office of the chief information officer - new brunswick€¦ · this strategic leadership role will...

1 | P a g e

Office of the Chief Information Officer

Business Plan: 2012 – 2015

Department / Ministère: Executive Council

Date: November 15, 2012

2 | P a g e

This Page Left Intentionally Blank

3 | P a g e

Contents The Business Plan Overview ......................................................................................................................... 4

Our Mission ............................................................................................................................................... 4

Our Goals and Objectives .......................................................................................................................... 4

Our Mandate ................................................................................................................................................. 6

Our Partnerships ....................................................................................................................................... 6

Our Mission ................................................................................................................................................... 7

Our Guiding Principles .................................................................................................................................. 8

OCIO Overview .............................................................................................................................................. 9

Our Lines of Business .................................................................................................................................. 10

Our Detailed Business Plan ......................................................................................................................... 11

Appendix ..................................................................................................................................................... 17

The OCIO Business Plan (2012 – 2015)

4 | P a g e

The Business Plan Overview

Our Mission

By 2015, the Office of the CIO (OCIO) will be recognized for enabling GNB

strategy through having strategically coordinated, led and assured enterprise-wide information management (IM) and information

communications technology (ICT) assets, in partnership with GNBs public bodies and the private sector.

Our Goals and Objectives

Goal 1: By March 31, 2015, the OCIO will be strategically leading, coordinating and enabling enterprise-wide IM and ICT planning in partnership with GNB's public bodies and the private sector, to enable GNB strategy.

Objectives:

1

By March 31, 2013, the OCIO will have improved alignment of IM and ICT planning to facilitate information and infrastructure re-use and sharing.

2

By March 31, 2014, the OCIO will have produced enterprise-aligned IM and ICT plans, roadmaps and architectures to proactively align future requirements.

3 By March 31, 2015, the OCIO will have a mature and continuously improved Enterprise Architecture Framework.

Goal 2:

By March 31, 2015, the OCIO will be assisting GNB public bodies in achieving or surpassing savings targets established in Budget process.

Objectives:

1

By March 31, 2013, the OCIO will have improved alignment of IM and ICT investment to fit with planned enterprise solutions.

2

By March 31, 2014, the OCIO will have produced timely and relevant information on the portfolio of IM and ICT investment to government, to ensure constant alignment with evolving GNB priorities.

3 By March 31, 2015, the OCIO will have a mature and continuously improved Portfolio Management System.


5 | P a g e

Goal 3: By March 31, 2015, the OCIO will have enabled government to monitor and direct public body IM and ICT risk and compliance activity to minimize unplanned service outages and information security incidents.

Objectives:

1

By March 31, 2013, the OCIO will have improved government-wide IM and ICT risk and compliance management and reporting.

2

By March 31, 2014, the OCIO will be continuously producing and delivering timely and relevant information on the state of government-wide IM and ICT risk, compliance, incident, and threat management.

3 By March 31, 2015, the OCIO will have a mature and continuously improved Enterprise IM and ICT Governance, Risk and Compliance, and Security Event Management Programs.

Goal 4:

By March 31, 2015, the Office of the CIO will be an effective, capability matured, and continuously improved business-enabling organization.

Objectives:

1

By March 31, 2013, the OCIO will have been appropriately staffed, with renewed OCIO operational standards and processes, and have published the OCIO Management System.

2

By March 31, 2014, the OCIO will have completed an operational review of the OCIO Management System; assuring operational effectiveness.

3 By March 31, 2015, the OCIO will have again completed an OCIO Management System review and acted on any 2014 review deficiencies.


6 | P a g e

Our Mandate

GNB has recently announced that the role of the Chief Information Officer (CIO) is

being broadened and strengthened. The new CIO is to be responsible for improving

traditional information management and ensuring the provincial government is

making the most cost effective and efficient use of existing and emerging

technologies. This strategic leadership role will provide key advice to Government,

enabling alignment and renewal, and the reuse of assets while providing the

necessary oversight to assure effective and efficient results across all GNB public

bodies.

The newly created OCIO will contribute to management oversight via the enterprise

governance of all IM and ICT within the NB public sector and thus ensure that there

is an enterprise-wide information, risk and compliance management framework to

support the delivery of government services. This oversight will also enable the

maximization of benefits from investment in IM and ICT, facilitate a focus on

innovation in government and service delivery, reduce the duplication of effort, and

minimize information security risks.

We plan to build on past successes and continue to improve the capability to control

costs, while improving government-wide effectiveness and efficiencies. Maturity in

governing IM and ICT will achieve resource (time, cost, quality) conservation. By

redeploying these resources, using a whole-of-government approach, we will be in a

better position to grow and ultimately transform how we serve our citizens through

the innovative use of IM and ICT.

The CIO Office operates from within the Executive Council Office. The CIO Office is

responsible for all IM and ICT resources across all public bodies through leadership,

governance, coordination, management strategies, plans, priorities, policies,

standards and processes. All new investment expenditures related to IM and ICT

resources in public bodies, shall be overseen, monitored, coordinated and endorsed

by the CIO Office.

Our Partnerships

In concert with the OCIO, and in support of enterprise governance, risk and

compliance, each public body will be responsible for their own planning and oversight

capability, while ensuring that they effectively implement, deploy, manage, control

and operate the IM and ICT assets.

In addition, the Service delivery functions will be operated separate from the CIO

Office noting that in doing so the following benefits would be realized:

Allows for the OCIO to focus on strategy and enterprise solutions;

Allows the OCIO to exercise its expanded mandate to all parts of GNB;

The OCIO would have independence from operations thus enabling it to

oversee the IM & ICT functions across the public sector;

The OCIO will have the capability to partner with key IM and ICT stakeholders

like Internal Audit, Office of the Auditor General, Office of Strategy

Management branch and the Privacy Commissioner to provide domain specific

guidance.


7 | P a g e

Our Mission

LEAD – ENABLE - ASSURE

The mission statement identifies the priority focus area in support of the GNB

Strategy Map – A stronger economy and an enhanced quality of life, while

living within our means - over the next planning cycle. It represents the key result

that the Office of the Chief Information Officer (OCIO) will be working towards as

they move forward with government renewal. The statement also identifies the

measure(s) and indicator(s) that will assist both the OCIO and the public in

monitoring and evaluating success.

By 2015, the Office of the CIO will be recognized for enabling GNB strategy

through having strategically coordinated, led and assured enterprise-wide

IM and ICT assets, in partnership with GNBs public bodies and the private

sector.

MEASURE(S)

Improved IM and ICT oversight role to enable government to deliver services

in a more efficient and effective way;

Improved direction setting to achieve enterprise information readiness in

order to ensure IM and ICT assets deliver relevant, timely and quality

information;

Identify efficiencies of between 10 and 15 per cent over the next three years.

INDICATORS

Developed, published and provided awareness of an approved information

management policy framework;

Adopted formal, industry-leading, enterprise models for solution planning and

information assurance;

Savings have been identified and processes are in place to achieve them.


8 | P a g e

Our Guiding Principles

The OCIO will be recognized within the provincial public service, and as well as by its

external stakeholders, as innovators and leaders in IM and ICT solution planning and

information assurance.

As agents of change, we will lead the IM and ICT community with an intense focus

on:

Leadership

The OCIO works to establish purpose and direction for the Government of

New Brunswick (GNB) IM and ICT through an effective governance, risk

and compliance internal control environment in which people can become

fully involved in contributing to the business of GNB;

Enterprise requirements focused

The OCIO is a business enabler and as such, we focus on understanding

and delivering on the current and future needs of our customers,

contributing to cost effective Core Government Products and Services.

Enterprise Architecture, through working with the Enterprise Architecture

Executive Steering Committee, will identify projects consistent with the

strategy and objectives of GNB;

Employee participation

The whole is greater than the sum of the parts. The full involvement of all

IM and ICT employees within GNB will enable our abilities to be

maximized for the GNB’s benefit;

System approach

Striving to identify, understand and manage the interrelated processes as

a system contributes to the OCIO’s effectiveness and efficiency in

achieving its objectives;

Process and standards focused

Desired results are efficiently and effectively delivered when activities

and related resources are managed as a process, and those processes

are standardized;

Continual improvement

Continual improvement of the OCIO’s overall performance should be a

permanent objective for the OCIO;

Project Portfolio oriented


9 | P a g e

We will focus our GNB’s IM and ICT efforts, maximize our deliverables,

and ensure effective internal communications through utilizing a project

portfolio management framework;

Risk Management

During the development and implementation of our IM and ICT

strategies, risks must be understood, evaluated and managed; noting

that managed does not mean eliminated. Risk can be accepted,

mitigated, or transferred with insurance for example;

Factual approaches to decision making

Effective decisions are based on the analysis of data and information.

Decisions cannot be made on the basis of assumptions.

OCIO Overview

The Office of the Chief Information Officer (OCIO) was established in November 2011

as a result of recommendations by the Chief Information Officer (CIO) and in support

of government renewal.

The Government of New Brunswick (GNB) has had a CIO for many years however

the mandate for the position has been limited to the coordination of IM and ICT

management and the delivery of selected operational corporate IM and ICT services

for only a portion of government. Today, the OCIO reflects a changed mandate one

which provides a more strategic, coordinated and focused approach to information

and technology services across government. The CIO is to be responsible for

improving traditional information management and ensuring the provincial

government is making the most cost effective and efficient use of existing and

emerging technologies. OCIO will Lead, Enable and Assure:

Lead

Advise Government and public bodies on strategic management and direction;

Through service oriented architecture, strategic alignment, and project

portfolio management, minimize overlap by reducing redundancy and cost in

provincial operations;

Working collaboratively with the private IT sector to maximize business

opportunities while meeting the information technology and information

management needs of government;


10 | P a g e

Enable

Policy and standards development to enable enterprise-wide alignment and

reuse of assets;

Community capacity development providing consultative services, particularly

in the area of information management, IM and ICT governance, risk and

compliance, and information security;

Assure

Oversight to ensure compliance (policies and standards) to integrate

initiatives, and to ensure effective project portfolio management;

Strategic alignment of procurement and vendor relationship management to

the benefit of the enterprise;

Manage performance to improve capability and maturity; and

Partnership with Office of the Comptroller - Internal Audit, Office of the

Auditor General, Strategy Management Group and Privacy Commissioner.

The 2012-13 Budget for the OCIO is $6,458,000. This includes general operations

(such as salaries, supplies, infrastructure and facility improvements), and funding for

government-wide solution planning and assurance solutions, as well as funding for

strategic initiatives to enable the GNB IM and ICT community.

Our Lines of Business

In delivering its mandate, the OCIO provides the following services to its clients to

create optimal value from IM and ICT:

SOLUTION PLANNING:

The OCIO provides the following leading and enabling services to all provincial public

bodies:

Enterprise Architecture to lead IM and ICT strategic alignment to provincial

business objectives to facilitate transforming business vision and strategy into

effective enterprise change;

Service Oriented Architecture to provide shareable, reusable, and

reconfigurable IM and ICT services that allow efficient and secure access to

core corporate information contributing to the improvement of GNB service

delivery;

Strategic Sourcing through leadership and guidance, minimize IM and ICT

acquisition costs at the enterprise-level;

Project Portfolio Management to organize to ensure IM and ICT resources are

aligned and focused to realize strategy and optimize investments in IM and

ICT, thus maintaining strategic alignment;

Strategic Alignment in support of Project Portfolio Management through

reviewing and analyzing public body procurement requests, and providing

enterprise efficiency recommendations.


11 | P a g e

INFORMATION ASSURANCE:

The OCIO provides the following assurance services to all provincial public bodies:

IM and ICT Governance, Risk and Compliance leadership, consulting, and

assessment;

Security Event Management and mitigation strategies;

Vulnerability Assessment and IM and ICT Forensic Analysis capability;

Board of Management reporting:

o Total Cost of IT;

o Service-level Effectiveness;

o Security Posture, planned mitigation strategies and the likelihood of an

unplanned outage, data loss or data corruption;

o Policy and Standard compliance status representing and affecting IM

and ICT strategic alignment.

See appendix for a logical representation of our organization.

Our Detailed Business Plan

In New Brunswick the government is currently embarking on a renewal effort that

seeks to improve the culture of government to focus on core services, accountability

through performance measures, and continuous performance improvement.

The renewal effort also seeks to engage stakeholders to ensure there is alignment

between affordable quality public services and public expectations. Clear, consistent,

timely information will play a central role in these engagement efforts.

In consideration of government’s strategic direction of government renewal, thereby

increasing government’s efficiency and effectiveness, the Office of the Chief

Information Officer (OCIO) will provide leadership, guidance and a corporate focus

for the effective acquisition, implementation, coordination and management of

information technology in the government of New Brunswick. To this end, the OCIO

will focus on the following key issues over the next three years. The goals identified

for each issue reflect the results expected over a three year timeframe, while the

objectives provide an annual focus. Measures and Indicators of Success are provided

for both the goals and the objectives to assist both the OCIO and the public in

monitoring and evaluating success.


12 | P a g e

ISSUE 1: ENTERPRISE-WIDE PLANNING AND COORDINATION

The OCIO must effectively lead and enable government-wide IM and ICT planning

and coordination.

Goal 1: By March 31, 2015, the OCIO will be strategically leading, coordinating and enabling

enterprise-wide IM and ICT planning in partnership with GNB's public bodies and the

private sector, to enable GNB strategy.

Measure: Increase in the number of IM and ICT strategic plans that align with

government’s strategic plans.

Indicators of Success:

Fully implemented comprehensive IM and ICT governance program maturing

through a proven continuous improvement process;

Implemented OCIO-led process to enable comprehensive IM and ICT strategic

planning;

Published and communicated architectural roadmaps and strategies, policies,

standards and processes to plan and coordinate IM and ICT;

Designed, communicated and implemented IM and ICT strategic sourcing

strategy;

Fully implemented comprehensive IM and ICT formal vendor management

program, aligning strategic vendors with enterprise goals;

Objective 1 (2013):

By March 31, 2013, the OCIO will have improved alignment of IM and ICT planning

to facilitate information and infrastructure re-use and sharing.

Measure: Per the goal, an increase in the number of IM and ICT strategic plans that

align with government’s strategic plans.


Published and initiated Enterprise Architecture governance implementation

plan;

Documented, communicated and implemented a comprehensive IM and ICT

strategic planning strategy and related processes;

Published and begun to implement a Strategic Sourcing implementation plan;

Refreshed and communicated Strategic Sourcing processes.

Objective 2 (2014):

By March 31, 2014, the OCIO will have produced enterprise-aligned IM & ICT plans,

roadmaps and architectures to proactively align future requirements.


13 | P a g e

Objective 3 (2015): By March 31, 2015, the OCIO will have a mature and continuously improved

enterprise-wide solution planning and coordinating environment.

ISSUE 2: ENTERPRISE-WIDE STRATEGIC IM AND ICT

INVESTMENT

Government must utilize an enterprise strategic approach to investing and achieving

important savings in IM and ICT.

Goal 2: By March 31, 2015, the OCIO will be assisting GNB public bodies in achieving or

surpassing savings targets established in Budget process.

Measure: Improved total cost of IM and ICT ownership.


Implemented system to acquire and view information about all IM and ICT

projects;

Developed and implemented a complete framework for categorizing,

measuring, balancing, prioritizing, selecting, monitoring, and nimbly changing

the composition of IM and ICT investments and assets;

Improved “big picture” view of the IM and ICT portfolio providing opportunity

for increased visibility of the portfolio;

Developed and governed process to ensure that IM and ICT resources are

aligned, to government’s strategic plans, and therefore focused to optimize

the IM and ICT spend and also deliver the most beneficial enterprise services.

Objective 1 (2013):

By March 31, 2013, the OCIO will have improved alignment of IM and ICT

investment to fit with planned enterprise solutions.

Published and initiated Project Portfolio Management governance

implementation plan;

Documented, communicated and implemented an IM and ICT Strategic

Alignment implementation plan;

Objective 2 (2014):

By March 31, 2014, the OCIO will have produced timely and relevant information on

the portfolio of IM and ICT investment to government to ensure constant alignment

with evolving GNB priorities.


14 | P a g e

Objective 3 (2015): By March 31, 2015, the OCIO will have a mature and continuously improved Project

Portfolio Management System.

ISSUE 3: INFORMATION AND TECHNOLOGY ASSURANCE (MANAGEMENT

AND PROTECTION)

Government must deliver IM and ICT in a secure environment while managing the

evolution of technology and information requirements.

Goal 3: By March 31, 2015, the OCIO will have enabled government to monitor and direct

public body IM and ICT risk and compliance activity, to minimize unplanned service

outages and information security incidents.

Measure: Measured and improved security posture, policy compliance and assurance

capability maturity.


Implemented and utilized an enterprise IM and ICT governance system,

enabling policy compliance and exception management, as well as security

posture management;

Enhanced security infrastructure with modernized vulnerability assessment

and forensics capability;

Provincial government wide security event collection and management center;

and,

Provided advisory services to departments enabling them to increase their

information assurance capacity.

Objective 1 (2013):

By March 31, 2013, the OCIO will have improved government-wide IM and ICT risk

and compliance management and reporting.

Measure: Improved security posture, policy compliance and assurance capability

maturity.


Published assurance-specific standards and processes to improve the

protection and assurance of information and technology in government;

Implemented basic functionality in the IM and IT Governance, Risk and

Compliance (GRC) system: policy, risk, and vendor management modules;

Implemented Vulnerability Assessment Engine and Security Event Collection

Engine.


15 | P a g e

Objective 2 (2014):

By March 31, 2014, the OCIO will be continuously producing and delivering timely

and relevant information on the state of government-wide IM and ICT risk,

compliance, incident, and threat management.

Objective 3 (2015):

By March 31, 2015, the OCIO will have a mature and continuously improved

Enterprise IM and ICT Governance, Risk and Compliance, and Security Event

Management Programs.

ISSUE 4: SUSTAINABLE OFFICE OF THE CHIEF INFORMATION OFFICER

(OCIO)

The Office of the Chief Information Officer (OCIO) will contribute significantly to the

GNB vision through establishing a successful transition to a sustainable Office of the

CIO.

Goal 4: By March 31, 2015, the Office of the CIO will be an effective, capability-matured, and

continuously improved business-enabling organization.

Measures: Improved capability model score for the scope of the OCIO.


Documented and maintained OCIO Management System enabling the

continuous improvement of the OCIO processes;

Refreshed OCIO standard processes enabling the efficient and effective

delivery of OCIO services to government;

Fully staffed OCIO that is appropriately certified in the relevant areas of

expertise;

Developed and delivered education, training and awareness tools used across

government to support OCIO IM and ICT governance goals;

Objective 1 (2013):

By March 31, 2013, the OCIO will have appropriately staffed the OCIO, renewed

OCIO operational standards and processes, and published the OCIO Management

System.

Measure: Published governance documents and evident capability within the initiated

programs.


All identified vacant positions within the OCIO filled with qualified individuals;


16 | P a g e

Refreshed and published OCIO-internal policies, standards and processes

which are based on industry best practices and adhered to as common OCIO

practice;

OCIO administration manual updated and published; reflecting the refreshed

policies, standards and processes.

Objective 2 (2014):

By March 31, 2014, the OCIO will have completed an operational review of the OCIO

Management System; assuring operational effectiveness.

Objective 3 (2015):

By March 31, 2015, the OCIO will have again completed an OCIO Management

System review and acted on any 2014 review deficiencies.


17 | P a g e

Appendix

Logical Organization chart of OCIO Capabilities

office of the chief information officer - new brunswick€¦ · this strategic leadership role will...

Documents