Executive Summary

The City has aggressively improved the planning, budgeting, and operations of its information technology (technology) governance structure and Department of Telecommunications and Information Services (DTIS) operations.

This is demonstrated by the fact that the majority of the recommendations included in the Budget Analyst's audit of citywide technology support changes are already underway. The City looks forward to discussing the remaining recommendations with the Analyst and the Board of Supervisors (BOS) to gain clarification and determine the most appropriate action.

The City's technology governance organization has been re-energized by the reformation of the Committee on Information Technology (COIT) and the work plans of the four COIT subcommittees. The Department of Telecommunications and Information Services (DTIS) has been reorganized, focusing on improved staffing, operations, and technology. The current City policy is that individual departments are responsible for departmental technology operations and technology improvements.

Since the audit recommendations are supportive of the work underway by COIT and DTIS, we chose not to comment in detail on the background audit findings. Our responses are focused on the actions underway to implement the recommendations at the end of each chapter.

Finally, the recommendations for implementing changes have been given primarily to the Executive Director of DTIS who also serves as the City CIO and Chair of COIT. The Director of DTIS (City CIO) is committed to supporting and implementing those changes which are within the purview of DTIS. The Chair of COIT will present the recommendations to COIT as a body for review, approval and action.

This report does not recommend changing the current City policy of technology autonomy of the departments. Therefore the responsibility for the implementation of COIT policy and guidelines will remain the direct responsibility of the individual departments.

Background

The City and County of San Francisco (City) has a long history of both recognizing the strategic value of technology and continuously attempting to approve it. Examples include:

· In 1996, the City approved a strategic information technology (IT) plan, identifying problems to be resolved, and a framework for doing so.

· In 2001, the City hired a consulting company to determine how well the City was meeting that strategic plan. A plan to centralize IT was developed but not implemented.

· In 2000, and again in 2004, the City approved a Telecommunications Plan likewise identifying telecommunications problems and suggesting solutions.

The historic impact of unsuccessfully addressing the City's IT and Telecommunications needs includes insufficient planning for the future, inefficient use of resources, and development of redundant operations. The lack of consistent leadership or direction to drive this initiative has resulted in many key stakeholders pursuing "private need" versus "public good" by managing strictly to department IT needs or wants. This has increased existing fragmentation and decentralization of IT policies, procedures, standards, and services at increasing (poorly measured due to its decentralization) cost to the City and its citizens.

Call for Action

In the last four years, renewed energy has been directed at these challenges:

· The Mayor identified the rebuild of DTIS as a key "signature" initiative

· The Board of Supervisors, through its committee structure, held hearings addressing technology governance and operations

· The Committee on Information Technology voted to develop new organization, policies, processes, and procedures.

· Mayor Newsom created a new leadership position, that of a City Chief Information Officer, to lead realignment efforts.

· Numerous audits including a Civil Grand Jury Audit of Citywide technology, a Controller's Audit of DTIS, and now the Board of Supervisor's Budget Analyst's Report have and will provide guidance to the City.

Action Plan

The current plan recognizes that certain technology functions should remain under the jurisdiction of the citywide technology department (DTIS) and other functions should remain decentralized with the departments. This Federated Model balances the unique nature of our government with best practices in the technology industry and other governments. Included in the Federated Model are:

1. A technology planning and budgeting plan and process that identifies, prioritizes, and funds initiatives that support stated City policy and operational objectives.

2. Revitalized technology governance (COIT), citywide technology organization (DTIS), and departmental IT organizations. Use of the Federated Model will facilitate the working relationship between these organizations.

3. Investment in our aging technology infrastructure and operations with a focus on building new capabilities; consolidation of duplicated technology operations to take advantage of economies of scale; and standardization of technology across the enterprise.

4. Simplification of business and technology applications and operations will ensure that technology is actually supporting a more efficient and effective government. Through the 311 project, the City will have an opportunity to review how it provides services, optimize our service delivery method, and support it through automation.

5. Investment in our City technology staff

Implementation of this strategy is not without its challenges. Primary is agreement on the vision and cooperation and sharing in its execution. Too often, there is a conflict between the City's technology organizations over money and authority. Our technology community must emphasize collaboration, communication, shared responsibility, knowledge-sharing, and increased services built on:

· A shared vision of a service centric government enabled by technology

· Common goals of technology interoperability, and scalability, security.

· Excellence at the organizational, staff, policy and procedure, and technology levels.

Preliminary Results

Highlights of the changes at COIT correspond to the new governance structure put in place.

1. Seven meetings in 2007, focused on creating a shared vision and action items

2. New COIT Director hired with extensive public and private sector governance experience

3. New COIT website unveiled

4. Four COIT subcommittees formed and working

5. COIT Subcommittee charters and work plans approved

Highlights of the changes at DTIS correspond to the new organizational structure in place:

1. Department has been restructured, collapsing some and creating other divisions

2. Key new staff hired at senior levels

3. Business model changed, focusing on a more rational chargeback structure

4. Focus on process improvements, both technical and business

5. Technology updates in process, including replacement and new hardware software

It is clear that implementation is not just the responsibility of the Chair of the Committee on Information Technology or the Director of the Department of Telecommunications and Information Services. Rather, it is the responsibility of all departments and staff to support and work toward a common goal.

Response Approach to the Board of Supervisor's Audit

Given the broad range of items listed, it is not practical to provide a line-by-line response to this audit. Therefore, our approach is to provide introductory comments to the chapters or sections and specifically comment on only those items where correction is paramount to understanding the recommendations.

Each recommendation is followed by a statement of agreement or disagreement and explanation of those statements. Our intent is to be brief.

Audit Introduction
Response to Introduction
Comments on the Committee on Information Technology Section

The introduction and body of the report contains many observations and recommendations that point out the current state of decentralized authority and management of technology systems, budget, and staff in the City. While most of the recommendations make good business sense, the report puts the responsibility of implementation of these recommendations either with COIT and/or DTIS. However, it does not address the overarching fact that neither COIT nor DTIS, by administrative code, or practical application, have the authority over citywide technology staff, project, budgets, policy, or performance.

Current Administrative Code describing the role of COIT

"The Committee on Information Technology shall take a leadership role in encouraging and coordinating departmental efforts in the use of new technology. The Committee shall promote interdepartmental cooperation and City standards. It shall review major interdepartmental and citywide projects and make policy recommendations thereon."

While COIT and DTIS will continue to encourage, coordinate, and review technology initiatives in the City, the implementation of many of the recommendations will remain at the departmental level.

It is the intent of the COIT subcommittees to meet on a regular basis. The COIT website (http://www.sfgov.org/site/coit) notes the following meetings have been held by the COIT and the subcommittees in 2007;

· COIT - February, March, May (3 times), June, July

· Architecture - March, April, August, September

· Performance - April, May, June, August, September

· Planning and Budgeting - May (3 times), September (2 times)

· Resources - April, May, July, August, September

One of the challenges the subcommittees have faced in holding the meetings is that the department's staff that make up the membership of the meetings often have conflicting work priorities for the dates/times that the meetings are scheduled. While the members are committed to supporting the subcommittees this has unfortunately affected the schedule due to cancellations and rescheduling to ensure a quorum of the members. To address this challenge the subcommittees have recently discussed having members provide alternate attendees to attend meetings and contribute to the COIT work so that the meetings and decisions could move forward in a more timely fashion.

COIT has provided direction to the subcommittees through the COIT Director and the COIT Chair. Explanatory letters were written to Department Heads whose staff were invited to join the Subcommittees and meetings were held with each Subcommittee Chair about strategic direction and implementation. Other meetings were held with City groups to discuss strategic direction and implementation. The result of this direction can be measured by the progress each of the subcommittees has made in the development of work plans and revised subcommittee charters which are scheduled to be presented to COIT.

Comments on the City's Chief Information Officer Section

In 2006, the classification for the Director of the Department of Telecommunications and Information Services was elevated in recognition of the important and growing role of technology in the City and the need for a citywide Chief Information Officer. The Mayor approved the elevation of the Director of DTIS as the citywide CIO.

Currently there is no formal, or dotted line, reporting relationship between the City CIO and the various department CIO's or technology staff.

Comments on the Methodology Section

As will be repeated throughout comments to the audit, there are many participants in the City's technology strategy and operation. The recommendations throughout the audit do not focus on the specific roles and responsibilities of the Departments within this framework. Many of the recommendations contained in the report will require equal participation and responsibility by COIT, DTIS, and City departments.

Section 1 - Information Technology Planning and Purchasing
Response Introduction

The City has long accepted a highly decentralized approach to technology management and projects. While the implementation of the recommendations in this section will improve many issues, it does not address the basic issue that strategic decisions need to be made regarding the relationship, roles, and function of DTIS, Department IT staff, and COIT.

One of the basic tenants of technology strategic planning is the requirement that the technology plans are created to support the business of the organization. Therefore, it is critical that department technology plans be aligned to business plans. As part of the effort to update or create technology plans departments should ensure the accuracy of their business plans in FY 07-08. Under the new technology budget planning process approved by the COIT Planning and Budgeting Subcommittee, all departments submitting budget requests for projects with a total cost of more than one million dollars will be required to submit a copy of their department technology budget plan with the request.

Specific Introductory Comments

DTIS negotiated the Oracle Enterprise Agreement in 1998 at the direct request of COIT. SPMG (a subcommittee of COIT) was created and it created a Client Server Applications Committee who determined the products and platforms to be procured. DTIS also interviewed the departments to validate that all requirements were being met. DTIS, as requested by COIT, negotiated the financial arrangements and administered the contract. The final contract included all Oracle products available at the time for three hardware platforms.

Response to Analyst's Recommendations

The COIT Planning and Budgeting Subcommittee was established to specifically address the development of the policy and guidelines for technology planning and budgeting projects as outlined in this section.

The Chair of the Committee on Information Technology should:

1.1 Request each City department to develop an information technology-specific strategic plan which provides specific, quantifiable goals within a timeline that the department can check against actual outcomes.

Agree. This task is underway.

The new COIT Planning & Budgeting Subcommittee work plan includes a task described as the definition of a new citywide technology budget calendar and process. One of the elements of the new COIT Planning & Budgeting Subcommittee process will be a requirement that departments submit an annual technology plan to COIT for review as part of the annual budget process and that departments demonstrate how all new technology budget requests support the departments strategic technology plan. This initiative may require additional funding in FY 08-09 to provide expert training to each department staff in the development of department technology plans.

1.2 Develop incentives that guide each department to re-visit its strategic plan as a means of ensuring achievement of strategic plan goals.

Agree. This task is underway.

The new COIT Planning & Budgeting Subcommittee process will require that departments submit an updated department technology plan to COIT for review as part of the annual process. Any department not submitting a strategic technology plan as part of the technology budget process may not be eligible for COIT technology project funding. The time line for the implementation of this element of the COIT Planning and Budgeting Subcommittee process will be dependent on the availability of funding for the external technology planning experts and department staff resources.

1.3 Create communications tools for information technology managers to communicate more effectively with each other.

Agree. This task is underway.

COIT is improving communication between technology managers by;

COIT has created a new COIT website that technology managers can use to review COIT agendas, meeting minutes, and presentations.

COIT, and the COIT subcommittees, are holding monthly meetings that are open to all staff and public to attend and provide input.

Each of the four COIT subcommittees has key IT managers from different departments to ensure that each major service area has representation on each subcommittee. IT managers from around the city are encouraged to attend and participate in the subcommittee meetings.

COIT staff is meeting with department IT managers on a regular basis to exchange ideas and to solicit input on the technology governance process.

1.4 Develop and recommend to the Board of Supervisors a protocol that requires Board of Supervisors review and approval of all City information technology contracts funded with City monies prior to transfer to a separate authority.

Agree.

COIT will work with Purchasing and the Controller to determine a policy and process to implement this recommendation and present the plan to the Board for approval.

The Director of the Department of Telecommunications and Information Services should:

1.5 Work with the Purchaser and Controller to develop procedures to track City department purchasing requests against their long-term information technology goals in order to ensure that purchasing requests are not only needs-appropriate but also goals-appropriate

Agree.

DTIS will work with Purchasing and the Controller to determine a plan to implement this recommendation and present the plan to the Board for approval as part of the budget process.

1.6 Develop a process to continually solicit feedback from City departments in order to determine the most-appropriate technological offerings of any enterprise license agreement and then negotiate lower license costs by aggregating all City departments' total information technology needs.

Agree.

The identification of enterprise agreement opportunities is part of the COIT Resources Subcommittee FY 07-08 work plan.

DTIS will solicit input from departments on specific product and contract needs as part of the business case development process for each of the COIT approved enterprise agreements.

This may require additional funding in FY 08-09 as the staff position requested by DTIS in the FY 07-08 budget process to focus on enterprise agreement contracts was not funded.

The Office of Contract Administration should:

1.7 Review the Office of Contract Administration's procurement policies in order to ensure that departments have the appropriate information to make information technology procurement decisions and that processes are applied consistently across all departments.

The Office of Contract Administration will begin review shortly.

Section 2 - Information Technology Project Management
Response Introduction

The COIT Performance and Resources Subcommittee was established to specifically address the development of the policy and guidelines for technology projects as outlined in this section.

Specific Introductory Comments

The current administrative code notes that COIT provides policy and guidance to departments. Therefore the following describes the roles of DTIS, COIT, and departments with regards to project management.

1. COIT is focused on setting policy and developing guidelines that departments can use to better manage projects.

2. DTIS manages projects as a service to other departments and programs based on a case by case request.

3. Departments typically control the entire project including the assignment of project manager, staff resources, management of consultants, and project budgets.

COIT and DTIS will continue to take action to develop policy, templates, and guidelines for departments; however the final responsibility of the implementation of project management policy is with departments.

Response to Analyst's Recommendations

The Chair of the Committee on Information Technology should:

2.1 Establish criteria for information technology project management, including definitions of (a) project leadership, (b) business objectives, (c) budgets.

Agree. This task is underway.

The establishment of citywide technology project management standards that address these items is part of the Performance Subcommittee FY 07-08 work plan. DTIS has submitted a set of project management templates and proposed guidelines for consideration by the Performance Subcommittee.

2.2 Establish project management guidelines for inter-departmental projects based on the information and technological needs of each of the participating departments.

Agree. This task is underway.

The establishment of citywide technology project management standards that address these items is part of the COIT Performance Subcommittee FY 07-08 work plan. DTIS has submitted a set of project management templates and proposed guidelines for consideration by the Performance Subcommittee.

2.3 Establish simple, flexible, citywide project management tools and guidelines for City department information technology.

Agree. This task is underway.

The establishment of citywide technology project management standards that address these items is part of the COIT Performance Subcommittee FY 07-08 work plan. DTIS has submitted a set of project management templates and proposed guidelines for consideration by the Performance Subcommittee.

The recommendation of the procurement and implementation of COIT approved project management tools will be requested as part of the FY 08-09 budget process.

2.4 Assist City departments in reviewing the key service delivery functions within each department to identify relationships and inter-dependencies between core information technology systems.

Agree. This task is underway.

During the FY 08-09 budget process the COIT Planning and Budgeting subcommittee and the Performance subcommittee will jointly review department project proposals to identify commonalities and opportunities for cooperation.

The Director of the Department of Telecommunications and Information Services should:

2.5 Establish information sharing channels for information technology and other department staff so that project ideas, success stories, and challenges are shared within and across departments.

Agree. This task is underway.

DTIS is working with the COIT Performance Subcommittee to host meetings on a quarterly basis for the purpose of exchanging ideas and sharing knowledge. The first meeting hosted by COIT and DTIS of key technology projects resulted in a meaningful exchange of ideas and information and an agreement to continue the meetings on a quarterly basis.

DTIS will work with the COIT Performance Subcommittee to create an Intranet portal for use by City technology project managers to access project management templates.

2.6 Improve access to project management training for information technology and administrative staff.

Agree.

DTIS will work with DHR to determine a plan to implement this recommendation and present the plan to the Board for approval as part of the budget process.

The Controller should:

2.7 Work with City departments to develop accounting and budgeting systems that track information technology project costs, including staff time and overhead.

The Controller's Office is in the process of developing an improved method of tracking IT related budgets and expenditures as part of the new standard budget process parameters that will be incorporated in the new budget system.

Section 3 - The Justice Information Tracking System (JUSTIS)
Response Introduction

The history of the JUSTIS Project provides a case study in how a project on the brink of failure, as this was pre-2003, can be remediated with the application of professional project management, a disciplined approach to setting priorities, and commitment from each of the member departments to collaborate in creating a system that serves the entire criminal justice community far better than would have been possible through individual efforts.

Upon the conclusion of providing input with referenced documents into two draft versions of this report and meeting with the analysts who authored this document, we concur with the findings and recommendations of this report.

Response to Analyst's Recommendations

The Director of Telecommunications and Information Technology should:

3.1 Present a report to the Board of Supervisors prior to December 31, 2007, on the status of JUSTIS implementation, including project timelines and costs.

Agree.

DTIS will work with the key stakeholders of this project to prepare a presentation on the JUSTIS project for the Board of Supervisors prior to December 31, 2007.

The Chair of the Committee on Information Technology should:

3.2 Develop policies and procedures governing interdepartmental projects, including responsibility for project and budget management.

Agree. This task is underway.

The COIT Performance Subcommittee is currently evaluating existing project management guidelines and policies as part of their work plan. It is anticipated that a recommendation regarding citywide project management policies, guidelines, and templates will be completed and approved in FY 07-08. Once these policies have been approved it will be the responsibility of departments to implement the COIT policies for department technology projects.

3.3 Develop a policy to assign a dedicated project manager on large-scale projects that exceed some threshold amount, to be defined by the Committee on Information Technology.

Agree.

The COIT Performance Subcommittee is currently evaluating existing project management guidelines and policies as part of their work plan. One of the elements of this policy will include the requirement that for large projects, departments or programs will be that a project manager is identified, and other key staff resources, as part of the project plan. Once these policies have been approved it will be the responsibility of departments to implement the COIT policies for department technology projects.

Section 4 - Department Information Technology Resources
Response Introduction

The observations in this section of the report regarding the variance in levels and skills of staff resources, technology planning and budget allocation are a direct result of the current decentralization of technology leadership and resource allocation in the City.

While the recent formation of the citywide CIO position and the reformation of COIT are important steps to potentially change the issues, the CIO, DTIS and COIT will not be able to make any significant progress in these areas without administrative code change, funding, and resources support.

The COIT Planning & Budgeting Subcommittee has initiated the process to significantly revise the City wide technology budget process for FY 08-09. This revised process will integrate the various technology budget elements of new projects, technology capital needs, operational spending, and equipment replacement. The new citywide technology budget instructions will be published in November and will include a higher level of detail than previously requested.

Response to Analyst's Recommendations

The Board of Supervisors should:

4.1 Adopt an Administrative Code provision, establishing a citywide information technology capital planning process under the direction of the Committee on Information Technology.

Agree. This task is underway.

The COIT Planning and Budgeting Subcommittee has approved a revised COIT budget technology planning process and budget process which includes the citywide capital technology needs. The Chair of COIT has drafted a set of proposed changes to the administrative code regarding the citywide technology capital planning and budget process. It is anticipated that the proposed administrative code changes will be presented to the Board of Supervisors prior to December 2007.

The Chair of the Committee on Information Technology should:

4.2 Prepare an annual information technology capital expenditure plan based on the citywide information technology capital plan and submit a report for the Board of Supervisors containing details of the annual capital expenditure plan.

Agree. This task is underway.

The revised COIT technology budget plan process plans for the submittal of a proposed citywide technology budget to COIT in April of each fiscal year. This budget plan will include the annual technology funding needs of the departments and a projection of future needs. The budget plan will also include the technology capital for the City.

4.3 Request the Mayor to include the capital expenditure plan in the annual proposed budget to be submitted to the Board of Supervisors.

Agree. This task is underway.

Based on the new COIT Budget and Planning calendar it is anticipated that COIT will be approving a final citywide technology budget plan in April of each fiscal year for review and approval by the Board of Supervisors.

4.4 Establish formal information technology managers' meetings.

Agree. This task is underway.

COIT and each of the COIT Subcommittees hold regular monthly meetings to discuss all elements of technology. The meeting agendas and minutes are posted on the COIT website. These are public meetings and technology managers are encouraged to attend and provide input on all elements of the City technology budget, planning, standards, and policy process.

The Department of Telecommunications and Information Services should:

4.5 Maintain a list and serve as a clearinghouse of information technology expertise in City departments.

Agree.

DTIS will work with DHR to determine a plan to implement this recommendation and present the plan to the Board for approval as part of the annual budget process.

4.6 Implement a City-wide information technology mentoring program.

Agree.

DTIS will work with DHR to determine a plan to implement this recommendation and present the plan to the Board for approval as part of the annual budget process.

Section 5 - Information Systems Security

Response Introduction

As noted in other sections of this report, while DTIS and COIT will develop policies and guidelines and provide assistance to departments, the City has created an organization that accepts and supports that information systems security area decentralized function that is almost entirely department based. If the will of the City is to improve citywide security through direct DTIS and COIT oversight, then authority of these organizations will need to be changed in the administrative code. Otherwise the responsibility of implementing will remain primarily the responsibility of departments.

The benefits of the approval of the security budget item in the FY 07-08 budget for DTIS is creation of the position of a citywide Information Systems Security Manager. This position will facilitate in the development of a departmental and citywide security policy and procedures. He/She will also plan and conduct audits, develop and implement security metrics, monitor results and report to COIT and the COIT Architecture Sub Committee. The budget item will also deliver a benefit by allowing DTIS to provide security services such as intrusion detection, automated vulnerability assessment, secure files transfer and encryption services.

DTIS has begun educating its staff in employing the Carnegie Mellon Software Engineering Institute Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) approach to threat and risk assessment. OCTAVE is a framework for identifying and managing information security risks. It defines a comprehensive evaluation method that allows an organization to identify the information assets that are important to the mission of the organization, the threats to those assets, and the vulnerabilities that may expose those assets to the threats.

DTIS and the COIT Architecture Subcommittee have been working evaluating security practices and documentation developed by the California Counties Information Systems Directors Association as a template for citywide security policies and procedures.

Response to Analyst's Recommendations

The Chair of the Committee on Information Technology should:

5.1 Establish policies and standards for each City department to develop a risk assessment plan that (a) identifies the City departments with the greatest security risks, and (b) resources necessary to reduce security risks.

Agree. This task is underway.

The COIT Architecture Subcommittee is evaluating security practices and documentation developed by the California Counties Information Systems Directors Association as a template for citywide security policies and procedures. With the results of the current evaluation will develop a citywide Security Policy as part of the FY 08-09 work plan to provide guidance and direction to City departments.

Departments will then need to conduct an assessment of their technology systems based on the citywide security policy and guidelines. Departments who identify resource needs as part of their security assessment will need to either reassign internal resources to implement the final policy or submit a request as part of the annual COIT budget process.

5.2 Recommend annual funding for City departments' information system security programs based upon the risk assessment.

Agree. This task is underway.

After approval by COIT of the citywide security policy departments will need to conduct an assessment of their technology systems based on the citywide security policy and guidelines. Departments will be advised to submit budget requests to meet the security policy guidelines as part of the new COIT budget process. The COIT Planning & Budgeting Subcommittee will evaluate, prioritize, and approve budget requests based on the criteria established as part of the COIT budget process.

5.3 Establish criteria for City departments' information system security policies and procedures.

Agree. This task is underway.

The COIT Architecture Subcommittee is evaluating security practices and documentation developed by the California Counties Information Systems Directors Association as a template for citywide security policies and procedures and will develop a citywide Security Policy as part of the FY 08-09 work plan to provide guidance and direction to City departments.

5.4 Define job skills and functions necessary to manage departments' information system security programs.

Agree.

The COIT Resources Subcommittee will work with DHR to review the current job technology position classifications and make recommendations regarding technology security skills and functions.

5.5 Develop formal decision-making guidelines for City departments that share information systems.

Agree. This task is underway.

The COIT Architecture Subcommittee is evaluating security practices and documentation developed by the California Counties Information Systems Directors Association as a template for citywide security policies and procedures and will develop a citywide Security Policy as part of the FY 08-09 work plan to provide guidance and direction to City departments. An additional element of the Architecture Subcommittee work plan will include data sharing and network connectivity guidelines.

Section 6 - Information Technology Systems Inventory Management

Response Introduction

The responsibility for Technology Equipment Inventory is currently a decentralized function that is the responsibility of each of departments in the City of San Francisco.

The COIT Resources Subcommittee is planning on developing guidelines and policies related to this business area.

If COIT and DTIS manage a citywide technology equipment management program, it will require a comprehensive shift in how the City does business. Additionally a centralized approach to this area would require an administrative code change, funding, and resources to support this change in function and responsibility.

Response to Analyst's Recommendations

The Chair of the Committee on Information Technology should:

6.1 Develop citywide information technology inventory management policies, procedures and standards.

Agree. This task is underway.

The COIT Resources Subcommittee will develop a technology equipment policy as part of the FY 07-08 work plan.

6.2 Develop a citywide plan for replacing and upgrading General Fund department information technology.

Agree. This task is underway.

DTIS has issued an RFQ to hire a consultant to conduct as study and recommendations regarding annual replacement of technology equipment.

The recommendations regarding the funding of a citywide replacement plan for PC's will be part of the annual COIT 08-09 budget process.

6.3 Develop a citywide policy and controls for issuing and monitoring laptop computers.

Agree. This task is underway.

The security policy under development by the Architecture Subcommittee will include an element that address the process by which mobile devices should be managed to ensure the security of City information.

6.4 Request all City departments' directors to maintain information technology inventories consistent with the Committee on Information Technology's standards.

Agree. This task is underway.

The COIT Resources Subcommittee is developing a citywide policy regarding the management of City equipment as part of the FY 07-08 work plan.

The cost associated will the implementation of any tools to meet this requirement will be included as part of the COIT FY 08-09 budget process.

Summary of Agreement/Disagreement with Recommendations

 

Section	Agree	Disagree	Lead Department	Actions Underway
Information Technology Planning & Purchasing
1.1 - Department technology plans	X		COIT - Planning & Budgeting subcommittee	As part of the new COIT FY 08-09 technology budget and planning process, departments with large budget requests will be required to submit budget plans. All departments will have technology plans in 2-3 years.
1.2 - Annual review of department plans	X		COIT - Planning & Budgeting subcommittee	As part of the new COIT FY 08-09 technology budget and planning process, department technology plans will be reviewed.
1.3 - Create communication tools for managers	X		COIT	New COIT Website developed and published in September. 2007. Four COIT subcommittees are meeting on a monthly basis and include key City IT managers from each major service area.
1.4 - Recommend policy to review City technology contracts transfer	X		COIT	COIT will work with Purchasing and the Controller to determine a policy and process to implement this recommendation and present the plan to the Board.
1.5 - Develop procedures to track department technology purchases	X		DTIS	DTIS will work with Purchasing and the Controller to determine a plan to implement this recommendation and present the plan to the Board for approval as part of the budget process.
1.6 - Department input on Enterprise Agreements	X		DTIS	DTIS will solicit input from departments on new Enterprise Agreements that DTIS establishes with vendors.
1.7- Review City procurement policies	X		OCA	OCA will begin review shortly.

Summary of Agreement/Disagreement with Recommendations

 

Section	Agree	Disagree	Lead Department	Actions Underway
Information Technology Project Management
2.1 - Establish criteria for project management	X		COIT - Performance subcommittee	The Performance Subcommittee is in the process of reviewing draft templates and guidelines provided by DTIS for consideration as City wide project management policy.
2.2 - Project management guidelines for inter-departmental projects.	X		COIT - Performance subcommittee	The Performance Subcommittee is in the process of reviewing draft templates and guidelines provided by DTIS for consideration as a City wide project management policy.
2.3 - Project management tools and guidelines	X		COIT - Performance subcommittee	The Performance Subcommittee is in the process of discussing currently project management tools used by departments.
2.4 Identify departmental inter-dependencies	X		COIT	During the review COIT FY 08-09 budget process the COIT Planning & Budgeting subcommittee and the Performance subcommittee will work to identify interdependencies.
2.5 - Establish information sharing channels	X		DTIS	DTIS created a new COIT Website. COIT subcommittee meetings include key City IT managers from each major service area.
2.6 - Improve access to project management training	X		DTIS	DTIS will work with DHR to determine a plan to implement this recommendation and present the plan to the Board for approval as part of the budget process.
2.7 - Track detailed project management costs	X		Controller	This recommendation will be part of the development of the new budget system.

Summary of Agreement/Disagreement with Recommendations

 

Section	Agree	Disagree	Lead Department	Actions Underway
Justice Information Tracking System (JUSTIS)
3.1 - Present JUSTIS project to Board of Supervisors	X		DTIS	DTIS will work with the key stakeholders to present the JUSTIS project to the BOS.
3.2 - Cross departmental project guidelines	X		COIT - Performance Subcommittee	The Performance Subcommittee is in the process of reviewing draft templates and guidelines provided by DTIS for consideration as City wide project management policy.
3.3 - Develop a policy to require a project manager for every large City project	X		COIT - Performance Subcommittee	The Performance Subcommittee is developing a policy for all City technology projects which will require departments assign a project manager for large projects.

Summary of Agreement/Disagreement with Recommendations

 

Section	Agree	Disagree	Lead Department	Actions Underway
Department Information Technology Resources
4.1 - Adopt code to establish capital planning process	X		Board of Supervisors	COIT has prepared draft recommended changes to the code to address the citywide technology budget process. The changes are under review.
4.2 - Prepare annual technology capital plan	X		COIT - Planning & Budgeting Subcommittee	As part of the new COIT Technology budget process, the Planning & Budgeting Subcommittee will be evaluating and recommending items that will be part of a new technology capital plan. The new technology budget process will start in November and conclude in May.
4.3 - Request Mayor to submit capital plan to BOS	X		COIT - Planning & Budgeting Subcommittee	As part of the new COIT Technology budget process, the Planning & Budgeting Subcommittee will be evaluating and recommending items to the Mayor's Budget office. The new technology budget process will start in November and conclude in May.
4.4 - Establish technology manager's meetings	X		COIT	COIT and COIT subcommittees, conduct 4-5 meetings per month regarding technology management topics which are open to technology managers.
4.5 - Maintain list of citywide technology staff skills	X		DTIS	DTIS will work with DHR to determine a plan to implement this recommendation and present the plan to the Board for approval as part of the budget process.
4.6 - Implement a citywide technology mentoring program	X		DTIS	DTIS will work with DHR to determine a plan to implement this recommendation and present the plan to the Board for approval as part of the budget process.

Summary of Agreement/Disagreement with Recommendations

 

Section	Agree	Disagree	Lead Department	Actions Underway
Information Systems Security
5.1 - Establish a policy requiring departments to develop a risk assessment plan	X		COIT - Architecture Subcommittee	During FY 07-08, the Architecture Subcommittee will make a recommendation regarding a citywide security policy.
5.2 - Recommend annual funding for security	X		COIT - Planning & Budgeting Subcommittee	COIT Planning & Budgeting Subcommittee will evaluate proposals submitted by departments to address security and make a final budget recommendation regarding these items as part of the annual budget process.
5.3 - Establish citywide security policy and procedures	X		COIT - Architecture Subcommittee	During FY 07-08, the Architecture Subcommittee will make a recommendation regarding a citywide security policy.
5.4 - Define technology classification security requirements	X		COIT - Resources Subcommittee	During FY 07-08, COIT Resources Subcommittee will work with DHR to evaluate technology classification security requirements and make recommendations regarding changes.
5.5 - Develop guidelines for information sharing	X		COIT - Architecture Subcommittee	As part of the development of a citywide architecture plan the COIT Architecture Subcommittee will be developing information sharing guidelines in FY 07-08.

Summary of Agreement/Disagreement with Recommendations

 

Section	Agree	Disagree	Lead Department	Actions Underway
Information Technology System Inventory Management
6.1 - Develop inventory management policies	X		COIT -Resources Subcommittee	During FY 07-08, the COIT Resources Subcommittee will be developing an inventory management policy for technology equipment.
6.2 - Develop citywide equipment replacement plan	X		COIT - Planning & Budgeting Subcommittee	During FY07-08, the COIT Planning & Budgeting Subcommittee will recommend a plan for the annual replacement of technology equipment.
6.3 - Develop laptop management policy	X		COIT - Architecture Subcommittee	During FY 07-08, the Architecture Subcommittee will make a recommendation regarding the management of laptops as part of the citywide security policy.
6.4 - Develop citywide equipment inventory program and tools	X		COIT - Resources Subcommittee	During FY 07-08, the Resources subcommittee will be making a recommendation regarding an approach and tools to better manage citywide technology equipment. This will be a FY 08-09 budget item.