IT Budget. Leslie Sgro OMB Capital Budget Manager

Transcription

1 IT Budget Leslie Sgro OMB Capital Budget Manager

2 Rates Committee Balanced Scorecards/Metrics Greg Wass BCCS Deputy Director

3 ERP Scott Harper Department of Natural Resources, CFO

4 Statewide Accounting, HR and Procurement Project Multi-agency project sponsored by Governor s Office, GOMB, and State CIO Goal is to replace aging and fractured administrative systems AND simplify state processes Financed (where possible) out of agency IT or lump sum budget lines

5 Statewide Accounting, HR and Procurement Project Current Status Project Team identified Project Management vendor selected Next Steps Verify requirements from process Interview agencies to verify and inform Conduct Software and services solicitations Find the best vendors for the state

6 Statewide Accounting, HR and Procurement Project Preparation for Meetings (role of CIOs) Any system maps would be helpful Any kind of list of systems that you maintain, or that you use from CMS We are looking for points of integration, both from a perspective of improvement, and from the perspective of potential interfaces we need to have within scope

7 Statewide Accounting, HR and Procurement Project Preparation for Meetings (role of CIOs) You all know the systems in many cases better than the users We would like you to come to the user meetings (send a system specialist if you can t personally attend) We will have functional meetings with 6-8 agencies represented at a time (need to have CIO representation at those meetings) Technical requirements ETL Data warehouse/ Data volumes; native database structure (DB2, SQL, etc.) Data dictionary; maps

8 Statewide Accounting, HR and Schedule Highlights Procurement Project Agency and Functional leadership interviews March 24 th April 18 Software RFP issued mid- May Software and services contracted end of August Start prototyping with Pilot agencies and early adopters early-september

9 epass Electronic Pay Stub System LouAnn Crain BCCS Enterprise Application Services Manager

10 RACF Processes & Procedures Pat Blair BCCS Security & Compliance Manager

11 Central Management Services Security and Compliance

12 RESOURCE ACCESS CONTROL FACILITY Resource Access Control Facility (RACF) Security Process 12

13 RESOURCE ACCESS CONTROL FACILITY RACF security software restricts access to defined systems, subsystems and mainframe applications. RACF enforces the individual s accountability over data and system resources. RACF technical and customer service administrators control access to the mainframe and associated applications. 13

14 RACF STAKEHOLDERS Stakeholder Agency Liaison Agency RACF Admin BIM CSC RACS ERATA User Stakeholder Description Proxy Agencies RACF contact authorized to make requests of BCCS Staff within the agency authorized to make RACF id changes, BCCS Identity Management Portal available to RACF users, CMS/BCCS Customer Solution Center RACF Admin Customer Support for Agency Admins Enterprise RACF Admin Technical Application (BCCS mainframe support group/level III support) Individual or Device or Function assigned an ID 14

15 ROLES AND RESPONSIBILITIES STAKEHOLDER RACF ID GROUP ACCESS VALIDATE Agency Liaison Request Request Request Approve Agency RACF Admin Create Delete Re-assign Revoke Connect Create Remove Connect Remove CSC & BIM Reset Password Enterprise RACF Admin Technical Application Create Delete Inform Re-assign Remove Revoke Connect Create Delete Inform Re-assign Remove Revoke Connect Create Delete Inform Re-assign Remove Revoke Approve Monitors Owner Authorize Approve Personnel Inform RACF Admin Customer Support Create Delete Re-assign Revoke Connect Create Delete Re-assign Revoke Connect Remove User Reset password Internal Monitor 15

16 RACF PROCESS Mainframe Security Request form used alone or with an ESR Mainframe Security Request indicates access required and proper approval Three purposes for the Mainframe Security Request Form: 1. New RACF id request 2. Modification to an existing RACF id 3. To accompany an Exit Form or other action requiring a deletion Reports Significant to the RACF Process: 1. Separation Reports 2. Security Reports day Stale Account Reports Password Resets 1. BIM 2. request to the Help Desk 16

17 Agency Responsibilities CIOs cannot grant CMS access to their Data CMS has no access to the Agency s programs CMS has no access to the Agency s Data Each agency and department shall establish standards and procedures by which the data entrusted under their purview is protected from misuse, unauthorized modification, or unauthorized disclosure. Each agency will identify to CMS/BCCS the individual(s) who may access security reports detailing uses and attempted RACF violations in reference to resources on CMS/BCCS mainframe. Periodically, copies of all security related lists will be mailed to the RACF Administrators for update purposes. Responding in a timely manner is most important. 17

18 Agency Disaster Recovery Requirements Each agency will establish a comprehensive plan to recover the information assets entrusted to it in the event of accidental or intentional destruction. Security reports are available to any agency that submits a written request to the CMS/BCCS Security Administrator designating individuals authorized to review that agency's security. RACF Contact: cms.racf@illinois.gov Manage Passwords: 18

19 HB 1040 Christ Balich General Counsel to the State CIO

20 ARB Vaulting Services Windows 7 Deployment Steve Nation BCCS Infrastructure Services Chief

21 Questions?