Information Systems Services ISS Policies and Procedures Technology Management Process

================================================================ ISSUE DATE EFFECTIVE DATE

================================================================= PURPOSE: To provide policies and procedures for Palm Beach County to adopt new technology, applications, and major technology upgrades. AUTHORITY: Information Systems Services (ISS) Technology Policy Advisory Committee (TPAC) POLICY: The design, planning and deployment of all new technology, applications, and major technology, upgrades should be carried out using formal project methodologies. Before a technology is considered for deployment within Palm Beach County, it must be evaluated for consistency against the Countys IT strategy, policies, and Enterprise Information Technology Architecture (EITA). All aspects of the new technology implementation need to be assessed, including: Business benefits to be obtained from the adoption of the new technology; Requirements and needs of the new technology; The cost of the change including long term maintenance; Impact on Palm Beach County of the new technology; Stability of the new technology and its anticipated life span; Assessment and management of the risks associated with the new technology; 1

Revised on March 7, 2006

DRAFT

Impact on the IT infrastructure of the new technology; Integration of new technology with the existing technology; Installation, testing, deployment, operation and support of the new technology; and, Decommissioning of obsolescent technology.

APPLICABILITY: All technologies being considered for deployment including network devices and services, hardware, software and technology upgrades. The scope of this PPM includes new technology, related projects, products and services.

GENERAL PROCEDURES REQUIRED FOR NEW TECHNOLOGY ADOPTION

Strategic Planning and Security Division This division will manage the New Technology Adoption Process by coordinating meetings, issuing minutes and maintaining the official Technology Awareness List. ISS Directors and Managers As new technologies are researched, piloted, and deployed, the ISS Management Team will designate those who will be responsible for the specified deliverables. Enterprise Architecture Committee (EAC) This ISS internal committee consists of subject matter experts from Technical Infrastructure Services, Application Services, and Strategic Planning and Security Services. Technical Advisory Committee (TAC) This advisory committee is composed of ISS and technical representatives of selected County agencies. It is responsible for reviewing and proposing updates to all technical standards. Technology Policy Advisory Committee (TPAC) The TPAC membership consists of executive level employees (department directors and above) who can lend financial, technical, and administrative support to enhance the operational effectiveness of the Countys enterprise technology infrastructure. Revised on March 7, 2006 2

DRAFT

Procedure Submit ISS Plans and Initiatives All ISS plans and initiatives for pilots, prototypes, technology research, experimentation, vendor presentations, small proofs of concept and structured pilots should be submitted to the Director, Strategic Services using the Project Concept Template (see Exhibit A). A detailed Business Case is required if the request is to purchase or develop products that involve financial investments above $20,000 and/or that are not consistent with the Enterprise Information Technology Architecture (see Exhibit B Information Technology Initiative Business Case Template). The Director of Strategic Services will publish the item for discussion at the weekly Directors meeting. If appropriate, the Senior Manager of Strategic Planning will evaluate the plan or proposed initiative, and present it to the EAC and TAC who will be responsible for reviewing it and issuing recommendations. The Senior Manager of Strategic Planning is responsible for notifying the requester in writing of the decision and will also forward a copy of the recommendations to the ISS Directors. Note that the ISS Director makes the final decision as to whether to proceed with the project, product, or service. If the proposed initiative is major in scope and involves multiple departments, the ISS Director will present the proposal to TPAC for its review and recommendations prior to signing off on the project. Execute the Pilot or Prototype Project The emphasis of the pilot is to quickly gain firsthand knowledge and practical experience through a proof of concept. However, pilot projects are executed in much the same manner as any other type project and the core processes of planning, execution, controlling, and closing are the same. It should include metrics in order to indicate the performance outcomes of the project including an existing baseline, planned performance improvement goals, and actual performance improvement results. ISS management will appoint a project manager and project team. The project team is responsible for issuing a formal recommendation to the ISS Management Team upon completion of the project. Evaluate Pilot or Prototype Based on recommendations of the pilot project team and the performance improvement results, the new knowledge should be adopted, plans for improvement should be created and new baselines should be established as necessary. If it is recommended that the technology should not be deployed at this time, then a future date is noted on the Technology Awareness List to revisit the decision. If the recommendation is to move ahead with full countywide deployment of the new technology, it will present its findings to the TPAC and TAC for their review and recommendations. The ISS Director makes the final decision on whether to move forward with Countywide deployment.

Revised on March 7, 2006

DRAFT

Detailed Business Plan for Countywide Technology Deployment All of the documents listed in Appendix A will need to be reviewed to ensure that the project is valid based on compatibility with the Countys IT policies, strategies, architecture, and plans. All deviations must be fully documented. If revisions are necessary, then this information must also be included in the Detailed Business Plan. The Detailed Business Plan will contain the following elements: Project charter. A description of the project management approach or strategy. Scope statement, which includes the project objectives and deliverables. Identification and allocation of the appropriate resources. Identification of external dependencies with other associated projects and/or technologies. Recognition of equipment and software lead times within project timelines. Realistic and achievable timelines and deliverables. Detailed explanation of impacts on operations, organizations, and technology architecture and how these impacts will be handled. Financial Management: identification of funding, amounts and sources. Capacity Management: explanation of how sufficient capacity will be addressed. Security Management: verification that the changes conform to the Security Policies and that no security aspects or availability targets are threatened, in either new or existing components or services. Business Continuity Plan: verification of business continuity plan. Work Breakdown Structure (WBS) to the level at which control will be exercised, as a baseline scope document. Cost estimates, schedule start and finish dates (schedule), and responsibility assignments for each deliverable within the WBS to the level at which control will be exercised. Performance measurement baselines for technical scope, schedule, and cost.

Revised on March 7, 2006

DRAFT

Major milestones and target dates for each. Key or required staff and their expected cost and/or effort. Risk management plan, including key risks, constraints, assumptions, and planned consequences and contingencies for each. Project organization chart. Responsibility Assignment Matrix that relates the project organization structure to the work breakdown structure to help ensure that each element of the projects scope of work is assigned to a responsible individual. This includes both ISS support staff and department support staff. Supporting detail.

The ISS Director or designee will present this report to TPAC for their review and recommendation. Execute Project Project progress is controlled and monitored with the project tracking mechanisms that currently exist. It is important to ensure that: Help Desk: the staff at the Help Desk are kept informed of project progress and provided with the adequate documentation and planned handover dates. Change Management: all changes to the infrastructure are subjected to all change management processes. Configuration Management: all new components and services are entered into the configuration management database and are subjected to configuration management processes. Release Management: the deployment of all new or amended infrastructure components is controlled by release management processes. Quality Assurance: project performance is evaluated on a regular basis to provide confidence that the project will satisfy the relevant quality standards. Training and Team Development: individual and group competencies are developed to enhance project performance.

Revised on March 7, 2006

DRAFT

Operations: staff is ready to assume the day-to-day support and monitoring of all new operational components and services.

Produce New Proposed Standards In conjunction with the project completion, documented standards, guidelines and rules for usage are a required part of the project outputs.

Revised on March 7, 2006

DRAFT

Review New Standards The ISS Director or designee presents the new proposed standards to the TAC and TPAC for adoption. The ISS Director has ultimate authority for approving IT standards in the County. Implement New Standards Upon sign-off and approval by the ISS Director, new standards are implemented published and monitored by ISS. The Enterprise Information Technology Architecture Document is updated. Decommissioning of obsolescent technology A plan for decommissioning of technology being replaced is developed (if appropriate).

Revised on March 7, 2006

DRAFT

APPENDIX A Policies, Strategies, Architecture, and Plans The following documents need to be reviewed for possible revision for accommodation of the new technology or technology upgrade. Information Resource Security Policies; ISS Strategic Plan: 2004-2006, A Blueprint for Excellence; applications policies and standards; business case standards; cabling standards and policies; contract policies and standards; communications policies and standards; data policies and standards; database standards and policies; design standards and policies; desktop and laptop policies and standards; development standards, methods and policies; document management policies and standards (CINEMA); e-government standards and policies; e-mail and groupware standards and policies; environmental policies and standards; technology standards and polices; PBC intranet/Internet standards and policies; network standards and polices; 8

Revised on March 7, 2006

DRAFT

network addressing standards and policies; procurement standards and policies; project planning policies and standards; project review standards and policies; prototyping standards and policies; quality standards and policies; remote access standards and policies; storage policies and standards; supplier standards and policies; testing policy and standards; and, user interfaces and standards.

Revised on March 7, 2006

DRAFT

Source: Solution to reported problem

Source: New requirement from customer

New Technology Introduced

Source: Request for change in architecture

Strategic Services & Security

Potential Benefit

No

Technology Awareness

Yes Develop Project Concept/ Business Case

Pilot or Prototype

Yes

Approval to Continue

No

Document Decision

Evaluate Pilot Project

Favorable

Develop Detailed Business Plan including staffing, costs, timeline, and performance metrics for Countywide implementation Yes

Unfavorable

Document Decision

Approval to Continue

Operational Plan

Project Plan

Technical Plan

Confirm goals and performance metrics

Update architecture

Monitor Problems and Update Lessons Learned

Production

Revised on March 7, 2006

10

DRAFT