February 3, OI&T Enterprise Strategy: Putting Veterans First

Transcription

1 OI&T Enterprise Strategy: Putting Veterans First

2 Objectives Provide an overview of the IT Enterprise Strategy Share O&IT s opportunities Gain your feedback on our way forward Answer any questions about our direction and plans 2

3 3

4 Given the complexity, it was evident that implementing one or two projects would not fix this organization. 4

5 The new OI&T Transformation Strategy is the result of in-depth analysis of numerous sources. Industry partners IT leaders Business partner leadership All Employee Survey VA Senior Leadership myva task force Multiple OI&T Assessments Strategic plans Congress Oversight: OIG, GAO etc. Employee feedback Survey results 5

6 After centralization in 2006, OI&T has been a tactical participant in VA s mission. Our Veterans need more. 6

7 We found opportunities in several key areas. PARTNERSHIP Lack of partner collaboration Shifting partner needs Protracted and misaligned acquisition process Prolific shadow IT IT used to address/support poor process design CULTURAL Internally focused No talent management large skill gap Consumerization of IT Activity outweighs outcome Lack of data-driven decision making OPERATIONAL No standardization or quality controls Ineffective leadership & governance Lack of accountability No software lifecycle No asset/config management EXTERNAL FORCES Changing Veteran demographics Rising public expectations Growing cyber threats Internet of Things Next generation IT models 7

8 MyVA is also a key driver for our change. Improving the Veteran Experience Improving the Employee Experience Improving Internal Support Services Establishing a Culture of Continuous Improvement Enhancing Strategic Partnerships 8

9 We have focused on four key principles Not the rules of the past. Transparency Accountability Innovation Teamwork 9

10 Our strategic framework has five new elements. Collaborate with our business partners to create the best experience for all Veterans 1 Mission 2 Vision Become a world-class organization that that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology 3 Our Guiding Principles Stabilize and streamline core processes Eliminate material weaknesses Institutionalize new set of capabilities to drive improved outcomes 5 4 Technical Foundation Execution: Now, Near, and Future Mission alignment Data visibility and accessibility Data interoperability Infrastructure interoperability Information security Enterprise services 10

11 Our strategic framework centers on three key themes Stabilize and streamline core processes and platforms Eliminate material weaknesses Institutionalize new set of capabilities to drive improved outcomes 11

12 And spans three phases: Now, Near, Future. Value Strategic Framework Time 12

13 The framework can be used to support the future. 13

14 In addition, our goals are consistent with our business partners strategic plans. Business Partners Key Business Priorities OI&T Strategic Themes MyVA VHA VBA NCA Corporate Offices Improve functionality of existing systems Enhance system interop Ensure secure electronic options for Veterans Modernize IT management processes Ensure shared information for greater interaction across VA and externally Establish new mission-critical systems Expand virtual, mobile, and self-service options for Veterans Stabilize and streamline core processes and platforms Eliminate material weaknesses Institutionalize new set of capabilities to drive improved outcomes 14

15 Based on the strategy, we are establishing five new key functions. ENTERPRISE PROJECT MANAGEMENT OFFICE DATA MANAGEMENT ACCOUNT MANAGEMENT QUALITY AND COMPLIANCE STRATEGIC SOURCING 15

16 Our IT Account Managers (ITAMs) are responsible for managing the IT needs of our business partners Continuous 10-step process for strategic business alignment Trusted role models for enterprise collaboration & communication Leveraging the best practices on behalf of service improvement within VA Focus is on outcomes to the Veteran while supporting the customer Constant assessment & improvement focused on higher level of service and ensuring a seamless engagement within OI&T. 16

17 The ITAMs are supported by 5 key Customer Relationship Managers (CRMs) North Atlantic Pacific Midwest Continental Southeast who will transform the way we interact with our partners in the field. 17

18 We are establishing a clear, consistent process for understanding and communicating with our partners. Customer relationship knowledge workers will analyze data received from our CRMs. This information will provide OI&T a better approach to: VA Division ITAM CIO EPMO Issue resolution Change management Enterprise innovation Max.gov - provides a best-ingovernment approach to dynamic knowledge management. Pacific Midwest Continental North Atlantic Southeast 18

19 The EPMO leverages this constantly evolving partnership by selecting, developing, and delivering solutions with the Veteran in mind. 19

20 EPMO s portfolio and resource tracking will ensure constant visibility into all project activities. Outcomes Project portfolio and resource tracking 18-month portfolio view Metrics that matter Monthly portfolio health metrics Align portfolios to objectives Enhance visibility and governance Analyze and report portfolio performance metrics Ensure overall portfolio health Optimize resources for projects, people, and timelines 20

21 OI&T is improving the value of the products we deliver through strategic alignment, effectiveness, and consistency. PMAS Document Driven (58 Documents) Data Driven (7 Documents + ATO) 5 Phase Gates/Milestones 2 Critical Decision Events Multiple Release processes 1 Integrated Release process 6 month delivery cycle 3 month delivery cycle Ad-hoc hierarchy of programs and projects Waterfall Centric Security + Architecture late in the process Project-centered (tactical) Portfolio-based management Agile Centric Security + Architecture standards leveraged early, during planning Portfolio-centered (strategic) 21

22 In addition, we have four transformational initiatives within EPMO. NEW RELEASE PROCESS Single process for all partners Dedicated release owner Streamlined review, approval, and communication process ENTERPRISE CHANGE CALENDAR Partner-specific, unified calendar Continually updated Full visibility into upcoming releases TOOLS Consistent intake through VIP Request (VIPR) Time-tracking for all resources VETERAN-FOCUSED INTEGRATION PROCESS (VIP) Focused on value over artifacts Only two critical decision points Product team stays engaged for 90 days following release 22

23 We have the opportunity to improve the Veteran experience through data management, stewardship and analysis. 23

24 24

25 Our ultimate goal is to create a holistic view of the Veteran to improve their experience, care, and access. We will have a seamless data integration capability with DoD, answering the question of interoperability. Current: VA can view full service record. JLV our health interoperability with DoD Vets.gov: one login, one time CDI: creating the customer data interchange for the enterprise And a new Data Management Organization (DMO) function within OI&T 25

26 OI&T s DMO will unite VA s resources behind a common goal. DATA MANAGEMENT DMO Represents Process Excellence and Innovation Engages with the data steward (business owner) to ensure accuracy and security. Institutes data governance and a single source of the truth. Analyzes data sources to form a true enterprise data architecture. Establishes appropriate metrics for data efficiency, access and value. Identifies new opportunities to improve the Veteran experience. Ensures an enterprise-wide data linkage. 26

27 Our final two key functions will be established by the end of Q3. Establishes an organized, collaborative, streamlined approach to fulfilling enterprise requirements with solution providers. STRATEGIC SOURCING Manages COE for requirements development and vendor selection. Develops knowledge base for enterprise architecture needs and supplier alignment strategies Tracks Vendor performance and contract deliverables; manages feedback. Maintains and shares insights on new technologies and capabilities to improve the workforce knowledge base. Encourages buy first methodology. Ensures adherence to appropriate policies and standards leading to the elimination of the material weakness findings. Evaluates solutions for effectiveness. Establishes effective policy governance and standards. QUALITY AND COMPLIANCE Identify, monitor, and measure risks for a forward-looking assessment of compliance across the organization. Evaluates apps for compliance and quality. Ensures OI&T is prepared for audits. Manages correspondence with oversight bodies and tracks commitments to responses. 27

28 We are also transforming our OI&T Field Services Team. Customer Experience Deliver best-in-class, customer facing solutions that increase transparency. Example: SLAs for all organizations. Field Operations Transform field operations. Example: Leveraging SLAs to define support needed. Infrastructure Operations Service Desk Organizational Structure Operational Process Drive operational efficiency across infrastructure operations. Example: Migrate data and applications to cloud. Deliver best-in-class IT support for all enduser contact and communication. Example: Redesign of service desk Redesign organizational structure. Example: Focus on centers of excellence and proximity to customer. Focus on efficiency and effectiveness. Example: Data center consolidation strategy. 28

29 Our new enterprise security strategy focuses on eliminating our material weakness and provides defense in depth for all VA data. For the first time, security initiatives are fully funded and resourced. 29

30 Based on the IT Enterprise Strategy, we will close key actions in response to oversight recommendations, eliminating our label as a material weakness in VA. 30

31 ECST (CRISP) Material Weakness Plan: 2016 Finding # FY 15 Draft Language 3/31/16 6/30/16 9/30/16 12/31/16 Finding 1: Agency-Wide Risk Management Program Finding 2: Identity Management and Access Controls Finding 3: Configuration Management Controls Finding 4: System Development/Change Management Controls Finding 5: Contingency Planning Finding 6: Incident Response and Monitoring Finding 7: Continuous Monitoring Finding 8: Contractor Systems Oversight Status of Prior-Year Recommendations Average % Complete February for Finding 3, 2016 Recommended Projected % Complete 12/31/ Risk Management Program 8% 44% 73% 94% 94% 2 Health Eligibility Center (HEC) WRAP Authority to Operate (ATO) 33% 100% 100% 3 POA&M Roles & Responsibilities 7% 39% 55% 66% 66% 4 POA&M Updates 7% 39% 55% 66% 66% 5 POA&M Artifacts 7% 39% 55% 66% 66% 6 POA&M Artifacts Update (GRC) 7% 39% 55% 66% 66% 7 POA&M Automatic Closures and NIST Revision 4 Updates 8% 74% 100% 100% 8 Security Plan Update Mechanisms 8% 74% 100% 100% 9 Security Document Update Process 4% 42% 49% 60% 60% 10 Password Policy Enforcement 26% 56% 88% 100% 100% 11 Access Reviews 17% 19% 54% 100% 100% 12 Audit Logs & Security Violation Reviews 5% 38% 69% 82% 82% 13 Two-Factor Authentication for Remote Access 90% 99% 99% 100% 100% 14 Remote Access Security Standards 0% 100% 100% 15 Enterprise Vulnerability Remediation 19% 46% 74% 84% 84% 16 Patch Management Program 19% 46% 74% 84% 84% 17 Configuration Baseline Scanning 12% 46% 79% 79% 79% 18 Medical Device & Non-OI&T Network Segregation 43% 43% 100% 100% 19 Common Control for Non-OI&T Networks 15% 53% 96% 100% 100% Finding Projected % Complete 12/31/ System Development & Change Control 18% 47% 80% 100% 100% 100% 21 Contingency Plan Update Process 25% 96% 99% 100% 100% 22 Backup Data Encryption 7% 39% 63% 75% 75% 23 Disaster Recovery Update Process 16% 26% 26% 26% 26% 24 Business Impact Analysis Update Process 9% 45% 45% 91% 91% 25 Incident Response Procedures 31% 58% 80% 80% 80% 26 ID & Monitor External Interconnections 11% 22% 41% 58% 58% 27 Data Exfiltration 7% 24% 29% 59% 59% 28 Approved/Unapproved Software 13% 45% 45% 100% 100% 29 Software Inventory 11% 44% 81% 100% 100% 30 Contractor Cloud System Monitoring 37% 89% 100% 100% 31 FISMA Systems Inventory 41% 81% 100% 100% FY6-3 Position Sensitivity & Rules of Behavior 27% 51% 64% 67% 67% FY6-4 Background Investigation Monitoring 27% 51% 64% 67% 67% FY6-8 Wireless Security 25% 36% 50% 50% 50% FY6-9 Encryption of Sensitive Data 23% 64% 64% 93% 93% 80% 96% 77% 57% 72% 100% 100% 69% 84%

32 ECST (CRISP) Material Weakness Plan: 2017 Finding # FY 15 Draft Language 3/31/17 6/30/17 9/30/17 12/31/17 Finding 1: Agency-Wide Risk Management Program Finding 2: Identity Management and Access Controls Finding 3: Configuration Management Controls Finding 4: System Development/Change Management Controls Finding 5: Contingency Planning Finding 6: Incident Response and Monitoring Finding 7: Continuous Monitoring Finding 8: Contractor Systems Oversight Status of Prior-Year Recommendations Average % Complete for February Finding 3, Risk Management Program 100% 2 Health Eligibility Center (HEC) WRAP Authority to Operate (ATO) 3 POA&M Roles & Responsibilities 79% 94% 97% 100% 4 POA&M Updates 79% 94% 97% 100% 5 POA&M Artifacts 79% 94% 97% 100% 6 POA&M Artifacts Update (GRC) 79% 94% 97% 100% 7 POA&M Automatic Closures and NIST Revision 4 Updates 8 Security Plan Update Mechanisms 9 Security Document Update Process 62% 62% 75% 85% 10 Password Policy Enforcement 11 Access Reviews 12 Audit Logs & Security Violation Reviews 98% 100% 13 Two-Factor Authentication for Remote Access 14 Remote Access Security Standards 15 Enterprise Vulnerability Remediation 91% 100% 16 Patch Management Program 91% 100% 17 Configuration Baseline Scanning 87% 99% 100% 18 Medical Device & Non-OI&T Network Segregation 19 Common Control for Non-OI&T Networks Finding Project % Complete 12/31/ System Development & Change Control 100% 21 Contingency Plan Update Process 22 Backup Data Encryption 80% 96% 100% 23 Disaster Recovery Update Process 89% 100% 24 Business Impact Analysis Update Process 100% 25 Incident Response Procedures 80% 93% 100% 26 ID & Monitor External Interconnections 67% 67% 100% 27 Data Exfiltration 92% 100% 28 Approved/Unapproved Software 29 Software Inventory 30 Contractor Cloud System Monitoring 31 FISMA Systems Inventory FY6-3 Position Sensitivity & Rules of Behavior 76% 76% 85% 100% FY6-4 Background Investigation Monitoring 76% 76% 85% 100% FY6-8 Wireless Security 67% 67% 78% 78% FY6-9 Encryption of Sensitive Data 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%

33 We are equipping our leaders with the tools they need to foster a sustainable legacy of Veteran focus and execution. 33

34 The Top 12 is our first step on that journey. Veteran touchpoints 1 Improve the Veterans Experience 9 Critical enablers Improve Employee Experience (to include leadership development) 2 Increase Access to Health Care 10 Staff Critical Positions 3 Improve Community Care 11 Transform OIT 4 Deliver a Unified Veterans Experience 12 Transform Supply Chain Modernize our Contact Centers (to include Veterans Crisis Line) Improve the Comp & Pension Exam Develop a Simplified Appeals Process Continue to Reduce Veteran Homelessness IT has a role in all of the top 12 projects, requiring a relentless focus on execution and partner engagement and discipline. 34

35 Implementation of the OI&T Strategy and Top 12 Breakthrough Initiatives demand increased sophistication and executive agility. OI&T is taking steps now to address improved leadership skills. Emulating the concepts of Leaders Developing Leaders into internal training. Aligning training to behaviors that support the IT principles and strategy: only undertaking work that provides direct value to the Veteran. New leaders and role assignments are being used to infuse different perspectives into OI&T. Our leadership team will carry the torch for relentless execution. 35

36 Our customized development program carries benefits well beyond the leadership level. We will: Address long-term talent management challenges Develop meaningful employee career plans by the end of 2017 a first. Milestones for 2016: Go/no-go decision on current employee capability model. All executive and employee performance plans tied to the IT Enterprise Strategy. Talent management is not simply attracting the right people. It s retaining those with a passion and a commitment to our mission by fostering a compelling, rewarding environment. 36

37 OI&T will provide strong support for the 12 Breakthrough Priorities by accomplishing the following in 2016: Project Management Establish EPMO 100% of all projects in VIP Align all project managers to EPMO Design time tracking, put processes in place Define clear portfolios for business partners Assign Account Managers to each portfolio Delivery/Cost Effectiveness Stand up & standardize command center Develop and implement service catalog Redesign service desk and field operations; implement redesign Define strategies for managing data centers, telecommunication, and cloud Begin migration to managed services Quality and Compliance Establish quality and compliance organization to manage risk Close material weakness Enable PIV for 75% of VA employees Close 15 cybersecurity initiatives related to oversight recommendations Begin proactive tracking of commitments to oversight bodies People Customize and deliver ITIL and Agile training for key personnel Define curriculum to educate project managers Implement capability model or select suitable alternative Management s performance goals will be tied to the Strategy s goals. 37

38 Most importantly, OI&T will adopt innovation in its truest sense: a tool to approach our existing challenges. Innovation Improve alignment to Veteran experience (10%+) Establish customer relationship managers Deploy fully functional knowledge management database and associated processes to drive innovation across organization Establish data management organization and complete analysis of existing VA data sources Establish strategic sourcing function, complete analysis of initiatives with most potential for impact, and implement Relentless execution demands creative problem solving. OI&T is embracing innovation at our core not as an activity, but as a skill. 38

39 We know where we ve been We know where we are 39

40 And now you know where we re going. Our Mission: Collaborate with our business partners to create the best experience for all Veterans 40

41 QUESTIONS? 41