office of the chief information officer - new brunswick · this strategic leadership role will...
TRANSCRIPT
1 | P a g e
Office of the Chief Information Officer
Business Plan: 2012 – 2015
Department / Ministère: Executive Council
Date: November 15, 2012
3 | P a g e
Contents The Business Plan Overview ......................................................................................................................... 4
Our Mission ............................................................................................................................................... 4
Our Goals and Objectives .......................................................................................................................... 4
Our Mandate ................................................................................................................................................. 6
Our Partnerships ....................................................................................................................................... 6
Our Mission ................................................................................................................................................... 7
Our Guiding Principles .................................................................................................................................. 8
OCIO Overview .............................................................................................................................................. 9
Our Lines of Business .................................................................................................................................. 10
Our Detailed Business Plan ......................................................................................................................... 11
Appendix ..................................................................................................................................................... 17
The OCIO Business Plan (2012 – 2015)
4 | P a g e
The Business Plan Overview
Our Mission
By 2015, the Office of the CIO (OCIO) will be recognized for enabling GNB
strategy through having strategically coordinated, led and assured enterprise-wide information management (IM) and information
communications technology (ICT) assets, in partnership with GNBs public bodies and the private sector.
Our Goals and Objectives
Goal 1: By March 31, 2015, the OCIO will be strategically leading, coordinating and enabling enterprise-wide IM and ICT planning in partnership with GNB's public bodies and the private sector, to enable GNB strategy.
Objectives:
1
By March 31, 2013, the OCIO will have improved alignment of IM and ICT planning to facilitate information and infrastructure re-use and sharing.
2
By March 31, 2014, the OCIO will have produced enterprise-aligned IM and ICT plans, roadmaps and architectures to proactively align future requirements.
3 By March 31, 2015, the OCIO will have a mature and continuously improved Enterprise Architecture Framework.
Goal 2:
By March 31, 2015, the OCIO will be assisting GNB public bodies in achieving or surpassing savings targets established in Budget process.
Objectives:
1
By March 31, 2013, the OCIO will have improved alignment of IM and ICT investment to fit with planned enterprise solutions.
2
By March 31, 2014, the OCIO will have produced timely and relevant information on the portfolio of IM and ICT investment to government, to ensure constant alignment with evolving GNB priorities.
3 By March 31, 2015, the OCIO will have a mature and continuously improved Portfolio Management System.
The OCIO Business Plan (2012 – 2015)
5 | P a g e
Goal 3: By March 31, 2015, the OCIO will have enabled government to monitor and direct public body IM and ICT risk and compliance activity to minimize unplanned service outages and information security incidents.
Objectives:
1
By March 31, 2013, the OCIO will have improved government-wide IM and ICT risk and compliance management and reporting.
2
By March 31, 2014, the OCIO will be continuously producing and delivering timely and relevant information on the state of government-wide IM and ICT risk, compliance, incident, and threat management.
3 By March 31, 2015, the OCIO will have a mature and continuously improved Enterprise IM and ICT Governance, Risk and Compliance, and Security Event Management Programs.
Goal 4:
By March 31, 2015, the Office of the CIO will be an effective, capability matured, and continuously improved business-enabling organization.
Objectives:
1
By March 31, 2013, the OCIO will have been appropriately staffed, with renewed OCIO operational standards and processes, and have published the OCIO Management System.
2
By March 31, 2014, the OCIO will have completed an operational review of the OCIO Management System; assuring operational effectiveness.
3 By March 31, 2015, the OCIO will have again completed an OCIO Management System review and acted on any 2014 review deficiencies.
The OCIO Business Plan (2012 – 2015)
6 | P a g e
Our Mandate
GNB has recently announced that the role of the Chief Information Officer (CIO) is
being broadened and strengthened. The new CIO is to be responsible for improving
traditional information management and ensuring the provincial government is
making the most cost effective and efficient use of existing and emerging
technologies. This strategic leadership role will provide key advice to Government,
enabling alignment and renewal, and the reuse of assets while providing the
necessary oversight to assure effective and efficient results across all GNB public
bodies.
The newly created OCIO will contribute to management oversight via the enterprise
governance of all IM and ICT within the NB public sector and thus ensure that there
is an enterprise-wide information, risk and compliance management framework to
support the delivery of government services. This oversight will also enable the
maximization of benefits from investment in IM and ICT, facilitate a focus on
innovation in government and service delivery, reduce the duplication of effort, and
minimize information security risks.
We plan to build on past successes and continue to improve the capability to control
costs, while improving government-wide effectiveness and efficiencies. Maturity in
governing IM and ICT will achieve resource (time, cost, quality) conservation. By
redeploying these resources, using a whole-of-government approach, we will be in a
better position to grow and ultimately transform how we serve our citizens through
the innovative use of IM and ICT.
The CIO Office operates from within the Executive Council Office. The CIO Office is
responsible for all IM and ICT resources across all public bodies through leadership,
governance, coordination, management strategies, plans, priorities, policies,
standards and processes. All new investment expenditures related to IM and ICT
resources in public bodies, shall be overseen, monitored, coordinated and endorsed
by the CIO Office.
Our Partnerships
In concert with the OCIO, and in support of enterprise governance, risk and
compliance, each public body will be responsible for their own planning and oversight
capability, while ensuring that they effectively implement, deploy, manage, control
and operate the IM and ICT assets.
In addition, the Service delivery functions will be operated separate from the CIO
Office noting that in doing so the following benefits would be realized:
Allows for the OCIO to focus on strategy and enterprise solutions;
Allows the OCIO to exercise its expanded mandate to all parts of GNB;
The OCIO would have independence from operations thus enabling it to
oversee the IM & ICT functions across the public sector;
The OCIO will have the capability to partner with key IM and ICT stakeholders
like Internal Audit, Office of the Auditor General, Office of Strategy
Management branch and the Privacy Commissioner to provide domain specific
guidance.
The OCIO Business Plan (2012 – 2015)
7 | P a g e
Our Mission
LEAD – ENABLE - ASSURE
The mission statement identifies the priority focus area in support of the GNB
Strategy Map – A stronger economy and an enhanced quality of life, while
living within our means - over the next planning cycle. It represents the key result
that the Office of the Chief Information Officer (OCIO) will be working towards as
they move forward with government renewal. The statement also identifies the
measure(s) and indicator(s) that will assist both the OCIO and the public in
monitoring and evaluating success.
By 2015, the Office of the CIO will be recognized for enabling GNB strategy
through having strategically coordinated, led and assured enterprise-wide
IM and ICT assets, in partnership with GNBs public bodies and the private
sector.
MEASURE(S)
Improved IM and ICT oversight role to enable government to deliver services
in a more efficient and effective way;
Improved direction setting to achieve enterprise information readiness in
order to ensure IM and ICT assets deliver relevant, timely and quality
information;
Identify efficiencies of between 10 and 15 per cent over the next three years.
INDICATORS
Developed, published and provided awareness of an approved information
management policy framework;
Adopted formal, industry-leading, enterprise models for solution planning and
information assurance;
Savings have been identified and processes are in place to achieve them.
The OCIO Business Plan (2012 – 2015)
8 | P a g e
Our Guiding Principles
The OCIO will be recognized within the provincial public service, and as well as by its
external stakeholders, as innovators and leaders in IM and ICT solution planning and
information assurance.
As agents of change, we will lead the IM and ICT community with an intense focus
on:
Leadership
The OCIO works to establish purpose and direction for the Government of
New Brunswick (GNB) IM and ICT through an effective governance, risk
and compliance internal control environment in which people can become
fully involved in contributing to the business of GNB;
Enterprise requirements focused
The OCIO is a business enabler and as such, we focus on understanding
and delivering on the current and future needs of our customers,
contributing to cost effective Core Government Products and Services.
Enterprise Architecture, through working with the Enterprise Architecture
Executive Steering Committee, will identify projects consistent with the
strategy and objectives of GNB;
Employee participation
The whole is greater than the sum of the parts. The full involvement of all
IM and ICT employees within GNB will enable our abilities to be
maximized for the GNB’s benefit;
System approach
Striving to identify, understand and manage the interrelated processes as
a system contributes to the OCIO’s effectiveness and efficiency in
achieving its objectives;
Process and standards focused
Desired results are efficiently and effectively delivered when activities
and related resources are managed as a process, and those processes
are standardized;
Continual improvement
Continual improvement of the OCIO’s overall performance should be a
permanent objective for the OCIO;
Project Portfolio oriented
The OCIO Business Plan (2012 – 2015)
9 | P a g e
We will focus our GNB’s IM and ICT efforts, maximize our deliverables,
and ensure effective internal communications through utilizing a project
portfolio management framework;
Risk Management
During the development and implementation of our IM and ICT
strategies, risks must be understood, evaluated and managed; noting
that managed does not mean eliminated. Risk can be accepted,
mitigated, or transferred with insurance for example;
Factual approaches to decision making
Effective decisions are based on the analysis of data and information.
Decisions cannot be made on the basis of assumptions.
OCIO Overview
The Office of the Chief Information Officer (OCIO) was established in November 2011
as a result of recommendations by the Chief Information Officer (CIO) and in support
of government renewal.
The Government of New Brunswick (GNB) has had a CIO for many years however
the mandate for the position has been limited to the coordination of IM and ICT
management and the delivery of selected operational corporate IM and ICT services
for only a portion of government. Today, the OCIO reflects a changed mandate one
which provides a more strategic, coordinated and focused approach to information
and technology services across government. The CIO is to be responsible for
improving traditional information management and ensuring the provincial
government is making the most cost effective and efficient use of existing and
emerging technologies. OCIO will Lead, Enable and Assure:
Lead
Advise Government and public bodies on strategic management and direction;
Through service oriented architecture, strategic alignment, and project
portfolio management, minimize overlap by reducing redundancy and cost in
provincial operations;
Working collaboratively with the private IT sector to maximize business
opportunities while meeting the information technology and information
management needs of government;
The OCIO Business Plan (2012 – 2015)
10 | P a g e
Enable
Policy and standards development to enable enterprise-wide alignment and
reuse of assets;
Community capacity development providing consultative services, particularly
in the area of information management, IM and ICT governance, risk and
compliance, and information security;
Assure
Oversight to ensure compliance (policies and standards) to integrate
initiatives, and to ensure effective project portfolio management;
Strategic alignment of procurement and vendor relationship management to
the benefit of the enterprise;
Manage performance to improve capability and maturity; and
Partnership with Office of the Comptroller - Internal Audit, Office of the
Auditor General, Strategy Management Group and Privacy Commissioner.
The 2012-13 Budget for the OCIO is $6,458,000. This includes general operations
(such as salaries, supplies, infrastructure and facility improvements), and funding for
government-wide solution planning and assurance solutions, as well as funding for
strategic initiatives to enable the GNB IM and ICT community.
Our Lines of Business
In delivering its mandate, the OCIO provides the following services to its clients to
create optimal value from IM and ICT:
SOLUTION PLANNING:
The OCIO provides the following leading and enabling services to all provincial public
bodies:
Enterprise Architecture to lead IM and ICT strategic alignment to provincial
business objectives to facilitate transforming business vision and strategy into
effective enterprise change;
Service Oriented Architecture to provide shareable, reusable, and
reconfigurable IM and ICT services that allow efficient and secure access to
core corporate information contributing to the improvement of GNB service
delivery;
Strategic Sourcing through leadership and guidance, minimize IM and ICT
acquisition costs at the enterprise-level;
Project Portfolio Management to organize to ensure IM and ICT resources are
aligned and focused to realize strategy and optimize investments in IM and
ICT, thus maintaining strategic alignment;
Strategic Alignment in support of Project Portfolio Management through
reviewing and analyzing public body procurement requests, and providing
enterprise efficiency recommendations.
The OCIO Business Plan (2012 – 2015)
11 | P a g e
INFORMATION ASSURANCE:
The OCIO provides the following assurance services to all provincial public bodies:
IM and ICT Governance, Risk and Compliance leadership, consulting, and
assessment;
Security Event Management and mitigation strategies;
Vulnerability Assessment and IM and ICT Forensic Analysis capability;
Board of Management reporting:
o Total Cost of IT;
o Service-level Effectiveness;
o Security Posture, planned mitigation strategies and the likelihood of an
unplanned outage, data loss or data corruption;
o Policy and Standard compliance status representing and affecting IM
and ICT strategic alignment.
See appendix for a logical representation of our organization.
Our Detailed Business Plan
In New Brunswick the government is currently embarking on a renewal effort that
seeks to improve the culture of government to focus on core services, accountability
through performance measures, and continuous performance improvement.
The renewal effort also seeks to engage stakeholders to ensure there is alignment
between affordable quality public services and public expectations. Clear, consistent,
timely information will play a central role in these engagement efforts.
In consideration of government’s strategic direction of government renewal, thereby
increasing government’s efficiency and effectiveness, the Office of the Chief
Information Officer (OCIO) will provide leadership, guidance and a corporate focus
for the effective acquisition, implementation, coordination and management of
information technology in the government of New Brunswick. To this end, the OCIO
will focus on the following key issues over the next three years. The goals identified
for each issue reflect the results expected over a three year timeframe, while the
objectives provide an annual focus. Measures and Indicators of Success are provided
for both the goals and the objectives to assist both the OCIO and the public in
monitoring and evaluating success.
The OCIO Business Plan (2012 – 2015)
12 | P a g e
ISSUE 1: ENTERPRISE-WIDE PLANNING AND COORDINATION
The OCIO must effectively lead and enable government-wide IM and ICT planning
and coordination.
Goal 1: By March 31, 2015, the OCIO will be strategically leading, coordinating and enabling
enterprise-wide IM and ICT planning in partnership with GNB's public bodies and the
private sector, to enable GNB strategy.
Measure: Increase in the number of IM and ICT strategic plans that align with
government’s strategic plans.
Indicators of Success:
Fully implemented comprehensive IM and ICT governance program maturing
through a proven continuous improvement process;
Implemented OCIO-led process to enable comprehensive IM and ICT strategic
planning;
Published and communicated architectural roadmaps and strategies, policies,
standards and processes to plan and coordinate IM and ICT;
Designed, communicated and implemented IM and ICT strategic sourcing
strategy;
Fully implemented comprehensive IM and ICT formal vendor management
program, aligning strategic vendors with enterprise goals;
Objective 1 (2013):
By March 31, 2013, the OCIO will have improved alignment of IM and ICT planning
to facilitate information and infrastructure re-use and sharing.
Measure: Per the goal, an increase in the number of IM and ICT strategic plans that
align with government’s strategic plans.
Indicators of Success:
Published and initiated Enterprise Architecture governance implementation
plan;
Documented, communicated and implemented a comprehensive IM and ICT
strategic planning strategy and related processes;
Published and begun to implement a Strategic Sourcing implementation plan;
Refreshed and communicated Strategic Sourcing processes.
Objective 2 (2014):
By March 31, 2014, the OCIO will have produced enterprise-aligned IM & ICT plans,
roadmaps and architectures to proactively align future requirements.
The OCIO Business Plan (2012 – 2015)
13 | P a g e
Objective 3 (2015): By March 31, 2015, the OCIO will have a mature and continuously improved
enterprise-wide solution planning and coordinating environment.
ISSUE 2: ENTERPRISE-WIDE STRATEGIC IM AND ICT
INVESTMENT
Government must utilize an enterprise strategic approach to investing and achieving
important savings in IM and ICT.
Goal 2: By March 31, 2015, the OCIO will be assisting GNB public bodies in achieving or
surpassing savings targets established in Budget process.
Measure: Improved total cost of IM and ICT ownership.
Indicators of Success:
Implemented system to acquire and view information about all IM and ICT
projects;
Developed and implemented a complete framework for categorizing,
measuring, balancing, prioritizing, selecting, monitoring, and nimbly changing
the composition of IM and ICT investments and assets;
Improved “big picture” view of the IM and ICT portfolio providing opportunity
for increased visibility of the portfolio;
Developed and governed process to ensure that IM and ICT resources are
aligned, to government’s strategic plans, and therefore focused to optimize
the IM and ICT spend and also deliver the most beneficial enterprise services.
Objective 1 (2013):
By March 31, 2013, the OCIO will have improved alignment of IM and ICT
investment to fit with planned enterprise solutions.
Published and initiated Project Portfolio Management governance
implementation plan;
Documented, communicated and implemented an IM and ICT Strategic
Alignment implementation plan;
Objective 2 (2014):
By March 31, 2014, the OCIO will have produced timely and relevant information on
the portfolio of IM and ICT investment to government to ensure constant alignment
with evolving GNB priorities.
The OCIO Business Plan (2012 – 2015)
14 | P a g e
Objective 3 (2015): By March 31, 2015, the OCIO will have a mature and continuously improved Project
Portfolio Management System.
ISSUE 3: INFORMATION AND TECHNOLOGY ASSURANCE (MANAGEMENT
AND PROTECTION)
Government must deliver IM and ICT in a secure environment while managing the
evolution of technology and information requirements.
Goal 3: By March 31, 2015, the OCIO will have enabled government to monitor and direct
public body IM and ICT risk and compliance activity, to minimize unplanned service
outages and information security incidents.
Measure: Measured and improved security posture, policy compliance and assurance
capability maturity.
Indicators of Success:
Implemented and utilized an enterprise IM and ICT governance system,
enabling policy compliance and exception management, as well as security
posture management;
Enhanced security infrastructure with modernized vulnerability assessment
and forensics capability;
Provincial government wide security event collection and management center;
and,
Provided advisory services to departments enabling them to increase their
information assurance capacity.
Objective 1 (2013):
By March 31, 2013, the OCIO will have improved government-wide IM and ICT risk
and compliance management and reporting.
Measure: Improved security posture, policy compliance and assurance capability
maturity.
Indicators of Success:
Published assurance-specific standards and processes to improve the
protection and assurance of information and technology in government;
Implemented basic functionality in the IM and IT Governance, Risk and
Compliance (GRC) system: policy, risk, and vendor management modules;
Implemented Vulnerability Assessment Engine and Security Event Collection
Engine.
The OCIO Business Plan (2012 – 2015)
15 | P a g e
Objective 2 (2014):
By March 31, 2014, the OCIO will be continuously producing and delivering timely
and relevant information on the state of government-wide IM and ICT risk,
compliance, incident, and threat management.
Objective 3 (2015):
By March 31, 2015, the OCIO will have a mature and continuously improved
Enterprise IM and ICT Governance, Risk and Compliance, and Security Event
Management Programs.
ISSUE 4: SUSTAINABLE OFFICE OF THE CHIEF INFORMATION OFFICER
(OCIO)
The Office of the Chief Information Officer (OCIO) will contribute significantly to the
GNB vision through establishing a successful transition to a sustainable Office of the
CIO.
Goal 4: By March 31, 2015, the Office of the CIO will be an effective, capability-matured, and
continuously improved business-enabling organization.
Measures: Improved capability model score for the scope of the OCIO.
Indicators of Success:
Documented and maintained OCIO Management System enabling the
continuous improvement of the OCIO processes;
Refreshed OCIO standard processes enabling the efficient and effective
delivery of OCIO services to government;
Fully staffed OCIO that is appropriately certified in the relevant areas of
expertise;
Developed and delivered education, training and awareness tools used across
government to support OCIO IM and ICT governance goals;
Objective 1 (2013):
By March 31, 2013, the OCIO will have appropriately staffed the OCIO, renewed
OCIO operational standards and processes, and published the OCIO Management
System.
Measure: Published governance documents and evident capability within the initiated
programs.
Indicators of Success:
All identified vacant positions within the OCIO filled with qualified individuals;
The OCIO Business Plan (2012 – 2015)
16 | P a g e
Refreshed and published OCIO-internal policies, standards and processes
which are based on industry best practices and adhered to as common OCIO
practice;
OCIO administration manual updated and published; reflecting the refreshed
policies, standards and processes.
Objective 2 (2014):
By March 31, 2014, the OCIO will have completed an operational review of the OCIO
Management System; assuring operational effectiveness.
Objective 3 (2015):
By March 31, 2015, the OCIO will have again completed an OCIO Management
System review and acted on any 2014 review deficiencies.