Tech Executive Guide

Suggested Content:

  • Welcome new AIOs/CIOs to their position
  • Importance of their role in State government
  • The intent/focus of the Resource Guide and how it can help them
  • Encourage them to use the tools/resources within

Links:

AB 2408 and Associated Policy:

Assembly Bill No. 2408

BILL NUMBER: AB 2408

Key Partners for AIOs and CIOs in State Government

The Department of Finance is in the Executive Branch. The Director of Finance is appointed by the Governor and serves as the chief fiscal policy advisor. The Director is a member of the Governor’s cabinet and senior staff and is responsible for promoting long-term economic sustainability and responsible resource allocation through the state’s annual financial plan. Principal functions of this control agency are:

  • Establish appropriate fiscal policies to carry out the state’s programs.
  • Prepare, explain, and administer the state’s annual financial plan (budget), which the Governor is required under the State Constitution to present by January 10 of each year.
  • Analyze legislation which has a fiscal impact.
  • Maintain the California State Accounting and Reporting System (CALSTARS).
  • Monitor/audit expenditures by state departments to ensure compliance with law, approved standards, and policies.
  • Develop economic forecasts and revenue estimates.
  • Develop population and enrollment estimates and projections.
  • Conduct fiscal analyses of proposed statewide information technology (IT) policies and enterprise initiatives and performs oversight of critical IT projects.

The fiscal process is a dynamic one as new laws are enacted, new regulations are adopted, priorities change, available resources increase or decrease, and the Administration itself changes. The Department of Finance impacts the fiscal activities of other state departments because of the general authority granted to the Department in Government Code Section 13070, which provides the Department of Finance with authority over all financial and business policies of the state.

The Department of General Services (DGS) has statutory authority for the acquisition of Information Technology (IT) goods and services not associated with reportable IT projects and to delegate IT purchasing authority to those departments demonstrating the capability to make purchases that adhere to State statutes, regulations, policies, and procedure. Within DGS, the Procurement Division (PD) provides oversight, guidance, and direction to departments in all aspects of non-reportable IT procurements and acquisition methods using delegated purchasing authority.

The Department of Human Resources….insert content here

Vision 2020: The California Technology Strategic Plan

In 2017, the State Chief Information Officer released the California Technology Strategic Plan – “Vision 2020.” This plan is the culmination of input from hundreds of policy, program, and technology leaders representing numerous state entities, ensuring the State of California’s innovation path remains constant and transformative. California’s technology community effectively supports the delivery of critical government services to the people of California and is guided by the principles to Strive for Simplicity, Put Customers Front and Center, Be Innovative, Focus on Outcomes, Own It, and Take a Statewide Perspective. As outlined in “Vision 2020”, the state has promoted and encouraged the application of shared goals and vision to create:

“One digital government securely delivered by a dynamic workforce.”

Policy

As the state’s central organization for Information Technology, the California Department of Technology is responsible for establishing and enforcing statewide IT policies, standards, instructions, and guidelines regarding IT operations, security, project approval, procurement, enterprise architecture and oversight. The State Administrative Manual (SAM) is the repository for most state IT policy. Changes, additions, or clarifications to state IT policies and processes are announced via Technology Letters (TLs). As announcements of policy, TLs are simple, direct, and brief. Some TLs require supporting detail to explain the processes associated with the IT policy. In those instances, the detailed information, such as processes, instructions, FAQs, and worksheets, is included in the Statewide Information Management Manual (SIMM). The SIMM also includes IT guidelines and best practices. Guidelines and best practices are not IT policy and, therefore, do not have associated SAM entries.

Security

IT Policy Resources

  • Statewide Information Management Manual (SIMM) – contains the instructions and guidelines needed to implement IT policy.
    • Sections numbered from 05 to 80 and Sections 5300 et seq. contain standards, procedures, schedules, instructions, forms and templates that must be used to comply with policy.
    • Sections numbered from 110 to 200 contain guidelines, models and forms that state agencies will find useful, but their use is not required.
    • Summary of What Changed in SIMM
  • Technology Letters (TL) – contains official communications regarding state IT, including new (or changes to existing) IT policies, procedures, services or standards.

Additional Resources

Security

The overarching goals of the Office of Information Security is the protection of the state’s vast information assets while fostering a security-minded culture throughout the workforce. The Office has improved the state’s security posture by implementing the following:

  • Security Audit, Research, and Assessment program; Auditing Services
  • Statewide Security Risk Governance; Maturity Metrics, Policy, Governance
  • Advisory Services; Education and training of the state’s workforce
  • 24/7 Security Operations Center (SOC); Statewide Wide Area Network protection/monitoring

These efforts provide a comprehensive evaluation of each state entity’s infrastructure, security practices, and cybersecurity program effectiveness as well protecting the California Government Enterprise Network (CGEN) from malicious activity.

The Office of Information Security continues to strengthen the state’s cybersecurity defenses with the ongoing partnership and collaboration with the California Governor’s Office of Emergency Services (Cal OES), the California Highway Patrol (CHP), and the California Military Department (CMD) in the exchange of valuable cyber threat intelligence and interaction with the California Cybersecurity Integration Center (Cal-CSIC). Each of these efforts not only strengthen the state’s cyber defenses, but increase the ongoing commitment to identify, protect, and detect threats to the state’s information assets.

Project Delivery

Link:

Information Security Website: https://cdt.ca.gov/security/

The Project Approval Lifecycle (PAL)

Office of Statewide Project Delivery

The primary objective of the Office of Statewide Project Delivery (OSPD) is to promote the successful delivery of Information Technology (IT) projects and programs to meet the needs of the citizens of the State of California. OSPD provides direct oversight to the State’s multibillion dollar IT Project portfolio to ensure that the State of CA’s investment in IT results in expected business outcomes. OSPD includes the following organizations: 1) Project Approvals and Oversight 2) Statewide IT Procurements and the 3) CA Project Management Office.

The Project Approval Lifecycle (PAL)

The California Department of Technology (CDT) requires departments to do comprehensive upfront planning with an emphasis on establishing a strong business case before a project is approved to move forward.  PAL is nimble to meet the individual needs of departments and provides a guided approach for projects to follow, as well as an objective and consistent evaluation process. PAL is designed to improve the planning, quality, value and likelihood of IT projects success.  The PAL process is divided into four stages, each separated by gates of approval:

  • Stage 1 – Business Analysis (Project Concept) Evaluates completeness, the sufficiency of the business case and whether or not the concept aligns with department and agency priorities.
  • Stage 2 – Alternatives Analysis (Project Alternatives) Ensure sufficiency of planning, organizational readiness and good documentation resulting in sufficient market research, alternative analysis and justification for the selected alternative.
  • Stage 3 – Procurement (Project Procurement) Development of the procurement documents, conduct procurement while continuing with project readiness tasks.
  • Stage 4 – Final Assessment and Approval (Project Execution) Select vendor, contract award, update final budget, project plans and schedule. Once the project is assessed for final readiness, it could be approved for execution.

Information about the PAL can be found in SIMM 19

The list of PAL proposed projects can be found here.

Independent Project Oversight (IPO): CDT conducts independent project oversight on medium and high criticality reportable information technology (IT) projects for departments and constitutional offices (Government Code § 11546, et al). The IPO managers are embedded in the project, review and monitor project health; create project oversight reports; escalate project risks and issues; and assist project staff in developing appropriate risk and issue mitigation strategies.  IPO managers work hand-in-hand with Independent Validation and Verification (IV&V) services, which is to assess the quality of technical deliverables, as the checks and balance role for project oversight.

Information about IPO can be found in SIMM 45

The list of IT projects with CDT IPO oversight can be found here.

 

California Project Management Office:

The California Project Management Office (CA-PMO) provides direct services to client departments to manage and deliver IT projects. CDT provides various resources and services to provide a continuum of short term and long-term project management and IT consulting to support effective IT Project Delivery. CDT has state staff that are knowledgeable and experienced in California’s enterprise-wide issues that are available for hire on a part time or full time basis depending on the need of the department.

As the California project management center of excellence, the CA-PMO also offers standards, common tools, guidelines and comprehensive frameworks and tools for project management practitioners based on proven best practices and lessons learned including:

    • California Agile Framework (CA-Agile): Provides practical guidance for understanding, planning, and managing iterative incremental project delivery activities within California government.
    • California Organizational Change Management Framework (CA-OCM): Provides project practitioners with a guide for managing change within an organization in order to achieve business outcomes associated with a new mandate, process, technology, or strategy.
    • California Business Process Re-engineering Framework (CA-BPR): Provides guidance on business process re-engineering methods and approaches to assist organizations in optimizing their business processes to leverage and maximize the capabilities of technology.
    • Project Management Framework: Improves the processes, tools, and templates used to plan and guide current projects through their lifecycle by providing consistent and streamlined project management standards.
    • Project Oversight Framework: Establishes and enforces policies that describe the criteria CDT uses to assess the risk, sensitivity and level of criticality and oversight for IT projects.
    • Software Development Lifecycle (SDLC) Plans and Tools: SDLC Plans and Tools provide templates, instructions, and sample content that can be adjusted and scaled based on project size and complexity.

Information about the CA-PMO can be found on the CDT website here.

Budget Process

See Key Partners section for a brief description of the Department of Finance (Finance) roles and responsibilities.

The Budget Cycle is made up of three main points in time:

Governor’s Budget–Article IV, Section 12, of the State Constitution: The Governor shall present a balanced budget to the Legislature by January 10 of each calendar year.

May Revision–Government Code 13308: The Director of Finance shall provide to the Legislature adjustments to the Governor’s Budget on or before: April 1, May 1, and May 14.

Budget Act–Article IV, Section 12(3), of the State Constitution: The Legislature shall pass the Budget Bill by midnight on June 15. The Governor generally has 12 calendar days to either veto or sign.

The Information Technology Consulting Unit (ITCU) is a unit within Finance, and operates under Finance’s general IT powers of supervision over all matters concerning the financial and business policies of the State, as defined in Section 13070 of the Government Code. The ITCU’s primary functions include performing fiscal analysis of proposed statewide IT policies and enterprise initiatives including the analysis of proposed IT budget change proposals (BCPs) and project documents, and fiscal oversight of critical IT projects, pursuant to Government Code 11547.

AIO’s and CIO’s are encouraged to engage with ITCU on all IT reportable projects and associated funding requests early in the year prior to submission. ITCU works very closely with the Department of Technology to enable project approval and funding decisions can be reached within the timeframes of the annual state budget cycle. ITCU is a critical partner to the Department of Technology in the review of all project documents (PAL, SPR, PIER) and the Department of Technology is critical to the review of all IT BCPs. This partnership will consider and prioritize IT proposals from a statewide perspective.

Once an IT project is funded, ITCU shall perform fiscal oversight of the State’s IT project portfolio. This includes but is not limited to attendance at Executive Steering Committee meetings and project briefings, review of project status reports and oversight/independent verification and validation reports. ITCU works closely with the Department of Technology oversight managers throughout the life of the project.

Important annual Budget Letters (BL) include:

Budget Preparation Guidelines – This BL contains instructions to assist in planning for the upcoming budget process, normally released in May. The BL includes the date for project document submission to the Department of Technology.

Budget Policy – This BL contains the Governor’s policy direction for the upcoming budget process, normally released in July and includes allowed circumstances for IT budget requests.

Control Section 11.00 – This BL contains instructions for notifying the Legislature of reportable IT project cost increases, normally released in July.

Budget Change Letters ( Finance Letters) – This BL contains instructions for planning during the Spring budget process, normally released in January and provides very limited circumstances for IT.

Links:

 

Budget Process

See Key Partners section for a brief description of the Department of Finance (Finance) roles and responsibilities.

The Budget Cycle is made up of three main points in time:

Governor’s Budget–Article IV, Section 12, of the State Constitution: The Governor shall present a balanced budget to the Legislature by January 10 of each calendar year.

May Revision–Government Code 13308: The Director of Finance shall provide to the Legislature adjustments to the Governor’s Budget on or before: April 1, May 1, and May 14.

Budget Act–Article IV, Section 12(3), of the State Constitution: The Legislature shall pass the Budget Bill by midnight on June 15. The Governor generally has 12 calendar days to either veto or sign.

The Information Technology Consulting Unit (ITCU) is a unit within Finance, and operates under Finance’s general IT powers of supervision over all matters concerning the financial and business policies of the State, as defined in Section 13070 of the Government Code. The ITCU’s primary functions include performing fiscal analysis of proposed statewide IT policies and enterprise initiatives including the analysis of proposed IT budget change proposals (BCPs) and project documents, and fiscal oversight of critical IT projects, pursuant to Government Code 11547.

AIO’s and CIO’s are encouraged to engage with ITCU on all IT reportable projects and associated funding requests early in the year prior to submission. ITCU works very closely with the Department of Technology to enable project approval and funding decisions can be reached within the timeframes of the annual state budget cycle. ITCU is a critical partner to the Department of Technology in the review of all project documents (PAL, SPR, PIER) and the Department of Technology is critical to the review of all IT BCPs. This partnership will consider and prioritize IT proposals from a statewide perspective.

Once an IT project is funded, ITCU shall perform fiscal oversight of the State’s IT project portfolio. This includes but is not limited to attendance at Executive Steering Committee meetings and project briefings, review of project status reports and oversight/independent verification and validation reports. ITCU works closely with the Department of Technology oversight managers throughout the life of the project.

Important annual Budget Letters (BL) include:

Budget Preparation Guidelines – This BL contains instructions to assist in planning for the upcoming budget process, normally released in May. The BL includes the date for project document submission to the Department of Technology.

Budget Policy – This BL contains the Governor’s policy direction for the upcoming budget process, normally released in July and includes allowed circumstances for IT budget requests.

Control Section 11.00 – This BL contains instructions for notifying the Legislature of reportable IT project cost increases, normally released in July.

Budget Change Letters ( Finance Letters) – This BL contains instructions for planning during the Spring budget process, normally released in January and provides very limited circumstances for IT.

Links: