originally envisioned. The project has entered its final phase with rollout and testing currently taking place. 8. HC08003 – AHCCCS Health Information Exchange & Electronic Medical Records Project – $5M Overview – The Arizona Health Care Cost Containment System (AHCCCS) plans to create a webbased electronic health records system as part of an eventual health information exchange infrastructure (HIE). The development of an Electronic Medical Records (EMR) database with its associated exchange process for only Medicaid providers and payers is also one of the state’s initial SOA pilot projects. The database extraction system is expected to be completed by the end of FY 2008. Status – The Phase one of the HIE Project was begun in early October 2007 and is expected to be completed by close of the fiscal year in July 2008. Phase two will implement the EMR database for its full membership followed by phase three which includes online medical management tools, automatic adjudication of claims, clinical decision support tolls and other aids. 9. AD07010 – Infrastructure Investment Charge Projects- $4M Overview – In 2004, Arizona Department of Administration began a planned series of infrastructure upgrades with the AZNet Project, creating a statewide telecommunication network for ninety-four executive branch agencies, both large and small. The infrastructure investment projects continue with upgrade of switches, bandwidth improvement, and WAN consolidations to both enhance the IPT technology and save costs for the state. In addition the IPT cluster will be enhanced, aging -50- generators upgraded and five new air conditioners added. This work will continue the build-out of the statewide converged network. Status – This phase of the Infrastructure Investment project was begun in late June of 2007 and is expected to complete by May 2008. 10. PS07009 – DPS Mobile Video Cameras for Patrol Vehicles – $4M Overview – The Arizona Department of Public Safety (DPS) plans to implement mobile video cameras in patrol cars. As part of the settlement agreement for a Federal suit against DPS, the agency agreed to install mobile video systems in patrol vehicles. Mobile video cameras and recording devices have been successfully deployed in hundreds of law enforcement agencies throughout the nation. As part of this project, DPS plans to install the video equipment, train its officers in their use, and create a secure video archive facility. The scope of the overall effort involves installation of up to 150 mobile video cameras per year over the next five years, as funding allows. Status – The Mobile Video Camera Project was begun in late April 2007 and is slated to be complete by close of the fiscal year in June 2011. The acquisition and deployment of 79 cameras, servers and other related equipment for FY 2007 was completed in early August. The deployment of an additional 94 cameras, servers and other related equipment for FY 2008 is in process. -51- Appendix C SUMMARY OF ACTIVE IT PROJECTS BY CATEGORY & COST AS OF APRIL 2008 Agency Category Responsible Agency Total Cost ($K) EDUCATION Deaf and Blind, Arizona School for 269.1 Education, Department of 3834.5 Post Secondary Education, Board of 952.5 GENERAL GOVERNMENT Administration, Department of 19406.4 Attorney General, Office of 7682.3 Corporation Commission 2663.0 Criminal Justice Commission, AZ 200.0 Department of Gaming, Arizona 100.0 Governor Highway Safety, Office of 381.0 Lottery, Arizona 150.0 Retirement System, Arizona State 38,469.5 Revenue, Department of 172,962.2 State Treasurer, Arizona 508.4 HEALTH & WELFARE AHCCCS 20227.6 Economic Security, Department of 93,676.2 Health Services, Department of 17,554.9 Veterans’ Services, Department of 428.9 INSPECTION & REGULATION Cosmetology, Board of 250.7 Dental Examiners, Board of 146.2 Equalization, State Board of 305.0 Medical Board, Arizona 673.8 Registrar of Contractors 5747.0 Game & Fish, Department of 1235.2 Land, Department of 570.8 Parks, Department of 107.3 NATURAL RESOURCES PROTECTION & SAFETY Emergency Management, Department 150.0 Public Safety, Department of 42,129.0 Transportation, Department of 12,476.5 TRANSPORTATION GRAND TOTAL 443,257.0 -52-