All Group 1 and 2 agencies are required to complete an IT plan as required by A.R.S. § 41-3504 (A (1)) on or before September 1st of each fiscal year. These plans along with a standards assessment are entered by each agency into the online Planning Applications for Reporting IT Strategies (PARIS) and the Technology Infrastructure Standards Assessment (TISA) applications. The S805 IT Risk management Standard provides additional information for PARIS and TISA applications as well as a list of Group 1 and Group 2 agencies.
Group 1’s are agencies with major funded programs and budgets critical to public service and life safety. These agencies are supported by a large infrastructure of platforms, software, networks, security, data/information, and personnel to serve the public. Group 1’s will use both the online Planning Application for Reporting IT Strategies (PARIS) and the Information Services Inventory Status. Rather than completing and submitting a Technology Infrastructure Standards Assessment (TISA) in FY 2012, G1s will work on remediation of findings for their FY 2011 security assessments.
Group 2’s are agencies, boards and commissions that have funded programs or 90/10 funded programs as a result of legal mandates, or services critical to the public with sufficient IT technologies and security to serve the public. Group 2’s will use only the TISA for standards assessment for FY 2012, because their IT Plans will be impacted by upcoming Enterprise Architecture (EA) efforts.
Purpose of Strategic IT Planning
IT Strategic planning helps the state perform a better job from a technology standpoint. It is developed to ensure that agencies of the state are working toward the same goals and to adjust accordingly in response to a changing environment with programs and services as well as other statewide initiatives. IT Strategic planning is a disciplined effort to produce plans and actions that shape and guide the framework and infrastructure of an agency with a focus on the future.
The agency IT plan should support the direction of the state by:
- Addressing statewide strategic IT goals as identified in the Statewide Strategic IT Plan as published
- Leveraging and sharing statewide IT resources
- Complying with Statewide IT Architecture standards available here.
- Pro-actively mitigating Privacy and IT Security risks and vulnerabilities with specific plans to close or mitigate technology gaps
IT plans should be focused on:
- Supporting IT direction that supports the direction of agency programs, benefits and services
- Improving the integration of services and data/information for better efficiencies for the agency
- Communicating to promote awareness among agency constituents, employees, and stakeholders about the capabilities of IT in adding value to agency programs and services
- Proactively addressing confidential information protection needs of all stakeholders
Please refer to the Governor’s Office for Strategic Planning and Budgeting’s Managing for Results - Strategic Planning and Performance Measurement Handbook for further definitions on goals, objectives, trends and issues.
Separate Logon ID’s and Passwords are required for online access to PARIS and TISA applications. Agency personnel must first obtain approval from the agency CIO for access to PARIS or TISA and then can obtain Logon ID’s and Passwords from ADOA-ASET by contacting the ADOA-ASET Planning Manager at either (602) 364-4790.
Previous year IT Plans for Group 1 agencies have been rolled-over into current year for additions or revisions to IT goals, objectives, performance measures and other updates for each agency. An agency may need to identify additional IT goals and objectives in their IT Plans to mitigate findings and technology gaps identified in their agency’s FY2011 security risk assessment results.
For Group 2’s, the TISA questionnaire for FY 2012 will address standards compliance on privacy and security with “Yes or No” questions. A “No” response is considered as NON-COMPLIANT or NOT-APPLICABLE to the agency and requires an explanation in the comments section at the bottom of the survey.
Completing the IT Plan
Once an IT Plan has been entered an agency can continuously change its plans as long as the status at the top remains as “Work in Progress”. When the status has changed to “SUBMITTED” by the agency, this prevents the plan from further updates. If the status is accidentally changed, a phone call to ADOA-ASET at (602) 364-4790 can change the status back to “Work in Progress. When a plan has been changed to “SUBMITTED”, ADOA-ASET will review the IT Plan against evaluation criteria identified in the P136 IT Planning Policy, Attachment B, and change the status to either modification requested or APPROVED within one week of a “SUBMITTED” plan. When an agency completes their IT plan, the State CIO sends a letter to each agency’s CEO noting either plan approval or disapproval, usually around the beginning of the calendar year.
Goals are targets for the agency over multiple years while objectives refer to the activities taken to reach these goals. As such there may be multiple objectives for the same goal. Each objective needs a measure of progress towards achieving its endpoint. These performance measures are projected forward for five years in the future. Performance measures fall into five different categories as defined in the OSPB Handbook mentioned above; namely efficiency, input, outcome, output and quality. In addition, there are four possible statuses of a particular performance measure: completed, un-funded, in process or on hold.
Previous year’s IT plan are rolled-over into current year for updating in late May or early June so that agencies can continue to improve and perform IT Planning prior to the close of the fiscal year which is the busiest time of the year for many state agencies.