Office of the Chief Information Officer

Transcription

1 Office of the Chief Information Officer Business Plan: Department / Ministère: Executive Council Date: November 15, P a g e

2 This Page Left Intentionally Blank 2 P a g e

3 Contents The Business Plan Overview... 4 Our Mission... 4 Our Goals and Objectives... 4 Our Mandate... 6 Our Partnerships... 6 Our Mission... 7 Our Guiding Principles... 8 OCIO Overview... 9 Our Lines of Business Our Detailed Business Plan Appendix P a g e

4 The Business Plan Overview Our Mission By 2015, the Office of the CIO (OCIO) will be recognized for enabling GNB strategy through having strategically coordinated, led and assured enterprise-wide information management (IM) and information communications technology (ICT) assets, in partnership with GNBs public bodies and the private sector. Our Goals and Objectives Goal 1: By March 31, 2015, the OCIO will be strategically leading, coordinating and enabling enterprise-wide IM and ICT planning in partnership with GNB's public bodies and the private sector, to enable GNB strategy. Objectives: By March 31, 2013, the OCIO will have improved alignment of IM and ICT planning to facilitate information and infrastructure re-use and sharing. By March 31, 2014, the OCIO will have produced enterprise-aligned IM and ICT plans, roadmaps and architectures to proactively align future requirements. By March 31, 2015, the OCIO will have a mature and continuously improved Enterprise Architecture Framework. Goal 2: By March 31, 2015, the OCIO will be assisting GNB public bodies in achieving or surpassing savings targets established in Budget process. Objectives: By March 31, 2013, the OCIO will have improved alignment of IM and ICT investment to fit with planned enterprise solutions. By March 31, 2014, the OCIO will have produced timely and relevant information on the portfolio of IM and ICT investment to government, to ensure constant alignment with evolving GNB priorities. By March 31, 2015, the OCIO will have a mature and continuously improved Portfolio Management System. 4 P a g e

5 Goal 3: By March 31, 2015, the OCIO will have enabled government to monitor and direct public body IM and ICT risk and compliance activity to minimize unplanned service outages and information security incidents. Objectives: By March 31, 2013, the OCIO will have improved government-wide IM and ICT risk and compliance management and reporting. By March 31, 2014, the OCIO will be continuously producing and delivering timely and relevant information on the state of government-wide IM and ICT risk, compliance, incident, and threat management. By March 31, 2015, the OCIO will have a mature and continuously improved Enterprise IM and ICT Governance, Risk and Compliance, and Security Event Management Programs. Goal 4: By March 31, 2015, the Office of the CIO will be an effective, capability matured, and continuously improved business-enabling organization. Objectives: By March 31, 2013, the OCIO will have been appropriately staffed, with renewed OCIO operational standards and processes, and have published the OCIO Management System. By March 31, 2014, the OCIO will have completed an operational review of the OCIO Management System; assuring operational effectiveness. By March 31, 2015, the OCIO will have again completed an OCIO Management System review and acted on any 2014 review deficiencies. 5 P a g e

6 Our Mandate GNB has recently announced that the role of the Chief Information Officer (CIO) is being broadened and strengthened. The new CIO is to be responsible for improving traditional information management and ensuring the provincial government is making the most cost effective and efficient use of existing and emerging technologies. This strategic leadership role will provide key advice to Government, enabling alignment and renewal, and the reuse of assets while providing the necessary oversight to assure effective and efficient results across all GNB public bodies. The newly created OCIO will contribute to management oversight via the enterprise governance of all IM and ICT within the NB public sector and thus ensure that there is an enterprise-wide information, risk and compliance management framework to support the delivery of government services. This oversight will also enable the maximization of benefits from investment in IM and ICT, facilitate a focus on innovation in government and service delivery, reduce the duplication of effort, and minimize information security risks. We plan to build on past successes and continue to improve the capability to control costs, while improving government-wide effectiveness and efficiencies. Maturity in governing IM and ICT will achieve resource (time, cost, quality) conservation. By redeploying these resources, using a whole-of-government approach, we will be in a better position to grow and ultimately transform how we serve our citizens through the innovative use of IM and ICT. The CIO Office operates from within the Executive Council Office. The CIO Office is responsible for all IM and ICT resources across all public bodies through leadership, governance, coordination, management strategies, plans, priorities, policies, standards and processes. All new investment expenditures related to IM and ICT resources in public bodies, shall be overseen, monitored, coordinated and endorsed by the CIO Office. Our Partnerships In concert with the OCIO, and in support of enterprise governance, risk and compliance, each public body will be responsible for their own planning and oversight capability, while ensuring that they effectively implement, deploy, manage, control and operate the IM and ICT assets. In addition, the Service delivery functions will be operated separate from the CIO Office noting that in doing so the following benefits would be realized: Allows for the OCIO to focus on strategy and enterprise solutions; Allows the OCIO to exercise its expanded mandate to all parts of GNB; The OCIO would have independence from operations thus enabling it to oversee the IM & ICT functions across the public sector; The OCIO will have the capability to partner with key IM and ICT stakeholders like Internal Audit, Office of the Auditor General, Office of Strategy Management branch and the Privacy Commissioner to provide domain specific guidance. 6 P a g e

7 Our Mission LEAD ENABLE - ASSURE The mission statement identifies the priority focus area in support of the GNB Strategy Map A stronger economy and an enhanced quality of life, while living within our means - over the next planning cycle. It represents the key result that the Office of the Chief Information Officer (OCIO) will be working towards as they move forward with government renewal. The statement also identifies the measure(s) and indicator(s) that will assist both the OCIO and the public in monitoring and evaluating success. By 2015, the Office of the CIO will be recognized for enabling GNB strategy through having strategically coordinated, led and assured enterprise-wide IM and ICT assets, in partnership with GNBs public bodies and the private sector. MEASURE(S) Improved IM and ICT oversight role to enable government to deliver services in a more efficient and effective way; Improved direction setting to achieve enterprise information readiness in order to ensure IM and ICT assets deliver relevant, timely and quality information; Identify efficiencies of between 10 and 15 per cent over the next three years. INDICATORS Developed, published and provided awareness of an approved information management policy framework; Adopted formal, industry-leading, enterprise models for solution planning and information assurance; Savings have been identified and processes are in place to achieve them. 7 P a g e

8 Our Guiding Principles The OCIO will be recognized within the provincial public service, and as well as by its external stakeholders, as innovators and leaders in IM and ICT solution planning and information assurance. As agents of change, we will lead the IM and ICT community with an intense focus on: Leadership The OCIO works to establish purpose and direction for the Government of New Brunswick (GNB) IM and ICT through an effective governance, risk and compliance internal control environment in which people can become fully involved in contributing to the business of GNB; Enterprise requirements focused The OCIO is a business enabler and as such, we focus on understanding and delivering on the current and future needs of our customers, contributing to cost effective Core Government Products and Services. Enterprise Architecture, through working with the Enterprise Architecture Executive Steering Committee, will identify projects consistent with the strategy and objectives of GNB; Employee participation The whole is greater than the sum of the parts. The full involvement of all IM and ICT employees within GNB will enable our abilities to be maximized for the GNB s benefit; System approach Striving to identify, understand and manage the interrelated processes as a system contributes to the OCIO s effectiveness and efficiency in achieving its objectives; Process and standards focused Desired results are efficiently and effectively delivered when activities and related resources are managed as a process, and those processes are standardized; Continual improvement Continual improvement of the OCIO s overall performance should be a permanent objective for the OCIO; Project Portfolio oriented 8 P a g e

9 We will focus our GNB s IM and ICT efforts, maximize our deliverables, and ensure effective internal communications through utilizing a project portfolio management framework; Risk Management During the development and implementation of our IM and ICT strategies, risks must be understood, evaluated and managed; noting that managed does not mean eliminated. Risk can be accepted, mitigated, or transferred with insurance for example; Factual approaches to decision making Effective decisions are based on the analysis of data and information. Decisions cannot be made on the basis of assumptions. OCIO Overview The Office of the Chief Information Officer (OCIO) was established in November 2011 as a result of recommendations by the Chief Information Officer (CIO) and in support of government renewal. The Government of New Brunswick (GNB) has had a CIO for many years however the mandate for the position has been limited to the coordination of IM and ICT management and the delivery of selected operational corporate IM and ICT services for only a portion of government. Today, the OCIO reflects a changed mandate one which provides a more strategic, coordinated and focused approach to information and technology services across government. The CIO is to be responsible for improving traditional information management and ensuring the provincial government is making the most cost effective and efficient use of existing and emerging technologies. OCIO will Lead, Enable and Assure: Lead Advise Government and public bodies on strategic management and direction; Through service oriented architecture, strategic alignment, and project portfolio management, minimize overlap by reducing redundancy and cost in provincial operations; Working collaboratively with the private IT sector to maximize business opportunities while meeting the information technology and information management needs of government; 9 P a g e

10 Enable Policy and standards development to enable enterprise-wide alignment and reuse of assets; Community capacity development providing consultative services, particularly in the area of information management, IM and ICT governance, risk and compliance, and information security; Assure Oversight to ensure compliance (policies and standards) to integrate initiatives, and to ensure effective project portfolio management; Strategic alignment of procurement and vendor relationship management to the benefit of the enterprise; Manage performance to improve capability and maturity; and Partnership with Office of the Comptroller - Internal Audit, Office of the Auditor General, Strategy Management Group and Privacy Commissioner. The Budget for the OCIO is $6,458,000. This includes general operations (such as salaries, supplies, infrastructure and facility improvements), and funding for government-wide solution planning and assurance solutions, as well as funding for strategic initiatives to enable the GNB IM and ICT community. Our Lines of Business In delivering its mandate, the OCIO provides the following services to its clients to create optimal value from IM and ICT: SOLUTION PLANNING: The OCIO provides the following leading and enabling services to all provincial public bodies: Enterprise Architecture to lead IM and ICT strategic alignment to provincial business objectives to facilitate transforming business vision and strategy into effective enterprise change; Service Oriented Architecture to provide shareable, reusable, and reconfigurable IM and ICT services that allow efficient and secure access to core corporate information contributing to the improvement of GNB service delivery; Strategic Sourcing through leadership and guidance, minimize IM and ICT acquisition costs at the enterprise-level; Project Portfolio Management to organize to ensure IM and ICT resources are aligned and focused to realize strategy and optimize investments in IM and ICT, thus maintaining strategic alignment; Strategic Alignment in support of Project Portfolio Management through reviewing and analyzing public body procurement requests, and providing enterprise efficiency recommendations. 10 P a g e

11 INFORMATION ASSURANCE: The OCIO provides the following assurance services to all provincial public bodies: IM and ICT Governance, Risk and Compliance leadership, consulting, and assessment; Security Event Management and mitigation strategies; Vulnerability Assessment and IM and ICT Forensic Analysis capability; Board of Management reporting: o Total Cost of IT; o Service-level Effectiveness; o Security Posture, planned mitigation strategies and the likelihood of an unplanned outage, data loss or data corruption; o Policy and Standard compliance status representing and affecting IM and ICT strategic alignment. See appendix for a logical representation of our organization. Our Detailed Business Plan In New Brunswick the government is currently embarking on a renewal effort that seeks to improve the culture of government to focus on core services, accountability through performance measures, and continuous performance improvement. The renewal effort also seeks to engage stakeholders to ensure there is alignment between affordable quality public services and public expectations. Clear, consistent, timely information will play a central role in these engagement efforts. In consideration of government s strategic direction of government renewal, thereby increasing government s efficiency and effectiveness, the Office of the Chief Information Officer (OCIO) will provide leadership, guidance and a corporate focus for the effective acquisition, implementation, coordination and management of information technology in the government of New Brunswick. To this end, the OCIO will focus on the following key issues over the next three years. The goals identified for each issue reflect the results expected over a three year timeframe, while the objectives provide an annual focus. Measures and Indicators of Success are provided for both the goals and the objectives to assist both the OCIO and the public in monitoring and evaluating success. 11 P a g e

12 ISSUE 1: ENTERPRISE-WIDE PLANNING AND COORDINATION The OCIO must effectively lead and enable government-wide IM and ICT planning and coordination. Goal 1: By March 31, 2015, the OCIO will be strategically leading, coordinating and enabling enterprise-wide IM and ICT planning in partnership with GNB's public bodies and the private sector, to enable GNB strategy. Measure: Increase in the number of IM and ICT strategic plans that align with government s strategic plans. Indicators of Success: Fully implemented comprehensive IM and ICT governance program maturing through a proven continuous improvement process; Implemented OCIO-led process to enable comprehensive IM and ICT strategic planning; Published and communicated architectural roadmaps and strategies, policies, standards and processes to plan and coordinate IM and ICT; Designed, communicated and implemented IM and ICT strategic sourcing strategy; Fully implemented comprehensive IM and ICT formal vendor management program, aligning strategic vendors with enterprise goals; Objective 1 (2013): By March 31, 2013, the OCIO will have improved alignment of IM and ICT planning to facilitate information and infrastructure re-use and sharing. Measure: Per the goal, an increase in the number of IM and ICT strategic plans that align with government s strategic plans. Indicators of Success: Published and initiated Enterprise Architecture governance implementation plan; Documented, communicated and implemented a comprehensive IM and ICT strategic planning strategy and related processes; Published and begun to implement a Strategic Sourcing implementation plan; Refreshed and communicated Strategic Sourcing processes. Objective 2 (2014): By March 31, 2014, the OCIO will have produced enterprise-aligned IM & ICT plans, roadmaps and architectures to proactively align future requirements. 12 P a g e

13 Objective 3 (2015): By March 31, 2015, the OCIO will have a mature and continuously improved enterprise-wide solution planning and coordinating environment. ISSUE 2: ENTERPRISE-WIDE STRATEGIC IM AND ICT INVESTMENT Government must utilize an enterprise strategic approach to investing and achieving important savings in IM and ICT. Goal 2: By March 31, 2015, the OCIO will be assisting GNB public bodies in achieving or surpassing savings targets established in Budget process. Measure: Improved total cost of IM and ICT ownership. Indicators of Success: Implemented system to acquire and view information about all IM and ICT projects; Developed and implemented a complete framework for categorizing, measuring, balancing, prioritizing, selecting, monitoring, and nimbly changing the composition of IM and ICT investments and assets; Improved big picture view of the IM and ICT portfolio providing opportunity for increased visibility of the portfolio; Developed and governed process to ensure that IM and ICT resources are aligned, to government s strategic plans, and therefore focused to optimize the IM and ICT spend and also deliver the most beneficial enterprise services. Objective 1 (2013): By March 31, 2013, the OCIO will have improved alignment of IM and ICT investment to fit with planned enterprise solutions. Published and initiated Project Portfolio Management governance implementation plan; Documented, communicated and implemented an IM and ICT Strategic Alignment implementation plan; Objective 2 (2014): By March 31, 2014, the OCIO will have produced timely and relevant information on the portfolio of IM and ICT investment to government to ensure constant alignment with evolving GNB priorities. 13 P a g e

14 Objective 3 (2015): By March 31, 2015, the OCIO will have a mature and continuously improved Project Portfolio Management System. ISSUE 3: INFORMATION AND TECHNOLOGY ASSURANCE (MANAGEMENT AND PROTECTION) Government must deliver IM and ICT in a secure environment while managing the evolution of technology and information requirements. Goal 3: By March 31, 2015, the OCIO will have enabled government to monitor and direct public body IM and ICT risk and compliance activity, to minimize unplanned service outages and information security incidents. Measure: Measured and improved security posture, policy compliance and assurance capability maturity. Indicators of Success: Implemented and utilized an enterprise IM and ICT governance system, enabling policy compliance and exception management, as well as security posture management; Enhanced security infrastructure with modernized vulnerability assessment and forensics capability; Provincial government wide security event collection and management center; and, Provided advisory services to departments enabling them to increase their information assurance capacity. Objective 1 (2013): By March 31, 2013, the OCIO will have improved government-wide IM and ICT risk and compliance management and reporting. Measure: Improved security posture, policy compliance and assurance capability maturity. Indicators of Success: Published assurance-specific standards and processes to improve the protection and assurance of information and technology in government; Implemented basic functionality in the IM and IT Governance, Risk and Compliance (GRC) system: policy, risk, and vendor management modules; Implemented Vulnerability Assessment Engine and Security Event Collection Engine. 14 P a g e

15 Objective 2 (2014): By March 31, 2014, the OCIO will be continuously producing and delivering timely and relevant information on the state of government-wide IM and ICT risk, compliance, incident, and threat management. Objective 3 (2015): By March 31, 2015, the OCIO will have a mature and continuously improved Enterprise IM and ICT Governance, Risk and Compliance, and Security Event Management Programs. ISSUE 4: SUSTAINABLE OFFICE OF THE CHIEF INFORMATION OFFICER (OCIO) The Office of the Chief Information Officer (OCIO) will contribute significantly to the GNB vision through establishing a successful transition to a sustainable Office of the CIO. Goal 4: By March 31, 2015, the Office of the CIO will be an effective, capability-matured, and continuously improved business-enabling organization. Measures: Improved capability model score for the scope of the OCIO. Indicators of Success: Documented and maintained OCIO Management System enabling the continuous improvement of the OCIO processes; Refreshed OCIO standard processes enabling the efficient and effective delivery of OCIO services to government; Fully staffed OCIO that is appropriately certified in the relevant areas of expertise; Developed and delivered education, training and awareness tools used across government to support OCIO IM and ICT governance goals; Objective 1 (2013): By March 31, 2013, the OCIO will have appropriately staffed the OCIO, renewed OCIO operational standards and processes, and published the OCIO Management System. Measure: Published governance documents and evident capability within the initiated programs. Indicators of Success: All identified vacant positions within the OCIO filled with qualified individuals; 15 P a g e

16 Refreshed and published OCIO-internal policies, standards and processes which are based on industry best practices and adhered to as common OCIO practice; OCIO administration manual updated and published; reflecting the refreshed policies, standards and processes. Objective 2 (2014): By March 31, 2014, the OCIO will have completed an operational review of the OCIO Management System; assuring operational effectiveness. Objective 3 (2015): By March 31, 2015, the OCIO will have again completed an OCIO Management System review and acted on any 2014 review deficiencies. 16 P a g e

17 Appendix Logical Organization chart of OCIO Capabilities 17 P a g e