Arizona Department of Administration Arizona Strategic Enterprise Technology 2017 - 2019 FY FY Statewide Strategic IT Plan Doug Ducey, Governor 4 Morgan Reed, Assistant Director & State CIO Table of Contents From the Desk of the CIO................................................................................................................................................1 A Quick Look Back..............................................................................................................................................................2 ADOA-ASET Vision, Mission and Values.....................................................................................................................5 Executive Summary...........................................................................................................................................................6 FY’2017 - FY’2019 Strategic Goals: Overview...........................................................................................................7 Goal 1: Build a World-Class IT Organization............................................................................................................8 1.1 Attract, develop and retain talent to meet strategic goals.................................................................... 9 Goal 2: Establish and Execute Statewide Technology Roadmap..................................................................10 2.1 Technology roadmap governance..............................................................................................................11 2.2 Develop roadmap (annual).............................................................................................................. 12 2.3 Deploy roadmap (annual)................................................................................................................ 13 Goal 3: Optimize Service Delivery..............................................................................................................................14 3.1 Enhance core competencies............................................................................................................ 15 3.2 Develop optimized ASET service support strategy....................................................................... 16 3.3 Sunset legacy services...................................................................................................................... 17 Goal 4: Secure the Enterprise......................................................................................................................................18 4.1 Advanced endpoint protection........................................................................................................ 19 4.2 File integrity management............................................................................................................... 20 4.3 Enterprise directory service............................................................................................................. 21 4.4 Publish statewide IT policies and standards.................................................................................. 22 4.5 State cyber security exercises ........................................................................................................ 22 Goal 5: Deliver Transformative Technologies......................................................................................................23 5.1 Explore opportunity for enterprise mobility................................................................................. 24 5.2 Implement framework for enterprise big data strategy.............................................................. 24 5.3 Migrate all state agencies to a unified, enterprise-class email solution.................................... 25 5.4 Implement electronic procurement system.................................................................................. 26 5.5 Implement Human Capital Management modernization solution............................................. 27 Goal 6: Strengthen Service Delivery Capabilities...............................................................................................28 6.1 Implement new IT governance model............................................................................................ 29 6.2 Implement service management model........................................................................................ 29 6.3 Implement an IT asset and configuration management solution.............................................. 30 From the Desk of the CIO Morgan Reed Assistant Director & State CIO ADOA – ASET “Now is the time for us to be innovative and efficient by finding ways to achieve more with less” In 2016, The Arizona Strategic Enterprise Technology (ASET) division of ADOA is at an exciting and expansive stage of development. In an effort to guide this next stage of growth, the executive team conducted a major planning process and sought input from a broad range of interested parties including staff and external stakeholders. From this process we developed the FY’2017 - FY’2019 strategic plan. At its core, the plan outlines specific goals and initiatives that pave the way toward becoming the leader of technology and the hub of exceptional customer service. It outlines a focused direction for maximizing our effectiveness, better informing decisionmakers and educating technology executives throughout state government. Now is the time for us to be innovative and efficient by finding ways to achieve more with less. I believe that two major government trends are influenced by the needs of our customers. These are the expectations of exceptional service at all levels of government and the desire for a consistent user experience across the enterprise which is faster, more cost effective and easier to use. Through maximizing on-line capabilities, offering increased mobile applications and other innovative solutions we are able to more effectively and efficiently provide new and improved services. Our plan will allow us to remain focused on the strategic direction and accomplish our vision together to meet the demands of our customers. This plan was developed at a time of great momentum and prioritizes our next steps in identifying how ASET will continue moving, changing and growing. Therefore, it is our intent to evaluate and update this plan annually, allowing the division to review and adjust to necessary and ever-changing conditions. As ASET evolves, its needs and priorities may shift but this plan will serve as an evergreen agent for change. It is my pleasure to walk with you down this road as your State Chief Information Officer. Morgan Reed Assistant Director & State CIO Arizona Department of Administration (ADOA) Arizona Strategic Enterprise Technology (ASET) Office 1 A Quick Look Back: During the past year ADOAASET continued to build upon the foundations laid by the previous administration and reached many significant milestones through our people, processes and technology. People Several statewide initiatives were undertaken to engage our employees and give them opportunities for continuing education. • Conducted statewide cyber exercises with participation of the Department of Emergency and Military Affairs, Department of Homeland Security, the FBI and 39 state agencies. • Provided a training portal for employees which enabled staff to complete nearly 4,600 hours of training. • The Project Management Center of Excellence grew to over 250 Project Managers representing over 50 state agencies and political subdivisions who actively participated in meetings, training events and our inaugural Statewide Project Management Symposium. • Created a new Enterprise Business Engineering team to act as the primary point of contact between ADOA-ASET and our customers. 2 Governance, combined with lean, efficient and mature processes are critical components of delivering value to our customers Process Governance, combined with lean, efficient and mature processes are critical components of delivering value to our customers. • Completed and published nearly 30 new and updated statewide security and IT policies and supporting standards. Our program included implementation and training classes for state agencies. • Streamlined the Project Investment Justification (PIJ) process and developed a new process for less complex PIJ requests. • Completed a contract vehicle that enables all 17 jurisdictions to secure managed services to migrate to the Next Generation 911 digital/IP network at the lowest possible cost. • Facilitated and funded enterprise security assessments for 6 data centers, web applications for 9 agencies, and web payment portals. These security assessments allowed us to identify and mitigate gaps. • Supported the State Procurement Office (SPO) in negotiation of improved and cost effective statewide contracting with critical IT and security vendors. 3 ADOA-ASET continued to build and launch new capabilities to modernize our infrastructure, move services to the cloud and refresh our communications systems Technology ADOA-ASET continued to build and launch new capabilities to modernize our infrastructure, move services to the cloud and refresh our communications systems. • Launched Arizona’s Enterprise Services Platform (AESP), the next generation of computing and data sharing for the state. • Converted and launched 100 agency web sites on the Drupal platform, providing agencies with powerful content management tools that can be accessed by a full range of mobile devices, and added powerful payment processing capabilities to our web platform. • Refreshed more than 38,000 agency voice over IP (VOIP) telephone handsets and local area network (LAN) equipment providing more than 64,000 ports. Migrated 87 diverse and aging call centers to a single enhanced platform. The entire Capitol Mall upgrade is now complete. • Made major improvements to the State Data Center (SDC), including two heavy-duty Uninterruptible Power Supplies (UPS) that eliminated a long-standing single point of failure and increased the SDC power capabilities. • Developed the Business One-Stop website, a directory that assists businesses and individuals in gathering regulatory requirements and obligations for growing, moving or starting a business. 4 ADOA-ASET Vision, Mission and Values Drive innovation Be a trusted partner Develop solutions ADOA-ASET Core Values Provide technology leadership Commit to excellence Vision Mission Become the information technology leader for Arizona government, providing innovative and transformative services. To deliver forward thinking and secure IT solutions to state agencies through the expertise of a passionate and skilled workforce committed to superior customer service. It’s not about ADOA-ASET, it’s about the customer It’s not about the provider, it’s about the services It’s not about the cost, it’s about the value 5 Six key strategic goals that provide the foundation to execute our vision Executive Summary The strategic plan is built around six key strategic goals that provide the foundation to execute our vision. Each of these six goals have clearly defined initiatives, action plans and Key Performance Indicators (KPIs) to measure our progress and success. Each goal is managed by an executive staff member and as a team we are accountable for the successful delivery of this strategic plan. In addition to these strategic goals, we will continue to ‘run the business’ by supporting our agency partners through our existing service offerings. 4 FY’2017 - FY’2019 Key Strategic Goals: • • • • • • Build a world-class IT organization Execute statewide technology roadmap Optimize service delivery Secure the enterprise Deliver transformative technologies Strengthen delivery capabilities 6 FY’2017 - FY’2019 Strategic Goals: Overview Group FY17 Initiative Q1 CIO Build a world-class IT organization CSO Establish & Execute Statewide Technology Roadmap Q2 Q3 FY18 Q4 Q1 Q2 Q3 FY19 Q4 Q1 Q2 Q3 Q4 Technology roadmap governance Roadmap development (annual) Roadmap deployment (annual) COO & CMS Optimize Service Delivery Enhance core competencies Develop optimized ASET service support strategy Sunset legacy services Security Secure the Enterprise Advanced endpoint protection File integrity management Enterprise directory service Update and publish statewide IT policies and standards State cyber security exercises CTO Deliver Transformative Technologies Enterprise mobility Big data strategy Enterprise email Procurement Human Capital Management modernization Governance Strengthen Service Delivery Capabilities IT governance model IT service management model IT asset & configuration management solution 7 We need people with a positive attitude, skills and experience that will align with our culture and values Goal 1: Build a World-Class IT Organization In order to execute our vision and support the mission, we need people with a positive attitude, skills and experience that will align with our culture and values. We will do that by developing our current employees through training, coaching, and professional development. In addition, we will hire the right people to fill the talent gaps as we build our capabilities. Owner: Chief Information Officer (CIO) 8 1.1 Attract, develop and retain talent to meet strategic goals Owner: Chief Information Officer (CIO) • Job fit assessment • Enable a culture of continuous improvement • Bench strength assessment • Leverage engagement survey results • Talent inventory Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 Assess Job Fit 50% 75% 100% -- Assess Bench Strength 50% 75% 100% -- Perform Talent Inventory 50% 75% 100% -- Enable Continuous Improvement Culture 100% -- -- -- Develop action plans against engagement survey results 100% Ongoing Ongoing Ongoing KPI - % complete 9 Enable the State to deliver exceptional services in the future Goal 2: Establish and Execute Statewide Technology Roadmap The ASET technology roadmap is a unified plan resulting from a collaborative effort between ASET and State agencies to identify common technology drivers that would enable AZ Government to deliver exceptional services in the future. The technology roadmap will also include preliminary deployment plans to enable the successful launch of new technologies. As with any long term plan, successfull procurement of funding will play a critical role in execution. Owner: Chief Strategy Officer (CSO) 10 2.1 Technology Roadmap Governance Owner: Chief Strategy Officer (CSO) • Meet with key stakeholders and identify steering committee membership • Establish governance model and structure • Obtain committee approval Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 Identify steering committee membership 100% -- -- -- Establish governance model 100% -- -- -- -- 100% -- -- KPI - % complete Define scope of statewide roadmap and obtain steering committee approval 11 2.2 Develop roadmap (Annual) Owner: Chief Strategy Officer (CSO) • Meet with subject matter experts • • Assess gaps, select favored scenarios, establish methodology for prioritizing needed technologies and identify barriers Approve and publish roadmap KPI - % complete Q2- FY’17 Dec-31 ’16 Q2- FY’18 Dec-31 ’17 Q2- FY’19 Dec-31 ’18 Q2- FY’20 Dec-31 ’19 FY 2017 Roadmap 100% -- -- -- FY 2018 Roadmap -- 100% -- -- FY 2019 Roadmap -- -- 100% -- 12 2.3 Deploy roadmap (Annual) Owner: Chief Strategy Officer (CSO) • Define action items to close gaps • Set priorities and timelines • Communication plan to promote adoption of roadmap • Define initiatives and projects to implement roadmap • Develop budgets and address budget issues • Develop monitoring metrics, methodology and tools Q4- FY’17 Jun-30 ’17 Q4- FY’18 Jun-30 ’16 Q4- FY’19 Jun-30 ’16 Q4- FY’20 Jun-30 ’16 FY 2017 Roadmap Deployed 100% -- -- -- FY 2018 Roadmap Deployed -- 100% -- -- FY 2019 Roadmap Deployed -- -- 100% -- KPI - % complete 13 Assess ASET’s core competencies that fit our business model and align against our customer’s requirements Goal 3: Optimize Service Delivery The objective is to assess ASET’s core competencies that fit our business model and align against our customer’s requirements. This will result in providing outstanding services based on our strengths and the opportunity to identify and fix capability gaps through exploring options for public-private partnerships, and divest from services that do not fit our business model. Owner: Chief Operations Officer (COO) and Chief of Managed Services (CMSO) 14 3.1 Enhance core competencies Owner: Chief Operations Officer (COO) and Chief of Managed Services (CMSO) • Analyze current competencies and develop plan for improvement • Implement plan to enhance core competencies Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 Develop plan to enhance core competencies -- 50% 100% -- Implement plan -- -- 50% 100% KPI - % complete 15 3.2 Develop optimized ASET service support strategy Owner: Chief Operations Officer (COO) and Chief of Managed Services (CMSO) • Determine current total cost of ownership (TCO) for each portfolio/item • Issue (RFI/RFP/Task orders) for services and service support and determine TCO for external provider options • Assess internal vs. external approach • Partner with vendor community to offer services for non-core competencies or enhance internal core competencies Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 Q1- FY’18 Sep-30 ‘17 Determine current (TCO) for each portfolio/item 20% 40% 60% 80% 100% Issue (RFI/RFP/Task orders) for services and service support and determine TCO for external provider options 20% 40% 60% 80% 100% Assess internal vs. external approach 20% 40% 60% 80% 100% KPI - % complete 16 3.3 Sunset legacy services Owner: Chief Operations Officer (COO) and Chief of Managed Services (CMSO) • Determine migration strategies and roadmap for services to be divested • Sunset legacy services Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 Migration strategies 50% 100% -- -- Develop roadmap & execute communication strategy 50% 100% -- -- Q1- FY’18 Sep-30 ‘17 Q2- FY’18 Dec-31 ‘17 Q3- FY’18 Mar-31 ‘18 Q4- FY’18 Jun-30 ‘18 25% 50% 75% 100% KPI - % complete KPI - % complete Sunset legacy services 17 Protecting the data that citizens entrust to the State of Arizona Goal 4: Secure the Enterprise Protecting the data that citizens entrust to the State of Arizona and preventing data breaches are the primary objectives of the State Information Security and Privacy Office (SISPO). As part of continuing to provide improved security, our first step is to implement a basic set of standardized enterprise security controls for agencies to use to effectively protect state systems and data. Owner: Chief Information Security Officer (CISO) 18 4.1 Advanced endpoint protection Owner: Chief Information Security Officer (CISO) • Build agency requirements • Create implementation design • Leverage necessary procurement process • Phased enterprise roll-out Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 FY’18 100% -- -- -- -- Procurement -- 80% 100% -- -- Create Implementation design -- -- -- 100% -- Implementation -- -- -- 10% 100% KPI - % complete Q1- FY’18 Sep-30 ’17 Q2- FY’18 Dec-31‘17 Q3- FY’18 Mar-31 ‘18 Q4- FY’18 Jun-30 ‘18 Implementation 25% 50% 75% 100% KPI - % complete Build agency requirements 19 4.2 File integrity management Owner: Chief Information Security Officer (CISO) • Build agency requirements • Create implementation design • Leverage necessary procurement process • Phased enterprise roll-out Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 Q1- FY’18 Sep-30 ‘17 Build agency requirements 100% -- -- -- -- Procurement 100% -- -- -- -- Create Implementation design -- 50% 75% 100% -- Implementation -- -- -- 10% 100% KPI - % complete Q1- FY’18 Sep-30 ’17 Q2- FY’18 Dec-31‘17 Q3- FY’18 Mar-31 ‘18 Q4- FY’18 Jun-30 ‘18 Implementation 25% 50% 75% 100% KPI - % complete 20 4.3 Enterprise directory service Owner: Chief Information Security Officer (CISO) • • Design structure for centralized authentication service Migrate Phase 1 agencies • Implement directory audit tool • Migrate all remaining agencies Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘1 Q4- FY’17 Jun-30 ‘17 Q1- FY’18 Sep-30 ‘17 Design structure for centralized auth. service 100% -- -- -- -- Migrate Phase 1 agencies 75% 75% 100% -- -- Implement directory auditing process and solution -- 10% 50% 100% -- Migrate all remaining agencies -- -- 10% 20% -- Q1- FY’18 Sep-30 ’17 Q2- FY’18 Sep-30‘17 Q3- FY’18 Mar-31 ‘18 Q4- FY’18 Jun-30 ‘18 25% 50% 75% 100% KPI - % complete KPI - % complete Migrate all remaining agencies 21 4.4 Publish statewide IT policies and standards Owner: Chief Information Security Officer (CISO) • Policy review for revision • • Revision and approval from all stakeholders KPI - % complete Publish updated policies and standards Publish Q1- FY’17 Sep-30‘16 Q1- FY’18 Sep-30‘17 Q1- FY’19 Sep-30‘18 Q1- FY’20 Sep-30‘19 100% 100% 100% 100% 4.5 State cyber security exercises • • Security awareness and education KPI - % complete Raise awareness and educate employees and state partners on cyber security issues State cyber exercise Cyber exercises Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31‘17 Q3- FY’17 Mar-31‘17 Q4- FY’17 Jun-30‘17 25% 50% 75% 100% -- 50% -- 100% 22 More transactions and processes online and support mobility for both citizens and state employees Goal 5: Deliver Transformative Technologies We are embracing 21st century ingenuity to bring more transactions and processes online and support mobility for both citizens and state employees. This can only happen by applying leading-edge technologies that enable greater access, faster responses and timely resolutions. Our objective is to bring an enterprise approach to applications and platforms in order to drive efficiencies and to use analytics to enable faster decisions that benefit the citizens of Arizona. Owner: Chief Technology Officer (CTO) 23 5.1 Explore opportunity for enterprise mobility Owner: Chief Technology Officer (CTO) • Evaluate potential application candidates • Complete proof of concept of mobile app solution Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 Evaluate potential application candidates 100% -- -- -- Proof of concept 50% 100% -- -- KPI - % complete 5.2 Implement framework for enterprise big data strategy • Establish data governance draft framework • Select vendor for maturity assessment Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 Establish data governance framework 100% -- -- -- Select vendor for maturity assessment -- 100% -- -- KPI - % complete 24 5.3 Migrate all state agencies to a unified, enterprise-class email solution Owner: Chief Technology Officer (CTO) • Select email platform • • Pilot with ADOA and select state agencies Deploy to all state agencies Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 FY’18 FY’19 Select email platform -- -- 50% 100% -- -- Pilot with ADOA and select state agencies -- -- -- 100% -- -- Deploy to all state agencies -- -- -- -- 50% 100% KPI - % complete 25 5.4 Implement electronic procurement system Owner: Chief Technology Officer (CTO) • Develop and release RFP • Vendor selection • Deploy procurement system Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 FY’18 FY’19 RFP 100% -- -- -- -- -- Vendor selection 100% -- -- -- -- -- -- 10% 25% 50% 75% 100% KPI - % complete Deploy 26 5.5 Implement human capital management modernization solution Owner: Chief Technology Officer (CTO) • Develop and release RFP • Vendor selection • Deploy core human capital management modernization (Phase 1) • Full deployment Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 FY’18 FY’19 75% 100% -- -- -- -- Vendor selection -- -- 50% 100% -- -- Deploy core human capital management modernization (Phase 1) -- -- -- -- 100% -- Full deployment -- -- -- -- -- 100% KPI - % complete Develop and release RFP 27 Drive business value and enable effective decision making Goal 6: Strengthen Service Delivery Capabilities Establishing a Statewide IT Governance model will enable ASET to drive business value and enable effective decision making common to all our customers. Establishing a service management model will ensure that we have formal processes that support optimal service delivery that results in outstanding customer satisfaction and the ability to exceed service level targets. Owner: Deputy CIO 28 6.1 Implement new IT governance model Owner: Deputy CIO • Finalize and publish the IT governance model • • Identify and administer 3rd-party IT governance model diagnostic/survey to gather data Review results with stakeholders, identify gaps, owners develop mitigation plans • Operationalize IT governance model and assess opportunities for continuous improvement KPI - % complete Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 -- 100% -- -- Publish governance model implementation plan and maintenance plans 6.2 Implement service management model • Assign ownership for each service management area KPI - % complete Publish target service management model and mitigation plans Implement improvements • Process owners produce plan and timelines for improvements in their area with KPIs • Implement improvements Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 50% 100% -- -- -- 100% -- -- 29 6.3 Implement an IT asset and configuration management solution Owner: Deputy CIO • Deploy solution within ADOA managed environment • Perform asset discovery and establish ADOA managed inventory Plan and rollout asset discovery to all executive branch agencies Q1- FY’17 Sep-30‘16 Q2- FY’17 Dec-31 ‘16 Q3- FY’17 Mar-31 ‘17 Q4- FY’17 Jun-30 ‘17 -- -- -- -- 50% 100% -- -- Perform asset discovery and establish ADOA managed inventory -- 50% 100% -- Plan and rollout asset discovery to all executive branch agencies -- -- -- Ongoing KPI - % complete Gather requirements and determine vendor engagement strategy Deploy solution within ADOA managed environment 4 • 30 4 Arizona Department of Administration Arizona Strategic Enterprise Technology 2017 - 2019 FY FY Statewide Strategic IT Plan For more information visit aset.az.gov *A.R.S. § 41-3504. Powers and duties of the department; violation; classification