Shared Results: Strengthening the Enterprise

Appendix B Agency Information Resources Strategic Plan Analysis

The biennial information resources strategic plan (IRSP) was established by the Legislature to require agency strategic planning in the deployment of technology. The 2006 IRSP follows the principles laid out in Shared Success, and helps agencies establish a roadmap for implementing technology solutions to advance their unique, mission-critical business objectives.

From DIR’s perspective, the IRSP builds a critical understanding of the agencies’ technology needs. DIR will use this information to prioritize and refine the statewide objectives as it moves forward. Alignment of efforts between the agency and state levels is essential for the establishment of an effective statewide technology enterprise.

DIR has performed a preliminary analysis of agency IRSP responses for use in the development of this report. This data will be used over the course of the biennium to enable DIR to fulfill its commitments to the state and to other agencies, assess agency adoption of the state’s technology standards, and determine future agency and statewide technology needs.

Selected findings from agency responses to the 2006 IRSP are presented in the following sections in the context of the three layers of the Texas Model of the Enterprise (agency, collaboration, and statewide infrastructure). Compliance tracking and future improvements to the IRSP process are also discussed.

Agency Layer

The agency layer of the Texas Model supports the unique functionality that each agency must deliver to successfully support its mission. For the first time, the IRSP asked agencies to asses their level of adoption of various business/technology management practices that can help bring about statewide alignment of technology and business functions. The agency responses indicate a promising level of adoption.

Note: Percentages may not add to one hundred because some agencies have not implemented one or more practices.

About one-third of all agencies have implemented project management, change management, and software development life cycle strategies. Adoption of these strategies is in progress in an additional 13–20 %of agencies. Configuration, portfolio, and requirements management strategies have been implemented at about one-fourth of all agencies, with adoption of these strategies in progress at an additional 14–16% of all agencies. Performance management strategies have been implemented at about 11% of all agencies, with implementation in progress at an additional 17% of all agencies.

Collaboration Layer

The collaboration layer of the Texas Model supports the shared development and adoption of rules, guidelines, and best practices that contribute to effective enterprise management of technology. Questions were included in the IRSP to measure agency progress against Shared Success’ statewide collaboration strategies.

When asked which potential resources would help agencies to identify collaboration opportunities, the most frequently cited (81.2%) was a comprehensive list describing agency projects and applications that would enable information sharing and opportunities for reuse.

Project Delivery

Almost one-half of the agencies (45.5%) reported that they utilize the Texas Project Delivery Framework. The most frequently requested types of Framework training were in the areas of portfolio and project management practices (83.5%), performance management (82.6%), and business case analysis (76.2%).

Architecture

The state’s Enterprise Architecture goal is to encourage and support agencies in the development of business and technology architectures that drive improved planning and coordination through reuse, collaboration, and interoperability.

Enterprise architecture remains an emerging area of endeavor for most state agencies. For example, IRSP reporting indicates that approximately half of the agencies have not begun implementation of information architecture (42.7%) or technical architecture (47.6%) standards. When asked to identify potential resources that would be beneficial in expanding reuse opportunities, agencies most frequently suggested guidelines and training in the areas of technology asset reuse (61.1%), information asset reuse (52.4%), and business asset reuse (50.8%).

State Reviews

DIR will analyze responses to IRSP questions regarding the challenges that agencies face and the extent to which they experience redundancies in technology reporting to oversight agencies. This analysis, along with key actions cited in the Statewide Technology Management: Opportunities for Improvement report, available on the DIR Web site, will be used to improve methods for collecting, reporting, and sharing technology information.

Data Management and Access

Agencies use several types of automated tools to manage their data and information—the most frequently cited are imaging systems (62.0%), Web content management (43.7%), records management (37.3%), and document management (36.7%).

Statewide Infrastructure Layer

The Statewide Infrastructure layer of the Texas Model establishes statewide resources to leverage the delivery of technology programs and services that support the state as an enterprise. Questions were included in the IRSP to measure agency progress against the statewide infrastructure strategies from Shared Success.

Data Center

Sixty non-higher education agencies reported that they have a data center, defined as “a centrally managed computing facility that houses servers or mainframes and storage devices to serve as a centrally managed processing center.”Documented service level agreements (SLAs) are essential for the effective management of data center services. Of the 60 data center agencies, 75.0% reported having SLAs for systems availability, 71.7% reported having SLAs for problem resolution and incident response time, and 58.3% reported having SLAs for customer satisfaction. Data center information related to higher education was collected separately and is reported in DIR’s Higher Education Institution Data Centers: Inventory and Consolidation Analysis report.[11]

Security

Ensuring the security of critical information and data is one of the state’s most imperative technology issues for the coming biennium. Agencies reported a high level of compliance with state security standards. Full compliance will be required to ensure maximum statewide security in the future.

Note: Percentages may not add to one hundred because some agencies did not report compliance with one or more standards.

Agency responses indicate several areas of vulnerability that must be addressed in order to enhance statewide technology security. Over one-third of all agencies (36.4%) reported that automated security tools, security and awareness training programs, and computer incident response mechanisms have not been implemented. Almost one-half (42.7%) of all agencies reported that security vulnerability detection and remediation methods have not been implemented.

Agencies ranked seven current and potential statewide security services in terms of greatest benefit. The highest rankings were:

• Provision of periodic external security assessments to help identify each agency’s information resources strengths and weaknesses (ranked number one by 42 agencies).
• Identification, development, and management of best practice rules, standards, and guidelines to help reduce agency workload while providing more timely, complete and accurate data for internal and external monitoring (ranked number one by 34 agencies).
• Comprehensive information security training program requirements developed to ensure security professionals, agency leadership and network users at all levels are able to perform information security responsibilities (rated number one by 23 agencies).

Network

Approximately one-fourth of all agencies (24.5%) reported that they plan to upgrade their voice network infrastructures within the next five years. The majority of agencies (80.0%) report that they have considered or will consider a shared service arrangement through DIR to support future agency voice network efforts.

Nearly one-third of all agencies (30.8%) reported that they plan to upgrade their data network infrastructures within the next three years. Two-thirds of agencies (67.4%) report that they have considered or will consider a shared service arrangement through DIR to support future agency data network efforts.

Agencies ranked seven current or potential network operations/services in terms of greatest benefit. The three highest rankings were:

• Data network upgrades (ranked number one by 58 agencies),
• Wireless data services and infrastructure (ranked number one by 27 agencies), and
• Voice network upgrades (ranked number one by 17 agencies).

Shared Applications

Almost three-fourths (73.2%) of agencies reported that they currently offer or accept applications or forms over the Internet. Over half (57.8%) of agencies collect payments for services over the Internet.

Nearly one-tenth (9.2%) of agencies reported that they are planning to upgrade their current e-mail and messaging systems in fiscal 2008–09. Over one-half of all agencies (62.9%) indicated that they either are participating or will consider participating in DIR’s Messaging and Collaboration contract.

Agencies ranked six potential shared services in terms of greatest benefit. The three highest rankings were:

• Receiving payments over the Internet (ranked number one by 42 agencies),
• Offering or accepting forms over the Internet (ranked number one by 30 agencies), and
• Providing e-mail/messaging and collaboration services (ranked number one by 29 agencies).

Procurement

Agencies reported a broad range of benefits from the state’s Technology Cooperative Contracts program, with the three highest rated benefits listed as follows:

• Reduced staff time and delivery time on goods and services (64.3%),
• Actual monetary savings (58.0%), and
• Enhanced contract terms and conditions (49.0%).

Accessibility

 Most agencies (93.7%) reported that they test their Web sites and Web-based applications for compliance with state Web accessibility standards. Usually this testing is performed by internal agency staff, although a few agencies (8.0%) reported using external resources. DIR will collect further information from the agencies pertaining to access to electronic and information resources by state employees and other individuals with disabilities.

Corrective Action Plans

The Texas Legislature requires DIR to provide the LBB with a list of agencies that have not complied with state technology standards, provisions in the State Strategic Plan, or previous corrective action plans.

Each identified agency must develop a corrective action plan, approved by DIR, which specifies how the agency will correct the identified deficiencies before components of the agency’s biennial operating plan may be approved. Beginning in November 2006, DIR will work with individual agencies on corrective action plans for any IRSPs that are not in compliance with legislative mandates.

Improvements to the IRSP Process

DIR collected IRSP information from agencies through a hosted Web survey system. Based on agency feedback, this system was more user-friendly than the data collection used for the 2004 IRSP. In addition, DIR is providing each agency with its IRSP data and the tools to enable analysis in support of improved technology operations.

The Information Resources Management Act requires agencies to report information about technology projects as part of their IRSP. DIR opted to collect this data via existing agency reporting through the LBB’s Information Technology Detail schedule and the Texas Project Delivery Framework rather than report redundant information from agencies. DIR is committed to ongoing improvement of this process to maximize benefits to the agencies and the state, while minimizing agency reporting burdens.

Other improvements that require statutory changes have been recommended in Critical Issue 4. These recommended changes could significantly change future IRSPs as well as other technology-related reporting requirements.