Municipality of Chatham-Kent

Municipality of Chatham-Kent IT Strategic Plan Authors: Michael Barron, Allan Evans, Paul J. Mackin, Debra Rimmer, Chad Robbins, Francis Roque Owner: Helen McLaren Creation Date: February 7, 2008 Version: Number V3.0

Table of Contents 1. Executive Summary...1 MGCG s Approach...1 Current Situation ( As Is )...2 Strengths...2 Weaknesses/Opportunities...3 Comparison with Other Municipalities...5 Municipality of Chatham-Kent s Business Requirements...6 Target Technology Architecture...7 Action Plan...9 Quick Wins...9 Tactical Cycle One (Mar 08 Aug 09)...9 Tactical Cycle Two (Sept 09 Feb 11)...11 Tactical Cycle Three (Mar 11 Feb 13)...12 Summary...13 2.Background...15 Terms of Reference...15 Scope and Deliverables...15 As Is Assessment / Immediate Opportunities...15 To Be Targets...15 Future Technology Direction...16 Future IT Structure and Governance...16 Other IT related items to be addressed...16 Deliverables...17 3. As Is Situational Analysis...21 Introduction...21 Survey Results...21 Observations from Interviews...22 Application Infrastructure...24 Office Productivity Applications...26 Software Imaging...26 Email Storage...26 CMiC Suite...27 Municipality of Chatham Kent 2008 IT Strategic Plan Page III

CKTraax...27 Help desk Issue Tracking...28 Citrix...28 Backup...28 Printer Installations...29 Asset Management / Inventory Software...30 Antivirus...30 PC Remote Access for Support...30 Windows Updates...31 Web Infrastructure...31 Website Design/Layout...31 Website Statistic Gathering...32 Web Server Infrastructure...32 Website Update Procedure and Training...32 Data Infrastructure...33 Database Environment...33 Network Infrastructure...35 Windows Server Versions...35 Network and Systems Monitoring...35 Network Topology...36 Network Cabling...37 VMWare Server...37 Directory Services...37 Email Services...40 Server Environment...40 Wireless...40 Remote Access...41 Geographical Information Systems (GIS)...41 Radio Communications...42 SCADA...42 Voice Communications Infrastructure...43 Voice Communications...43 Operational Processes...44 Computer Re-rolls...44 Expired Computers...46 Network Security Policy...46 Business Processes...47 Policies and Procedures...47 The Municipality of Chatham-Kent Library...47 ITS Help desk Processes...48 Web Department...48 GIS Processes...48 Processes related to Applications...48 Municipality of Chatham Kent 2008 IT Strategic Plan Page IV

4.Information Technology in Other Municipalities...51 Technology...51 Email and Authentication...51 Office Software...52 Security...52 Other Applications...54 Web and Collaboration...55 Geographic Information Systems (GIS)...55 Planning...56 Funding...56 Funding Model within Municipality of Chatham-Kent...56 5. To Be Requirements...59 Introduction...59 Service-Oriented Architecture...59 Service Orientation...59 Starting position...62 Basic Service Requirements (Customer Service)...62 Business Requirements...63 Technical Standards...64 Applications...64 Network (all in place)...64 Web...64 Voice Communications...64 Applications Requirements...64 Concepts of Application Integration...65 Recommendations for Business Application Projects during Tactical Cycle #1...66 CMiC as the core Financial Application System...67 Architecture Requirements Analysis...68 High Level Information Systems & Communication Network Architecture...68 Required Application Matrix...68 Steps to Migrate to a Rational Infrastructure...78 Directory Services Environment...80 Systems Management Environment...83 Database Environment...84 Immediate Opportunities...86 Technology Refresh Policy...86 IT Steering Committee...86 Technology...86 6. Best Practices and Initiatives within Municipalities...87 Municipality of Chatham Kent 2008 IT Strategic Plan Page V

Current Initiatives...87 Salary Comparisons...88 7.Strategic Plan Rationale...89 Introduction...89 ITS Vision Statement...89 ITS Mission Statement...89 Opportunity Potential...89 8. Action Plan Phased with Timelines and Costs...91 Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Budget for Tactical Cycle #1...96 Tactical Cycle #2 Security, Redundancy, Reliability...101 Tactical Cycle #3 Realizing the Vision: Seamless Access and Communications.104 Budget for Tactical Cycle #3...105 Benefits from Executing the Strategic Plan...106 Operations Changes...106 Business Relationships...106 Service Level Agreements...107 Web/Portal Services...108 Customer Support Changes...108 Process Changes...109 IT Governance...109 Policies and Procedures...113 Change Management...113 Application Development...115 Application Procurement...116 Incident Management Guideline...117 Disaster Recovery Planning Guidelines...122 Security...124 Provision of Funding for Business Areas Computer Replacement...130 9. Summary of Recommendations...131 Application Infrastructure...131 Network Infrastructure...132 Data Infrastructure...133 Voice Communications Infrastructure...133 Operational Review...133 Municipality of Chatham Kent 2008 IT Strategic Plan Page VI

Business Processes...134 Appendices...I Appendix A. Interviews...II Interview Lists... II Appendix B Existing Business Processes... IV Appendix C MISA Findings... VIII Office Software...VIII Technology Management...XI Key Applications 1...XIV Key Applications 2... XVII Appendix D - Website Statistics... XX Appendix E SWOT Analysis...XXI Organization and Governance IT within Business Areas...XXI Infrastructure IT within Business Areas...XXII Policies and Procedures IT within Business Areas...XXIII Physical Environment and Security IT within Business Areas... XXIV Appendix F Draft To Be Role Descriptions... XXV Job Summary...XXV Major Responsibilities... XXVI Appendix G Terminology Lexicon... XLVIII Tables Table 1 IT Strategic Plan Deliverables...17 Table 2 - Email and Authentication in other Municipalities...51 Table 3 Required Application Matrix...70 Table 4 - Recommendations for Application Enhancement...72 Table 5 Application and Database Relationships To Be...84 Table 6 Budget for Password Management and Mail Replacement...96 Municipality of Chatham Kent 2008 IT Strategic Plan Page VII

Table 7 Annual Savings from Mail Migration (to be redirected to technology life-cycle)...97 Table 8 Budget to Implement System Center Configuration Manager Server...97 Table 9 - Budget for Desktop Refresh...98 Table 10 PSAB Estimate of Funds that should be Allocated...98 Table 11 Summary Budget for Tactical Cycle #1...100 Table 12 Summary Budget for Tactical Cycle #2...103 Table 13 Summary Budget for Tactical Cycle 3...105 Table 14 - Incident Management Components...119 Table 15 - Incident Report Template...121 Figures Figure 1 Migration of Architecture from As Is to To Be...8 Figure 2 - Availability, Enablement, Affordability Graphic...21 Figure 3 As Is" Infrastructure including connectors...25 Figure 4 Database Servers / Systems As Is...33 Figure 5 Application and Database Relationships As Is...34 Figure 6 Email/Directory Services Layout As Is...39 Figure 7 - Computer Re-rollouts Process...45 Figure 8 Service-Oriented Architecture...60. Figure 9 Rational Infrastructure To Be Architecture...79 Figure 10 Directory Services Environment To Be Authentication...81 Figure 11 Directory Services Environment Active Directory Design To Be...82 Figure 12 Application and Database Relationships To Be...85 Figure 13 The 4 Dimensions of e-government...87 Municipality of Chatham Kent 2008 IT Strategic Plan Page VIII

Figure 14 Tactical Cycle #1 Project Schedule...91 Figure 15 Tactical Cycle #2 Schedule...101 Figure 16 Tactical Cycle #3 Schedule...104 Figure 17 - Governance Model Reporting Structure...110 Figure 18 - Governance Model Internal Structure...111 Figure 19 Website Statistics... XX Municipality of Chatham Kent 2008 IT Strategic Plan Page IX

Municipality of Chatham Kent 2008 IT Strategic Plan Page 1

1. Executive Summary The Municipality of Chatham-Kent Information Technology Strategic Plan (ITSP) was commissioned by Corporate Services to develop the first technology roadmap for the Municipality since amalgamation. The report s structure was deliberately selected to explore a number of critical themes: 1. An As Is review of the existing IT infrastructure 2. A To Be Target Architecture for technology within the Municipality 3. The How to, a roadmap to allow the Municipality of Chatham-Kent to get from the As Is to the To Be This report presents a five year vision for Information Technology within the Municipality, including areas supported through technology service level agreements with outside or arms length organizations (i.e. CK PUC and CK Energy), which reviews the technological and informational services provided to all business areas of the municipal government as well as both the organization and governance of these services. The overall theme of the ITSP is Survival through Simplification, Stability and Sustainability. MGCG s Approach The approach taken by MGCG to develop Municipality of Chatham-Kent s IT Strategic Plan was as follows: 1. Review and document Current Situation ( As Is ) 2. Identify Requirements based on: a. Business Needs b. Resources (Staff, Funding, Infrastructure) 3. Define Gap between As Is and Requirements 4. Develop Action plan (Roadmap) with priorities clearly stated 5. Assign Timelines and Resources 6. Quantify Financial Implications The necessary information was compiled by: Interviewing identified stakeholders 1 including ITS staff, critical business stakeholders and political representatives to review level of client service: o o Current concerns and issues General level of satisfaction with Information Technology and the ITS department 1 Over 90 individuals were interviewed from all significant business areas, including every member of the ITS staff and Members of Council. Municipality of Chatham Kent 2008 IT Strategic Plan Page 1

o Priorities for technology within the Municipality an analysis of the relative importance of Availability, Enablement and Affordability o Requirements for current technology o Requirements for future technology Reviewing in detail (i) the existing infrastructure and (ii) support for Information Technology Services within the Municipality including: o Network and server infrastructure o Businesses processes o Design Rationale o Licensing o Backups and recovery o Staffing levels and organizational structure o Maintenance costs of existing infrastructure o Current applications including those used by ITS and the various business areas of the Municipality o Comparing the As Is with industry standards and best practices, i.e., comparing the technology currently deployed within Chatham-Kent to current and emerging industry trends Based on the findings, requirements were determined (or formalized 2 ), and categorized as follows: Quality of Client Service Applications and data to support Chatham-Kent s business goals Appropriate infrastructure, technology, operational models, business processes, ITS organizational structure and IT Governance to support and deliver IT within the Municipality Subsequently, a roadmap was developed indicating what needs to be done and when, again based on business priorities. Finally, estimated costs and resources were assigned. This roadmap, complete with activities, timelines, resources and costs, constitutes Chatham-Kent s IT Strategic Plan for the next 5 years. Current Situation ( As Is ) As the project progressed, the following overall theme for the IT Strategic Plan developed: Survival through simplification, stability and sustainability. 2 Key to this process was the establishment of vision, mission, goals and objectives for IT within Chatham-Kent. These are described later. Municipality of Chatham Kent 2008 IT Strategic Plan Page 2

A detailed description of the Municipality s current situation ( As Is ) is shown later in the report. In summary, the strengths and weaknesses, as they relate to IT throughout the Municipality, are shown below. Strengths 1. Client Service a. Current services are being delivered in a consistent manner b. Service requests are being carried out in a timely manner c. User problems are being dealt with in a timely manner 2. Applications and Data a. Current applications are being supported b. Current applications enable the Municipality to fulfill its basic business objectives c. Users are generally accepting of the use of technology 3. Infrastructure a. The Infrastructure is supportable b. Members of the ITS Staff are generally well liked by users in the business areas c. The ITS Staff are dedicated to Keeping the Lights On d. ITS Staff are technically competent with the As Is environment e. ITS Staff are extremely cost-conscious and are advocates for responsible spending f. ITS is skilled at forming partnerships with outside organizations and accessing funding opportunities g. Some corporate IT policies are documented and operational h. Physical Security is in place i. A life-cycle program is in place for some hardware 4. Business Areas a. Services are available b. Some corporate policies are documented and in place c. Users are generally accepting of the use of technology d. Adequate physical security (locks on doors, alarm systems, etc), appears to be in place e. Business specific technological infrastructure operates Weaknesses/Opportunities All organizations have weaknesses and opportunities for improvement. It is important to identify and address them as, through that process, the weaknesses are minimized or eliminated. Municipality of Chatham Kent 2008 IT Strategic Plan Page 3

1. Client Service a. Communication between business units and ITS is weak. Business units often make decisions relating to IT internally and without soliciting input from ITS, and ITS sometimes does not effectively communicate the impact to the business units of decisions made by ITS 3. Technical communications to the users are often complex and not fully comprehended by less technically qualified staff b. The web is perceived by users as difficult to navigate and inflexible to modify c. The Help desk process for issue escalation is sometimes inconsistent without a clear mechanism for solution identification and issue resolution d. Within the business areas there appears to be a lack of understanding of the role of ITS 2. Applications and Data a. Applications are typically standalone and integration is limited. While there are areas where technology could greatly improve municipal performance, the standalone or fragmented nature of the deployed infrastructure does not allow for integration or a central data repository b. There are many standalone databases satisfying the single needs of specific departments. This generates duplicate instances of the same data introducing errors, duplicate data entry and excessive support requirements c. There is no formal technology roadmap d. The architecture approach of the Municipality to date has been technology-focused rather than service-focused e. Different versions of the same application are in use within different business areas f. The web application is 5 years old and its functionality and contents need upgrading 3. Infrastructure a. The current user authentication procedure is complex and does not provide some of the advanced security and features offered by modern directory service environments. Further the current solutions are costly to maintain and not sustainable in the long term b. There are several hundred computers older than maximum acceptable age according to municipal and council approved policy c. Some of the tools that support the infrastructure are outdated and should be upgraded 3 An example is when a recent password synchronization policy was introduced, some users did not understand details of its implementation resulting in delays in logging in and consequent delays in their day to day activities Municipality of Chatham Kent 2008 IT Strategic Plan Page 4

d. The current replacement policy for desktop computers is excessively labour-intensive and the effort necessary to make it work is often greater that the cost of replacement e. The base communications Infrastructure is outdated and cumbersome to support i. Data Network ii. Email System iii. Telephone System f. The standards defined for physical IT security are not universally applied across all Municipality sites g. While some policies are in place, a full set of IT policies has not been developed h. The ITS organization, while well managed at the senior level, is lacking in skills and/or experience in middle-management, and is understaffed compared to other similarly sized municipalities, given the infrastructure and applications they must maintain. Further, this group is structured in such a manner that is more reflective of the amalgamation legacy than of the effective delivery of technology and information services i. There are some key gaps in the skill levels of front line IT personnel as they relate to the To Be requirements j. There is a perception among non-its staff and political representatives that the infrastructure is a Cadillac solution. This perception is not correct. k. Different Municipality sites often apply different standards. There is no common across-the-board set of standards l. There is no life-cycle management replacement strategy in place for the telephony systems 4. Business Areas a. Lack of understanding of the role of ITS within internal department projects and initiatives b. Preference for stand alone or silo applications to fill an immediate need c. IT policies, such as technology lifecycle of hardware, often lacking or not adhered to d. User skills gaps e. Lack of support for common technological standards f. There is a possibility that CK Energy might develop its own IT support organization (although it will require additional GIS support from ITS). Some of the supported organizations do not adhere to IT corporate standards for technology selection, purchasing or management 5. Corporate Governance a. The assignment of strategic direction relating to IT assets and resources, is not clearly defined or formalized Municipality of Chatham Kent 2008 IT Strategic Plan Page 5

b. Communication between the ITS group and business areas is not effective and no one authority source is in place with ownership for the technology roadmap of the Municipality Comparison with Other Municipalities There is no clear consistency between different municipalities with respect to technology selection or organizational structures. Many appear to have somewhat fragmented infrastructures that result from amalgamations, and they are faced with similar issues to those of the Municipality of Chatham-Kent. With respect to future strategic direction, however, a number of common initiatives are underway, although the emphasis varies according to each municipality: 1. Electronic Service Delivery to provide equitable and affordable access by the community to a wide range of services and content. Attributes of this capability include: a. High degree of responsiveness b. Anytime, anywhere, anyhow services c. A high degree of system responsiveness d. Increased use of both web and voice services e. New channels for citizen engagement f. Recognition and adherence to privacy and security requirements 2. Streamlining of Internal Operations a. Industry-standard and current operating infrastructure b. Drive to increase business effectiveness utilizing IT c. Increased network and data security d. Standardized and integrated central applications e. Minimization (with the goal of eventual elimination) of ad-hoc departmental, single purpose databases f. A formal project management and system life-cycle approach to the development and support of new services 3. Reform in the Operational Practices of Municipalities a. The development of practices that improve the physical safety of personnel and create a healthy working environment b. Procedural changes i.e. the critical review of existing procedures that may be being carried out solely because of an outdated legacy requirement c. Increased effectiveness and transparency d. Collaboration with other municipalities or other organizations to share expertise and resources Municipality of Chatham Kent 2008 IT Strategic Plan Page 6

Municipality of Chatham-Kent s Business Requirements Vision and Mission Statement for IT within the Municipality The focus for the To Be vision is one of service orientation. The ITS group should be the sole provider of technology and information services across the entire municipal organization but those services must be aligned with business area requirements. The information technology architecture should be reflective of this service orientation. Vision Statement: Information Technology Services will provide the citizens of the Municipality of Chatham-Kent with the information and communications services, relating to the Municipality, to support them in achieving their goals and to enhance their quality of life. Mission Statement: To improve the performance of the staff of the Municipality of Chatham-Kent and provide access to information and services to its citizens through the use of appropriate technology. Goals and Objectives to Meet Business Requirements 1. The current infrastructure is unnecessarily complex and should be simplified to (i) reduce costs and (ii) assist the sustainability of IT operations 2. IT is somewhat fragmented, with silos of technology, multiple databases, stand alone applications and stand alone technology projects. The organization should move to a more integrated approach 3. IT governance within the Municipality should be centralized, and empowered to enforce policy 4. The ITS organization should be restructured to support partnership with business areas 5. IT does not have a formal technology roadmap describing acceptable technology, integration objectives, retirement strategies etc. This document represents the first technology roadmap since amalgamation and should be maintained, administered by an IT Steering Committee, and communicated across the organization 6. The Municipality of Chatham-Kent must review technology options for a consolidated Service-Oriented Architecture with the following key elements a. Common Data Architecture with common standards for database b. Web based systems, particularly those developed in house, to support all business areas c. A municipality wide Enterprise Resource Planning system particularly with respect to the suitability of CMiC or Hansen as an ERP and replacement of tax system, the selection of a replacement or alternatively, the development of an Enterprise Integration Architecture to integrate formerly stand-alone systems d. Common standards for all Geo-Spatial data with an emphasis on GIS as a core technology for the Municipality Municipality of Chatham Kent 2008 IT Strategic Plan Page 7

Target Technology Architecture The target architecture for the Municipality of Chatham-Kent should be developed with 2 main objectives: It should be service-oriented, i.e., developed and evolved as an architecture that provides a high level of customer service, and be robust, highly available, secure, responsive, integrated, and flexible It should be simple, i.e. easy to maintain, easy to grow, easy to use, current and industry-standard The proposed architecture shown in the main body of this plan incorporates the following: 1. Authentication is simplified 2. Standalone and Isolated Databases are rationalized into a central database 3. Technology is integrated 4. Industry-standard technologies are deployed The following Figure shows the proposed simplification of the infrastructure. Municipality of Chatham Kent 2008 IT Strategic Plan Page 8

Figure 1 Migration of Architecture from As Is to To Be Five year plan Municipality of Chatham Kent 2008 IT Strategic Plan Page 9

Action Plan To realize this vision, a 5-year plan has been developed, comprising 3 tactical cycles, preceded by the implementation of some Quick Wins : Tactical Cycle Duration From/To Tactical Cycle 1 18 months Mar 2008 Aug 2009 Tactical Cycle 2 18 months Sept 2009 Feb 2011 Tactical Cycle 3 24 months Mar 2011 Feb 2013 Note: this is a high level roadmap and is contingent upon development of appropriate work plans as well as allocation of budget and resources Quick Wins The following immediate steps will go some way to improving day to day operations within the ITS group and position it well for delivering the contents of the strategic plan: 1. Realign the currently vacant Local Systems Support position as a Network and Security Analyst and fill that role 2. Ensure the Database staff roles have both SQL Server and Oracle skills 3. Work with the Municipality s computer supplier to develop a base image for all new PC orders. This image will be further enhanced as part of Tactical Cycle 1 4. The IT Strategic Plan Steering Committee should be temporarily recast as the acting IT Steering Committee pending the formation of a permanent committee 5. ITS and the acting IT Steering Committee should immediately adopt the technology purchase and technology development standards policies, publish them and review all ongoing projects and initiatives for adherence to those policies 6. Stop all computer rerolls, the practice of issuing new computers to power users and cascading older machines to other users Tactical Cycle One (Mar 08 Aug 09) Tactical Cycle One prepares the base infrastructure to support many of the initiatives required as the Strategic Plan unfolds. It is important to note that, with the exception of the departmental restructuring and the governance initiatives, (which were part of the specific mandate of this plan), all other initiatives relating to Tactical Cycle One have Municipality of Chatham Kent 2008 IT Strategic Plan Page 10

been recommendations by existing ITS management, or subject to policy by the existing technology life cycle. Implementation of these recommendations are (correctly), recognized by present ITS management as foundation initiatives that will allow the municipality to move forward technologically. This plan confirms and endorses this view. Tasks Initially in Tactical Cycle One, effort should be put into place in a number of basic areas: 1. The ITS department will be reorganized: Structure will be based on two functional areas, rather than the current four, reflecting a focus on Information Services and Technology Services Several roles will be modified to align with the restructuring of the department Two new Business Analysts roles will be added to provide business units technology representation within ITS. These Business Analysts 4 will have responsibility for GIS and Business Applications 2. An IT Steering Committee will be created to be the owner of the IT Strategic Plan, and the Chair will report to the CAO. It may be that the municipality will choose some mechanism for reporting and or advisory involvement by the office of the Mayor, although this is not a common municipal IT practice 3. Existing computer and network communications infrastructure will be updated. This will: Simplify the authentication infrastructure for the Municipality Update and simplify the email system Refresh desktop technology to provide access to the new infrastructure and tools and ensure adherence to the technology policies already in place in the Municipality Provide enhanced functionality and therefore user effectiveness through the Office 2007 upgrade Provide training of all users in Office 2007, and the new email system It is estimated that operational costs of $140,000.00 per year can be redeployed to the proactive management of the currently underfunded technology lifecycle starting in 2009 4. A streamlined process for managing desktop images 5 will be introduced 4 The role of the business analysts is further described in the Appendix 5 This refers to the standard package of operating and application software that is installed on the computers of all Chatham-Kent users Municipality of Chatham Kent 2008 IT Strategic Plan Page 11

5. The website will be redesigned and a web advisory group created 6. Standards for network infrastructure will be developed and a redesigned data network across the entire municipality will be created 7. A disaster recovery simulation will be carried out to understand the data and operational vulnerabilities. (This will take place after the technology refresh has been completed) Financial Implications There are limited new costs for ITS in the plan for 2008, as most of the planned projects are covered by existing lifecycle or reserve dollars. New costs will however be incurred in 2009 to fulfill the addition of two business analyst roles in the ITS reorganization 6. Project costs are estimated as follows: Project Cost Comments ITS Re-Organization Realignments: TBD New Roles: $175,895 Addition of 2 Business Analyst roles, to be considered in 2009 Novell/Lotus Retirement $270,000 Existing ITS reserve funds. Savings will be $140,000 per year to be directed to lifecycle Technology Refresh $1,309,000 Existing reserve funds. As of this project, rerolls will cease and imaging will be simplified SharePoint/Web Redesign Network technology standards developed and network redesign Disaster Recovery Simulation Other known business area projects $300,000 Existing ITS reserve dollars to launch basic SharePoint infrastructure and strike web redesign committee $127,000 Consulting services to establish appropriate standards for network technology and network upgrade equipment. (Budget will be requested for 2009) $20,000 Consulting Services and internal resources (2009 Budget) TBD PSAB (Asset Management) CKTraax Public Works Work Management Immigration Portal Project Management Office Support Software Cultural Mapping Municipality of Chatham Kent 2008 IT Strategic Plan Page 12

Tactical Cycle Two (Sept 09 Feb 11) Tasks Tactical Cycle Two will continue the process of infrastructure improvement and will ensure that efficiency and survivability are key elements of the systems in place at the Municipality. The projects include: 1. Infrastructure upgrades 2. Development of a network security architecture 3. Expansion of Web to include an Intranet for knowledge and document management 4. Development of a business systems architecture or replacement technology, based around (i) Financial System (CMiC) and (ii) the Tax System (MAS) 5. Development of an IT Disaster Recovery Plan Financial Implications The 2009 and 2010 budgets will require new dollars to fund infrastructure changes in the latter part of Tactical Cycle #2, namely: Project Cost Comments Infrastructure Hardening - planning Development and deployment of Network Security Architecture Development and Testing of an IT Disaster Recovery Plan Planning: $25,000 Implementation: $150,000 Consulting funds to specify project for switch replacement, server consolidation and backup rationalization. Initial Blade systems and SAN purchase, followed by Life Cycle dollars for ongoing growth $50,000 External consulting supplementing internal resources $150,000 External Consultants Network Security Audit $30,000 External Audit Expansion of SharePoint Portal for corporate Intranet $50,000 Mostly internal resources with some additional hardware and consulting services Municipality of Chatham Kent 2008 IT Strategic Plan Page 13

Review of CMiC, Hansen and Tax Applications Replacement of CMiC or instantiation of EAI and replacement of tax application $100,000 Majority internal resources, supported by vendors and consultants Price Range: $500K - $2M Cost variable depending on solution selected. Minimal CMiC expansion, or EAI deployment would be low end, total CMiC replacement would be high end Tactical Cycle Three (Mar 11 Feb 13) Tasks The third tactical cycle, beginning in 2011, will require some more significant projects that cannot be undertaken until the base infrastructure is upgraded (2008 2010). The major projects for Tactical Cycle Three include: 1. New phone system. The current phone systems are obsolete and require replacement. Upgrades are not an advisable option as the parts for the phone systems in place are no longer manufactured and can only be procured on the Grey Market. A new, municipal wide phone system, based on Voice over Internet Protocol technology, should be implemented within the life cycle of this strategic plan 2. Critical to migrating the current infrastructure to a service-oriented architecture is the development of a rational data architecture based on Microsoft and Oracle standards which are currently in place and need to be enforced. This project will also lead to the development of an integrated data warehouse comprising data systems, GIS, corporate applications and the web 3. The development of a corporate knowledge portal on the web which leverages both the data warehouse and documented business processes Financial Implications The costs for the new phone system are significant and represent the largest ticket item that can be currently planned with any certainty. Operational costs can be recovered by the simplification of the phone system but the choice of not replacing it is not an option. Municipality of Chatham Kent 2008 IT Strategic Plan Page 14

Project Cost Comments New phone system $2.6 to $3.9M Existing phone system is past end of life and kept alive through concerted effort and spare parts purchase on grey market. Estimate based on $2000-$3000 per telset including associated infrastructure and possible re-wiring Implementation of Data Architecture and Data Warehouse Planning: $85K, Cost: $1,500,000 This major corporate initiative will require internal resources and business area supported by consultants. Business case will be contingent on quality of data and ease of migration and cleansing Corporate Knowledge Portal $50,000 Majority internal resources supported by consulting Document Management $100,000 Based on current technology standards and costs for SharePoint extensions Summary The work that needs to be done within the IT Strategic plan is substantial, but its purpose is simple Survival through simplification, stability and sustainability. The IT infrastructure should be migrated from a keep it working approach to a how can we be more efficient, improve the effectiveness of our staff, and enhance the services we provide to our citizens (as described in the initiatives being developed by other municipalities) approach. The three tactical cycles address the following major areas: Improving service to staff and the citizen of the Municipality of Chatham-Kent Integrating applications and rationalizing data Creating a network, hardware and software infrastructure that is integrated, robust, secure, easy to maintain and upgrade, current, and feature-rich Through formal, and regular IT governance, maintaining an organization structure that is aligned with the Municipality s business goals, is skilled in the deployment of the installed technology, operates to defined policies and standards and has formal communications channels with the business areas throughout the organization Initial funding requirements for the plan are modest and the Year One proposals should be adopted immediately. With the formation of the IT Steering Committee, the Municipality of Chatham Kent 2008 IT Strategic Plan Page 15

roadmap will have an owner who is empowered to ensure its implementation. In summary the total known investment over the 5 year strategic plan is estimated at $7.6M to $10.4M. The authors of the report will review the plan annually with the IT Steering Committee. This body will also be responsible for ensuring that the plan becomes a living document, i.e., is reviewed regularly and is updated to reflect changes in the Municipality of Chatham-Kent s business and operating environment. This plan affects all business units and has a considerable impact across the entire Municipality, with particular emphasis on ITS. However, the goals of the plan are achievable, and necessary. The timelines outlined in the initial roadmap are aggressive and are contingent on budgets, staffing and the completion of a detailed work plan. Council is recommended to adopt it and, through the IT Steering Committee, empower all municipal staff to commit to it, and deliver on it. Municipality of Chatham Kent 2008 IT Strategic Plan Page 16

2.Background Terms of Reference The Municipality of Chatham-Kent has requested Proposals for the development of a detailed, five-year Information Technology Strategic Plan (ITSP). The primary goal of the ITSP is to ensure that the Municipality can leverage its current technology investments as well as get maximum value on future technology investments while optimizing the Municipality s ability to meet and enhance customer service. Scope and Deliverables The scope of the plan includes all functional areas of the Municipality and involves interviews with all areas. Approximately 90 people were interviewed either individually or in logical groups. The Municipality requires a comprehensive report that documents the best utilization of the existing technology infrastructure and resources to accomplish its technology related services and, where required, clearly indicates future expenditures and resource needs/requirements. The Plan will establish strategic directions and priorities that will guide IT investments over the next five years. This ITSP must be mapped to the Municipalities current Community and Corporate Strategic plans wherever possible. Costs associated with any recommendation must be inclusive of all capital costs as well as ongoing operating costs and resources required. Estimates of tangible and intangible benefits related to all recommendations must be provided and qualified. The Municipality has directed that the final Strategic plan be completed, including final presentations and approvals, by February, 2008. The ITSP will be broken out into major components; the components outlined below are not necessarily all inclusive but are considered essential to the ITSP. As Is Assessment / Immediate Opportunities This was carried out by research and interview with ITS and other staff; the assessment identifies areas of strength as well as areas of immediate opportunity. Deliverables are in the form of documented recommendations to improve levels of service and maintain those levels as demand from staff and citizens increase. This review considers not just Municipality of Chatham Kent 2008 IT Strategic Plan Page 17

the physical architecture components and environments but also the processes to establish, enhance and sustain them. To Be Targets Estimated costs and benefits, associated with any recommendation, are incorporated and include all capital costs as well as sustainment (opex) costs such as maintenance and resources. Future Technology Direction This document provides the necessary research, based upon emerging technologies, IT trends and best practices from the public and private sectors, to formulate recommendations on how the Municipality needs to position itself for the future and to get the best return on its technology investments over the coming years, by: 1. Improving and simplifying its technology environment through options such as: a. System / application integration b. replacement of current applications c. changes to the WAN d. a phased approach that will be financially digestible and business case driven e. other recommendations e.g. VoIP 2. Prioritizing and aligning a series of projects (phases) Key deliverables for this section include: 1. High level data/application architecture map (interdependency diagram) to show a simplified model of today s IT environment 2. A documented phased approach to achieving the ultimate to-be environment (gap analysis). It is recognized that this may very well go beyond a 5 year window 3. Rationalized operating and capital technology expenditures, resource needs and paths by year, for the next five years Future IT Structure and Governance This document includes recommendations regarding long term planning against the topics below. The structure of the IT Department A governance model that supports the phased project approach to migrate from the as is to the to-be environments. This includes identifying the framework in which IT projects are identified, prioritized, implemented and controlled, as well as the overall role of IT within the organization and the associated responsibilities and staffing requirements Municipality of Chatham Kent 2008 IT Strategic Plan Page 18

Recommendations are supported with benefits and/or business requirements statements. Other IT related items to be addressed Other items required throughout the course of the development of the Municipality of Chatham-Kent IT Strategic plan include: Policy regarding the purchasing of technology, when is a business case required and what that business case should look like (p. 116) A vision statement for the IT Department (p. 89) Recommendations on training and investing in staff (including succession planning) (App. F) Risk assessment regarding a business continuity/disaster recovery plan (p. 122) A model for properly evaluating potential IT staff (App. F ) Client feedback on IT performance and how ITS can increase Customer Service (internal and external) (p.22) Recommendations for specific business areas to ensure that technology is utilized to streamline business processes (Referenced throughout body of document) Policy and processes around offsite backups utilizing the WAN infrastructure (p. 28) Recommended hardware and software lifecycles (pc s, laptops, servers) (p. 93) Recommended approach to achieve network connectivity at all sites (share information, common drive access) (p. 32, 36, 59, and 91) Deliverables The assessment will include, but not be limited to, the following deliverables: Table 1 IT Strategic Plan Deliverables Deliverable Section(s) Change Management Customer Support... 108 Change Management... 113 Security Network Security...46 Tactical Cycle #2 Security, Redundancy, Reliability... 101 Security... 122 Data Warehousing Required Application Matrix...69 Budgets - Years 3-5... 105 Web-portal / E Services Web Infrastructure...31 Municipality of Chatham Kent 2008 IT Strategic Plan Page 19

Deliverable Section(s) Web Department...48 Technical Standards...64 Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Budget for Password Management and Mail Replacement...96 Web/Portal Services... 108 Security... 124 Website Statistics... XX A high level data/application architecture map (interdependency diagram) to assist in identifying areas of recommended integration and areas of duplication with the current technology/ application portfolio Recommendations for improving business processes related to current and future applications are required. This will include identification of immediate opportunities to better leverage current applications i.e. operate more consistently throughout the Municipality. Process improvement recommendations regarding projects and day to day work within IT. Asset Management (PSAB 3150) Project and project Portfolio Management Operational policies and procedures including records and knowledge management requirements "As Is" Infrastructure including connectors...25 Business Processes...47 Summary of Recommendations: Business Processes... 134 ITS Triage Process... IV Process Changes... 109 Asset Management / Inventory Software...30 Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Policies and Procedures... 47, 113 Policies and Procedures IT within Business Areas...XXIII Areas of opportunity for improvements. Opportunity Analysis - 5 Year...87 Comparison of the Chatham-Kent IT Salary Comparison...88 Department with other municipalities that are offering similar levels of service regarding staff complement and compensation rates Comparison of the Municipality of Best Practices and Initiatives within Chatham-Kent IT Department with other Municipalities...87 Municipality of Chatham Kent 2008 IT Strategic Plan Page 20

Deliverable Section(s) municipalities that are offering similar levels of service regarding supported users Comparison of the Municipality of Chatham-Kent IT Department with other municipalities that are offering similar levels of service regarding number of sites supported Comparison of the Municipality of Chatham-Kent IT Department with other municipalities that are offering similar levels of service regarding complexity and number of applications Comparison of the Chatham-Kent IT Department with other municipalities that are offering similar levels of service regarding number of business units supported Comparison of the Chatham-Kent IT Department with other municipalities that are offering similar levels of service regarding annual capital and operating expenditures Customer relations management review A Strength, Weakness, Opportunities and Threats (SWOT) analysis of Chatham- Kent s IT environment identifying opportunities for improvements as well as a comparison with other relevant (single tier) Municipalities. Hardware WAN configuration Voice communications architecture including radio Improving and simplifying its technology environment through options such as system / application integration Improving and simplifying its technology environment through options such as replacement of current applications Best Practices and Initiatives within Municipalities...87 Best Practices and Initiatives within Municipalities...87 Best Practices and Initiatives within Municipalities...87 Best Practices and Initiatives within Municipalities...87 CKTraax...27 Customer Support Changes... 108 SWOT Analysis IT within Business AreasXXI Network Topology...36 Network Topology...36 Voice Communications Infrastructure.43 High Level Information Systems & Communication Network Architecture...68 Summary of Recommendations: Application Infrastructure... 132 Architecture Requirements Analysis...68 Summary of Recommendations: Application Infrastructure... 132 Municipality of Chatham Kent 2008 IT Strategic Plan Page 21

Deliverable Section(s) Improving and simplifying its technology environment through options such as changes to the WAN Improving and simplifying its technology environment through options such as a phased approach that will be financially digestible and business case driven Improving and simplifying its technology environment through options such as other recommendations e.g. VOIP Prioritizing and aligning a series of projects (phases). High level data/application architecture map (interdependency diagram) to show a simplified model of today s IT environment. A documented phased approach to achieving the ultimate to-be environment (gap analysis). It is recognized that this may very well go beyond a 5 year window. Rationalized operating and capital technology expenditures, resource needs and paths by year, for the next five years. This document will include recommendations regarding long term planning concerning the structure of the IT Department This document will include recommendations regarding long term planning concerning a governance model that will support the phased project approach to getting from the as is to the to-be environments. This will include identifying the framework in which IT projects are identified, Technical Standards...64 Summary of Recommendations: Network Infrastructure... 133 Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Tactical Cycle #2 Security, Redundancy, Reliability... 101 Tactical Cycle #3 Realizing the vision: Seamless Access and Communications... 104 Technical Standards...64 Summary of Recommendations: Network Infrastructure... 133 Opportunity Analysis - 5 Year...89 "As Is" Infrastructure including connectors...25 Opportunity Analysis - 5 Year...89 Opportunity Analysis - 5 Year...89 Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Governance... 109 Municipality of Chatham Kent 2008 IT Strategic Plan Page 22

Deliverable Section(s) prioritized, implemented and controlled, as well as the overall role of IT within the organization and the associated responsibilities and staffing requirements. Policy regarding the purchasing of Policies and Procedures... 47, 113 technology, when is a business case required and what that business case should look like. A vision statement for the IT Department. Vision Statement for ITS...89 Recommendations on training and investing in staff (including succession planning). Risk assessment regarding a business continuity/disaster recovery plan. A model for properly evaluating incoming IT staffing. Client feedback on IT performance and how ITS can increase Customer Service (internal and external). Recommendations, for specific business areas, that ensure technology is utilized to streamline business processes. Recommended hardware and software lifecycles (pc s, laptops, servers). Recommended approach to achieve network connectivity at all sites (share information, common drive access). Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Disaster Recovery Planning Guidelines122 Observations from Interviews Appendix F Observations from Interviews Appendix F Asset Management / Inventory Software...30 Geographical Information Systems (GIS)...41 Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Tactical Cycle #2 Security, Redundancy, Reliability... 101 Tactical Cycle #3 Realizing the vision: Seamless Access and Communications... 104 Technology Refresh Policy...84 Service-Oriented Architecture...59 Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Municipality of Chatham Kent 2008 IT Strategic Plan Page 23

3. As Is Situational Analysis Introduction The following sections provide details on the current state at the Municipality of Chatham-Kent pertaining to Information Systems and Communications Networks. MGCG conducted interviews with 91individuals representing Management, Staff, and Members of Council. Of those interviewed, 63 were surveyed on technological priorities for them and their teams. The interview list is shown in Appendix A. Survey Results The survey measures how the Municipality of Chatham-Kent values key decision drivers when making technology investment decisions. The following graphic (Figure 2 - Availability, Enablement, Affordability Graphic) summarizes the survey results for both Chatham-Kent employees and management. Figure 2 - Availability, Enablement, Affordability Graphic Municipality of Chatham Kent 2008 IT Strategic Plan Page 24

The survey results show that the organization sees Availability as the critical driver when making technology decisions. The survey also shows that both management and nonmanagement are closely aligned in their decision values. This result is typical of municipalities but it is interesting to note that the difference between Enablement and Affordability in this case is minor, within one standard deviation. The implication of this result is straightforward, namely, while cost sensitive, the Municipality is willing to ensure that services are provided to their citizenry. This implication is reviewed in terms of its impact on business needs in the document that follows. Observations from Interviews ITS In terms of the interviews with the ITS staff, while guarded, the results were genuinely positive. Some broad themes appeared: 1. The Municipality of Chatham Kent ITS group is culturally structured with silos which affect its performance. While well led, the direct reports to the Director (DRD), and their teams, do not work optimally together in the present structure 2. Due to the difficulties of amalgamation, the resultant culture and pressures to keep costs as low as possible, there is an aversion to technological and structural change within parts of the ITS organization 3. ITS is not consulted on critical projects that some business units undertake. When implemented, ITS is expected to support them, often without the requisite training and skills 4. At the DRD and practitioner level, there is a tendency towards emphasizing technology rather than business needs, and by implication, a disconnect from the holistic requirements of the Municipality 5. SuiteResponse is not effective as a trouble ticket management or knowledge management system for ITS and its Help desk and, further, it disintegrates historical information with respect to incidents. (Since SuiteResponse is used as part of CKTraax, it will be necessary to select a replacement across the municipality) 6. In its efforts to control spending, ITS has made technological decisions, which while they lower costs in the short-term, miss opportunities for long-term savings. 7. With a few exceptions, the ITS staff is highly skilled in maintaining the current infrastructure. There are opportunities to increase skills in database, desktop applications and telecom beyond basic phone systems Municipality of Chatham Kent 2008 IT Strategic Plan Page 25

8. The focus of the Corporate Applications group is primarily GIS with minimum resources or attention applied to other critical areas of corporate applications. CMiC, Inventory Applications, and HR Applications often receive reactive rather than proactive support 9. There is a perception within parts of ITS that the Web Group is somehow favored from a technological perspective 10. ITS feels that its role is not fully understood nor recognized by Council 11. Some ITS staff do not understand the value of adequate documentation or standardization of business processes Business Areas The interviews with the municipal staff and management were quite favorable in terms of the ITS staff and their commitment to delivering a good service. There were, however some key themes which did emerge that are worthy of note: 1. Genuinely very positive of the ITS staff and their responsiveness, helpfulness and consideration 2. Perception that planning was lacking on ITS initiatives that involve other business areas. ITS is viewed, in general, as lacking planning or process on technological changes or the introduction of new services 3. The Help desk process, while usually effective in the long term, is somewhat challenging to navigate through and can be inconsistent in terms of time to results. 4. Several business areas feel that they need dedicated IT staff assigned to them alone. 5. There is a lack of data or application integration. This is often caused by the staff of the various business groups themselves in an effort to expediently solve issues related to their own business group 6. Business groups exhibit behavior which encourages islands of technology such as: Refusal to update applications Failure to consult ITS or look to other business group for guidance on technological choices The proliferation of applications and manual workarounds to systems for expediency Municipality of Chatham Kent 2008 IT Strategic Plan Page 26

Failure to adopt or consider corporate standards for applications due to a lack of buy in for corporate technological standards 7. The Web is perceived as well designed but difficult to use for both their teams and the citizens of the community. The more likely the groups are to be webdependent, the more restrictive they find the web structure Service Level and Supported Organizations The interviews with the Police and CK Energy and CKPUC, the Health Unit and Ontario Works also were informative. In the case of the first three, each has specific unique requirements for the control of parts of their own infrastructure. Some themes from the interviews: 1. Genuinely very positive of the ITS staff and their responsiveness, helpfulness and consideration 2. Some groups have their own IT staff and prefer to use them for many day to day business needs leaving operational aspects to ITS. It should be noted that some of these groups make technological decisions that are not aligned with the infrastructure and processes currently deployed within the municipality 3. Several of these groups view ITS as underfunded, resulting in ITS making technological compromises 4. The Police and CK Energy leverage authentication infrastructures differing from those used as primary for the Municipality 5. The Municipality is using Lotus as an email system. The Exchange/Outlook system is industry-standard 6. Users expressed dissatisfaction with the performance of applications through Citrix when accessed from outside the office 7. CK Energy has expressed an interest in establishing its own separate IT group within the next several years (but wants to retain GIS support from ITS) Political Representatives The interviews with the Mayor and four councilors were informative. The specific themes from the interview were: 1. Genuinely very positive of the ITS staff and their responsiveness, helpfulness and consideration but two of the five interviewed questioned the strategic direction of ITS. Municipality of Chatham Kent 2008 IT Strategic Plan Page 27

2. Neutral to dismissive of the functionality and usability of the web site. In the more severe cases wondering why so much money is being spent on something that most users are unhappy with 3. Concerned about value from, as opposed to price of, the IT spend of the Municipality and not convinced that such value is in place 4. Clear concern that, as a Municipality with a restricted budget, Cadillac solutions are neither required, appropriate or defendable Application Infrastructure As part of the interview process, MGCG collected information pertaining to the applications in use within the Municipality of Chatham-Kent. (Figure 3 As Is" Infrastructure including connectors) identifies the applications mentioned during interviews and provided via documentation. The following diagram shows the complete As Is architecture in terms of applications and the interconnections between them. Municipality of Chatham Kent 2008 IT Strategic Plan Page 28

Figure 3 As Is" Infrastructure including connectors Municipality of Chatham Kent 2008 IT Strategic Plan Page 29

Office Productivity Applications Finding: The review found that the use of Microsoft software enables the organization to function effectively in terms of office productivity tools. Issue: There are limitations with the current Office XP suite that prevent the staff from being optimally efficient in their day to day duties. In fact the deployed release is a 2002 product which is now two major revisions behind current. It should have been replaced in 2007 according to the 5 year lifecycle for software, but was put on hold pending the results of this report. Recommendations: The addition of Groove, InfoPath and OneNote applications included in the Office 2007, will bring more efficiency to the day to day operations. The Office 2007 suite is designed to collaborate fully with Microsoft s Intranet collaboration tool, SharePoint. SharePoint is planned to be implemented in the coming year so enabling collaborative integration is vital. The current Office XP suite has limited, and in some cases no, collaboration links with SharePoint. Software Imaging Finding: The management of images on desktops and laptops is done manually. Remote locations require a special visit by an IT staff member to implement images. Issues: There are too many images in play (77). The effort to manually upgrade machines is time and resource consuming. Recommendations: The implementation of a central images management and deployment system will greatly reduce the need for IT support staff to make special visits to remote locations. The large number of images should be reduced to a more manageable number (a system type doesn t require having multiple images created, one for each department/software layout). Only one image per system type is required: this is shipped with the PC from the manufacturer. When used, it should be supplemented with application images. This same model can also act as an update/patch centre to reduce manual intervention. Email Storage Finding: Users tend to retain Emails and do not empty their mail boxes. Issue: Disk space is excessively high and continues to rise. Municipality of Chatham Kent 2008 IT Strategic Plan Page 30

Recommendations: (i) Creation of email storage standards and (ii) turning on controls on the server will ensure users regularly clean out old messages. With the implementation of a central storage mailbox, critical messages can be permanently archived (The Municipality of Chatham-Kent will need to create a retrieval process for users). While disk space is relatively inexpensive, this initiative will ensure storage management is simplified. CMiC Suite CKTraax Findings: The current 2004 version of the CMiC suite is not operating effectively. The major inhibitors are two crucial functions: While Payroll and HR are operating using software from CMiC, this software is an older release and is not compatible with the current database used by CMiC While critical business owners are leveraging the suite, others are not although there is some investigation underway in using other CMiC modules such as Asset Tracking, Asset Management, and, while there is no explicit Work Order Management module, other modules within the suite could be used. Further investigation is needed. Issue: The effect of this is no integration, and therefore collaboration, between Payroll application BCD Payroll (mpower 2000), HR application InfoHR and CMiC 2004. Multiple manual entries are required into all because of the lack of collaboration. Another drawback is that staff has to resort to paper workarounds to overcome the shortcomings. Recommendation: An upgrade of the CMiC suite to version 2006 followed by BCD Payroll and InfoHR migrations to the CMiC 2006 Payroll and HR modules will allow for more collaboration and less manual entry. Further, CMiC should be considered for pending new functionality such as Asset Tracking (to support PSAB),t Asset Management, and work order processing. If not, then the suitability of CMiC for the Municipality should be reviewed. Finding: No-one interviewed claimed to appreciate or find CKTraax effective, and its underlying technology SuiteResponse. The product was felt to be of limited use and the business process driving it was felt to be less than effective. This fills a dual role in the Municipality, part trouble ticket system, part Customer Resource Management (CRM) System but seems to do neither well. Issues: SuiteResponse is not an effective Trouble Ticket tracking system as: It does not link trouble tickets to inventory Has no knowledge retention tools Is often circumvented by staff in terms of tracking issues Municipality of Chatham Kent 2008 IT Strategic Plan Page 31

Is based on Lotus Domino (recommended to be phased out) Is at end of life as a product CKTraax itself, as a CRM platform, is software in search of an effective business process. Issue escalation management has minimal follow through and no tracking of data for historical or trending purposes. Recommendations: SuiteResponse, the core of CKTraax will require replacement as, ultimately will the CKTraax process. Several applications currently deployed within the municipality do have CRM capability including CMiC and Hansen. While the IT Help desk will need an immediate system that can both track trouble tickets and PC technology inventory (configuration, memory, hardware and software), the deployment of a separate system should be viewed as a stopgap only. Ultimately the identification of a complete business software system or the deployment of and Enterprise Application Integration strategy must address the ultimate issue of CRM. Help desk Issue Tracking Citrix Finding: SuiteResponse, the current issue tracking software, provides the essential functions but nothing more. The vendor company now been acquired by Active Citizen and support and upgrades will cease at the end of 2008. Suite Response does not provide a good Help desk function but is central to CKTraax. Issues: This Lotus Notes (Domino) application has poor functionality, no search ability and is difficult to use. The software does not have a knowledge base component which has driven other departments, (e.g. Corporate Applications and the Web Group) to develop their own standalone systems. Recommendation: A new, modern, Issue Tracking system is vital. The use of a more advanced system incorporating improved issue tracking, advanced search and a knowledgebase component is essential going forward. The knowledgebase component can restore the standalone departments to a single system environment that provides integration between all components, thus reducing data entry and software maintenance. A SharePoint application could be developed to replace CKTraax once the web infrastructure is updated. Finding: The Citrix environment has grown to be too large due to (i) the lack of appropriate tools at the desktop level and (ii) the non-use of RPC/HTTPS or similar for web mail or secure mail. Issues: The number of applications accessed via Citrix is (i) excessive and (ii) requires considerable maintenance. The main applications accessed via Citrix are Lotus Municipality of Chatham Kent 2008 IT Strategic Plan Page 32

Notes and client/server apps via users at the Service Centre. Many users have complained of problems installing Citrix on offsite computers. Recommendations: The reliance on a Citrix environment can be reduced by at least 50% when Exchange/Outlook (leveraging RPC/HTTPS) and Outlook Web Access (OWA) are deployed. The remainder can be addressed by users accessing the client/server applications from their own desktop. This may require an upgrade in bandwidth between Civic Centre and other municipal centres. The retirement of Citrix means a reduction in support effort and, the current Citrix servers can be used for other means. Additionally the yearly license purchases will not be required. Backup Finding: The current backup process is functioning. There are 20 servers that have tape backup drives attached. 18 of these only do individual backups while the other 2 servers back up multiple servers. 7 of these drives are located at the Civic Centre with the remainder dispersed among the remote locations. The backup process is full backups daily. There are two types of backup schedules and they vary per server. The first is the weekly schedule which provides a one week backup retention and consists of 5 tapes. This process backs up every weekday (Monday Friday) and then the following week the tapes are re-inserted into the backup pool The second backup schedule type is bi-weekly which provides a two week backup retention and consists of 10 tapes. This process takes 5 tapes and backs up every weekday and then the following week the other 5 tapes are used for the weekday backups. The third week then has the first weeks backup tapes re-inserted into the backup schedule There is a weekly tape retention applied to every tape backup device. This retention process moves the Friday tape from the rotation when used and then re-inserts it into the rotation the following month. This process allows the organization to have a weekly backup for a total of 4 weeks. For example, the tape for the first Friday in January, following the backup, will be removed from the rotation. It will stay out of the rotation until required on the first Friday in February. Tapes are securely stored at an off-site location. Issues: Two issues relating to the backup environment are key: While it is safe to assume that data is backed up and will be, on a case by case basis, recoverable, regular recovery testing is not undertaken and there is no complete systems recovery plan in place, documented or tested Municipality of Chatham Kent 2008 IT Strategic Plan Page 33

Backup is taken in an ad-hoc manner, on a server by server basis. The municipality should consider a consolidated backup infrastructure, perhaps associated with a server consolidation approach Assumptions: The maintenance required for a 7 tape drive implementation at the Civic Centre is excessive and not required. Daily manual interaction with each tape drive is excessively time-consuming. Recommendations: A tape backup environment with 1 LTO tape library at Civic Centre and 1 auto loader per remote location will provide a more manageable and efficient environment The requirement for manual intervention will be reduced from 5 visits per week to 1. The use of a daily Full Backup is excessive and a Differential daily and a Friday Full Backup will allow for quicker daily backups along with a more efficient use of tapes. Printer Installations Finding: Printers are installed on each computer manually by the Help desk. The printers are configured to link directly via IP. Issue: ITS must address each user either manually or remotely to install the printer driver and setup printer configuration. This adds to the imaging process and is actually used as a justification for managing imaging internally. Recommendation: Setup a server to act as a print server. Install all printers on this server and share them between appropriate groups. This will allow the users group policy privileges to identify the printers to which they should have access without the need for personal IT support. Asset Management / Inventory Software Finding: Zenworks inventory software is used to track IT assets. Issue: The Zenworks inventory software is not able to track all the organization s IT assets and provide advanced reporting. Recommendation: it is important that applications will satisfy the needs of the municipality. The applications to be reviewed include CMiC Assets and Hansen. In terms of Image Management, this will be achieved through the use of Microsoft SCCM. Antivirus Municipality of Chatham Kent 2008 IT Strategic Plan Page 34

Finding: The Symantec Antivirus used is running on all servers (Windows and Linux) and workstations. Version 10 is currently used although there are some instances of version 7.6. The on-site (Civic Centre) Symantec Server is responsible for downloading the updates, distributing them to clients, and updating as necessary. Email virus and spam security is provided by AppRiver. AppRiver is an external company that scans emails at the MX level before it gets routed to its final destination at the Municipality of Chatham-Kent. There is no SharePoint antivirus solution. Issue: The future SharePoint system may be susceptible to virus attacks as it is not fully protected. Recommendation: The Symantec Antivirus is sufficient for the day-to-day protection of servers and workstations. However, a proper SharePoint antivirus solution (i.e. Microsoft Forefront Security for SharePoint) is vital going forward and should be part of any SharePoint deployment once it is in production. The intention to migrate the current Intranet site to a SharePoint environment accelerates the need for this capability. PC Remote Access for Support Finding: The currently used remote access software tools are Zenworks (major use) and VNC (limited use). Issues: Zenworks is troublesome at times, likely due to: The remote computer not having the agent installed The installed version is out-of-date Lack of skill sets for scripting and the resources to implement scripts on all PCs Recommendations: The support team will benefit from the use of the Windows Remote Desktop support tool. This is a free add-on to the XP and Vista operating systems. Installs and updates will cease to be the responsibility of the end user. Windows Updates Finding: The computers within the Civic Centre and remote locations are configured to download Windows updates. Issues: Civic Centre and remote locations requires a manual acceptance before installation. Recommendations: This procedure can potentially facilitate the downloading of inappropriate / corrupt updates. This can be avoided if a central update center like System Center Configuration Manager Server is implemented and utilized to control Municipality of Chatham Kent 2008 IT Strategic Plan Page 35

the updates that are downloaded and installed. This will also reduce the need for manual intervention on Civic Center computers for update installs. Web Infrastructure Finding: The Web infrastructure is one of which the Municipality ITS group is justifiably proud. It has won technical merit awards for the web infrastructure group and is competently constructed using acceptable standard infrastructure such as.net, C Sharp and operates with a Microsoft SQL Server back end. Saying that, the web is perceived poorly within the Municipality itself, and many staff members consider it: Restrictive Un-necessarily verbose Difficult to use The Web department claim that you can find anything on the web in three clicks is disputed by users. Issue: The Web is viewed as a rigid tool that cannot effectively support those areas with a sales and marketing focus such as Economic Development and Riverview Gardens. Recommendations: The web infrastructure is currently slated for upgrade in 2008 and there is a genuine desire to redesign the web at that time. While the approximately $200,000 allocated may not be sufficient to complete it in 2008, the infrastructure can absolutely be upgraded to SharePoint 2007 and a web redesign steering committee established to involve users in developing functional specifications. Website Design/Layout Finding: The site design and appearance appears to be effective. Issues: The font used is small for some users and there are complaints about a lack of images. The layout of the content is occasionally frustrating for some users. Recommendations: The font size should be increased. Otherwise a note should be added to the site to provide instructions that enable users to increase the font via the browser. Additionally, the web team should meet with all departments to gather, and subsequently resolve, their layout issues. A web steering committee should be formed from all business areas and subsequently charged with developing a style guide for the municipal web site. Municipality of Chatham Kent 2008 IT Strategic Plan Page 36

Website Statistic Gathering Finding: The current web statistic gathering system is WebAlizer. Issues: This system has very limited functionality. The stats and reporting features is not to the level required for web site architecture of this size. The stats provided are high level and cannot be drilled down. The reporting is not customizable. Recommendations: As the website continues to grow (refer to Appendix G, Figure 19 Website Statistics) and more applications are incorporated, the web statistics tool should be upgraded to help support the maintenance and research areas. The web department has recently purchased a new tool (WebTrends) that incorporates enhanced features such as advanced web site hits, statistics and reporting. It also includes features to track market trends and locate web page browsing issues. Web Server Infrastructure Finding: The website server infrastructure is efficient. The services are dispersed over multiple servers which helps to disperse the load away from a single server and removes a single point of failure. The load balance setup for the web front-end servers (www.chatham-kent.ca) allows the user to surf the site with efficiency and it also provides a means of redundancy in case a server malfunctions. Issue: The web infrastructure is still very much standalone as it does not integrate with other applications except for GIS Web. Further the use of the web as an Intranet is far from optimal. Recommendation: As part of the web redesign, SharePoint should be instantiated and become the base platform for the corporate Intranet and a record/document repository. Website Update Procedure and Training Finding: Departments carry out their own updates on their assigned sub sites using Microsoft Content Management Server. Each department has its own designated authors and editors. The web development team provides training to departmental users that are either new to the CMS system, or require a refresh. Issues: The training/support hours given by the staff detracts from other day-to-day activities. Recommendations: The web team should develop training videos that can be accessed via the Intranet by authors and editors as required. While a written set of procedures is available on the Intranet to assist the Authors and Editors, the existence of these procedures should be communicated. Municipality of Chatham Kent 2008 IT Strategic Plan Page 37

Data Infrastructure Database Environment Findings: There is a broad use of databases within the environment (different versions / multiple instances of each). The As Is environment, as outlined in Figures 4/5 (Figure 4 Database Servers / Systems As Is ; Figure 5 Application and Database Relationships As Is ) has more than 40 separate, documented Access databases Given business area comfort with lack of documentation, there are likely quite a few more anecdotally more than 100. There are also multiple different instances of SQL, 4 different versions of Oracle and an outdated flat file db as outlined in Figure 5 Application and Database Relationships As Is. Figure 4 Database Servers / Systems As Is Municipality of Chatham Kent 2008 IT Strategic Plan Page 38

Figure 5 Application and Database Relationships As Is Application and Database Relationships As-Is Chatham-Kent MAS CMiC 2004 Hansen InfoHR Death Registry CK Energy HE Controls Child Care Web GIS Harris CLASS mpower Parks Inventory CMS Gold Lotus Notes TES COIN CMS Silver PWMS SQL 2000 CMS Bronze SQL 2000 ArcSDE 9.1 (Spatial DB) CMS Gold Cluster SQL 2000 Flat File SQL 2000 IBM Informix 7 SE SQL 2000 Access Access Access Lotus DB Oracle 10.2.0.3 Oracle 10.1.0.2 Oracle 9.2.0 Oracle 8.1.6 * There are many more access databases in the environment. These are only a couple examples. SQL 2000 Municipality of Chatham Kent 2008 IT Strategic Plan Page 39

Issues: The environment is more complex than it needs to be. The Municipality of Chatham-Kent is incurring unnecessary maintenance, support and funds to sustain this diverse database infrastructure. Recommendations: To reduce the complexity, a restructuring is required. A restructuring of any sort must be carried out using a thorough and well-thought out plan. MGCG has developed a design, as outlined in Table 5 Application and Database Relationships To Be, and Figure 12 Application and Database Relationships To Be, of what the end result should be. Nearly all of the 40+ access databases should be migrated into 1 SQL database. All SQL instances should be merged into 1 instance, which may have to be clustered for redundancy and accessibility. In both instances, the SQL database should be version 2005. The Oracle databases will be reduced by 50%. The GIS database will continue to reside in its own version of Oracle but all other Oracle database will reside in the 10.1.0.2 version. Network Infrastructure Windows Server Versions Finding: The organization has: Mostly Windows 2003 Servers Some Windows 2000 servers (i.e. GIS and Terminal Server) A couple of Windows NT4 servers (i.e. AM/FM 7, Call Manager Statistics Server, Oracle Management Server). Issues: Microsoft s support for the NT4 server line has expired. In 2010, the 2000 servers support will also expire. Recommendation: The NT4 and 2000 servers should be upgraded to 2008 Server within the next 2 years, starting with the NT4 servers, and all applications on these servers should be rigorously tested with the new 2008 Server before they are transferred into production. Network and Systems Monitoring Findings: Minimal systems monitoring takes place today: essentially servers, printers and network components are polled to ensure they are active, and an email notification is generated when a non-active status is detected. Statistics are not collected from servers, log files, or from network devices hence 7 The AM/FM Server will be shutdown in January 2008 Municipality of Chatham Kent 2008 IT Strategic Plan Page 40

precluding the ability to detect performance degradation or security issues. There are minimal tools available to assist with scanning log files, or unauthorized security access attempts. Issue: Log files are not pro-actively monitored. This approach is reactive - critical systems require a more anticipatory and mitigating approach. Recommendation: Processes should be established and tools introduced to monitor the systems. This accountability will be assigned to the role of Security Network Analyst who will be responsible for proactively monitoring network logs, and utilizing appropriate security tools. Network Topology Findings: The network topology of the Municipality of Chatham-Kent consists of the main hub of the Civic Centre with connections to numerous outlying offices, some within Chatham and others outside of the immediate city. The WAN (Wide Area Network) connecting the offices is provided through a Service Provider - Maxess, and is primarily High Speed with fibre connecting critical links. The Municipality of Chatham-Kent has a contract with Maxess, including an appropriate Service Level Agreement (with penalty clauses in the event of a WAN outage). Within the Civic Centre, all floors and offices are interconnected by network switches of varying models, age, features and functionality. The switches have been configured in a backbone ring with redundant connections and therefore do support recovery from equipment or cable failure. If a fibre cut occurs on the backbone ring, the traffic automatically reroutes transparently with no customer disruption. If a fibre cut occurs on an external connection or on a building drop then there will be a connectivity loss. The current system has evolved over numerous years, and has grown on an ad-hoc basis. The age and quality of the cabling is uncertain, and may not be suitable to support new initiatives such as voice and video. A recent security audit recommended (i) the installation of new MPLS switches and (ii) the introduction of network segmentation. Network segmentation has, so far, only been implemented for the Police but is planned for 2008. Network Segmentation, if and when implemented, will help to optimize: Traffic routing Security The ability to isolate business units or localize content Issues: There is insufficient redundancy in the overall network topology. Redundancy in interconnections, both within the main Civic Centre between Municipality of Chatham Kent 2008 IT Strategic Plan Page 41

switches and also in the external connections to branch offices, provides some (limited) protection against single points of failure, and replacement switches also provide faster recovery. Recommendations: The WAN topology should be reviewed with the vendor and, based on the business impact of failure, consideration given to incorporating additional redundancy so that in the event of a main fibre failure, the design incorporates a backup connection to some or all remote sites. Options to decrease the risk of an outage include: Redundancy - additional fibre in same cable Route Diversity - different physical route back to the POP from the site splice point. Note there is still a "collapse" from the splice point into the building Entrance Diversity - different physical route from the splice point into the building POP Diversity - fibre goes from customer site to two different POPs Standardization of equipment vendors, models, spare capacity (ports) and adding redundancy into the connections will provide a more stable and more overall system uptime to both the Civic Centre and all offices remotely accessing their systems. The overall topology requires planning and restructuring to incorporate localized segments (already in planning stage), easier recovery and maintenance. It is important to note that the Police Station has newly installed MPLS switches that have the ability to isolate traffic in terms of either geography or traffic type. This is a feature that the main network does not have. Switches should be of similar type and capability across the Municipality. Network Cabling Finding: The network cabling is effective but unorganized at some switch locations. Issue: A few of the switch/hub locations have an unstructured arrangement. Recommendation: The cabling should be organized to a more manageable level. The current arrangement makes troubleshooting difficult and time consuming. A re-organization with the use of twist ties and cable labeling will allow a much more organized arrangement. VMWare Server Finding: Currently, VMWare Server (GSX) is being used in the network to operate some production servers. Issue: This version of VMWare is free (non-trial) with limited to no maintenance/support. Municipality of Chatham Kent 2008 IT Strategic Plan Page 42

Recommendations: As production applications are dependent on the VMWare server, a maintenance/support package should be purchased. Preferably, a purchased version of VMWare (ESX) should be acquired. On production servers, reliability and up time is a concern so the move to the ESX version will be beneficial, as it provides high availability and enhanced security. Directory Services Finding: The As Is directory services layout, as depicted in Figure 6 Email/Directory Services Layout As Is, performs adequately. Issues: The use of both Netware and Active Directory (AD) is causing frustration within the organization as, while all user account created in Netware get synced to Active Directory within 30 seconds, user accounts created in Active Directory do not immediately get synced back to Netware. The reason is that, when password changes are required, a special password procedure is required via the Novell Identity Manager Web interface. This is a more involved process than the usual one step password change procedure which exists in a one directory infrastructure environment. Some of the remote locations (i.e. CK Energy) have their own AD infrastructure that has no linkage with the main Netware/AD setup. This results in more work for the administrator and more logins and passwords to remember for the remote office end users. Citrix, VPN and CMS rely on AD for authentication whereas the desktops and laptops rely on Novell for authentication. This results in multiple points of failure. Recommendations: A migration of the Netware domain to AD is necessary for a more efficient and maintainable environment. The remote locations should also be configured to interconnect with the main AD environment so that all locations can be managed from one central location. The remote locations can have delegation configured so the local IT can manage the local environment without the ability to connect to others. This one directory infrastructure environment will result in easy and quick password changes as well as only a single login procedure/password to remember instead of several. There is a cost saving, potentially significant, by moving to a single directory infrastructure. Municipality of Chatham Kent 2008 IT Strategic Plan Page 43

Figure 6 Email/Directory Services Layout As Is Municipality of Chatham Kent 2008 IT Strategic Plan Page 44

Email Services Findings: The As Is Email/Directory Services Layout, as depicted in Figure 6 Email/Directory Services Layout As Is, performs adequately. Issues: The use of Lotus Notes provides the Municipality with email access but limits remote access. To gain access to email remotely, the user has to gain access to a Citrix client first. The yearly support cost for Lotus is also substantial. The Lotus market share has declined, and Ontario municipalities have migrated to Outlook/Exchange. As a result it has become increasingly difficult to find Lotus Notes skills. Recommendations: Migrate the email environment over to Microsoft Exchange. Exchange provides remote users with quick and easy access to email via the web. There are no yearly support fees required for this environment (if required, Microsoft will charge on a per call basis). Exchange will provide simple support/maintenance based of its tight integration with Active Directory. Server Environment Findings: The Server Room is protected with a UPS running at 96% of its capacity. Some new initiatives have occurred such as the introduction of a SAN disk storage system and Server Virtualization (with VMWare), but the SAN has not been implemented for sharing among servers and the Server Virtualization does not have a plan to migrate any existing servers. Additionally, there are some servers that are not housed in the server room, and are exposed and vulnerable. Critical servers do not incorporate redundancy in their network access connections (NIC card teaming). Issues: The current server room environment is inadequate, underpowered and too small. The new Server Room and generator installation is now one year behind schedule. Recommendations: Complete the new server room build and migrate the servers to it 8. Institute plan to launch an infrastructure hardening project to: o Storage consolidation on SAN o Backup consolidation o Server virtualization 8 This work is in progress. It is expected that the new generator will be operable during Q1 2008 and server room will be completed around this timeframe Municipality of Chatham Kent 2008 IT Strategic Plan Page 45

Wireless Finding: Currently the Civic Center does not have a wireless network. Wireless networks have been implemented at two remote business areas. Both wireless networks have been implemented without consulting ITS. Issue: It is technologically-challenging and time-consuming, for ITS to provide support to facilities whose design and implementation they were not involved in. The wireless networks may be vulnerable to attacks if they do not meet security standards. Recommendations: Service level agreements should define the technologies that should be supported and, if new technologies are required, then ITS should be involved in the selection, design and deployment and the service level agreement modified accordingly. A thorough test and security review should be done at both wireless locations to ensure they meet standards. Remote Access Finding: There are a significant number of users accessing the Corporate Office systems through dial-up modems. This equipment is (i) end-of-life technology, and (ii) creates a security risk to the ITS infrastructure. There is no current deployment of Webmail access, thereby requiring users to connect by VPN and Citrix in order to gain access to email, or use a PDA device such as a Blackberry. Issues: Modems pose security vulnerability, and are end-of-life technology. Citrix and VPN issues for remote users are ongoing, primarily related to performance. Recommendations: A review into the use of modems, and the users they support, should be carried out to evaluate the continuance of dial-up connections. There may be exceptional cases where a system may only be maintained in this manner due to legacy technology, but a review will eliminate old equipment and vulnerabilities to non-authorized users. A review of authorized users who require remote access to Corporate Systems will determine if Webmail is a viable alternative. The introduction of Webmail will eliminate the need for many of the user accounts using the modems, VPN and Citrix. Geographical Information Systems (GIS) Findings: The GIS division is an award-winning GIS-solutions provider for the Municipality. Various areas of the Municipality leverage GIS services, namely the PUC, CK Energy, Fire and Police services, Planning, taxation and the citizens of Chatham-Kent via the CK Website. Municipality of Chatham Kent 2008 IT Strategic Plan Page 46

The Municipality utilizes the ESRI suite of ArcGIS Enterprise tools as well as Miner & Miner s ArcFM network GIS solution. The GIS back-end is based on Oracle Databases and is maintained by a competent staff of GIS Professionals. Issues: Overall, it was found that the GIS department was very competent in delivering their services. There was however concern in the following areas: Lack of Documented Support Processes: There is an absence of formally documented business processes for supporting end-user GIS application queries and support issues. While there are processes that are followed, they are processes that have been built over time and have become ingrained into day-to-day operations; they are neither formal nor documented. Lack of Issue Tracking Solution: It was observed that Suite Response was not a robust enough issue tracking solution. The GIS group created an online Wiki-style knowledge portal to supplement the Suite Response tracking solution. Recommendations: The following actions are recommended to address the GIS Issues that were discovered: Business Process Review this will entail an organization wide review of all business processes, and involve the documentation and optimization of existing processes as well as identifying new streamlined processes. Implement a robust issue tracking solution Implement a tracking solution such as TrackIT! or leverage other tools which may be deployed as part of the overall architecture refresh to allow for quick access to historical tickets and solutions. Radio Communications Findings: The current Radio System used primarily by Fire, Police and Public Works is an outsourced solution 9. This outsourced system has been running for several years and has proven to be stable, and quite satisfactory. It is absolutely critical that this system is reliable, robust, highly available and stable. The only comments given outside of this is that the system is a more expensive solution but that this tradeoff is proper given the sensitivity and importance of the service. Issues: With the outsourced service, there is a schematic showing the mapping of the serviced area. We have not been able to determine the levels of redundancy that the service provider has built into the system (towers and spare equipment). 9 Prior to this outsourcing, issues were experienced with stability and system coverage. Municipality of Chatham Kent 2008 IT Strategic Plan Page 47

SCADA Recommendations: The existing map of coverage should be reviewed and updated to include repeaters, the overall extensiveness and if there are any identified weak spots). The current (weak) Service Level Agreement should also be reviewed with the provider and enhanced to indicate that in detail how the server area is covered, how they address redundancy and their recovery time objectives in the event of a failure. Finding: The various SCADA systems, owned by CK PUC and CK Energy, throughout the area are generally similar systems. Currently, two software vendors are in use for the central monitoring areas (IFIX and Allen Bradley), and the RTU/PLC s have approximately four different vendors, but are also trending towards a single common vendor (Allen Bradley). While visiting the CK Utility, it was noticed that some of the SCADA monitoring equipment was accessible by the loading dock and associated area, and in unlocked cabinets, posing a security risk to vandalism or theft. There is also concern that the Meter Reading system (fed by RF Channels) may be connected to the Corporate LAN. Issues: The corporate WAN, while not a bad carrier for SCADA will require upgrade and network segmentation before it can be used therein. The actual issue is not whether or not it can ultimately support SCADA, but a business decision needs to be taken on whether the network should support SCADA or not Recommendations: While the general SCADA planning addresses the advantages of consolidating vendors for the equipment and the monitoring software, it is believed that a more thorough security review of the architecture and the ways in which the systems interact with the Corporate LAN is carried out. Voice Communications Infrastructure Voice Communications Findings: The consolidation of telephone systems over a number of years has resulted in some variances of models in equipment, but the most common system is the Nortel Meridian 1 Option 11C in the larger offices and Norstar KSU elsewhere. The system in the Civic Centre is approximately 15 years old. The quality of the systems varies between the Civic Centre and the outlying offices, with differences of opinion from various stakeholders in the suitability of the system. Some users have complained about (i) noise on the systems, (ii) lack of functionality, and (iii) the lack of capacity to grow. The key finding, however, is that the current intention is to use the existing telephone systems until they Municipality of Chatham Kent 2008 IT Strategic Plan Page 48

irreparably fail and parts can no longer be sourced. Parts are already being sourced from companies who special in refurbishing parts for older systems. A recent interruption in the main Civic Centre brought to light that the battery on the existing phone system did not hold 10, and that there is no scheduled maintenance agreement in place, (service calls are made in response to a failure) Issues: With aging telephone systems throughout the environment (Appendix B), there is no immediate intent to replace the current system. It is currently maintained through sourcing spare parts usually in response to an equipment failure. This approach will serve for some time but within the scope of the ITSP, a voice strategy must be developed and executed. Recommendations: There has been a fundamental change in voice communications technology over the past decade with the phasing out of conventional Time Division Multiplexing (TDM) systems and the migration to Voice over Internet Protocol (VoIP) and Unified Messaging. The municipality should approach the issue of a grey market maintained phone system with some skepticism as it is a mission-critical infrastructure. Over the first three years of the plan the network infrastructure within the municipality should be hardened to support Multilayer Switching, InLine Power and Quality of Service. Once that is completed there should be the intention to migrate to VoIP in 2011 and 2012. Operational Processes Computer Re-rolls Finding: Computer re-rolls are happening in situations when they not required. Managers and power users are re-directing their 1-2 year old computers to staff who requires a new/updated computer and taking the new computer for their own use. The current process (Figure 7 - Computer Re-rollouts Process) used is also very time-consuming: The new PC is received with the OS installed The OS is removed by the Computer Technician A new user is assigned the replaced PC that is then imaged with the profile of the new assignee (typically a user with less power requirements) Similarly the assignee s PC is reassigned and also re-imaged, and so on Issues: This process is inefficient and costly a single PC causes a minimum of two re-imaging s and can trigger many more. While this allows for the stretching out of PCs - with the laudable goal of allowing users who don t need current model specifications to operate and stay as current as possible, it results in extending 10 However, in general, the battery only needs to provide power for 30s until the generator power kicks in. Municipality of Chatham Kent 2008 IT Strategic Plan Page 49

the life of old PCs far past their operational life cycle. Note that a PC that is 48 months old is actually only 1/8 th as powerful as one purchased today and, over every 18 months, its power relative to a current PC is halved again. A seven year old PC has 1/32 nd the power of one purchased today and will actually run none of the current desktop tools released by Microsoft or many other software manufacturers. The cost of maintaining a desktop at a 4 year maximum lifespan is in the range of $200-$300 per year, the cost of ongoing rerolls is likely similar but with no net technological gain. Recommendations: As part of the technology refresh recommended for 2008, any PCs outside of the technology refresh cycle of 4 years should be replaced. A further recommendation relates to laptop computers: manufacturing standards are such that laptops have less long-term growth capability than desktops and cannot be as readily upgraded. The Municipality should consider a three year technology refresh schedule for laptops while keeping that for desktops at four years. Municipality of Chatham Kent 2008 IT Strategic Plan Page 50

Figure 7 - Computer Re-rollouts Process This is the current process as it stands documented from the MGCG Interview process. The process is however not formally and definitively documented. NOTE: This process does not take into account the age of the employee s computer, thus, there is a possibility that an employee may have a computer that is older than the planned end of life. Municipality of Chatham Kent 2008 IT Strategic Plan Page 51

Expired Computers Finding: The Municipality of Chatham-Kent is moving old computers off-site by one of three means which are: Donation Social services or Recycling Issues: It takes a year at times to move an expired computer out. Recommendations: A more structured system that moves expired systems within a shorter period of expiration would free up valuable space. Network Security Policy There is no comprehensive written policy regarding Network Security. There have been 2 exercises carried out in the last 12 months to test the impact on the Municipality of security breaches. In each case the intrusion was detected and appropriately handled. ITS is not consistent in its documented procedures for modifying the factory default settings for applications and other components such as firewalls. Examples of gaps in documented security policy that are of significance are: Outlining acceptable activities and access privileges for Remote Login sessions Outlining what steps to take when an intrusion is detected; who to contact, when to intervene 11 Outlining the policy around operating system updates and service packs currently all updates are set to automatically download Recommendations: Continue to modify the factory default settings to deter/prevent unauthorized access to the network Expand the current written policies to include all necessary aspects of security as per ISO Standard 177999 11 Servers, network devices and WAN connectivity is monitored with some tools, and network traffic is monitored. Segment traffic is also monitored. Municipality of Chatham Kent 2008 IT Strategic Plan Page 52

Formalize the security practices that have been tested and found to be acceptable Business Processes There is concern around business processes that were observed. It was generally observed that the Municipality is lacking in formal documented business processes across all divisions in IT. There is also a lack of an accepted documentation standard for existing documents. Additionally, there is little to no documentation on IT policies in various areas. There was a lack of written security policies, and no immediate intent to implement them. Policies and Procedures Acceptable Usage (of Municipality s assets) Policy There is an acceptable usage document that exists and which is quite comprehensive. There are several areas 12 that could use more, or updated, detail, including key items such as: Ownership of content produced on the Municipality s systems Detail on what to do with suspended user accounts and related data Detailed policy on the distribution of Municipality- licensed software on personal computers. Overall, the document is fairly robust, but could use a thorough review by management and a staff committee. It would be also wise to update the document to ensure that it is current and is maintained as such. The Municipality of Chatham-Kent Library The Library is generally staffed by an individual with library application skills but not ITS technical skills and as such the Library requires support from ITS. It was noted that there were a few documented processes in place at the Library in regards to ITS impacting processes (note that these are library processes, not ITS processes). From an ITS perspective, while there was some documentation on processes revolving around server restarts and other processes, the documentation was 12 It should be noted that some network security training has been provided. Municipality of Chatham Kent 2008 IT Strategic Plan Page 53

incomplete, and failed to elaborate on key areas, such as what to do in case a certain scenario arises; or lacked detail in the execution of the actual process. Consideration is currently being given to the provision of hot spots in the Library. For security purposes, these will be on a separate network. ITS Help desk Processes There were some ad-hoc processes written down in a manual, however, they were not in a standardized format. Moreover, they were not general processes, but were solutions to issues that arose. The motivation to keep these issues separate of the Suite response application was the fact that the Suite Response application was not easily searchable. The items within the manual are not considered process, but are referenced by Help desk staff and trainees if needed. It was observed that all training in processes and procedures is done by experienced staff through job shadowing and apprenticeship. This is true for the Help desk and the ITS practitioners to whom they escalate issues. Web Department The web department has a concise document that outlines policies. This document was created by a consulting firm. It includes an outline for the web design polices that the web department needs to follow. GIS Processes Formal processes for GIS were not available; however, the GIS team has created a wikitype solutions/knowledge base for lack of a better way to archive and search previous solutions - as Suite Response is inadequate. Again, all processes and policies are not formally documented, and as such, areas such as Database Policies are lacking in clarity. It should be noted that the creation of internal wikis is neither effective nor representative of corporate standards for knowledge management which will be SharePoint based. Processes related to Applications The documentation of processes related to CMiC, databases, and other applications maintenance needs improvement. A vulnerability for the Corporate Applications department is that the processes and knowledge that exist are largely inside the knowledge base of individuals. Municipality of Chatham Kent 2008 IT Strategic Plan Page 54

Recommendations The Municipality should consider a consolidated effort to document business processes. The effort, though non-trivial, will make the introduction of new staff and business systems far simpler and will make process improvement possible. There is a lot of process knowledge stored in the heads of various end users and managers. The intricacies of a particular process may be lost when training by apprenticeship or job shadowing without written documentation. To generate that documentation the following actions should be considered: Standardize a process documentation methodology a combination of Swimlane (flowchart) and Narrative should be considered Create a repository for corporate business processes using the SharePoint portal under consideration for deployment in 2008 Interview staff to extract existing processes and document them Process accountability there should be a clear delineation of who is accountable for a particular process There should be a standardized methodology or plan in place for communicating changes in processes and policies to staff members There should be a standard knowledge portal, likely based upon Microsoft SharePoint technology which is the corporate standard for communications portal technology. This Portal, appropriately designed, can also play the role of a document management system Municipality of Chatham Kent 2008 IT Strategic Plan Page 55

4.Information Technology in Other Municipalities As shown in Appendix C (MISA Findings not available as other municipality s consent is pending), there is no clear consistency between different municipalities with respect to technology selection or organizational structures. Many appear to have somewhat fragmented infrastructures that result from amalgamations, and they are faced with similar issues to those of Chatham-Kent but, like Chatham-Kent, they may now be at the point where they can no longer avoid changes for reasons of security, efficiency and privacy. Technology Email and Authentication With respect to email systems, the following table (Table 2 - Email and Authentication in other Municipalities) is useful for comparative purposes. It is important to note that the direction recommended for email as part of this plan is by far the majority for the province of Ontario. Other organizations, particularly those leveraging Novell GroupWise are beginning initiatives to migrate to exchange as access to skills and support become less available for that technology. Table 2 - Email and Authentication in other Municipalities Population Lotus Notes Novell GroupWise Microsoft Exchange 100,000 Thunder Bay Oakville(*) Waterloo Region(*) Chatham-Kent Mississauga(*) Greater Sudbury Toronto Oshawa Hamilton York Region London Halton Region Windsor Kingston Oxford County Peel Region Niagara Region Kitchener Burlington Ottawa Markham 20,000 Bradford Peterborough Ajax Renfrew County Bruce County Haldimand County Leamington Milton Newmarket Clarington Grey County Municipality of Chatham Kent 2008 IT Strategic Plan Page 57

North Bay Woodstock Halton Hills Middlesex County 13 With respect to Authentication, the major Exchange deployments utilize Active Directory. As they update their infrastructures, other municipalities are migrating away from Novell and Lotus. Office Software The majority of municipalities of more than 20,000 people in the province of Ontario are leveraging Microsoft Office. At the time of the last survey, none had adopted Office 2007 but the last survey was coincident with the release of that version one year ago. Versions deployed run the gamut from Office 97 through to 2003, the Municipality of Chatham-Kent could be considered in the middle third in terms of currency but, with Office 2007 now released and the technology lifecycle policy being what it is, an upgrade is now due. Only two municipalities, Greater Sudbury (which has since launched a migration effort to Office 2007 late last year) and Ajax, are using non- Microsoft technology at the desktop productivity level. Given that Office 2007 is relatively new, many municipalities have yet to adopt it, the Municipality of Chatham -Kent would be one of the first but this is purely coincidental as it is planning an upgrade just as Office 2003 approaches end of life and, rather than have to do two upgrades (one to 2003 and a second one to 2007), the recommendation is that an upgrade to 2007. Security Firewalls A variety of firewall technology is deployed across the municipalities of the province. The Municipality of Chatham-Kent s choice of firewall is reasonably standard and represents a better than most approach which is appropriate for a municipality of Chatham-Kent s size. Spam Filtering The Municipality of Chatham-Kent s solution for spam filtering technology is appropriate and acceptable. Municipalities have a variety of choices at their disposal and no clear trends are evident. Web filtering Web filtering, while nominally in place within the Municipality of Chatham-Kent, is not effective against basic inappropriate usage tests. Several options are deployed 13 In the process of migrating to Microsoft Exchange and Active Directory Municipality of Chatham Kent 2008 IT Strategic Plan Page 58

throughout Ontario municipalities with Borderland Surf Control being slightly dominant as a technology selection. Multilayer Switching There is limited availability of information as to the deployment of multilayer switching within municipalities but with trends developing toward the deployment of Voice over Internet Protocol (VoIP) technology for telephony, it is a basic requirement both from a security and performance point of view. Voice With a world-wide trend toward VoIP technology underway and the lack of any current or supportable alternatives to that technology in place, municipalities are moving toward VoIP and Unified Messaging. Currently, the major vendors in the voice space within the municipal sector include Cisco (VoIP) and Nortel (conventional voice), Avaya also has some presence in the VoIP space as does Nortel Succession. There is no clear technology leader within the municipal market but the trend toward VoIP migration is becoming clear. Network There is a general standardization in the Ontario municipal environment on Cisco Network equipment. Dialup networks are being phased out, replaced with carrier provided DSL or fixed circuits and, in some cases, municipal or utility-owned fibre optic infrastructure. Wireless There are three types of wireless initiatives that are undertaken within a municipal context: Internal Wireless Networks to enhance productivity within municipal sites Municipality-wide, Wireless Wide or Local Area Broadband Networks for use by the citizenry Localized public Wireless LAN networks in particular municipal locations such as libraries The former of these is usually a municipal activity; the latter can be but is more often undertaken by the local distribution utility or that group in conjunction with the municipality. With respect to Internal Wireless, this is an issue of appropriate technology and security. Municipalities can choose to deploy wireless network technology, but the security risks can be significant and as such a properly secure network is required with appropriate technology deployed including multilayer switching, in-line power, appropriately designed Demilitarized Zones, appropriate use policy, and properly designed wireless Municipality of Chatham Kent 2008 IT Strategic Plan Page 59

encryption. It will be one of the mandates of the Network Redesign and Security Architecture projects that the Municipality of Chatham-Kent be wireless capable when those initiatives are completed. If there is a desire to deploy wireless afterward, the network will support it. As for Municipal Access Wireless networks, this is an issue of an appropriate business case. Many restaurants, bars, and coffee shops in urban centre s offer free wireless for their customers; in addition carrier companies such as Bell, Telus and Rogers offer paid services. The question becomes - does the municipality alone or in conjunction with the PUC or CK Energy wish to get into the telecommunications business? In other municipalities, it appears that a certain critical mass of potential customers is required before such a program is considered and the success of these ventures is still not proven. With respect to libraries, while some municipalities and their libraries are considering such an application, there are security and appropriate use concerns which need to be addressed. The openness of the library environment while necessary and proper can provide an opportunity for inappropriate use and requires careful monitoring. Security must be reviewed holistically across the municipality and, while library wireless should be on a different network segment with access controls, the library security profile should be part of that review. Municipality of Chatham Kent 2008 IT Strategic Plan Page 60

RFID Radio Frequency Identification Devices are small tags which can be attached to items allowing them to be tracked by scanning devices. A common use of these devices in a municipal sense is for tracking waste disposal trucks at dump sites. The process works as follows: 1. A RFID tagged truck enters the dump is scanned and weighed 2. It dumps the refuse as required 3. It is rescanned and reweighed 4. The dumping company is charged automatically based on the truck s RFID Currently the City of Vancouver is piloting such a program at one of its dump sites but the technology is still reasonable new and while deployment should become more widespread over the next five year, an immediate foray into this technology is not recommended. Other Applications No real trends have emerged with respect to standard business applications such as Financial Systems, Asset and Work Order Management, although every municipality has requirements in such areas. With a wide choice of applications, municipalities are trending toward those that best support existing business processes and integrate in some way or another with legacy applications. Some technology and application trends within municipalities are emerging. The following common municipal initiatives are of note: 1. Collaboration. The possible evolution of SharePoint as a collaboration engine for municipalities is of note. If this trend does continue, and municipalities move toward developing Corporate Project Management Offices such as that currently being deployed within the Municipality of Chatham-Kent, then it may be that the Microsoft Project Server solution becomes the predominant Project Management Application within municipalities. This tool cleanly integrates with SharePoint, Office, Active Directory and Exchange and may be positioned as a leading technology in this space over the next several years 2. Documentation and Records Management. Closely aligned with the first of these trends is the need for municipalities to establish document and records management systems. Certainly the Microsoft SharePoint platform is designed to be leveraged in such a manner with extensions which are US Department of Defense certified for records management. One advantage of this platform is that it is customizable and, as such, components (called web parts) can be Municipality of Chatham Kent 2008 IT Strategic Plan Page 61

shared by collaborative groups such as communities of municipalities 3. Integration of Dispatch Radio, Mobile Phone, GPS, GIS and Traffic Management Solutions. Several municipalities have undertaken pilot programs replacing dispatch radio with hybrid mobile phone/half duplex radio systems such as Mike by Telus. These systems integrate GPS, dispatch radio capabilities, remote email and web access and represent a potential breakthrough technology for municipalities in terms of managing remote teams, contacting field resources and position tracking. One Western Canadian municipality is also reviewing these systems with respect to integrating parking management systems such that parking tickets can be issued and logged directly through the handheld system and then paid electronically through the web 4. PSAB. Due to pending PSAB compliance, there is a real move among Ontario Municipalities to expand or put in place asset management systems which will allow for the integration of all asset tracking as well as to automate the business process of asset management. The Municipality of Chatham-Kent is reviewing this process as well as deadlines are pending 5. Infrastructure Consolidation. PSAB and other initiatives related to the standardization of business process often have requirements in terms of data recovery which leads to Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP). The very basics of DRP and BCP involve information recovery which, by implication, requires infrastructure that is hardened and redundant, backups that are tested and simple to use. To support these requirements two technological trends are clearly appearing in the public sector. The first is the use of Storage Area Networks (SANs) as opposed to discrete hard drives in servers. SANs) are high spend network storage devices that allow for consolidation of data, are high availability, and are relatively easy to backup with a single application. The second trend is toward virtualization of servers. Many applications are resident on servers that are overpowered compared to their need. Virtual servers use redundant, high availability systems and instantiate multiple servers on single computers if a computer fails, the applications cleanly migrate to a backup device with minimum interruption. Both of these initiatives are part of Tactical Cycle Two of this ITSP Web and Collaboration With respect to Web the vast majority use Microsoft technology as does the Municipality of Chatham Kent and those who do content management use Microsoft Content Management Server. It may be argued that the Municipality of Chatham-Kent has a more sophisticated web infrastructure than many similar municipalities but this web infrastructure is based on standard approached echoed in similar municipalities. Municipality of Chatham Kent 2008 IT Strategic Plan Page 62

Collaboration is relatively new to the municipal space but Microsoft SharePoint is deployed within a number of municipalities. A number of municipalities are launching Immigration Portals, funded by the federal government, to attract residents to their communities. These portals are often based on Microsoft SharePoint technology indicating that there may be a general trend forming toward the use of this technology at the municipal level. Further with expanded need for document and records management SharePoint may well establish itself as a portal technology of choice as it is records management certified by the United States Department of Defense and has several simple overlays for document management. These technology selections are neither controversial nor excessive. Geographic Information Systems (GIS) The GIS technology of choice in the Ontario municipal space is various versions of the ESRI system with 66% of the greater than 100,000 population municipalities and a slightly larger percentage of those municipalities greater than 20,000. With respect to the smaller municipalities, one third does not have plans in place but of those, half do have such initiatives approved and/or underway. Planning With respect to this exercise, the development of an IT Strategic Plan, given the significant technology infrastructure investment, it is gratifying to note that of the 21 municipalities of over 100,000 population, only 3 now have no ITSP and of those only one has no such effort planned. The average duration of the strategic plan is three years with five years as the longest and regular annual or biannual review in the norm. Funding There are several different models for ITS funding in use across municipalities in Ontario and Nationally: Capital and Operational Budgets are assigned to the IT department and charges are made against them Departments are issued Capital and Operational budgets and have technology management and procurement through the IT department which uses a chargeback mechanism Municipality of Chatham Kent 2008 IT Strategic Plan Page 63

Technology is purchased at the desktop, corporate or departmental levels by the departments directly and administered by IT which uses a chargeback mechanism for service and support Leasing: Equipment can be leased on a three, four or five year basis, and returned or purchased outright at the end of the lease period. This model is particularly attractive if there are long term plans for consolidation as the newlyleased equipment can phase out multiple units of older equipment as consolidation occurs Departments are asked to put aside funds on an annual basis for technology refresh. The amount is calculated per device and is held in reserve over its lifecycle and, at end of life, a new device or software license is purchased. Operational costs are managed directly by IT through either an operational budget or a chargeback mechanism Each of these has an implicit Capital component for technology refresh, the purchase of new equipment and software. Each also has an operational component for operations management, salary, support costs and other operationally focused charges. Funding Model within Municipality of Chatham-Kent The technology lifecycle approach (with ITS owning an Operational budget) is currently in use within the Municipality of Chatham-Kent and it is considered to be an effective way of achieving many of the advantages of a leasing approach without the interest costs therein. There are two challenges with this mechanism as it is currently administered: 1. The lifecycle dollars set aside are not sufficient, as departments have not sequestered the appropriate level of funds necessary to stay within the prescribed lifecycle of the infrastructure 2. There is no capital budget for new projects, unexpected events, sudden infrastructure requirements To ensure that the first of these issues is dealt with appropriately, the recommendation to Council is that guidance be given to Administration that: Lifecycle dollars be reserved according to policy with no exceptions Technology refresh be enforced as is the current policy All computer and technology assets be procured through the ITS department as presently there are computers which are purchased outside of the current system and outside of current vendors Municipality of Chatham Kent 2008 IT Strategic Plan Page 64

With respect to the second issue, ITS has both operational and capital components to their work. New project and initiatives, sometimes outside of ITS control, do require infrastructure and resources. To deal with this, the recommendation is that a capital budget be assigned to the ITS department to deal with new initiatives such as the projects laid out in this plan. Beyond these initiatives, some funds should be available, subject to Council approval on a case-by-case basis for unforeseen projects and initiatives. One approach is to assign a 10% contingency to budgeted items in the capital plan and those funds are then available, subject to Council approval, for unforeseen capital initiatives. If these funds are not leveraged at year end, they can revert to lifecycle dollars. With respect to the web infrastructure, as discussed elsewhere in this document, many municipalities are centralizing content management and there is clearly a trend toward the development of municipal portals. Both these trends emphasize the role of centralization in municipal Web infrastructure from an infrastructure, operations, content management and funding point of view. While there is pressure from various business units within the Municipality to develop their own web presence, there should, in fact, be a move in the opposite direction. Web resources are corporate resources and should be operated and funded centrally. The Municipality of thechatham-kent might consider a funding mechanism based on chargeback for groups which leverage web and portal services. Stating that, the only way business areas will support this, is if the web is considered to be useable and effective. In fact, business areas must feel a sense of ownership for the web and then they may consider a funding mechanism to support the overall web efforts of the Municipality. Municipality of Chatham Kent 2008 IT Strategic Plan Page 65

5. To Be Requirements Introduction Currently the infrastructure within the Municipality is defined by three major characteristics: 1. It is organic, not designed. The architecture itself is reflective of the history of amalgamation. For example, the current use of two different authentication systems is now unnecessary. The Active Directory system was added on top of the Novell system to support a specific business need for web services which were based on selected Microsoft technology 2. It is Technologically Oriented. The focus of the ITS group, and the staff therein, will generally migrate to the making of technological decisions, with a solution to a specific technical problem being the foremost consideration. The fact that there are few application and business Subject Matter Experts (SMEs) within the ITS group results in decisions being made along technological lines rather than service and business need lines 3. The user constituencies within the Municipality and the support organizations also have a tendency to make technological decisions based on incomplete data and a lack of guidance from the subject matter experts in the ITS group. There is a lack of any corporate standards or guidelines for technological decisions an issue of a failure of municipal policy rather than that of any one person or group In order to deal with these characteristics, it will ultimately be necessary for the Municipality to adopt a Service-Oriented Architecture wherein the business need drives the technological choices but the choices are constrained by standards and architectural approaches for Information Technology. Service-Oriented Architecture Service Orientation Given that the design manifestation of an IT strategic plan is architecture, and that the current infrastructure has a decidedly technological focus, it is necessary to establish an architecture that is Service-Oriented. In fact, the biggest issue as to how the business units view ITS is that there is too little understanding by ITS of the services which are needed by the Municipality and, as such, business units often go ahead with initiatives or projects with little thought to the requisite IT infrastructure. Municipality of Chatham Kent 2008 IT Strategic Plan Page 67

Figure 8 below shows the basic framework of a Service-Oriented architecture Figure 8 Service-Oriented Architecture This model has some basic features that are of key interest to the Municipality of Chatham Kent. Including a real focus on Business Processes and Data Abstraction is key, but it is also important to note that Governance is a key element of the model as well. The organization and management of the ITS function within the Municipality is critical if the proper focus on service is to be delivered. To realize this sort of architecture, there are some basic business functions which will need to be undertaken, starting from the bottom of the drawing upwards: 1. The development of a data abstraction model which will allow the entry, access and management of all data in a standard manner using a common set of tools. Municipality of Chatham Kent 2008 IT Strategic Plan Page 68

One manifestation of this will be the end of the proliferation of Access databases and the simplification of access to data 2. Access to data itself will be simplified and managed in such a way as to ensure that all users have access to appropriate data as required 3. The user communities will have dependable access to a defined set of services supporting their data needs 4. The documented business processes are repeatable and leverage the services as they are defined. One off s and Throwaways cease to be part of the service which ITS offers to its users 5. Monitoring allows for an understanding of how the architecture is operating and meeting with its users needs, both from a performance point of view, as well as how it is meeting those needs 6. With respect to Governance, ITS must have input into all projects which could involve it, and the business units of the Municipality must also be involved in the decisions which ITS makes 7. With respect to security, the infrastructure is currently not optimal for providing a secure environment. Security will be, as with governance, a day to day reality for the operating infrastructure. Security in this sense represents the entire ISO 177999 standard which runs the gauntlet through network security, best practices, disaster recovery and process documentation Stating that this is the direction that the Municipality should migrate to is well and good, but it should be noted that in no way is it ready to do so. To develop a service-oriented architecture, each of the seven elements described above must be acknowledged. Today, the Municipality can only be described as having a Technology Oriented Architecture which is, effectively, Technology for Technology s sake. Since this ITSP effort was undertaken, there have been three separate occasions where departments or Service Level Organizations wished to purchase a particular technology, with no consideration of how it fits within the broader picture of the Municipality. The technology itself, in some cases already preselected, becomes the main point of the acquisition, not the function or service. This is an important issue which the new governance model is designed to manage. The role of the IT Steering Committee and the creation of two policies, are specifically formulated to avoid this technology for its own sake approach. The policies, described in detail later in the document, prescribe the following behaviors: 1. Application Purchase Policy. Applications must adhere to the following base rules before they can be considered as part of the IT infrastructure of the organization. Municipality of Chatham Kent 2008 IT Strategic Plan Page 69

i. Applications must be able to authenticate users through either Active Directory or be LDAP-compliant ii. Applications which leverage databases must integrate with Oracle 10 or SQL Server 2005 iii. Application should have options for integration through an industry leading Enterprise Application Integration (EAI or Middleware) system. i.e. BizTalk, Vitria, WebLogic iv. The purchase of the application must be approved by the IT Steering Committee 2. Application Development Policy. When an application is constructed for any stakeholder in the organization, it must adhere to the following rules: i. The only approved application development standard within the Municipality is the.net framework, any application must be web-based and constructed in that environment ii. Authentication must take place through Active Directory iii. Internally developed applications must integrate with SQL Server 2005 iv. The construction of any internal applications must be approved by the IT Steering Committee Starting position The current infrastructure has some major issues that require addressing. There are, however, critical concepts for any Information System and Communications System Architecture which should be identified at this time: 1. Availability is paramount. The IT and Communications Systems of the Municipality of Chatham-Kent are service enablers for the citizens of the community and, as such, must exhibit the characteristic of high availability 2. While Enablement, or the features provided by the infrastructure, is important, similarly cost is a critical factor in terms of what one pays for those features. While surveys did not rate cost particularly highly in terms of requirements, it did rate almost identically with enablement, so features are as important as cost 3. Technological Standards must be in place and approval processes for technology selection are essential There are implications that arise from this view, namely a complex infrastructure with a large numbers of manual processes, workarounds or interventions increases the risk of failure while pushing up operating cost and reducing available features. Basic Service Requirements (Customer Service) Municipality of Chatham Kent 2008 IT Strategic Plan Page 70

ITS must support the following basic service needs of its users: 1. A working voice and data communications infrastructure that is highly available and secure 2. Access to rational, cross referenced data that is not duplicated, is retained properly and managed centrally 3. Access to a common set of applications that support the business needs of the users these include: Support for Finance based around a standard General Ledger System Support for Human Resources integrated to that centralized General Ledger System Support for Asset Management in one system Support for the delivery of projects across the Municipality Support for ongoing Engineering and Public Works efforts Support for Community Services which integrates to the other systems to avoid duplication and streamlines service delivery Support Health and Social Services integrating as cleanly as possible with provincially mandated applications 4. Appropriate and enforceable Services Level Agreements with Service Level Organizations 5. Common user interface standards to all services generally web based When providing these services, ITS must focus on their ultimate clients, the staff and citizenry of the Municipality of Chatham-Kent. Business Requirements Many of the basic business requirements for information and communications systems are implicit in decisions already made by the Municipality: An upgrade to Office 2007 is required for 2008 but is contingent on the replacement of older PCs The authentication needs to be simplified and the mail system needs to be replaced with Outlook / Exchange There are a number of business applications that are not provided by the CMiC suite or at the desktop level and yet are required. These include: o Asset Management o Asset Tracking particularly related to the needs for the PSAB o Work Management Municipality of Chatham Kent 2008 IT Strategic Plan Page 71

While several projects are underway to find solutions in these areas, there should be a unified approach that will address the needs of all business areas in the Municipality in a holistic manner The Web, while technically well designed and robust, requires enhancement. ITS is planning a review of user needs in 2008. The strategic direction of GIS is uncertain. GIS should be viewed as an enabling technology for business units and not as a major strategic silo. It should be viewed in the context of the web, SharePoint and the.net development environment as it is a data source to support multiple applications including: o Asset Management o Work Management o Tax applications o Economic Development o Cultural mapping and support Technical Standards There are limited technical standards in place within the Municipality. An exception is in the area of network infrastructure, authentication and database approach, although these standards are sometimes not adhered to. The following technical standards are either in place or recommended for development as part of the ITSP: Applications Desktop tools: Office XP (in place), Office 2007, partially deployed and to be rolled out in Tactical Cycle 1 Database: Oracle 10, SQL Server 2000 (in place but recommended standardization on SQL Server 2005) Network (all in place) Web TCP-IP based network infrastructure Fibre Optic Based site interconnects High Speed Connections SharePoint Portal Services/SharePoint Server 2007 (recommended as part of Tactical Cycle 1).NET Development Environment (in place but not universally adopted) Voice Communications Nortel TDM PBX systems Municipality of Chatham Kent 2008 IT Strategic Plan Page 72

Symposium voicemail Succession VoIP System (recommended as part of Tactical Cycle 3) Applications Requirements Currently there are a number of initiatives under way within the Municipality which will lead to the deployment of new applications. Some of these applications have been seen as standalone but they clearly should integrate. While some of these applications are presently in place, the others which are required will drive out dependencies upon them and also require integration options in the near future. The immediate requirements for new applications consist of: 1. Work Order Management System for Public Works 2. A municipal wide Asset Management System which is PSAB 3950 compliant 3. A replacement for CKTraax 4. Cultural Mapping Tool 5. Immigration Portal 6. Corporate Project Management Office Support Software 7. Replacement for the current municipal tax application In addition, there is an upgrade available for CMiC, the current financial system. MPower, the current payroll system which is also manufactured by CMiC is not integrated to the financial system and will require some rework costing an estimated $300,000 to integrate. These projects, to a greater or lesser degree depend on lower level technologies as shown in the To Be architecture diagram. To date, GIS has been viewed as a technological solution in its own right but its actual power as a tool is when it supports other applications. From the list above, GIS should be readily able to support and must integrate at the very minimum with: 1. Public Works Work Order Management System 2. Asset Management 3. Cultural Mapping It will also be desirable for it to integrate with: 4. Immigration Portal to provide geospatial information tied to cultural mapping for potential immigrants 5. CKTraax to spatially track where issues are located and perhaps enable trend analysis It is also clear that from a Finance Department point of view, Asset Management would ideally integrate into the General Ledger function provided by CMiC. Further, each of Municipality of Chatham Kent 2008 IT Strategic Plan Page 73

these applications requires access to databases either directly or as abstracted through CMiC or GIS. Another application, currently deployed within the municipality also could serve as a core system for Public Works order management and asset management. That application, Hansen, does not necessarily integrate to current financial and payroll systems, however. Finally, a fundamental part of the To Be architecture view is reducing the number of applications and, more importantly, databases which need to be instantiated and supported within the overall municipal environment. Concepts of Application Integration There are generally three approaches to application integration: 1. Enterprise Planning: Do not integrate at the technology level but integrate at the business process level using one suite of applications to provide all business functions within the municipality 2. Data Integration: Use the databases to provide integration through report generation tools and a minimal set of databases and tables 3. Enterprise Application Integration: Use a middleware such as Vitria or BizTalk to connect applications to each other using standardized connectors The selection criteria built into the proposed Software Acquisition Policy detailed later in this document provides guidelines which would support either the first or last of the above approaches. A further aspect to effective integration is to stop its opposite, the disintegration of data, by ensuring that all future purchases and software developments cleanly integrate into rationalized existing infrastructure. Recommendations for Business Application Projects during Tactical Cycle #1 Fundamental Assumptions and base requirements 1. GIS is a major enabling technology for Municipalities 2. The only acceptable Corporate Database Standards are currently SQL Server 2000 and Oracle 10 these to be upgraded as required by ITS and Municipal Lifecycle rules 3. Less is more the fewer applications which are deployed the better both from a licensing and operational support point of view 4. Certain core existing applications may be good choices for an expanding footprint 5. Integration capability is essential in the medium term (within the timeframe of Tactical Cycle 2) 6. SharePoint Portal Server 2007 will be the web, collaboration and workflow management engine for the Municipality of Chatham Kent Municipality of Chatham Kent 2008 IT Strategic Plan Page 74

7. Any internal software development will leverage rules 1 through 6 and will only occur within the.net environment already adopted as the technological development standard within the municipality 8. For internal users should authenticate against Active Directory Asset Management Minimal Requirements 1. Business requirements as developed 2. Compliance with base requirements 3. Must integrate with GIS 4. Must integrate with General Ledger Public Works Work Order Management Minimal Requirements 1. Business requirements as developed 2. Compliance with base requirements 3. Must integrate with GIS 4. Must integrate with CKTraax Replacement CKTraax Replacement Minimal Requirements 1. Business requirements as developed 2. Compliance with base requirements 3. Workflow driven 4. Web based 5. Should integrate with GIS 6. Should integrate with Work Order Management 7. Should include knowledge mining capability Cultural Mapping Tool Minimal Requirements 1. Business requirements as developed 2. Compliance with base requirements 3. Web Based 4. Should integrate with GIS 5. Should integrate with Immigration Portal 6. Should include knowledge mining capability Immigration Portal 1. Business requirements as developed 2. Compliance with base requirements 3. Web Based 4. Should integrate with GIS 5. Should track inquiries within limits imposed by privacy regulations Municipality of Chatham Kent 2008 IT Strategic Plan Page 75

Tax Application Replacement 1. Business requirements as existing in current application 2. Compliance with base requirements 3. Should integrate with GIS 4. Web Based 5. Should integrate with General Ledger GIS and SharePoint Commonality The one application that is common to the above is GIS which aligns with the view that GIS is becoming the fundamental core data technology for municipalities. Any architecture decisions made as part of the Chatham-Kent ITSP must incorporate this basic requirement. With respect to SharePoint, once it is adopted as the basic portal technology of the municipality, its document repository and workflow capabilities make it the ideal architecture for web development and centralized access. CMiC as the core Financial Application System CMiC is an Enterprise Resource Planning system developed for the construction industry and selected as the core financial system of the Municipality of Chatham-Kent approximately 10 years ago. The General Ledger application operates as the central financial information repository for the municipality and payroll is managed through an older version of the same application which cannot be updated and integrated without significant expense in the form of customization to support the municipal payroll process. With a focus on a number of applications underway, it may be worth addressing the suitability of CMiC as the core business application. As part of Tactical Cycle 2, a review of CMiC suitability is included, and either its footprint expansion or the option of finding a replacement is planned for, as part to the strategic plan. Note that while there has been significant progress in the development of Enterprise Resource Planning technology for municipalities, replacing CMiC will be expensive, with anticipated charges in the $2,000,000 range. That being said, simply upgrading CMiC and integrating it with other business will also be expensive; $500,000 is not an unreasonable estimate for the upgrade alone. As an alternative to replacement, the Municipality could choose to launch an Enterprise Application Integration project based on Microsoft s BizTalk application or other EAI packages. The estimate for an integration effort would be approximately $1,000,000. Some planning around CMiC and its longevity with the municipality should be considered while still in tactical cycle 1 to ensure no decisions are made which will limit options later. Municipality of Chatham Kent 2008 IT Strategic Plan Page 76

Architecture Requirements Analysis Given the priorities for IT within the Municipality and the applications standards as described above, a simplification of the infrastructure is an essential first step. The objectives for the target architecture can be summarized as follows: Simple Interconnected Multipurpose Extensible and Scalable To do this, silos of technology as well as operational silos must be phased out. Initial efforts on the IT infrastructure side will be focused in two ways: Rationalization of the current infrastructure Focus on the projects which are truly immediately required High Level Information Systems & Communication Network Architecture The target environment must have the following basic attributes: 1. It must be simple and easy to maintain 2. The addition of new services should be simple 3. All elements should align with direct business needs for the Municipality 4. Less is more, fewer databases, fewer servers, more aggressive use of better technology to deliver more services 5. All services must interconnect on some basic level Currently the Municipality is operating under a technology deficit. The infrastructure deployed is not optimal or efficient, and building upon it is building upon an unstable foundation. Therefore the first and most critical elements of the strategic plan relate to developing a stable architecture. Later work is directed toward adding features and services. Required Application Matrix There are immediate requirements for application deployment. Table 3 Required Application Matrix, and Table 4 - Recommendations for Application Enhancement, below list those applications. Note that the second table is based on the recommendations from the As Is review of the infrastructure and operations within Municipality. Municipality of Chatham Kent 2008 IT Strategic Plan Page 77

There are some basic elements of these required applications which can be addressed easily and must be implemented for the others to be possible. In the case of the Municipality of Chatham-Kent the following elements should be reviewed. Municipality of Chatham Kent 2008 IT Strategic Plan Page 78

Table 3 Required Application Matrix Function Status Current Options SOA Element Recommendation Asset Management Work Order Management Project Management Issue Tracking (ITS) Issues Tracking (Corporate) Collaboration Environment Document Management Web Services Authentication Environment Email/Messaging - Immediate Requirement - PSAB - Immediate Requirement - Project pending - New corporate PMO will require some software to manage large project portfolio - Current system is inadequate - Current system is inadequate Standalone Applications, Access Databases Nothing MS Project MS Office SuiteResponse SuiteResponse - planned for 2008 Nothing other than shared drives - planned for 2008/2009 - in place but unappreciated and not universally adopted - In place with two systems and one way synchronization - In place and operating Nothing other than shared drives.net Novell Active Directory - CmiC - Hansen - Other Tools - CmiC - Hansen - Other Tools - SharePoint / Project Server - CmiC - Other Tools - TrackIt - Other Tools - Hansen - Other Tools, e.g. - Remedy - IssueTrak - SharePoint - Groove - SharePoint with extensions -.NET - ESRI Basic financial service set. Basic service set for Public Works Basic service set for Municipality IT Monitoring and Event Management Customer Relationship Management system (CRM) Process management Data Services/Messaging Process management Data Services/Messaging - Active Directory Security Data Services/ Messaging Lotus Notes - Exchange Data Services/Messaging Implement an Asset Management system in 2008 Review opportunity to interface with GIS Implement a Basic Service for Public Works (project scheduled for 2008) Review opportunity to interface with GIS Review options for Project management extensions to SharePoint Implement a new dedicated trouble management tool Implement a new dedicated trouble management tool Create interface with GIS Introduce SharePoint in 2008 as an extension to Web services already planned and should proceed Implement Document Management (this is a requirement for knowledge management and business process standardization). Proceed with Web redesign (scheduled in 2008) Remove Novell and standardize on AD As part of an overall integrated environment, standardize on Municipality of Chatham Kent 2008 IT Strategic Plan Page 79

Function Status Current Options SOA Element Recommendation Data warehousing successfully - No appropriate standards for data integration Oracle, SQLServer, Informix, Flat Files, Access - Oracle - SQLServer Enterprise Integration -... None - Standardize around very specific technology standards - Enterprise Integration Applications such as BizTalk Image Management System VoIP/Unified Messaging - Current system is inefficient and cost prohibitive - Current infrastructure is gray market and running risk of obsolescence Manual processes, Windows Updates and Zenworks Nortel - Pre-imaged machines from vendor - SCCM and associated technologies for image updates - Nortel Succession - Cisco AVVID - Avaya - Mitel Data Abstraction Data Abstraction Data Services/Messaging Process/Orchestrati on Services IT Monitoring and Event Management Services Data Services/Messaging Security Exchange and integrate with SharePoint, AD and.net environment Stage 1: Develop a data architecture Stage 2: Develop a data warehouse environment Select appropriate standards which automatically integrate or Deploy a middleware infrastructure to interconnect applications. Both options should be reviewed and a combination considered Implement as part of the basic technology refresh recommended as the second part of TC1 Schedule for evaluation and implementation as part of TC3. The table that follows (Table 4 - Recommendations for Application Enhancement) addresses the findings, issues and recommendations in the As Is analysis and expresses solutions in terms of a target architecture. Municipality of Chatham Kent 2008 IT Strategic Plan Page 80

Table 4 - Recommendations for Application Enhancement Finding No. Function Status Current Options SOA Element Tactical Cycle 1 Office Applications 2 Software Imaging - Functioning - XP - 2003 (limited) - 2007 (limited) - Functioning - Excessive amount of images - Time consuming 3 Email Storage - Excessive - Massive amount of disk space usage 4 CMiC Suite - Functioning - Not fully utilized 5 CKTraax - Functioning - Not Effective 6 Citrix - Functioning - Departments too reliant - ZENworks - System Center Configuration Manager (SCCM) - Acronis - ZENworks - Unlimited mailbox size - CMiC 2004 - Not using Payroll and HR modules - Leverages SuiteResponse - In turn leverages Domino - Citrix for applications / Email - Office 2007 - Data Services / Messaging - 2 GB mailbox storage limit - CMiC 2006 Suite with Payroll and HR modules - CMiC 2006 Suite with CRM - Hansen 8 with CRM - Other - VPN - Web Mail - Citrix - Monitoring / Event Management - Services - Data Services / Messaging - Data Services / Messaging - Services - Monitoring/Event Management - Services - Monitoring / Event Management - Services Recommendation 1 Upgrade to Office 2007 14 and take advantage of Groove, InfoPath and OneNote. 1 Implement a central images management and deployment system (e.g. like SCCM) to allow for a more manageable image system. 1 Develop email storage standards. Turn on controls on the email server to control the storage limits per user. 2 Upgrade the current 2004 version to 2006. Migrate InfoHR and mpower Payroll to CMiC 2006 1, 2 Replace CKTraax with trouble ticket system for IT in TC1 Review and if necessary replace with strategic choice in TC2 1 Reduce the reliance on Citrix for applications by using more applications in 14 SharePoint requires Office 2007 for full collaboration Municipality of Chatham Kent 2008 IT Strategic Plan Page 81

Finding No. Function Status Current Options SOA Element Tactical Cycle 7 Backup - Functioning - Too much manual intervention - Excessive use of tapes 8 Help desk Issue Tracking 9 Printer Installations - Limited Functionality - Process functioning - VERITAS - Single loader tape drives - daily full backups - VERITAS - Tape Library - Daily differential and Friday Full backups - SuiteResponse - SuiteResponse (new version by Active Citizen) - Other tracking software - IP based installations - Help desk required to install - Server based installations - IP based installations - Monitoring / Event Management - Process - Data Services - Monitoring / Event Management - Data Services - Monitoring / Event Management - Process Recommendation client/server mode which may also require network bandwidth upgrades Reduce the reliance on Citrix for email by implementing Microsoft Exchange email. This will provide the option of web mail. 1 Implement a library tape drive to replace the single tape loaders thus reducing the daily manual intervention. Schedule daily differential backups to reduce backup data thus reducing tape overhead. 1 Implement a more advanced system that incorporates improved issue tracking, advanced searching / reporting and a knowledgebase component. 1 Configure one server to be a print server and install all printers there. Develop procedures so that user can install the printer of choice from this server. (No Help desk and Municipality of Chatham Kent 2008 IT Strategic Plan Page 82

Finding No. Function Status Current Options SOA Element Tactical Cycle 10 Asset Management / Inventory Software - Limited Functionality 11 Antivirus - Functioning - No SharePoint virus protection 12 PC Remote Access for Support 13 Windows Updates 14 Web Infrastructure - Functioning - Issues with connection at times - Functioning - Manual intervention required - No control on updates being deployed - Functioning - Award winning - Difficult to use / view. - ZENworks - CMiC Assets - Other Asset software - Symantec version 10 - AppRiver Email virus and spam security - ZENworks - VNC - Basic built in Windows Update -.NET / CSharp framework - Symantec version 10 - AppRiver Email virus and spam protection - Microsoft Forefront Security for SharePoint - Windows Remote Desktop - VNC - System Center Configuration Manager (SCCM) - Windows Server Update Services (WSUS) - Monitoring / Event Management - Data Services - Monitoring / Event Management - Data Services / Messaging - Monitoring / Event Management - Monitoring / Event Management - Data Services - Policies - SharePoint - Monitoring / Event Management - Data Services - Policies Recommendation manual driver installation is required). 1 Expand on the CMiC suite and implement the Assets component. 1 Retain Symantec for client computer protection as it is functioning well. Continue to use AppRiver Email virus and spam security Implement Microsoft s SharePoint virus protection system. 1 Utilize Windows Remote Desktop (free value add from Microsoft -there is no agent installation required on the computers because the application is standard). 1 Allow the IT support team to control the updates that get deployed through the use of SCCM. Prevent users from implementing own upgrades. 1 Redesign the web site and make it more user-friendly. Utilize Microsoft s SharePoint collaborative web infrastructure. Municipality of Chatham Kent 2008 IT Strategic Plan Page 83

Finding No. Function Status Current Options SOA Element Tactical Cycle 15 Web Design / Layout 16 Website Statistic Gathering 17 Web Server Infrastructure 18 Website Update Procedure and Training - Useful - Font and layout not effective - Limited functionality - Very efficient - Redundant - Load Balancing - Effective - Training / Support is time consuming - Small font - Navigation issues - Enlarge the font - Redesign the layout - WebAlizer - WebTrends - Other tools - Redundant Servers - Load Balancing - Content Management Server (CMS) - Manual Training - Redundant Servers - Load Balancing - SharePoint - Content Management Server (CMS) - Video / Manual Training - Monitoring / Event Management - Data Services - Policies - Monitoring / Event Management - Data Services - Monitoring / Event Management - Data Services - Data Services - Process Recommendation 1 Enlarge the font for people with eye sight problems. Meet with the departments, gather the navigation issues and resolve them and build into web design 1 Implement WebTrends to better track web hits, statistics and provide better reporting. 1 Continue to provide redundancy and load balancing to the web server infrastructure. 1 Continue to use a system (CMS / SharePoint) which allows departments to post own updates. Construct training videos and manuals for staff to use to help reduce the calls made to the web team. 19 Windows Server Versions - Effective - Windows 2003 (most) - Windows 2000 (few) - Windows NT 4.0 (limited) - Windows 2008 - Windows 2003 - Monitoring / Event Management - Data Services 1 Upgrade the Windows NT 4.0 and 2000 servers to bring more functionality and avoid the support termination period (NT 4.0 support period has ended). Upgrade the Windows 2000 servers to Municipality of Chatham Kent 2008 IT Strategic Plan Page 84

Finding No. Function Status Current Options SOA Element Tactical Cycle 20 Network and Systems Monitoring 21 Network Topology - Minimal monitoring - Functioning - Single points of failure - Ad-hoc setup - What s Up Gold - Nagios - SolarWinds - Other tools - Redundant switches -Localized segments 22 Network Cabling - Functioning - Unorganized - Label - Organize - Monitoring / Event Management - Data Services - Monitoring / Event Management - Data Services - Monitoring / Event Management Recommendation Windows 2008 (likely timeframe 2010). 1 & 2 Implement a more advanced network monitoring tool that provides more than Keep alive ping monitoring. Monitor the log files regularly (and more frequently than at present) to help find issues before they worsen. 1 & 2 Where possible, introduce redundancy into the topology, (to provide connections to remote sites if the main fiber connection fails). Implement network segmentation to provide traffic routing, security and isolation of business units/localize content. 2 Reorganize and label the cabling 23 VMWare Server - Functioning - GSX version - Free version - No support/maintenance - No redundancy -Purchase a maintenance/support package - Upgrade to the ESX version - Monitoring / Event Management - Data Services 1 (As production applications are dependent on VMWare servers), purchase a maintenance support package Purchase the ESX version. Municipality of Chatham Kent 2008 IT Strategic Plan Page 85

Finding No. 24 Directory Services Function Status Current Options SOA Element Tactical Cycle - Adequate - Netware - Active Directory - Novell Identity Manager - Active Directory - Monitoring / Event Management - Data Services - Process 25 Email Services - Adequate - Lotus Notes - Microsoft Exchange - Monitoring / Event Management - Data Services / Messaging - Process 26 Server Environment - Inadequate - Server room too small - UPS underpowered - Few servers are vulnerable - Complete the new server room - Upgrade the UPS unit - Move all servers into a access controlled room - Monitoring / Event Management - Data Services - Process Recommendation 1 Migrate the Netware environment over to Active Directory so that there is only 1 directory service to support/maintain.(a single directory service infrastructure will also provide a significant cost savings). 1 Migrate the Lotus Notes environment over to Microsoft Exchange, thereby providing easier remote email access and a tight integration with Active Directory. 1 Replace UPS (at 96% capacity) Relocate all servers to new room (currently under way) 27 Wireless - Functioning - Implemented at 2 remote business areas - Implemented without consulting ITS - Ensure wireless security standards are meet. - Monitoring / Event Management 1 Ensure the security level of both wireless implementations are set to the strongest level (WPA). This will prevent unauthorized access by non- Municipality employees. ITS should be involved in the design and deployment of all future wireless networks. Municipality of Chatham Kent 2008 IT Strategic Plan Page 86

Finding No. Function Status Current Options SOA Element Tactical Cycle 28 Remote Access - Adequate - Security risk 29 Geographical Information Systems (GIS) 30 Database Environment - Effective - Award winning - Dial-up modems - VPN - Citrix - ArcGIS Enterprise Tools - Lack of documented processes - Lack of Issue Tracking Solution - Functioning - Oracle (many versions) - SQL 2000 - Informix - ArcSDE - Access - Flat File - Review dial-up users - Implement Outlook Web Access (OWA) - ArcGIS Enterprise Tools - Business process review - Implement robust issue tracking solution - Oracle (limited versions) - SQL 2005 - Informix - ArcSDE - Flat File - Monitoring / Event Management - Data Services / Messaging - Process - Monitoring / Event Management - Data Services - Process Recommendation 1 & 2 Review dial-up users and terminate dial-up access if not required. Implement Outlook Web Access (OWA) and reduce VPN / Citrix accounts 1 Conduct an Organization wide review of all business processes and optimize Implement a tracking solution or leverage other tools which may be deployed as part of the overall architecture refresh. - Data Services 2 & 3 Migrate the large number of access databases to SQL 2005. Migrate the older Oracle databases to the most current version. Upgrade the current SQL 2000 to SQL 2005. 31 Voice Communications Infrastructure - Functioning - Aging - Nortel Meridian 1 Option 11c - Norstar KSU - Voice over Internet Protocol (VoIP) - Unified Messaging - Monitoring / Event Management - Data Services / 3 Minimize investment in the upgrade/repair of the current environment Messaging Invest in the new technology standard, VoIP, (with VoIP, unified messaging will provide more advanced phone/voice mail features). 32 Radio - Functioning - Outsourced - Accessible - Monitoring / 1 Request from the Municipality of Chatham Kent 2008 IT Strategic Plan Page 87

Finding No. Function Status Current Options SOA Element Tactical Cycle Communications - Stable - Expensive - Limited in house documentation 33 SCADA - Effective - Similar systems - Two software vendors 34 Computer Re- Rolls 35 Expired Computers - Not Effective - Two computer reimages for one re-roll documentation - Network segmentation - Consolidate vendors - One computer image per re-roll - Not Effective - Long process - Shorten down the process Event Management - Data Services Recommendation outsourcer a summary in their Service Level Agreement to indicate server coverage, redundancy and recovery time objectives. - Data Services 2 Review Security of the SCADA systems to see if it is possible to consolidate to one vendor. - Process 1 Replace all desktops > 4 yrs old Replace all laptops > 3 yrs old Do not replace laptop s< 2 yrs old - Process 1 Move all expired computers via donation, social services or recycling within 3 months of retiring them Municipality of Chatham Kent 2008 IT Strategic Plan Page 88

Steps to Migrate to a Rational Infrastructure To realize the vision of a Service-Oriented Architecture, several critical steps must be undertaken as the current baseline is highly disintegrated and operates without any cohesive approach or themes other than the mistaken assumption that it is less expensive than the alternative. The immediate first steps for migrating down the path to a rational infrastructure ( Figure 9 Rational Infrastructure To Be Architecture) and operational environment are: 1. Rationalize the Authentication and Mail Environment 2. Refresh the technology at the desktop level making the tools current and easier to use 3. Put in place governance and policy guiding technological decisions going forward in the Municipality including: A restructured ITS department supporting the themes of Information Services and Technology Services A governance model for IT decisions across the entire Municipality and service level organizations Policy regarding technological standards for application purchase and development A stronger emphasis on policy and procedure throughout the Municipality in general and ITS in specific 4. A web redesign and update incorporating input from all constituencies in the organization 5. Network and security hardening of the current ITS infrastructure 6. Support for document and records management including business process documentation and improvement 7. Rationalization of applications across the organization Once completed, these steps will enable the Municipality of Chatham-Kent to move in the direction of an interconnected service-oriented architecture. Such architecture will have most of the elements of the target IT Architecture shown below, a To Be counterpoint to the As Is already described Municipality of Chatham Kent 2008 IT Strategic Plan Page 89

. Figure 9 Rational Infrastructure To Be Architecture Municipality of Chatham Kent 2008 IT Strategic Plan Page 90

Directory Services Environment The To Be directory services environment (Figure 10 Directory Services Environment To Be Authentication) will consist of a single directory service implementation. Following removal of Netware, the environment will consist of only Active Directory. The one authentication system will allow for: 1. A more simplified environment for the IT department to support and 2. Easier access for end users. The requirement to sync 2 diverse authentication systems will disappear, and the procedure to change passwords will be much simplified. The Active Directory Environment design, Figure 11 Directory Services Environment Active Directory Design To Be, will also allow the Civic Centre IT department to maintain all remote locations efficiently because of the structured format. There will be no remote locations that require their own on-site Active Directory implementation/administration. Municipality of Chatham Kent 2008 IT Strategic Plan Page 91

Figure 10 Directory Services Environment To Be Authentication Municipality of Chatham Kent 2008 IT Strategic Plan Page 92

Figure 11 Directory Services Environment Active Directory Design To Be Municipality of Chatham Kent 2008 IT Strategic Plan Page 93

Systems Management Environment The To Be systems management environment will consist of an implementation of Microsoft s System Center Configuration Manager (SCCM) 2007. It will comprise Primary Site Servers implemented in a load balancing / redundancy configuration at the primary data centre There may also be smaller servers assigned the Distribution Point role. The Distribution Point servers provide more horsepower during an application rollout event Five of the larger remote locations will have a server designated as a Secondary Site Server to manage their local environment and provide local workstation information (i.e. client status, inventory data) to the Primary Site Servers. There will be no data stored on the Secondary Site Servers because all the data is stored on the Primary Site Servers in a SQL database. All other remote locations will be configured to connect directly to the primary data centre SCCM servers Distribution Point roles may also be assigned to servers at remote locations if required This environment will give the IT administrator the ability to rollout software, updates, monitor client computer configurations and display all information via advanced reporting. Municipality of Chatham Kent 2008 IT Strategic Plan Page 94

Database Environment The To Be database environment will consist of a streamlined implementation with fewer database servers and database versions. The multiple SQL and Access instances, currently in the environment, will be reduced to 2 SQL databases Old Access databases will be migrated into a single SQL database All the current SQL databases will be merged into a second The 4 different versions of Oracle will be reduced to 2. The oldest versions, v8.1.6 and v9.2.0, will be migrated over to v10.1.0.2. Please refer to Table 5 Application and Database Relationships To Be for more detailed info on the proposed design. Table 5 Application and Database Relationships To Be Application Database Standalone DB? GIS ArcSDE Yes Exchange Exchange DB Yes MAS Flat File Yes Harris Informix Yes GIS Oracle Yes CLASS Oracle No CMiC 2006 Oracle No Hansen Oracle No PWMS Oracle No TES Oracle No Child Care Web SQL No SharePoint SQL Yes SharePoint SQL No Development COIN SQL No Death Registry SQL No Engineering SQL No HE Controls SQL No Parks Inventory SQL No Municipality of Chatham Kent 2008 IT Strategic Plan Page 95

Municipality of Chatham Kent 2008 IT Strategic Plan Page 96

Figure 12 Application and Database Relationships To Be Municipality of Chatham Kent 2008 IT Strategic Plan Page 97

Immediate Opportunities There are several short-term opportunities that present themselves to both the Municipality and the ITS department. Primarily these relate to immediate organizational changes, the establishment of an IT Steering Committee and migration of the IT infrastructure to a simpler more rational design. Technology Refresh Policy It is obligatory that the Municipality as a whole subscribe to the notion of technology lifecycle. This is an immediate opportunity given that this report is being generated at the time of budget preparation for 2008. From this point forward, the Municipality should subscribe to the following technology refresh cycles and put funds aside to support them: Laptops: Every 3 years at a rate of $470 per year Desktops: Every 4 years at a rate of $300 per year Office Application: Every 5 years at a rate of $80 per year Other Licenses, e.g. Spam, Anti-virus etc: As required IT Steering Committee As described in the Governance section later in this document, there is an immediate opportunity to form an IT Steering Committee evolving from the ITSP Steering Committee. This committee should be in place as soon as possible. Technology The critical early elements of Tactical Cycle #1 should be considered immediate opportunities. It is necessary to begin design of the AD/Exchange environment. An RFP should be issued for the required assistance in this matter, as should one for assistance with the upgrade of the Web infrastructure to SharePoint Services 2007. Municipality of Chatham Kent 2008 IT Strategic Plan Page 98

6. Best Practices and Initiatives within Municipalities Current Initiatives In Ontario, and indeed across Canada, there is significant change in (i) the services delivered by municipalities and (ii) the method of delivery. While the individual initiatives vary, the direction is consistent and has the following goals: To deliver services electronically To apply IT to internal operations To foster e-democracy (choice, self-service) To provide information internally (the back office ) that is uniform, accessible and inexpensive to maintain To increase communication with the citizenry Best practices, therefore, relate to the evolution of e-government, i.e., the strategic application of information and IT to the workings of government to serve the public more effectively. The application of e-government is in 4 areas: Municipality of Chatham Kent 2008 IT Strategic Plan Page 99

Figure 13 The 4 Dimensions of e-government Different municipalities have focused on different areas. However, the four objectives below, addressed by the initiatives as shown, can be summarized as follows 15 : 1. Electronic Service Delivery o Connected by broadband services to the world o A formal project management approach to the development of all services o Collaboration with similar organizations and rationalization, participation on municipal workshops, sharing of resources, etc o Increased effectiveness and transparency o Privacy and security o Equitable and affordable access by all communities to the widest range of content and services o Increased use of web and voice services 2. Citizen Engagement o Equitable and affordable access by all communities to the widest range of content and services 15 As can be seen, some initiatives satisfy multiple objectives Municipality of Chatham Kent 2008 IT Strategic Plan Page 100

o High degree of responsiveness o New channels for citizen engagement o Increased use of web and voice services o Anytime, anywhere, anyhow services o Privacy and security 3. Streamlining Internal Operations o Common I and IT Infrastructure o Effective and integrated systems and processes o More efficient o Privacy and security 4. Change to Operational Practices within Municipalities o Practices that are create a safer and healthier work environment for employees o A review of traditional practices and procedural changes where appropriate Salary Comparisons To sustain a high level of service, ITS must attract and retain the necessary individuals. A key component of this is its ability to offer comparative salaries to other municipalities and to industry. In light of the current Human Resources Chatham-Kent compensation review, a salary comparison was not carried out as part of this Strategic Plan initiative 7.Strategic Plan Rationale Introduction The outlined 5-year Strategic Plan fully supports the vision and mission statements shown below. These statements were vetted through ITS and endorsed by the Project Steering Committee as well as the Executive Management Team. ITS Vision Statement Information Technology Services will provide the citizens of the Municipality of Chatham-Kent with the information and communications services, relating to the Municipality, to support them in achieving their goals and to enhance their quality of life. Municipality of Chatham Kent 2008 IT Strategic Plan Page 101

ITS Mission Statement To improve the performance of the staff of the Municipality of Chatham-Kent and provide access to information and services to its citizens through the use of appropriate technology. Opportunity Potential As detailed elsewhere in this document, ITS has an opportunity to: Simplify its architecture, thereby reducing operational costs 16 and increasing the availability of the overall Information Systems infrastructure Add further tools and systems thereby improving the performance of those that are already in use Integrate the network, data and application environment for the Municipality with the appropriate selection of technology and the option of adding an Enterprise Application Layer to the architecture later in the Strategic Plan Optimize ITS governance both internal to the group itself and in terms of interaction with other business units The opportunities laid out in this strategic plan address the following themes: Infrastructure Rationalization and Renewal Security, Redundancy and Reliability allowing for the development of a Service-Oriented Architecture Seamless Access and Communications It is essential that what is in place today is upgraded and made rational. The current infrastructure, although workable, is a compromise put in place at the time of amalgamation. The selection of the single infrastructure should be made based on already selected corporate standards, deployments in similar organizations, cost, and availability of skill sets. For the web, an already planned redesign effort will begin in 2008 culminating in a new infrastructure and corporate Intranet and Knowledge Portal in 2009. Once the current infrastructure, department structure, and governance model of the IT function within the Municipality has been refreshed, it is necessary to look at the availability of the infrastructure and the services that it provides. This includes opportunities for server consolidation, network security enhancements, greater redundancy, better backups and a disaster recovery plan. This also represents an opportunity to review the current applications deployed within the Municipality, to 16 Note that it is important to ensure the funds from the saved costs are used for future requirements i.e. there should be no reduction in capital or operating budgets, just a redistribution Municipality of Chatham Kent 2008 IT Strategic Plan Page 102

rationalize a myriad of databases, centralize data, and ultimately, corporate knowledge. Upon the completion of the first two stages of this plan, the Municipality of Chatham- Kent can begin to look at the introduction of new capabilities such as Voice over IP (VoIP) phone systems, unified messaging and application integration. This approach is detailed in the three Tactical Cycles described below that represent a 5 year plan spanning from March 2008 to February 2013. Municipality of Chatham Kent 2008 IT Strategic Plan Page 103

8. Action Plan Phased with Timelines and Costs Tactical Cycle #1 Infrastructure Rationalization and Renewal Tactical Cycle #1 should be viewed as a foundational effort to establish a Service- Oriented Architecture. It should be noted that the current management of ITS has, in the past, specifically recommended many of the described components. In MGCG s opinion, the current Director of ITS has a clear vision and the broad support of her department but will require Council and Administration support to implement this plan. Timeline Tactical Cycle #1 will run from the start of March 2008 through to the end of August 2009. Figure 14 Tactical Cycle #1 Project Schedule Municipality of Chatham Kent 2008 IT Strategic Plan Page 104

Project Activities 1. ITS Reorganization o Finalization of new structure o Fill critical roles o Creation of new business analyst roles (2009) o Formation of IT Steering Committee Adoption of basic technology acquirement policies 2. Password Management and Mail Replacement o Installation of Exchange Server o Final migration of users to Active Directory o Migration of users from Notes to Exchange o Shutdown of Novell Netware and Notes o Setup of SCCM for version and software release o Establishment of print servers 3. Desktop Refresh and Office 2007 Upgrade o Definition of standard desktop and laptop equipment o Creation of base image for desktop including Office 2007 o Development of rollout plan o Procurement of new equipment o Update of existing equipment o Rollout and training on new systems 4. SharePoint / Web Requirements and Redesign o Issue of SharePoint establishment RFP for the Immigration Portal (completed) o Acquire consulting services o Upgrade planning o Upgrade implementation o Striking of Web Redesign advisory group and crafting of a web redesign requirements document o Planning for Web Redesign and development of a functional specification o Web Redesign 5. Business Application Projects o PSAB (Asset Management) o CKTraax o Public Works Work Management o Immigration Portal o Project Management Office Support Software Municipality of Chatham Kent 2008 IT Strategic Plan Page 105

o Cultural Mapping 6. Network Redesign o Specification of new switch and router technology o Redesign of network to support multilayer switching, DHCP IP Addressing, elimination of network conflicts 7. Disaster Recovery Simulation o Review of backup procedures o Review of documented and tested recovery procedures o Execution of Disaster Recovery Simulation plan o Generation of Disaster Simulation Recovery Report Proper Trouble Ticket Management The CKTraax System is scheduled for replacement as it is being phased out by the manufacturer in its current form as, at its core lies Suite Response which runs on Lotus notes, and which is also to be phased out. The Suite Response tool is not an acceptable trouble ticket management system for an IT Services organization, in any event, and with the loss of Zenworks, inventory tracking of PCs may become problematic. Finally, a standard knowledge platform for IT service issues is needed. MGCG recommends that a basic trouble ticket system be acquired to help the computer technicians and technical services team manage issues. One relatively low cost tool is TrackIT! and MGCG recommends that it be reviewed along with competing products and that a tool be purchased and installed. Ultimately, a workflow-based issue tracking system is required to replace the functionality of Suite Response. This can be a separate project allocated on top of the SharePoint initiative as it could provide all the functionality required to support a CKTraax-like application and would be web addressable. Password Management and Mail Replacement As detailed in the As Is and the To Be analysis, it is recommended that there is a migration to a Microsoft Active Directory Authentication and Exchange Email Server environment. This migration will also allow for the introduction of SCCM as a technology for the deployment of upgrades, new software and patches eliminating the need for manually imaging all PCs. This, coupled with the desktop technology refresh will ensure that the current environment within the Municipality of Chatham-Kent is both sustainable and adheres to policy for technology currency. Desktop Refresh Of the 1034 desktops and laptops currently deployed within the Municipality, 329 have exceeded by 2 years the acceptable life as per Council-approved policy. Further, an Municipality of Chatham Kent 2008 IT Strategic Plan Page 106

additional 191 computers will have exceeded the four-year life detailed in that policy by the end of 2008. Given that, fully one half of the computers within the Municipality will be past their life expectancy by the end of 2008 if no further computer purchases occur. With respect to application software 17, the largest single application used by Municipal employees is Mail, followed by the Microsoft Office suite of programs. With the planned replacement of Lotus Notes, the replacement program for Mail access will be Outlook, which is part of the Microsoft Office suite. Currently the Municipality of Chatham-Kent is using Microsoft Office XP that was released early in 2002, six years before 2008. The lifecycle defined for application software within the Municipality is five years, meaning that an upgrade should have occurred in 2007. However, it was deferred pending completion of this Strategic Plan. As it did not, and as there now will be a requirement for the Outlook component of Office to support Email, a refresh of Office is also required for 2008. This will affect all 1034 computers currently deployed within the Municipality and is dependent upon ensuring that all desktops and laptops deployed are within the four year lifecycle mandated by municipal policy. Due to the dependency of Mail migration on the deployment of Outlook, this project is viewed as a pre-requisite for the authentication and mail infrastructure refresh. Desktop Operating Systems Upgrade The current version of the Microsoft operating system is Vista but the Municipality deploys XP on its computers to all users. This is an acceptable solution but as of June 2008, the Municipality s vendor, Dell Computers, will not provide XP licenses and support will become more limited. Currently, when a computer is purchased, the license received is for Vista and then the machine is imaged with XP with the newer operating system license stored for future use. Of note, the computers purchased by the Municipality, while technically Vistacompliant, will not perform well using the new operating system due to the amount of memory that they are shipped with. These computers will require memory upgrades to 2 GB and as such, all future computers purchased by the Municipality should be specified with 2 GB of RAM. Beyond that basic need, MGCG recommends continuing to purchase Vista licenses with new machines but to image with XP, and introduce Vista into the Municipality in 2009. SharePoint / Web Requirements and Redesign The following initiatives should be executed 1. Craft an RFP for the deployment of a SharePoint environment which will fulfill the long term needs of the municipality. This RFP should include the following elements: 17 Note: ITS budgets funds for a software refresh every 5 years. This does not cover new software Municipality of Chatham Kent 2008 IT Strategic Plan Page 107

a. Design of a Production, Test and Software Development environment for SharePoint within the ITS infrastructure b. As part of the Production environment, development of both Intranet and Extranet capability along with appropriate access and security processes, group policies and procedures c. Development of basic templates and web parts to support a look and feel match between the existing web environment and the new web environment d. Develop basic workflow design environment and the training of ITS staff in its use e. Provision of assistance in porting existing web design over to SharePoint, including training and Technical Support f. Development of basic configuration management control infrastructure for web site based in SharePoint g. Development of basic issue tracking system which could act as a feasibility prototype platform for CKTraax replacement whilst training ITS staff on workflow h. Provision of ongoing support and training for SharePoint Infrastructure within the Municipality 2. Review the design of the current infrastructure with the consultant selected 3. Upgrade and migrate the current web infrastructure to Server 2007 4. Implement Microsoft Forefront Security for SharePoint (as described earlier in the report). Note that the cost is $0.60 per user per month i.e. for 1300 users $780/month or $9360/year 5. Assemble a web redesign advisory group to begin reviewing business requirements for the new web/portal 6. Create a new web design which will address the business needs of stakeholders Implement the new design (likely in early 2009) The first of these items should, and can, occur quickly. Because the outcomes of the other items are unknown, it is difficult at this point to craft a budget for them. This will require a spend of approximately $200,000 on a web redesign in 2008 with monies coming out of reserve subject to Council approval. That plan should provide effectively for items two to six above. Business Application Projects As has been described earlier in this report, a number of initiatives are underway with respect to Business Applications. Various departments have and will continue to have Municipality of Chatham Kent 2008 IT Strategic Plan Page 108

projects which require the support of and resources from the ITS group. These projects include but are not limited to: PSAB (Asset Management) CKTraax Replacement Public Works Work Management Immigration Portal Project Management Office Support Software Cultural Mapping These projects are centrally-managed through the corporate PMO but will require the input of significant ITS resources. Note: As CMiC is a critical business application and scheduled for review in Tactical Cycle #2, some thought should be given to its long term suitability as part of the Asset Management or Work Management project. Network Redesign The network redesign project is intended to simplify the network infrastructure and allow the To Be architecture to be delivered upon, support the development of technological standards, reduce support costs, enhance network security and allow for the deployment of a new telephony system in Tactical Cycle #3. The network redesign has two separate components: 1. Establishment of a standard for network switches, routers and firewalls 2. Deployment of new equipment to update the network to support multilayer switching, proper addressing and enhanced security Further improvements to the network as implemented will be achieved through the use of lifecycle dollars as time goes on, limiting the initial investment. Disaster Recovery Simulation The execution of a disaster recovery simulation is intended to supply basic knowledge on the current data and system backup and recovery plans for the municipality. It will also ensure that there is appropriate documentation of all processes related to backup and recovery and provides the basis for the infrastructure hardening exercise in Tactical Cycle 2. Budget for Tactical Cycle #1 Password Management and Mail Replacement - Costs Municipality of Chatham Kent 2008 IT Strategic Plan Page 109

There will be significant costs to this effort, but over the medium-term, this will be offset by ongoing savings that will be recovered in a reasonable time. Based on 1300 users, the following costs are envisaged (see Table 6 Budget for Password Management and Mail Replacement). Table 6 Budget for Password Management and Mail Replacement Quantity Item Unit charge Cost Comment 3 Exchange License $512.00 $1,536.00 Base license for Exchange Server (2003 or 2007) 2 Exchange Servers $7,900.00 $15,800.00 Dell 6950 Server, 64 bit compliant 1 OWA Server $5,400.00 $5,400.00 Dell 2950 Server, 64 bit compliant 1300 Mailbox Migrations $10.00 $13,000.00 Cost per seat of Notes - Exchange conversation 300 Active Directory CALs $20.56 $6,168.00 1300 Exchange CALs $49.00 $63,700.00 Per seat usage for Exchange 75 Days consulting services $1,000.00 Expertise is not available in CK ITS staff, $75,000.00 assistance will be required 2 Training $5,000.00 Microsoft training and certification for existing $10,000.00 staff Sub Total $190,604.00 15% Contingency Contingency should be build in at this early planning phase - may be reduced during initial $28,590.60 project planning 5% GST $10,959.73 Technology & Infrastructure Total $230,154.00 SCCM Costs (Table 8) $39,186.88 Total $269,340.88 Several projects were put on hold in 2007. The funds for these projects were specifically encumbered for this effort. Further, this effort will result in cost savings for the Municipality once implemented. Further, this new infrastructure will be more efficient, easier to manage, and will make it significantly simpler to find skilled personnel who can support it, as it is the most commonly deployed system for professional authentication and Email systems worldwide. Table 7 Annual Savings from Mail Migration, below shows the hard cost savings associated with this migration. Table 7 Annual Savings from Mail Migration (to be redirected to technology life-cycle) Municipality of Chatham Kent 2008 IT Strategic Plan Page 110

Quantity Item Unit Charge Annual Cost Description 1300 Lotus Notes Support $ 55.47 $ 72,117.00 Annual Support Costs 75 Citrix Licenses $ 50.00 $ 3,750.00 Reduction to 25% of existing licenses 1102 Novell IDM $ 5.16 $ 5,686.32 Annual spend for Novell IDM 1102 Zenworks $13.92 $ 15,339.84 1102 Novell NDS $ 33.06 $ 36,432.12 Annual spend for Novell NDS Sub total $ 133,325.28 5% GST $ 6,666.26 Total $ 139,991.54 Given that support on the existing infrastructure extends to August 2008, these savings will be realized in Year 1. It is recommended that if the migration is not undertaken by end of Lotus support, running unsupported should be considered (support is seldom required and the risk should be minimal). Given a cost of capital of 10%, this project pays for itself in less than two years if viewed as a standalone effort. To minimize risk, this project should be completed by the end date of Notes support cycle in August 2008. It is also important to note that these current support costs will increase each year and, as such, these cost savings represent a worst case scenario. Note: Microsoft offers Software Assurance (SA) as an alternative to regular support but as patches and regular service packs are released by Microsoft free of charge and support is available on a per case basis, MGCG does not recommend procuring SA and the additional 20 30% charge that this program would entail. Implementation of System Center Configuration Manager Server Costs The costs are shown below: Table 8 Budget to Implement System Center Configuration Manager Server Quantity Item Unit Charge Cost Description SCCM Server 402.67 7 Two required for redundancy, 5 for remote 65 SCCM License Pack of 20 $ 223.11 $ 14,502.15 1300 users in the environment 20 Days consulting services $1,000 $20,000 Sub total $ 37,320.84 5% GST $ 1,866.04 Total $ 39,186.88 Desktop Refresh - Costs The Municipality has a requirement that individual departments allocate reserve funds for technology refresh purposes. These funds will be allocated toward this specific refresh. Further the ITS department maintains budget line item to purchase new Office Municipality of Chatham Kent 2008 IT Strategic Plan Page 111

Software packages annually. Table 9 - Budget for Desktop Refresh, below shows the overall estimated costs for the technology refresh. The cost, while significant, includes recovery from some delays in executing technology refreshes to date and does include a once every five year charge for upgrading to Office 2007 something that is not optional as it is a dependency for the mail migration effort. Table 9 - Budget for Desktop Refresh Quantity Item Unit charge Cost Description 409 Desktop Computers $ 1,277.00 $ 522,293.00 Base version with weighted average cost for 17 or 19 inch monitor 106 Laptop Computers $ 1,866.00 $ 197,796.00 Standard Laptop 1082 Office 2007 Licenses $ 476.00 $ 515,032.00 Ontario Municipal license pricing Estimated sub total $ 1,235,121.00 5% GST $ 61,756.00 Total $ 1,296,877.00 Project funding is available through departmental technology refresh reserves, software licensing funding and regular spending for 2008. Departments are expected to have allocated funds for technology refresh, based on their obligations with respect to technology refresh. If these funds have not been sequestered, then those departments will have to identify sources of those funds and provide them. The shortfall between that, which should be available from the accounts designated for life cycle as shown in Table 10 PSAB Estimate of Funds that should be Allocated, would be taken from life cycle dollars. Table 10 PSAB Estimate of Funds that should be Allocated Quantity Item Unit Charge Cost Description 39 Desktop $ 1,400.00 $ 54,600.00 Departmental reserve for desktops from 2001 or older 88 Desktop $ 1,400.00 $ 123,200.00 Departmental reserve for desktops from 2002 118 Desktop $ 1,400.00 $ 165,200.00 Departmental reserve for desktops from 2003 164 Desktop $ 1,400.00 $ 229,600.00 Departmental reserve for desktops from 2004 50 Laptop $ 2,500.00 $ 125,000.00 Departmental reserve for laptops from 2002 34 Laptop $ 2,500.00 $ 85,000.00 Departmental reserve for laptops from 2003 22 Laptop $ 2,500.00 $ 55,000.00 Departmental reserve for laptops from 2004 1082 OS $ 25.00 $ 27,050.00 Operating system licenses scheduled for 2008 1082 Office Professional $ 98.00 $ 106,036.00 Office licenses scheduled for 2008 1082 Zenworks $ 14.00 $ 15,148.00 Zenworks inventory system (to be retired) Sub total $ 985,834.00 5% GST $ 49,292.00 Total $ 1,035,126.00 Notes: Municipality of Chatham Kent 2008 IT Strategic Plan Page 112

1. Zenworks will be replaced, initially by a trouble ticket management system, and later by standard Microsoft applications for patch and application management. This secondary replacement will be one of the projects targeted for 2009 2. Licenses may not be properly tracked and reconciled to computer users. This effort should be considered to be an opportunity to reconcile computers with licenses after which all licenses must be centrally managed. It is certainly worth considering centralizing license purchases through the same vendor from which hardware is purchased. The current vendor, Dell, offers Ontario Government pricing which cannot be improved upon through local purchasing. Local purchasing does, however, separate the license from the computer which is less efficient, harder to maintain and perhaps less compatible with the spirit of the centralized image management process. Cost Recovery on Authentication Redesign/Desktop Refresh Given that no new funds are required to pay for these projects, the Municipality will see savings of approximately $140,000 (see Table 7 Annual Savings from Mail Migration) per year going forward. These funds can be targeted at under-funded technology life cycle. Sensitivity Analysis The Tactical Cycle One budget is known with a high degree of accuracy, approaching 85%. Unknown areas include: The final design of the AD/Exchange environment. The actual cost of the training as opposed to estimates The selection of a Trouble Ticket tracking system which will drive the price of that project. The costs related to backup changes lifecycle for the new environment The costs related to the setup of the new organizational structure Notes: 1. Hardware life cycle costs for servers are not counted in either the As Is model or the To Be 2. Client Access Licenses (CALs) are not counted in the life cycle costs for Exchange or Active Directory as they are transportable between versions of both packages 3. The life cycle costs of Office 2007 are carried in either the As Is or To Be model and as such do not impact the overall budget Municipality of Chatham Kent 2008 IT Strategic Plan Page 113

Table 11 Summary Budget for Tactical Cycle #1 Project Cost Comments Novell/Lotus Retirement $270,000 Existing ITS reserve funds. Savings will be $140,000 per year to be directed to lifecycle Technology Refresh $1,309,000 Existing reserve funds. As of this project, rerolls will cease and imaging will be simplified SharePoint/Web Redesign Network technology standards developed and network redesign Disaster Recovery Simulation Other known business area projects $300,000 Existing IT reserve dollars to launch basic SharePoint infrastructure and strike web redesign committee $127,000 Consulting services to establish appropriate standards for network technology and network upgrade equipment (Budget will be requested for 2009) $20,000 Consulting Services and internal resources (2009 Budget) TBD PSAB (Asset Management) CKTraax Public Works Work Management Immigration Portal Project Management Office Support Software Cultural Mapping Municipality of Chatham Kent 2008 IT Strategic Plan Page 114

Tactical Cycle #2 Security, Redundancy, Reliability Timeline Tactical Cycle #2 runs from September 2009 to March 2011. Figure 15 Tactical Cycle #2 Schedule Projects and Project Schedule Tactical Cycle #2 (Figure 15 Tactical Cycle #2 Schedule) will focus on hardening the infrastructure, standardizing the network to enable other initiatives such as VoIP and Wireless engaging in a complete security review. The two main groups within ITS will each have their assigned projects but, again, will require project management from both ITS and from the Corporate PMO. Municipality of Chatham Kent 2008 IT Strategic Plan Page 115

Technology Services Projects 1. Infrastructure Hardening Based on the Backup and Recovery Simulation a series of recommendations will be made, and incorporated into a server infrastructure redesign that should review: Options for Server Consolidation including the use of VMWare Enhanced use of Storage Area Networks Deployment of redundant servers Review of options for a second, redundant emergency data centre Development of Server and System Run books for redesigned environment 2. Development and Deployment of a new Security Architecture for the network including: Introduction of appropriate policies for network security framework Development of a security design Implementation of new perimeter security infrastructure Implementation Multilayer Switching with Access Control 3. Development and Testing of an IT Disaster Recovery Plan Likely using outside resources, the development of a complete ITS Disaster Recovery / Business Continuity Plan 4. Network Security Audit including: Penetration Testing Architecture Review Policy Review Change Management Review Information Services Projects 1. Expansions of the SharePoint Knowledge Intranet to incorporate departments other than ITS 2. Development of a standard data architecture for the Municipality and Elimination of errant databases across the organization including the migration of all departmental Access Database tools to SQL Server 3. Review of CMiC and Hansen Suitability as a Municipal-wide ERP System and Tax Application Replacement, migration of standalone areas to it (or possible launch of replacement project). This project would include Development of work order processing capability Municipality of Chatham Kent 2008 IT Strategic Plan Page 116

Launch of Asset Management System 4. Introduction of Document Management System complementing the SharePoint Knowledge Portal and Intranet Note that this could be viewed as an extension to bullet 1 above as there are SharePoint extensions to support document management This project is highly dependent on the hardening of the infrastructure by the technology services group as the infrastructure will become the centralized repository of all corporate documentation Other Tactical Cycle #1 and #2 Efforts A number of other initiatives will be started outside of ITS during the period from March 2008 to August 2009. These efforts will require significant input from ITS and, as such, will represent a real challenge in terms of personnel, particularly with respect to Information Services. These projects include: 1. A review of options for Asset Management and Work Order Management which should also look at the expansion of the role of CMiC within the Municipality or for its replacement with an Enterprise Resource Management Application 2. The implementation of an Asset Management System 3. The selection of a Work Order Management system, again, one which integrates with other systems cleanly 4. The development of an approach for Enterprise Application Integration within the Municipality 5. The development of an integrated data architecture model for the Municipality Notes: 1. The decision related to CMiC expansion, ERP, and replacement of Enterprise Application Integration (EAI) is not described herein. From a budgetary point of view this decision would be corporate-wide and reflected this way from a budget point of view. The recommendation is that, depending on the path taken, this could represent up to a $500,000 spend effort. Table 12 Summary Budget for Tactical Cycle #2 Project Cost Comments Infrastructure Hardening - planning Planning: $25,000 Implementation: $150,000 Consulting funds to specify project for switch replacement, server consolidation and backup Municipality of Chatham Kent 2008 IT Strategic Plan Page 117

Development and deployment of Network Security Architecture Development and Testing of an IT Disaster Recovery Plan rationalization. Initial Blade systems and SAN purchase, followed by Life Cycle dollars for ongoing growth $50,000 External consulting supplementing internal resources $150,000 External Consultants Network Security Audit $30,000 External Audit Expansion of SharePoint Portal for corporate Intranet Review of CMiC, Hansen and Tax Applications Replacement of CMiC or instantiation of EAI and replacement of tax application $50,000 Mostly internal resources with some additional hardware and consulting services $100,000 Majority internal resources, supported by vendors and consultants Price Range: $500K - $2M Cost variable depending on solution selected. Minimal CMiC expansion, or EAI deployment would be low end, total CMiC replacement would be high end Tactical Cycle #3 Realizing the Vision: Seamless Access and Communications Timeline Tactical Cycle #3 runs from March 2011 to Feb 2013. Figure 16 Tactical Cycle #3 Schedule Municipality of Chatham Kent 2008 IT Strategic Plan Page 118

Projects and Project Schedule Tactical Cycle #3 (Figure 16 Tactical Cycle #3 Schedule) lays out a series of significant first steps for realizing the vision of a seamless data and application architecture. These will be large projects that require considerable effort on the behalf of the ITS group while introducing considerable amounts of change into the overall organization. Budget for Tactical Cycle #3 The project cost for the last two years of the strategic plan include at least one very large item the VoIP deployment. Based on approximately 1300 Handsets and the experience of other municipalities, the Municipality of Chatham-Kent can expect a cost of approximately $2,000-$3,000 per handset with a resultant budget cost of $2,600,000-$3,900,000. The costs related to the development of a new, corporate, data architecture, are primarily operational, using internal resources. Some consulting dollars will be required to establish the overall requirements for the new data architecture. At this early stage Municipality of Chatham Kent 2008 IT Strategic Plan Page 119

an estimate of $150,000 is appropriate for those costs, although this will need to be validated through a detailed work-plan. The development of the corporate knowledge portal is a continued migration of the SharePoint project and will not require new dollars beyond approximately $50,000 in consulting to develop the appropriate standard for business process documentation. Departments themselves will be required to document business processes according to those standards. The launch of the Corporate Data Warehouse is not calculable at this time; the requirements for such a system depend on the outcome of the data architecture. Table 13 Summary Budget for Tactical Cycle 3 Project Cost Comments New phone system $2.6 to $3.9 M Existing phone system is past end of life and kept alive through concerted effort and spare parts purchase on grey market. Estimate based on $2000-$3000 per telset including associated infrastructure and possible re-wiring Implementation of Data Architecture and Data Warehouse Planning: $85K, Cost: $1,500,000 This major corporate initiative will require internal resources and business area supported by consultants. Business case will be contingent on quality of data and ease of migration and cleansing Corporate Knowledge Portal $50,000 Majority internal resources supported by consulting Document Management $100,000 Based on current technology standards and costs for SharePoint extensions Benefits from Executing the Strategic Plan While several areas of saving have been identified during this strategic planning exercise, these funds are targeted to supporting processes and initiatives that are presently underfunded. The strategic plan, when realized, will have the following benefits for the organization: 1. Modern email messaging capability on a simple secure infrastructure that is easy and cost-effective to maintain Municipality of Chatham Kent 2008 IT Strategic Plan Page 120

2. An ITS organization that is aligned with the needs of the Municipality 3. An IT governance model that ensures department involvement in all decisions made by and for ITS in the Municipality 4. A web infrastructure that the citizens and staff of the Municipality can use and enjoy 5. A robust infrastructure that will survive most security risk and disaster scenarios 6. Tools selected for their broad based, integrated application across the entire organization 7. Single sources of data, cross-referenceable and highly available 8. An integrated messaging system for the Municipality allowing for single mode of contact between the citizenry, its elected representatives and the municipal staff 9. Documented and automated business processes 10. Document and Record Management 11. A simplified infrastructure from an operational and support point of view 12. A more technologically sophisticated workforce which is operating more efficiently 13. Better documentation and records auditability 14. More connected staff and elected officials 15. The first steps toward a service-oriented architecture 16. An architecture that is standards-based and easily maintainable 17. Better availability of skilled workforce to support the infrastructure of the Municipality 18. More efficient IT spending Operations Changes The ITS group will become realigned with fewer business silos which should improve intergroup communication. This will be aided by the fact that: 1. ITS will be restructured, simplified and aligned with the needs of the organization. This, with the addition of new faces and clearer roles, is expected to improve the functionality of the group 2. A more rational infrastructure will be easier to operate allowing more time for project and high value work as opposed to day to day firefighting 3. The increasing roles of policy and process within ITS should simplify decision making and technology standards Business Relationships Due to the restructuring of the group and the striking of an IT Steering Committee the following operations changes can be expected: Municipality of Chatham Kent 2008 IT Strategic Plan Page 121

1. Direct business subject matter expertise in all corporate applications areas within ITS. The addition of the three business analysts in Information Services will ensure that ITS partners effectively with business users when it comes to the actual needs of the business units across the Municipality. The business analysts will: a. Understand the business needs of the users b. Translate these business needs into IT requirements c. Assist in the planning, scoping, implementing and testing of the delivered IT solution Job descriptions for the Business Analysts are shown in Appendix F 2. The introduction of the policies related to application purchase and development will set in place corporate standards for all applications and provide guidelines to ensure new applications fit with the overall architecture of the Municipality 3. The addition of the IT Steering Committee will make sure that business units have representation in all ITS decisions 4. A migration to formal policies within ITS will ensure that procedures are understood and enforceable Service Level Agreements ITS should create a support policy identifying the technology that ITS will support. This will prevent the situation arising whereby a business unit acquires hardware, software or a service from a 3 rd party and expects ITS to assume support. New services, as required by the Municipality, can be added to the policy as agreed by ITS but with the provision that funding is available to provide training to ITS in that service. With a stronger commitment to written policies, ITS will be able to provide more consistent service levels to support organizations. This, coupled with improvements in recording and reporting of all trouble tickets in an effective manner, will allow for Service Level metrics enforcement. Additionally, consideration should be given to assigning a relationship manager to manage relationships with the organizations that ITS support. The Manager of Technical Services is a good candidate to fulfill this role. ITS currently provides support to CK Energy and this support contract is valued at $157,000. Of this, $98,000 is assigned to licenses, leaving only $59,000 for support. For this support fee, ITS provides a hybrid set of resources to CK Energy which could not be recovered via a single multi-skilled IT practitioner. This results in a considerable cost saving to CK Energy. ITS may wish to review SLA pricing on a regular basis to ensure that price levels match services. Municipality of Chatham Kent 2008 IT Strategic Plan Page 122

With respect to the support that ITS receives from its vendors, the existing SLAs should be reviewed and strengthened where possible. The key support contracts are those with Cisco (and/or the Cisco VAR) and Dell. Web/Portal Services The web group will have responsibility for redesigning the new web site, creating a proper corporate Intranet based on SharePoint Portal Services and, ultimately, developing a document and records management system. The issues with the current web functionality will have to be addressed in an open and inclusive manner. To do so, the following recommendations are made: 1. A Web Redesign Advisory Group should be constructed from all business units, Service Level Organizations within the Municipality as well as direct political representation. It should be noted that there should not be separate management/administration for different sections of the web, i.e. even though the web serves different business functions there should be a single cohesive management team that is responsible for all aspects of the web. This team should comprise representatives from key stakeholder groups, and the team should have a business, not a technology, focus 2. This committee will be chaired by the Web Business Analyst and report to the IT Steering Committee 3. The committee will take responsibility for the functional specification for the new web and portal infrastructure to be approved by the IT Steering Committee and Council s 4. While that functional specification is being constructed, the current web infrastructure be updated to support SharePoint Portal Services, current versions of SQL Server and the.net development environment 5. Once the functional specification for the new portal is approved the web group will develop a functional design based upon it and that design, when approved will be implemented The new web infrastructure should be available by the end of Tactical Cycle #1 in August 2009. Municipality of Chatham Kent 2008 IT Strategic Plan Page 123

Customer Support Changes The customer support function will remain similar to the existing process, with the addition that the Help desk will be simplified such that it, supported by the computer technicians, will endeavor to address 80% of all issues without escalation beyond the technician pool. Tracking of trouble tickets and their resolution will allow the Help desk and computer technicians to learn from past experience and build up a knowledge base allowing them to reach this immediate target. The escalation process should follow this pattern according to industry best practices (a basic example of the 80/20 rule): Call initiation: 80% of issues resolved by the person who answers the phone or a computer technician Call escalation 1: 16% of all issues escalated to one other SME within the ITS group Call escalation 2: First level SME escalates once more either internally or externally for all subsequent calls This target will not be reached right away but is achievable, given the other changes within one year. Proper tracking of customer support is essential and, as described in this plan, Suite Response is not the tool with which to do such tracking. Process Changes As the requirements of the Municipality evolve, new procedures will be required and existing procedures will need to be enhanced and formalized. The Business Analysts will play a key role in working with the business units to analyze requirements, develop and implement these processes. IT Governance The ITS group currently reports to the General Manager of Corporate Services and this is certainly a rational approach in many cases. Traditionally, functions similar to ITS reported through the finance organization and, in fact, this is often the case today. The traditional model is not effective in the vast majority of most organizations and, as the overall relevance of Information Technology in business operations increases, there is increasing pressure to migrate IT to the C level, reporting to the CAO in a Municipality or the CEO in most businesses. In fact the role of the Chief Information Officer is generally considered a peer relationship to the CFO and the COO. In the case of the Municipality of Chatham-Kent, there is significant anecdotal and direct evidence that the current governance model does not work effectively. Various groups outside of Corporate Services launch initiatives requiring IT input or affecting the municipal IT infrastructure, but do not involve IT directly in these efforts. Further, given that there are service level support organizations in place such as the Police, CK Municipality of Chatham Kent 2008 IT Strategic Plan Page 124

Energy, the Library, Ontario Works and Riverview Gardens, their input into IT-based activities should be reflected. In order to satisfy (i) the ITS need to be consulted on almost all projects in which the Municipality is involved, and (ii) to also address the business units needs to be consulted on projects and standards, there must be a redesign of the governance model for ITS. The scenario shown in Figure 17 - Governance Model Reporting Structure, and Figure 18 - Governance Model Internal Structure, will effectively deal with this need. This will see the creation of an Information Technology Steering Committee that will review all projects underway within the Municipality with a view to understanding ITS s involvement and requirements for those projects. From an operational point of view, the Steering Committee will ensure that ITS does not undertake activities that will adversely impact the operation of the business units. Figure 17 - Governance Model Reporting Structure Working with the CAO, the Mayor and the General Manager of Corporate Services, the Chair of the IT Steering Committee will select a representative team from the Council, General Managers, Directors and Managers of the business units for representation on the committee. As a first pass, the committee can be fashioned after the IT Strategic Plan Steering Committee as is shown in Figure 18 - Governance Model Internal Structure, below. It is recommended that the existing steering committee be crafted with between seven and twelve members, plus its chair and has its initial meeting early in 2008 with an agenda of crafting its own detailed mandate, terms or reference, membership criteria, terms of service and operating rules. Municipality of Chatham Kent 2008 IT Strategic Plan Page 125

Figure 18 - Governance Model Internal Structure Proposed Mandate of IT Steering Committee Generally within municipalities, the IT Steering Committee reports directly to the CAO. Political involvement is generally indirect but it is common for council to be represented on the committee. With this model firmly in mind, the IT Steering Committee should report to the CAO, and its Chair should be the Director of ITS. Members are appointed from business units and Council as selected by the CAO and the Chair, with input from the Mayor. IT Governance should ensure that the Municipality s IT sustains and extends its strategies and objectives. Its mandate is to: Protect shareholder (citizen) value Ensure that IT risks are quantified and understood Direct and control IT investment, opportunity, benefits and risks Align IT with the business while accepting IT as a critical input to and component of the Strategic Plan, influencing strategic opportunities Sustain current operations and prepare for the future Be an integral part of the global governance structure Some activities are as follows: Drive enterprise alignment o Ascertain that IT strategy is aligned with enterprise strategy o Ascertain that IT delivers against the strategy through clear expectations and measurement Municipality of Chatham Kent 2008 IT Strategic Plan Page 126

o o o o o Direct IT strategy to balance investments between supporting and growing the Municipality Make considered decisions about where IT resources should be focused Review all projects undertaken by the Municipality and their requirements for technology and technology support Review all technical standards employed by the Municipality with respect to Information Technology Develop and enforce all (i) technology selection and (ii) development policies put in place by the Municipality Deliver Measurable Value o Deliver on time and on budget o Enhance reputation, leadership and cost-efficiency o Provide client (user/citizen) trust and appropriate time to implement/deploy Measure Performance o Define and monitor measures with management to verify that objectives are achieved, and measure performance to eliminate surprises o Leverage a system of Balanced Scorecards maintained by management that form the basis of evaluation Manage Risk o Ascertain that there is transparency about the significant risks to the organization o Be aware that the final responsibility for risk management rests with the IT Steering Committee o Be conscious that risk mitigation can generate cost-efficiencies o Implement risk management within the Municipality o Review all ITS projects for impact on business units o Own the IT Strategic Plan for the Municipality of Chatham-Kent, be responsible for its review and updating, and deliver its contents o Ascertain that management has put processes, technology and assurance in place for information security to ensure that: Business transactions can be trusted IT services are usable, can appropriately resist attacks and recover from failures Critical information is withheld from those who should not have access to it Municipality of Chatham Kent 2008 IT Strategic Plan Page 127

Policies and Procedures The following baseline policy/procedure examples are offered as significant steps forward in ITS governance. They will need to be further customized specifically to the Municipality of Chatham-Kent environment but they contain critical major elements in migrating ITS toward an organization which is well positioned to service its community. Change Management Purpose The purpose of this guideline is to manage changes in a rational, predictable and auditable manner so that IT Administrators and end-users can plan accordingly. Changes require forethought, careful monitoring, and follow-up evaluation to ensure they have the intended effect. The sections below describe the policy in 3 areas: IT Systems Purchase/Replacement The decision about whether to replace or upgrade IT systems generally rests with the ITS department and the IT Steering Committee. ITS will usually develop annual plans for upgrades or replacements of IT systems in accordance with the organization s renewal/retirement policy and build appropriate funds into the capital budget. Procurement will be made in accordance with the Corporation s Purchasing Policy. IT determines when computer systems no longer meet the needs of the users, or have ceased to be the most cost effective solution. Computers should be replaced as soon as performance is affected or according to the replacement schedule that maximizes efficiency and controls costs. The following guidelines are generally appropriate: Desktop computers will be replaced every four years Laptop computers will be replaced every three years Servers are replaced every five years IT systems will be procured with standardized hardware and software configurations as determined by the IT department. ITS will monitor and project future IT systems capacity requirements. Municipality of Chatham Kent 2008 IT Strategic Plan Page 128

Issuance of laptops will be based upon job function and subject to the appropriate approvals. Special requests will be channeled through the appropriate Supervisor or Manager. Laptops will be configured with local administrative rights disabled, unless otherwise justified and approved. A floater laptop will be provided as a loaner to address temporary needs for laptop use. Changes to Operational Systems Changes to operational systems will only be made when there is a valid business reason to do so. A formal written change request must be submitted for all changes, both scheduled and unscheduled. Each change request must receive formal approval from the Director, ITS and then scheduled for implementation. Appropriate documentation (i) requesting the change, (ii) implementing the change, (iii) testing the change and (iv) logging the change must be provided and retained. Situations requiring expedited approvals and implementation must be documented and approved by a senior member of the IT staff. This individual will later submit all required change control documentation, along with justification for the expedited change. Rush or emergency changes will be suitably documented, tracked, and approved like normal changes, but treated with high priority in order to avoid delays in implementation. Change requests may be denied or delayed for reasons including, but not limited to, inadequate planning, inadequate backup plans, an expected negative impact on a key business process such as year-end accounting, a weak business case, weakened security, or - if adequate resources cannot be readily available. Operational systems and application software will be subject to strict change management control process. When changes are made, a Change Control Document containing all relevant information should be retained in particular the following items: Identification and recording of significant changes (e.g. date of submission, date of change, Requester, Requester s Manager, contact information, nature of change, success or failure, etc Planning and testing of changes Assessment of the potential impacts, including security impacts, of such changes; Communication of change details to all relevant persons Municipality of Chatham Kent 2008 IT Strategic Plan Page 129

Fallback procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events Customer notification must be completed for each scheduled or unscheduled changes To facilitate managing the initiatives planned by the ITS as well as requests made from other departments with respects to IT related systems, annual planning should be done by each department, and a summary of proposed system upgrades, timing, and level of effort for each initiative presented by the Managers of each area to ITS, so that a consolidated change plan can be developed, phased and implemented. System Acceptance Acceptance criteria for new information systems, upgrades, and new versions will be established and suitable tests of the system(s) carried out during development and prior to acceptance. Where possible, formal testing will be carried out to confirm that all acceptance criteria have been fully satisfied (i) in a suitable test environment and (ii) again when promoted to production. Managers will ensure that the requirements and criteria for acceptance of new systems are clearly defined, agreed, documented, and tested. New information systems, upgrades, and new versions should only be promoted into production after obtaining formal acceptance. The following items should be considered prior to formal acceptance being provided: Performance and system capacity requirements Prior testing on non-production systems Estimated implementation timelines including rollback timelines Error recovery, restart, rollback procedures, and contingency plans Preparation and testing of routine operating procedures to defined standards Agreed set of security controls in place Effective manual procedures Business continuity arrangements Evidence that installation of the new system will not adversely affect existing systems, particularly at peak processing times, such as month end Evidence that consideration has been given to the effect the new system has on the overall security of the Corporation Training in the operation or use of new systems Ease of use, as this affects under performance and avoids human error Application Development Municipality of Chatham Kent 2008 IT Strategic Plan Page 130

Purpose The purpose of this guideline is to provide guidelines for the development of applications for the corporation. Scope The guidelines are intended to be applied to: Applications used by the Municipality Pre-Requisites For major development, approval to proceed must be granted by the IT Steering Committee Integration requirements will include one of the following: o o A direct IT-developed interface Integration capability through middleware such as: BizTalk Vitria WebLogic Computing Environment The database structure will be SQL Server 2005 Active Directory is the corporation s standard for providing central authentication and authorization for Windows based computers Evaluation, Approval and the Development Process Specifications must be created using standard Municipality templates. Consideration must be given to the following: o Features o Integration o Security o Scalability o Compatibility o Ease-of-use o Maintenance and supportability Development must be carried out under the direction and management of ITS using ITS s development methodology and standards Application Design and Development All applications developed within the corporation must be built using Microsoft s.net Framework to ensure the developed solution conforms to the standards described in 4.0 above Application Procurement Purpose Municipality of Chatham Kent 2008 IT Strategic Plan Page 131

Scope The purpose of this guideline is to provide guidelines for the procurement of software for the corporation. The guidelines are intended to be applied to: Operating System software Word Processing, Spreadsheet, and Presentation software Mail Software Collaborative software Software Tools Security tools Operations and Admin software Help desk tools including incident management and asset records Application packages Pre-Requisites Where appropriate, the RFP or RFQ process will be used to select an appropriate vendor The Corporation will decide whether the software will be: o Purchased outright o Used under license o Managed by a 3rd party and used by the corporation on a fee per use basis o Another arrangement beneficial to the corporation Support arrangement will be agreed with the vendor covering issues such as: o Implementation Support o Upgrades o Service Level Agreements Integration requirements will include one of the following: o o A direct IT-developed interface Integration capability through middleware such as: BizTalk Vitria WebLogic Computing Environment The database structure will be one of the following: o Oracle o SQL Server 2005 Active Directory is the corporation s standard for providing central authentication and authorization for Windows based computers Evaluation and Approval Municipality of Chatham Kent 2008 IT Strategic Plan Page 132

For major acquisition, approval to proceed must be granted by the IT Steering Committee All software implemented on the corporation s system must be evaluated and authorized by ITS prior to acquisition to ensure it is compliant with the corporation s standards relating to: o Feature o Integration o Security o Scalability o Compatibility o ease-of-use o maintenance and supportability Incident Management Guideline Purpose The purpose of this guideline is to establish and prescribe information incident management procedures. The objective is to: limit the breach or violation as quickly as possible determine the cause and facts develop preventive measures to limit the impact and prevent recurrence establish accountability This guideline applies to all information (in whatever format); all IT systems sites/facilities/equipment and all users. Incident Response ITS Administrators should detect, report, and respond to information security incidents in a systematic manner. Incidents may be either a breach or a violation. Breach is a condition where a vulnerability exists, that may result in unauthorized access to IT Systems and the unauthorized disclosure, use, destruction, loss, removal, modification, or interruption in corporate information. A breach may be accidental or the result of a deliberate act. Violation is an act against policy, procedure or law which may have resulted in a breach or a security gap in the IT Systems and may have resulted in unauthorized access, disclosure, destruction, loss, modification or interruption in the availability of information. Municipality of Chatham Kent 2008 IT Strategic Plan Page 133

Procedures When a violation is detected, the ability to protect network and systems equipment, determine the extent of the intrusion, and recover normal operations depends on quick decisions. The first action following detection of an intrusion is the notification of the Head of IT. Next, the risk level should be assessed. Low Risk Systems or data that if compromised (data viewed by unauthorized personnel, data corrupted, or data lost) will not disrupt the business or cause legal or financial ramifications. The targeted system or data can be easily restored and does not permit further access of other systems. Medium Risk Systems or data that - if compromised (data viewed by unauthorized personnel, data corrupted, or data lost) - will cause a moderate disruption in the business, minor legal or financial ramifications, or provide further access to other systems. The targeted system or data requires a moderate effort to restore or the restoration process is disruptive to the system. High Risk Systems or data that - if compromised (data viewed by unauthorized personnel, data corrupted, or data lost) - will cause an extreme disruption in the business, cause major legal or financial ramifications, or threaten the health and safety of a person. The targeted system or data requires either significant effort to restore, or the restoration process is disruptive to the business or other systems. The development and maintenance of a detailed Matrix as a part of Disaster Recovery Planning is required and should include: application or service supporting infrastructure or components and dependencies affected systems per component failure business impact appropriate actions acceptable recovery time Typical components are shown in Table 14 - Incident Management Components, below: Municipality of Chatham Kent 2008 IT Strategic Plan Page 134

Table 14 - Incident Management Components System Description Risk Level Core Ethernet Switches, Core network devices, WAN High/Medium/Low Firewalls, Routers connections, internal routing Access Switches Access network device High/Medium/Low ISDN or dial up Access network device High/Medium/Low modems DNS and DHCP servers Network applications High/Medium/Low External e-mail server Mail relay High/Medium/Low Internal e-mail server Primary Email store High/Medium/Low Databases Various databases supporting High/Medium/Low multiple departments Fileserver Network application High/Medium/Low Intranet Network access to High/Medium/Low applications Extranet Network access to High/Medium/Low applications Finance Financial applications High/Medium/Low ITS Administrators and Director of ITS will follow the following procedures: Step 1 - ITS Administrators will: Take immediate measures to prevent further access to the violation; Isolate the violated systems; Report the information security incident to the Director of ITS as soon as possible using a pre-arranged medium (i.e. mobile phone, pager, voice mail, email etc who, with assistance of the IT Administrators, will assess the risk level of the incident Record the event by: o Obtaining sniffer traces of the network o Obtaining copies of log files o Obtaining active user accounts o Network connections; o Limiting further compromise by disabling accounts, disconnecting network equipment from the network, and disconnecting from the Internet; o Backing up the compromised system in an appropriate manner to prevent compromise on other systems and to aid in a detailed analysis of the damage and method of attack; Municipality of Chatham Kent 2008 IT Strategic Plan Page 135

o o o o Looking for other signs of compromise. Often when a system is compromised, there are other systems or accounts involved; Maintaining and reviewing security device log files and network monitoring log files, as they often provide clues to the method of attack; Determining if the systems(s) require a complete rebuild (Note: restoration of normal network operations is the final goal of any security violation response); Keeping the Head of IT informed of status of incident. Step 2 Director of ITS and/or ITS Administrators initiates and completes the incident investigation (Table 15 - Incident Report Template) and identifies the parties to involve in the process. The Head of IT determines if legal or law enforcement agencies should be involved Step 3 - Director of ITS is responsible for communicating incidents classified at a high level to Senior Management (e.g. breach is significant, destruction of critical information, etc) Step 4 - Director of ITS is responsible for making recommendations to the Management Team (EMT) on the necessity of communications to the public or other stakeholders of the corporation. Assistance with the crafting of the message may be required. Municipality of Chatham Kent 2008 IT Strategic Plan Page 136

Table 15 - Incident Report Template Incident # Date of Incident Level Month Day Year Time Duration Low Medium High Reported by: Alleged source of incident Alleged recipient of information Summary of incident Information breached Investigation Conclusion Recommendations Municipality of Chatham Kent 2008 IT Strategic Plan Page 137

Investigator Signature Date IT Department Head Signature Date Disaster Recovery Planning Guidelines Purpose: Information and Information Systems are essential to a Corporation s ability to sustain business operations. Any failure of a single or multiple systems may impact several business functions and service delivery Business Continuity Planning (BCP) is defined as creating a roadmap that defines the processes and procedures which provide operational continuity and the integrity of information and the systems Disaster Recovery Planning (DRP) is defined as creating a plan which lists the steps in order to restore critical business systems, applications and data The purpose of this policy is to create and maintain a Disaster Recovery Plan that permits the Corporation to follow a list of steps that restore critical business systems, applications and data within a predictable and acceptable time period. The DRP supports the overall BCP System Interruptions, Categories of Failure and Impact Analysis The planning includes risk analysis and mitigation by: Identifying all areas of possible failure or service interruption Classifying the types of failure and assigning severity to each type of failure. The possible types of failure should include external factors such as natural disaster and pandemics, and internal failures such as human error, technology-related systems failures and fire/theft System dependencies are documented, along with the impact of any failure on corresponding systems. Applications and systems should be classified with an appropriate level of need to the organization (critical, non-critical, non-essential etc). Recovery time objectives (extrapolated from tolerance for downtime) for each critical system will be defined. The plan will address the prioritized recovery of systems, recovery steps, estimated times and required components. Municipality of Chatham Kent 2008 IT Strategic Plan Page 138

Plan Development and Maintenance The Plan includes the necessary components to provide detailed instructions to the appropriate individuals and will include: Roles and Responsibilities Communication procedures and contacts lists Equipment replacement Vendor re-order/warranty information and contact details Security and password control Location of necessary documentation Offsite location recovery options Incident Identification, Classification, Response Decision and Action Procedures for recovery including sequence and timing of each task Testing instructions (technical functionality, business process functionality, data integrity) The plan will make use of System Inventory, Business Impact Analysis and Business Process mappings in order to establish system dependencies and priorities in the recovery process. The plan must address IT systems, network rebuild, a suitable recovery location, a communication plan to provide personnel with status and direction, and a location for people to work and access to the necessary recovered IT Systems. The plan should be developed in a modular way that allows it to first be unit tested and then tested as a full, comprehensive simulation of a failure. The plan should include: Testing of individual components, then select groups of components together Testing recovery on the primary site and at offsite recovery locations Definition of suitable test environments and requirements will be provided prior to scheduling any testing A Communications Plan informing staff of roles and recovery status The plan should be reviewed, tested and updated annually. Findings from each test will be used to enhance the future testing. Reporting will include the test goals, results and recommendations for improvement. The annual review of the DRP will include: Review of changes to IT Systems (moves, adds, changes) Changes to the infrastructure hardware, software, network components Refresh of dependencies, priorities and classifications Municipality of Chatham Kent 2008 IT Strategic Plan Page 139

Review of previous testing findings and recommendations Enhancement and updating of the plan Preparation for testing Execution of the failure simulation test Documentation of the results and further recommendations Presentation to management and IT staff Municipality of Chatham Kent 2008 IT Strategic Plan Page 140

Security Purpose Scope The purpose of this guideline is to establish rigorous IT systems security controls, based on the information processed, stored or communicated on the system. This guideline will also: Establish the responsibilities of the IT department in the security of electronic information and IT systems Ensure that the systems they administer are operated in accordance with all applicable information security standards and policies. Protecting IT systems includes: Maintenance of application and data integrity; Assurance that automated information systems perform their critical functions: Correctly In a timely manner Under adequate controls; Protection against unauthorized disclosure of information; Assurance of the continued availability of reliable and critical information, and Physical protection of information and information systems Access Control IT administrators have a broad responsibility for ensuring the security surrounding the management of IT systems. Some of these responsibilities include: Controlling strict access to IT systems to prevent unauthorized access. Access to all computing and information systems and peripherals shall be restricted unless explicitly authorized Ensuring that system user passwords have expiry periods set for no greater than six months and that the same password is not allowed when selecting a new one. Default factory, hardware, software or vendor passwords will be changed prior to the first time of operational use. Providing adequate safeguards for remote access control procedures through robust authentication, authorization and encryption techniques. Automated timeouts will be activated for: Municipality of Chatham Kent 2008 IT Strategic Plan Page 141

o o all system access logins, including workstation and administrative system access on all systems including servers and network devices remote access to all authorized corporate systems Ensuring that no system accounts are created or activated until the relevant authorization process has been completed, i.e., granting access to databases through applications only after authentication with credentials. Every application must have unique database credentials Ensuring controls are implemented for logical access to computer resources to minimize inadvertent employee error/negligence, and reduce opportunities for computer crime, unauthorized modification, disclosure, or destruction of data Ensuring that each user of an automated system is assigned a unique personal identifier for user identification. User identification is authenticated before the system grants access to automated information Checking servers quarterly for inactive accounts. Inactive and guest system accounts shall be disabled as soon as they are no longer required Ensuring access controls are applied to accounts through either login scripts and/or access rights that limit access to authorized and required access only Securing wireless access in compliance with Remote Access requirements and restrictions also granting appropriate access levels Granting appropriate levels - as determined and approved by the requesting manager - to visitors, contractors, consultants and others who require temporary access to specific systems.. Managers may be required to discuss access levels with IT in order to determine appropriate access Segregation in Networks IT Administrators will conduct a risk assessment and security requirements prior to defining and implementing network domains or segments Groups of information services, users, and information systems should be segregated on networks. Large networks should be divided into separate logical network segments and each should be protected by a defined security perimeter. Network perimeters should be implemented by: Municipality of Chatham Kent 2008 IT Strategic Plan Page 142

A secure gateway (e.g. firewall or router) should be installed between the networks that are interconnected, to control access and the information flow between the two segments; Network device functionality (e.g. IP switching, separate domains, controlled data flows using routing/switching capabilities such as access control lists)should be used Where the above safeguards are inappropriate, other authorized and reliable procedures should be used providing they are fully documented and approved Server Security and Audit Logging Configuration changes for production servers must follow the Change Management Guideline and the defined Change Management Process established for the corporation. The most recent security patches must be installed on the system as soon as practical. All security related events on critical or sensitive systems must be logged and audit trails kept online for a minimum of 1 week. Automated tools should be configured to provide real time notification of detected wrongdoing and vulnerability exploitation. These tools will monitor: Internet traffic E-mail traffic LAN traffic Operating system security parameters A quarterly review of baseline security analysis using appropriate tools should be scheduled and performed. All of the following log files will be checked regularly for signs of wrongdoing and vulnerability exploitation: Automated intrusion detection system logs Firewall logs User account log Remote access logs Network scanning logs System error logs Application logs Data backup and recovery logs RAID controller logs Hardware logs Help desk trouble tickets Municipality of Chatham Kent 2008 IT Strategic Plan Page 143

Network printer logs. IT Systems and Network Service Security Requirements ITS Administrators will identify security requirements, service levels and management requirements for all network IT systems and network service agreements prior to their development and/or implementation. IT systems include operating systems, infrastructure, business applications, off-the-shelf products, services, and in-house developed applications Network services include the provision of connections, private network services, value added networks and managed network security solutions such as firewalls and intrusion detection systems ITS Administrators responsibilities include: Securing contracts with vendors that address security requirements. Where the security functionality in a proposed product does not satisfy the specified requirement, then the risk introduced and associated controls should be reconsidered prior to purchasing the product. Where additional functionality is supplied and causes a security risk, this should be disabled or the proposed control structure should be reviewed to determine if advantage can be taken of the enhanced functionality available. Disabling of non-essential services and applications is to be performed on all IT systems Ensuring that the security controls, service definitions and delivery levels included in the third party service delivery agreement are implemented, operated, and maintained by the third party and that the third party maintains sufficient service capability together with workable plans designed to ensure that agreed service continuity levels are maintained in the event of a major service failure or a full system disaster Ensuring that third party access to corporate information is only permitted where the information in question has been secured, and the risk of possible unauthorized access is considered to be negligible. Granting access to third parties must be approved, documented, and assigned a time expiration Monitoring and reviewing third party services to ensure that the information security terms and conditions of the agreements are being adhered to, and that information security incidents and problems are managed properly. This should involve a service management relationship and a mutually-agreed set of processes with the third party that: Municipality of Chatham Kent 2008 IT Strategic Plan Page 144

o o o o o o Sets and subsequently manages service performance levels Reviews service reports produced by the third party and arranges regular progress meetings as required by the agreements; Provides information about security incidents and allows for the review of this information with the third party as required by the agreements and any supporting guidelines and procedures; Reviews third party audit trails and logs of security events, operational problems, failures, tracing of faults and disruptions related to the service delivered; Resolves and manages any identified problems; Implements updates based on the critical nature of the software release. Critical updates should be implemented within 1 week of the notification. Non-critical updates should be scheduled appropriately, and implemented at least quarterly; Reviews (i) System Tools and (ii) configurations to determine whether essential tools are missing or new technologies/products should be introduced to the environment. This review should occur annually to determine if new developments or releases are available that will effectively assist with operational administration and management. Encryption Adequately maintaining documentation of all systems. Best Practices includes the creation of a Build-book for each server or network device. A Build-book should include detailed configuration, and steps to build, rebuild or recover systems (Servers, network devices etc). Steps for recovery are to be linked to Business Continuity and Disaster Recovery Planning Documentation. Periodically arranging Orientation and Training sessions for end users. IT staff will be asked to schedule these sessions as required Through a primary ITS Administrator, managing the relationship with each third party supplier. Each third party will be assigned to a designated individual who checks for compliance and enforces the requirements of the agreements ITS staff are authorized to encrypt data for protection against unauthorized disclosure while in storage or in transit. Web-enabled transactions that involve the transfer of sensitive data or the transfer of funds must use encryption. ITS ensures that proven, standard algorithms are used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. Symmetric cryptosystem key lengths must be at least 56 bits. Asymmetric cryptosystem keys must be of a length that yields equivalent strength. Municipality of Chatham Kent 2008 IT Strategic Plan Page 145

The use of proprietary encryption algorithms is not allowed for any purpose, unless reviewed by qualified experts outside of the vendor in question and the IT department. ITS Security System Audit. IT systems should undergo a security audit on a regular interval schedule (e.g. every two to three years). An independent third party should review all systems and controls. As part of this audit process, all established Security Policies and Procedures should be reviewed and updated as necessary. E-Commerce, Support Channels and General Web Access Applications that are made available online - such as e-commerce, connections with third party companies for outsourced services or support and general web access applications which are accessible remotely through Internet connections and their associated systems - are to be secured. This should be done using appropriate technology and configurations to prevent and detect intrusion together with robust procedures to act upon, if suspected violations or breaches occur (as detailed in the policy on IT Incident Management Procedure ). Where third parties are involved in e-commerce systems and delivery channels, it is essential that they are able to meet the resilience and information security objectives of the corporation. A Requirements List should be provided to third parties to meet security objectives. All current and future Business to Business, and Business to Customer, process flows must ensure that a secure architecture is being maintained. Any development, set up, or account access of any systems initiated by any department is to be discussed with the IT department prior to being implemented into production systems at the corporation. The IT department must ensure that these systems are set up in a secure manner, and they do not introduce vulnerabilities into the corporate environment. Any systems set up by IT must also be compliant. Municipality of Chatham Kent 2008 IT Strategic Plan Page 146

Provision of Funding for Business Areas Computer Replacement Purpose Scope The purpose of this guideline is to ensure that Business Areas accrue the appropriate funds to replace computer equipment when it has reached end-oflife. Includes all equipment acquired on behalf of the business area by ITS Description The life cycle of computer equipment within the Municipality has been defined. Business areas should budget to ensure that once the equipment reaches its expiry date the necessary funds are available to replace the equipment. Municipality of Chatham Kent 2008 IT Strategic Plan Page 147

Municipality of Chatham Kent 2008 IT Strategic Plan Page 148

9. Summary of Recommendations Application Infrastructure Benefits 1 Implement Office 2007 to utilize Efficiency to day-to-day operations Groove, InfoPath and OneNote 2 Implement and utilize SharePoint Improved collaboration and streamlined process workflow 3 Implement a central image management process Significantly increased productivity of ITS imaging individual 4 Develop email Storage standards Improved email management, reduced storage requirement 5 Upgrade CMiC to v2006 (see 7 below) Improved collaboration Reduced manual entry 6 CKTraax and CRM Replacement Improved municipal accountability Better issue tracking and escalation Improved corporate knowledge development Improved IT trouble ticket tracking and Help desk service 7 Migrate BCD Payroll and InfoHR to CMiC v2006 Improved collaboration Reduced manual entry 8 Consider using CMiC s Asset Tracking/Management and work order processing capabilities (or a replacement of CMiC) 9 Implement Exchange/Outlook Increase bandwidth Retire Citrix Control of Municipality s assets Better and common management of work orders Reduced support effort Eliminates Citrix license costs 10 Redesign backup process Increase efficiency Improve manageability Reduce vulnerability 11 Implement improved Issue Tracking System Improved management of incidents Elimination of paper Reduced data entry 12 Assign a server as a print server Reduces the amount of user support needed 13 Implement SharePoint antivirus Reduces vulnerability to virus attacks 14 Implement Windows Remote Desktop tool Facilitates installs and updates Municipality of Chatham Kent 2008 IT Strategic Plan Page 149

15 Implement System Center Configuration Manager Server 16 Review web needs and update website Benefits Minimizes the likelihood of downloading corrupt versions of software Address the current needs of stakeholders 17 Instantiate Sharepoint as a base platform for the corporate intranet and a record/document repository 18 In lieu of 16 above, increase font size (or provide instructions to users on how to magnify the text) 19 Capture advanced Web usage trends e.g. hits, pages browsed, etc 20 Provide automated aids to enable website authors and editors to self-tech themselves how to update web content Provides a standard and structured environment for storage and access Improves readability and therefore use of website Indicates the webpage s of interest to stakeholders Provides stats for capacity and performance Reduces the hands-on training presently provided by ITS Network Infrastructure 1 Implement improved network monitoring tools 2 Implement network segmentation 3 Review, reorganize and, where necessary, replace cabling 4 The current use of VMWare should be legitimized by the purchase of a supported version Benefits Anticipate and be proactive to issues that arise with respect to e.g. component failure, capacity, performance degradation etc Increases robustness, efficiency and security of network i.e. reduces downtime, optimizes bandwidth, reduces vulnerability Increases network reliability, performance and longevity As this software is on use in production systems, in the event of systems failure, the vendor will likely provide a low level of support resulting in extended downtime and a possibly inferior fix Rationalizes - and therefore simplifies directory/password management 5 Migrate the Netware domain to Active Directory 6 Migrate email to Exchange Most prevalent email platform Easier to support Municipality of Chatham Kent 2008 IT Strategic Plan Page 150

7 Migrate servers to new server room as soon as possible 8 Ensure Wi-Fi Protected Access (WPA) encryption is configured on both wireless networks 9 Eliminate use of dial-up modems 10 Carry out a review of business processes, optimize and document them 11 Implement a robust Incident Tracking System 12 Obtain information from Radio System vendor on coverage Review SLA 13 Review SCADA service organization, and provision Benefits Eliminates Lotus Notes annual support fees Reduce likelihood of equipment failure due to factors such as HVAC, etc Reduce the vulnerability to hacking Eliminates unauthorized access to the network via these modems Removes equipment that is at end-of-life Provides (currently absent) processes to support GIS users and application Eliminates the use of SuiteResponse and GIS group s Wiki-style knowledge portal Improve ability to better liaise with vendor in the event of an outage and therefore resolve quickly Incorporate increased security, and reliability Data Infrastructure Benefits 1 Review Access databases and institute a program for their gradual elimination or migration to 1 SQL database Eliminates multiple occurrences of data Reduce errors Foster increased data integration and rationalization 2 Rationalize Oracle databases Simplify infrastructure and improve ability to manage 3 Rationalize SQL databases Simplify infrastructure and improve ability to manage Voice Communications Infrastructure 1 Plan for the replacement of the existing (obsolete) PBX telephony system Benefits Ensure voice services are maintained Municipality of Chatham Kent 2008 IT Strategic Plan Page 151

Operational Review 1 Institute policy of cyclic renewal for computers (generally 4 years) Eliminate current process of passing down computers 2 Formalize process for disposing of retired computers Benefits Rationalizes the replacement of computers Assists the planning of renewals Assists the management of funding the replacements Eliminates the re-imaging of passed down machines (and the effort involved) Frees up space and clutter Business Processes Benefits 1 Document business processes and how they map to the computer applications (systems) Ensures processes are always carried out in the sale manner Assists on-the-job training of new staff Provides process guidelines for substituting staff during vacations, sickness etc 2 Finalize, gain approval for, and institute Acceptable Usage Policy Minimizes unauthorized or illegal use of company assets Clarifies rules for employees Potentially minimizes Municipality s liability in case of misuse Increases security of Municipality s information Helps to safeguard privacy of citizens records 3 Develop and institute a network security policy regarding network intrusions Intrusions can be quickly identified, analyzed and fast remedial action taken thereby minimizing the impact of the intrusion 4 Develop procedures that govern Help desk activities Help desk tasks are carried out more effectively, more efficiently and more comprehensively in a consistent manner 5 Document GIS Processes Ensures processes are carried out in a correct, consistent and optimal manner 6 Document CMiC Processes Ensures processes are carried out in a correct and consistent manner 7 Set up documentation Ensures documentation is: Municipality of Chatham Kent 2008 IT Strategic Plan Page 152

repository on SharePoint portal Readily accessible Backed up Easy to maintain It should be noted that the above initiatives comprise a high level roadmap. When the plan is approved, appropriate work plans will need to be created for each project, and the necessary budget and resources allocated. Municipality of Chatham Kent 2008 IT Strategic Plan Page 153

Appendices Municipality of Chatham Kent 2008 IT Strategic Plan Page I

Appendix A. Interviews Interview Lists Paul Mackin (46 Interviews) Michael Barron (19 Interviews) MGCG Technical Resources (12 Interviews) Helen McLaren (Director, Information Technology Services) Roger Bruneel (Project Manager, Information Technology Services) Leo Denys (GM, Infrastructure & Engineering Services) Carl Herder (Police Chief) Mary Lou McLeod (Acting GM, Corporate Services) Stuart Wood (Director, Financial Services/Treasurer) Eveyln Bish (Acting GM, Community & Development Services) Randy Hope (Mayor) Dave Kenney (President, CK Energy Inc.) Carol Helmer (Telecommunications Analyst) Melanie Liddy (Help desk Attendant) Justin Luth (Network Support) Gord Claridge (Manager, Support & Technical Services) Deb DeBok (Help desk Attendant) Catherine Fitzgerald (Manager, Corporate Applications) Dom do Forno (Database Administrator) Jim Dudley (Telecommunications Administrator) Joann Kjeldsen (Web Project Manager) Marsha Millar (Children s Services) Shari Gabriele (Provincial Offices Court), Ron Stead (Customer Service) Leanne Segeren-Swayze (Municipal Service Centre) Jim McNamara/Gail Whitney (Budget) Val Colasanti (Ontario Works) Marylou Martin, Polly Smith, Peg Johns (Ontario Works) Gary Northcott (Engineering/Transportation) Paul Lacina (Building, Enforcement & Licensing) Christina Thomas (Ontario Works) Stephen Jahns (Infrastructure & Transportation) Annmarie Millson (Fleet Services) Marsha Coyne, Ralph Pugliese (Planning) Patricia Dauphin/Nelson Alves/Tracy Manso Bob Crawford (Fire Services) Christina Thomas/Linda Salisbury/Francis (at Shelley s office Centre for Community Services) Alan DeVillaer (Emergency Management) Janet Raddatz (Culture & Special Events), Jackie Sosnowski & Scott Mailing (Recreation Facilities), Ann Robinson Deb DeBok (Help desk) Bob Delahaye (Technician) Justin Luth (Server) Catherine Fitzgerald (Database Manager) Richard Drouillard (Database Admin) Kim MacIntyre (Training - unavailable) / Carlos Pisquem (Web Developers Roger Bruneel Jim Dudley & Carol Helmer Wednesday, Gord Claridge Fred Rouse & Justin Luth Catherine Fitzgerald Municipality of Chatham Kent 2008 IT Strategic Plan Page II

Paul Mackin (46 Interviews) Michael Barron (19 Interviews) MGCG Technical Resources (12 Interviews) Rebecca Newby (Administrative Assistant) Fred Rouse (Network Support) Carlos Pisquem (Senior Web Administrator Developer) Gerry Wolting (Acting CAO) Kim MacIntyre (Web Administrator Developer) (Recreation Services) Marianne Fenton, Norma Jay, Michele Cranny (Training, Payroll, Benefits) Tim Dick (Drainage, Environment & Fleet) James Sparks (GIS Technician) Richard Drouillard (Database Support) Hans Funk (Computer Technician) Tracy Manso (Customer/Financial Analyst CK Utilities) Tim Mifflin (Inspector CK Police) Fred Dixon (Computer Technician) Andrew Boan (Coordinator, Spatial Applications) Bob Delahaye (Computer Technician) Stephanie Richmond (Coordinator, Data Management) Shelley Wilkins, Linda Salisbury (Social Housing) Marjorie Crew (Councillor) Anne Gilbert (Councillor) Nelson Cavacas, Linda Pepper, Katrina Oliver (Engineering) Bill Weaver (Councillor) Kathryn Goodhue (Library Services) Colleen Wilson, Joann Johnston (Senior Services) Tom Kissner, Rob Bernardi, Scott Praill (Water/Wastewater) Municipality of Chatham Kent 2008 IT Strategic Plan Page III

Paul Mackin (46 Interviews) Michael Barron (19 Interviews) MGCG Technical Resources (12 Interviews) Lucy Brown (Health & Family Services) Stuart Wood/Laurie Logan re: PSAB Anne Coulter (Health Unit): meeting to be held in Anne s office Centre for Community Services, 435 Grand Avenue West) Steve Matheson, Carol Holling (Legal), Elinor Mifflin (Municipal Clerk) Municipality of Chatham Kent 2008 IT Strategic Plan Page IV

Appendix B Existing Business Processes Current Helpdesk Triage Process (documented as observed and described) End User Issue identified & calls into helpdesk No Is solution Acceptable? Yes Hardware Support Group Level 1 Tech to Troubleshoot Issue Yes Issue resolvable @ this level? No Yes Execute solution No Network Support Group Troubleshoot Issue Issue resolvable @ this level? No Yes Execute solution No Vendor Execute solution Was Issue Resolved? Yes Municipality of Chatham Kent 2008 IT Strategic Plan Page V

Current GIS Support Process (documented as observed and described) Issue identified & calls into support unit directly Issue identified & calls into helpdesk No Is solution Acceptable? Yes Yes GIS Technician to Troubleshoot Issue resolvable @ this level? Yes Execute solution No No Management Approval Yes Does Issue Require Vendor Support? No Management Notification & review Management Contingency Planning Process Management review with Tech Team No Yes Municipality of Chatham Kent 2008 IT Strategic Plan Page VI

Management Network Support Group Web Support Group End User Municipality of Chatham Kent 2008 IT Strategic Plan Page VII

Municipality of Chatham Kent 2008 IT Strategic Plan Page VIII

Appendix C MISA Findings (information pending Municipality s consent for use) Office Software Office Fax Web Voice Voice Municipality Suite Email Gateway Browser Dictation Mail >100,000 Burlington Chatham-Kent Greater Sudbury Halton Region Hamilton Kingston Kitchener London Markham Mississauga Niagara Region Oakville Oshawa Ottawa Oxford County Peel Region Municipality of Chatham Kent 2008 IT Strategic Plan Page IX

Office Fax Web Voice Voice Municipality Suite Email Gateway Browser Dictation Mail Thunder Bay Toronto Waterloo Region Windsor York Region 20,000-100,000 Ajax Brant County Brantford Brockville Bruce County Clarington Frontenac Grey County Haldimand County Halton Hills Leamington Middlesex County Milton Muskoka District Newmarket North Bay Peterborough Renfrew County Sarnia Municipality of Chatham Kent 2008 IT Strategic Plan Page X

Office Fax Web Voice Voice Municipality Suite Email Gateway Browser Dictation Mail Tecumseh Timmins Woodstock < 20,000 Loyalist Rideau Lakes South Dundas Municipality of Chatham Kent 2008 IT Strategic Plan Page XI

Technology Management Help Tech Desktop Software Patch Network Printer Municipality Desk Asset Mmgt Mgmt Deployment Mgmt Mgmt Mgmt Backup >100,000 Burlington Chatham-Kent Greater Sudbury Halton Region Hamilton Kingston Kitchener London Markham Mississauga Niagara Region Oakville Oshawa Ottawa Oxford County Peel Region Thunder Bay Toronto Waterloo Region Municipality of Chatham Kent 2008 IT Strategic Plan Page XII

Help Tech Desktop Software Patch Network Printer Municipality Desk Asset Mmgt Mgmt Deployment Mgmt Mgmt Mgmt Backup Windsor York Region 20,000-100,000 Ajax Brant County Brantford Brockville Bruce County Clarington Frontenac Grey County Haldimand County Halton Hills Leamington Middlesex County Milton Muskoka District Newmarket North Bay Peterborough Renfrew County Sarnia Tecumseh Timmins Municipality of Chatham Kent 2008 IT Strategic Plan Page XIII

Help Tech Desktop Software Patch Network Printer Municipality Desk Asset Mmgt Mgmt Deployment Mgmt Mgmt Mgmt Backup Woodstock < 20,000 Loyalist Rideau Lakes South Dundas Municipality of Chatham Kent 2008 IT Strategic Plan Page XIV

Key Applications 1 Emergency Finance/ Fleet Environmental Human Insurance Municipality Name Services Accounting Management Health Resources Risk/Management Libraries >100,000 Burlington Chatham-Kent Greater Sudbury Halton Region Hamilton Kingston Kitchener London Markham Mississauga Niagara Region Oakville Oshawa Ottawa Oxford County Peel Region Thunder Bay Toronto Waterloo Region Municipality of Chatham Kent 2008 IT Strategic Plan Page XV

Emergency Finance/ Fleet Environmental Human Insurance Municipality Name Services Accounting Management Health Resources Risk/Management Libraries Windsor York Region 20,000-100,000 Ajax Brant County Brantford Brockville Bruce County Clarington Frontenac Grey County Haldimand County Halton Hills Leamington Middlesex County Milton Muskoka District Newmarket North Bay Peterborough Renfrew County Sarnia Municipality of Chatham Kent 2008 IT Strategic Plan Page XVI

Emergency Finance/ Fleet Environmental Human Insurance Municipality Name Services Accounting Management Health Resources Risk/Management Libraries Tecumseh Timmins Woodstock < 20,000 Loyalist Rideau Lakes South Dundas Municipality of Chatham Kent 2008 IT Strategic Plan Page XVII

Key Applications 2 Long-Term Care/ Parking/ Parks & Property Public Public Works Municipality Name Seniors Parking Tags Recreation Payroll Police Management Health Infrastructure >100,000 Burlington Chatham-Kent Greater Sudbury Halton Region Hamilton Kingston Kitchener London Markham Mississauga Niagara Region Oakville Oshawa Ottawa Oxford County Peel Region Thunder Bay Toronto Waterloo Region Windsor York Region 20,000-100,000 Ajax Municipality of Chatham Kent 2008 IT Strategic Plan Page XVIII

Long-Term Care/ Parking/ Parks & Property Public Public Works Municipality Name Seniors Parking Tags Recreation Payroll Police Management Health Infrastructure Brant County Brantford Brockville Bruce County Clarington Frontenac Grey County Haldimand County Halton Hills Leamington Middlesex County Milton Muskoka District Newmarket North Bay Peterborough Renfrew County Sarnia Tecumseh Timmins Woodstock < 20,000 Loyalist Rideau Lakes South Dundas Municipality of Chatham Kent 2008 IT Strategic Plan Page XIX

Municipality of Chatham Kent 2008 IT Strategic Plan Page XX

Appendix D - Website Statistics Figure 19 Website Statistics Municipality of Chatham Kent 2008 IT Strategic Plan Page XXI

Municipality of Chatham Kent 2008 IT Strategic Plan Page XXII

Appendix E SWOT Analysis Organization and Governance IT within Business Areas Strengths Weaknesses Opportunities Threats o Support for sister organizations is in place o IT Organization is rational in design and governance including defined areas of roles and responsibilities o Help desk technicians do training to staff regularly on Suite response and Lotus Notes o Web team gets trained o Staff consider ITS to be responsive and skilled o Introduction of Municipality wide Program Management Office to manage projects and project standards o Introduction of new Municipal Technology Steering Committee (MTSC) to ensure that technology projects across the entire organization receive the ITS focus they deserve o Make ITS global organization reporting to CAO o Tracking of issues with more robust tool o ITS organizational structure is not optimal to support business structure is not focused on technology or services but on legacy and existing roles and responsibilities. o External to ITS, lack of understanding of how ITS is involved in overall functionality of Municipality o Historically, projects have been started or executed without understanding of implications of ITS o Lack of long-term strategic thinking from nonmanagement staff o Sometimes there is a Get it working mandate from business, rather than, give me a solution which is planned and well thought out o Some managers will resist change o Suite Response does not allow for reflection of true issue status Municipality of Chatham Kent 2008 IT Strategic Plan Page XXIII

Infrastructure IT within Business Areas It should be noted that, as a result of the amalgamation, the Municipality inherited many different platforms. These have been rationalized over time, but this rationalization has typically not involved the upgrade of platform due to budget constraints 18. Strengths Weaknesses Opportunities Threats o Systems work o Most users are happy with functionality o Most users report problems solved within timely manner o Migration to Exchange and Office 2007 will require technology refresh, simplify the user experience and streamline performance. o Help desk is not considered particularly effective o Help desk does not achieve standard 80% issue resolution on the first call (exact numbers are unavailable) o Islands of technology in place both in Service Level Organizations and with the deployment of a large number of access databases within the Municipality o Dependence on CITRIX when it is not required, performance issues therein o Office tool is now out of date o Many users computers are significantly behind in terms of performance. Organization is very subject to Moore s law o Departments have not kept their commitment to cash reserves for technology o Security concerns o Data accuracy concerns o Backup and recovery concerns 18 However the costs of maintaining a myriad of platforms running on old technology is likely more costly than the cost of upgrade. Municipality of Chatham Kent 2008 IT Strategic Plan Page XXIV

refresh o Web experience is genuinely disliked by most business staff interviewed Municipality of Chatham Kent 2008 IT Strategic Plan Page XXV

Policies and Procedures IT within Business Areas Strengths Weaknesses Opportunities Threats o Some processes are documented and the documentation followed o For the most part processes are not documented o Creation and implementation of policies across Municipality o Documentation standards o Review technology procurement and obsolescence standards o Review and update existing application currency o Some staff may resist change o Less rigour re policies than is desirable o Tracking of issues with more robust tool Municipality of Chatham Kent 2008 IT Strategic Plan Page XXVI

Physical Environment and Security IT within Business Areas Strengths Weaknesses Opportunities Threats o Video recording with security cameras and use of Panic Buttons and alarms o Individualized security codes o Increased deployment of video surveillance and alarms o Lack of spare parts or maintenance contracts o Battery backup of some telephone systems insufficient (although the battery only needs to provide power for 30 seconds until the generator kicks in) o Lack of maintenance contracts on equipment o Standards for security access not globally adopted o May be vulnerable to security threats Municipality of Chatham Kent 2008 IT Strategic Plan Page XXVII

Appendix F Draft To Be Role Descriptions Director Information Technology Services Job Summary Indicate the primary purpose of the job, referencing the results or outcomes expected from the job (rather than what is specifically done). This should briefly describe why the job exists. In conjunction with corporate mission statements and values, vision for and strategically position the technological advancements of the Municipality. Administer the preparation and reporting of the Information Technology Services department s short and long range plans. Serve as Chair Person of the Information Technology Steering Committee (ITSC) for the Municipality of Chatham-Kent. Reporting directly to the Chief Administration Officer, the Chair Person is responsible for ensuring that the ITSC develop and enforce appropriate technology standards for the Municipality and serve as advisor to all Municipal business areas on the technology implications for all ongoing projects and operations Coach, manage, develop and guide a highly specialized team of technical experts and allocate resources as prioritized by corporate goals and objectives. Ensure that the Municipality s required timelines and budgetary considerations are met or exceeded. Prepare annual budgets, business plans and manage the Information Technology Services budget in excess of $3,200,000. Provide overall management and definition of all computer and telecommunication activities within the enterprise including providing a leadership role in the day-to-day operations of the Information Technology Services functions, as well as provide direction as the enterprise technology needs expand across the Municipality. Provide strategic direction for developing and implementing new corporate wide enabling technologies to assist the Municipality with increased demands for information and service delivery to business units and citizens. Migrate the Municipality towards common infrastructure to reduce duplication and through a planned replacement maintenance program to ensure that the corporate investments do not become obsolete. The scope of the function extends from strategic planning for the departments role, to provide direction and support in the areas of networking, communication, geographic information services, web services, hardware and software technologies to satisfy the Municipality of Chatham Kent 2008 IT Strategic Plan Page XXVIII

enterprise business objectives. Direct technical experts to use technology in creative, collaborative and innovative ways to improve service to our citizens as well as develop efficiencies in our internal business processes. Monitor corporative initiatives, departmental projects, electronic services, information services operations through the use of technology. Support over 150 different computer applications, over 1400 users and 950 PCs that are located in 115 different sites across the Municipality. Municipality of Chatham Kent 2008 IT Strategic Plan Page XXIX

Major Responsibilities Recruit, manage, develop, motivate, lead and coach Technical specialists who monitor and maintain all computer related technology and allocate resources as prioritized by corporate goals and objectives. Includes hardware, software, computer networks, operating systems, data, security, phones, radios, copiers, printers, towers, switches, etc. for various organizations: Municipality, CK Energy, CK Responsible for direct supervision of 5 managers, who are accountable for providing expertise in technical matters and deployment of technology related services. Plan, develop, recommend and direct strategic and operational changes in using technology in collaborative and in innovative ways to improve service to our citizens as well as develop efficiencies in our internal business processes. Develop and foster successful business relationships and partnerships with both private and public sectors. Provide guidance, recommendations and demonstrates proven knowledge of a variety of technology principles and municipal policies and objectives. Manage and recommend maintenance enhancements to the telephone voice communication system (migrate to shared Infrastructure with data wherever Manage and recommend maintenance enhancements to the Municipality s Radio Communication Systems (major stakeholders - Police, Fire, Public Works Department and Public Utilities Commission). Manage Project Managers progress and implementation of computer related projects which cross all departmental Managers areas of the organization including the community to ensure project scope, budgets priorities, schedules and deliverables are met (e.g. High-speed internet, community web portal, CKLAG, electronic services, integration of systems, WAN, CK Learning Links, Economic Recommend, manage and co-ordinate priorities of computer systems and corporate software applications upgrades and future direction including Geographic Information Systems (GIS) and community web portal. Participate as part of Senior Management Team to develop recommendations on key strategies, policies, and directions; Establish approaches to service delivery; monitor services provided to ensure they meet Council directions. Develop, recommend, implement and manage long range policies and Information Systems infrastructure to ensure corporate and strategic goals are reached on budget within timelines based on organizational priorities. Initiate, participate, promote and co-ordinate various special projects focusing on community growth and enhancement (working with other agencies such as Health Alliance, School Boards, Colleges, Federal and Provincial governments, businesses ) e.g. Ministry of Economic Development and Trade, Industry Canada, Grants, Municipality of Chatham Kent 2008 IT Strategic Plan Page XXX

Plan and monitor the allocation of corporate resources and budgets. Research, develop, recommend and implement Information Systems Policies and controls to ensure data accuracy, security, legal and regulatory compliance. Review and implement business continuity and disaster planning: computer standards, backups, policies, etc. Effectively communicate using diplomacy and tact when dealing with internal and external customers and stakeholders in regard to various technology or business related processes and practices Negotiate and provide services through Service Level Agreements with CK Energy, CK PUC, Ontario Works, CKHA In conjunction with Human Resources, prioritize, recommend, plan and implement corporate training initiatives with respect to information and telecommunication technologies. Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXI

Manager of Technology Services Job Description: The Municipality of Chatham-Kent requires a full-time Manager for the Technology Services Group within the Department of Information Technology Services Responsibilities: Managing an existing team of technologists whose responsibilities include: Administering the Data Communications Network of the Municipality of Chatham-Kent Administering all Servers for the Municipality of Chatham-Kent which operate with Windows 2003, Solaris UNIX, Linux Enterprise wide Help desk Computer technicians Managing all Voice communications including legacy PBX systems, Mobile Phones, Voice/Data PDAs, and dispatch radio systems Network Security The establishment of an ITIL framework for Help desk and change management services through the Help desk and computer technicians The establishment of a methodology for technology maintenance and upgrades Vendor management including base applications infrastructure, telephony, network equipment, server, desktops, operating systems, radio and security systems. Utilizing appropriate corporate policy, working with business analysts and the IT Steering Committee, advises all business areas on technology selection all areas of municipal operations Project management, budgeting, prioritizing schedules for all non-operational activities to ensure deliverables are met Provides training and staff development Prepares and analyses project development and encourages new ideas and applications are identified and prioritized Accountable for providing expertise in technical matters, deployment and defining required license agreements and user restrictions Actively searches for new technologies and methods for applications and project development The management of several critical infrastructure efforts over the next five years which include: Migration from Novell Netware/Lotus Notes to Active Directory/Exchange Working with a single computer vendor, the development of a mechanism for desktop image management and technology refresh lifecycle The implantation of Microsoft SCCM for image and upgrade management The development and implementation of a security framework for the network infrastructure for the municipality Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXII

The development and implementation of a server and backup rationalization for the municipality The execution of a disaster recover simulation A TDM/VoIP migration Support for other ITS and Municipality IT initiatives as required Qualifications: Possess a diploma or degree from a related three-year Community College or University program in Engineering, Computer Science or Business with a focus on technology, or have equivalent industry experience A minimum of 10 years industry experience in IT Operations A minimum of 5 years industry experience with managing IT Operations organizations of at least 10 individuals Documented experience in IT Change Management ITIL Foundations Certified Desirable but not strictly required skills would include Experience in direct management of an IT Help desk Disaster Recovery Planning/Business Continuity Planning Exposure Experience in managing an enterprise telecommunications infrastructure group Experience in Server Consolidation and exposure to VMWare Technologies and Storage Area Networks Project Management training or certification Advanced ITIL Help desk certification Advanced ITIL Change Management certification ISO 17799 Security Certification Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXIII

Manager of Information Services Job Description: The Municipality of Chatham-Kent requires a full-time Manager of Information Services for the Information Technology Services division. Responsibilities: This position will be responsible the managing the staff necessary to support the technical and operational infrastructure necessary to support all business applications excluding the basic desktop environment, mail system, communications systems, servers and authentication. These applications presently or ultimately will include the following business areas: Web and internal web applications AMFM/GIS tools and applications Corporate Database tools CMiC Hansen Public Works Work Force Management HR Applications such as mpower Tax applications Will manage the introduction of Functional Business Analysts into the ITS group to support specific business area needs including Web and internal web application development (2008) Corporate Applications (2009) GIS (2009) Manages internal client expectations and strives for end-user buy-in of project deliverables and database integration to Corporate databases Develops and fosters successful business relationships and partnerships with both the private and public sectors Manages applications and development with use of appropriate standards through implementations and ensures project scope, budgets, priorities, schedules and deliverables are met Utilizing appropriate corporate policy, working with business analysts and the IT Steering Committee, advises all business areas on technology selection all areas of municipal operations Project management, budgeting, prioritizing schedules for all non-operational activities to ensure deliverables are met Provides training and staff development Prepares and analyses project development and encourages new ideas and applications are identified and prioritized Accountable for providing expertise in technical matters, deployment and defining required license agreements and user restrictions Actively searches for new technologies and methods for applications and project development Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXIV

Through the business analysts and, in some cases directly, manages the teams that: Develops, implements, maintains and administers corporate databases; this includes ensuring data quality of databases and integrity of systems Develops and administers data security and backups Maintains user security access to corporate databases Creates and documents procedures which impact corporate systems Tracks access, usage and performance metrics on corporate database systems Develops and implements database standards and policies; this includes developing data conversion processes with conversion vendors if required Provides guidance on data maintenance and management procedures to Municipality s departments; this includes converting, importing or exporting data in and out of the various corporate systems, and integrating data with or into various databases Provides direction to technical consultants for development of corporate database administration and AMFM/GIS tools and applications Manages problem resolution for Corporate Applications. Communicates effectively using diplomacy and tact when dealing with internal and external customers and stakeholders regarding the various corporate applications Confers with co-workers to determine the impact of database changes on other systems and staff cost for making changes to the databases Participates in departmental goal setting Other duties as assigned Qualifications: Possess a diploma from a related three-year Community College or University program in Computer Science, GIS or related field program, with six to ten years related experience Minimum five years experience in supervising staff Two to five years experience in a relational database environment Two to five years experience in a spatial data architecture environment Experience with advisory roles within a municipal or utilities environment Optional: Experience in Municipal and Utility business processes Experience in utilizing GIS applications Practical Knowledge of Business Process documentation and Management including the development of Use Case documentation Experience with business applications including Enterprise Resource Planning systems AOLS registration as an Ontario Land Surveyor (Geographic Information Management) Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXV

SQL/Oracle Database Administrator Job Description: The Municipality of Chatham-Kent requires a full-time Database Administrator person for the Information Technology Services division. Responsibilities: Developing, implementing, maintaining and administering Corporate databases. This includes ensuring data quality of databases and integrity of systems Developing and administering data security and backups Maintaining user security access to Corporate databases Creating and documenting procedures which impact Corporate systems Developing and implementing database standards and policies. This includes developing data conversion processes with conversion vendors if required Providing guidance on data maintenance and management procedures to Municipality s departments. This includes converting, importing or exporting data in and out of the various Corporate systems, and integrating data with or into various databases Providing direction to technical consultants for development of Corporate database administration tools and applications Troubleshooting problems from users of Corporate applications Implementing operating system and database upgrades Communicating effectively using diplomacy and tact when dealing with internal and external customers and stakeholders regarding the various Corporate applications Acting as a liaison with internal and external data users and stakeholders to facilitate data sharing and distribution; this includes in technical matters, deploying and defining license administering as required Tracking access, usage and performance metrics on Corporate database systems Demonstrating proven knowledge of database technology and principles such as: Software: Databases and Tools: Operating Systems: Languages Intergraph FRAMME SQL Server Enterprise Unix -AIX, Solaris XML ESRI ArcGIS 2000 and 2005 Windows Server Byers Mapviewer SQL Server 2003 MAS(Tax & Prop) Management Studio Linux- Harris Utility Billing 2005 RedHat,SuSie CMiC Enterprise Query Win NT/ 2000 / FMW Budget Analyzer/Analysis XP Hasen Manager Win 98 Class SQL Profiler INFOHR Oracle Enterprise EBT Software Manager FileNexus Document Management DBA Studio/Discover/SQL Plus Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXVI

Oracle ias Informix (DBAccess) SQL Server Mana ArcSDE Crystal Reports Conferring with co-workers to determine impact of database changes on other systems and staff cost for making changes to the databases Participating in departmental goal setting Other duties as assigned Qualifications: Possess a diploma from a related three-year Community College or University program in Data Processing or related field program, with six to ten years related experience Two to five years experience in a relational database environment Microsoft MCDBA 2000 Certification or MCTS SQL Server 2005 would be an asset Oracle Database Administrator 9i/10g /11g Certified Professional or Master would be an asset Experience with Municipal and Utility business processes would be an asset Experience with AMFM/GIS principals would be an asset Experience in utilizing SQLServer, Oracle, Informix and databases Experience in utilizing Unix and Microsoft operating systems Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXVII

Security Network Analyst Job Posting: The Municipality of Chatham-Kent has an opening for a permanent full-time Security and Network Analyst reporting to the Information Technology Services department. Responsibilities: Develop and maintain a network and security architecture for the Municipality of Chatham Kent. This architecture will include technology standards, design, processes, policies and procedures for the operating network Ensure the integrity and confidentiality of information residing in corporate databases, workstations, servers, and other systems. Monitor VPNs, server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and implement plans for resolution. Manage connection security and troubleshoot network performance for local area networks, wide area networks, company Web sites, corporate intranets/extranets/portals, and e-mail communications. Plan, design, and implement all security systems and their corresponding or associated software, including firewalls, VPNs, switches, routers, hubs, intrusion detection systems, cryptography systems, biometrics, and anti-virus software Take leadership and responsibility for the development of IT security policies and procedures, including those for end users, network procedures, and legal compliance. Oversee enforcement of policies and procedures for system security administration and user system access, based on industry standards Recommend and deploy additional security products and tools, or enhancements to existing tools, to detect violations of network security measures. Manage user logon procedures and password management practices Design and implement security system and end user activity audits Recommend, schedule and implement any improvement, modification, or replacement of network infrastructure components Perform analysis, diagnosis and resolution of complex network problems Conduct research on network products, services, protocols, and standards in support of network procurement and development efforts Interact and negotiate with vendors, outsourcers, and contractors to secure network products and services Working with the rest of the ITS network team, develop and implement policies for network asset management, including maintenance of network component inventory, related documentation, and technical specifications Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXVIII

Qualifications: Possess a diploma from a related three-year Community College program along with four to six years experience in troubleshooting network and security issues. CCSP and CISSP certification would be an asset. CCNP certification is required. Familiarity with MS Windows, Active Directory and the NT Environment along with working knowledge of routers, switches and Microsoft Office Suite of software would be an asset. Good organizational and time management skills to deal with a large volume of inquiries and the ability to execute tasks based on the priorities of the business needs Experience with creation of security policies and enforcement Possess strong problem solving, analytical and decision making skills Excellent customer service and communication skills Municipality of Chatham Kent 2008 IT Strategic Plan Page XXXIX

Technician Job Description: The Municipality of Chatham-Kent requires a permanent full-time Computer Technician for its Information Technology Services. Responsibilities: Support Help desk staff with answering of Help desk calls Analyze incoming calls, record issues according to ITIL Help desk procedures, and attempt to answer issues on first call. Assign calls as required Assess job related tasks as assigned and implement their completion to the satisfaction of the end user. Maintain the proper installation of hardware and software. Install, modify and make repairs to personal computer hardware and software. Install or assist in the installation of hardware and peripheral components such as monitors, keyboards, printers and disk drives on user s premises. Provide technical assistance and training to system users. Install standard corporate software and any specific software packages required by the ordering business unit. Development and maintenance of centralized PC image repository Responds to client enquiries concerning system operation. Diagnoses system hardware, software and operator problems. Provide after hours on-call support Provide support for add/changes/deletes with respect to PBX infrastructure Other duties as assigned. Qualifications: Possess a Diploma from a related two-year Community College Computer program along with two years related experience. Related experience in Novel and Microsoft environments, working knowledge of Microsoft Office, operational knowledge of Windows XP and Office 2007, Lotus Notes, Windows Server 2003, Active Directory and Exchange 2003 and an A+ Certification would be an asset. Working Knowledge of Microsoft SCCM environment and scripting Valid Ontario Driver s License. Certifications in information technology related fields. Knowledge of basic computer hardware.. Extensive application support experience. Working knowledge of a range of diagnostic utilities. Good understanding of the organization s goals and objectives. Detailed and meticulous with strong documentation skills. Municipality of Chatham Kent 2008 IT Strategic Plan Page XL

Ability to conduct research into a wide range of computing issues as required. Ability to absorb and retain information quickly. Ability to present ideas in user-friendly language. Highly self motivated and directed. Keen attention to detail. Proven analytical and problem-solving abilities. Ability to effectively prioritize and execute tasks in a high-pressure environment. Exceptional customer service orientation. Experience working in a team-oriented, collaborative environment. Municipality of Chatham Kent 2008 IT Strategic Plan Page XLI

Web Business Analyst Job Description: The Municipality of Chatham-Kent requires a permanent full-time Business Analyst to lead the Web Group in its Information Technology Services Division. Responsibilities: To lead the Web Services group as both web architect and project lead To enforce web development standards within the municipality To enforce.net application development standards for the municipalities To develop the functional specifications and oversee the design and implementation of all custom application development for all business areas within the Municipality To serve as chairperson of the Chatham-Kent Web advisory group which will have active participation from all major business areas and to ensure that the Web advisory group has active and robust participation and input from said business areas To lead specific projects related to the following web development initiatives as detailed in the IT Strategic Plan for the period from 2008 2012: o Design, development and implementation of a Corporate Intranet o Redesign of the corporate Web infrastructure o Specify, design and implement a Electronic Document/Records o Management System for the Municipality of Chatham-Kent Migrate existing internally developed applications to a Web based.net environment Operate as the relationship manager between the ITS web group and all business areas with respect to their departmental web needs Work with the Manager of Information Services as well as Business Relationship Manager for both Corporate Applications and GIS to ensure appropriate interconnection between all critical information services within the Municipality Work with the Manager of Technology Services to ensure that appropriate technology standards are in place and enforced within the municipality which will support both the Web and.net infrastructure environment. Serve as supervisor and mentor to the technical resources within the Web Services group Qualifications: College diploma or university degree in the field of computer science, business informatics or five years equivalent work experience. A minimum of two years leadership experience in a software or application development environment. Detailed operational knowledge of Windows XP and Office 2007 A working knowledge of business process documentation and the development of Use Cases Municipality of Chatham Kent 2008 IT Strategic Plan Page XLII

Experience working with a Systems Development Life Cycle based software development methodology Development experience with the.net environment and Microsoft SQL Development experience in the Microsoft SharePoint environment including the construction of Web Parts The successful candidate must have particular personal traits to ensure their ability to manage business relationships: Be a relationship builder, skilled at leading groups toward the development of consensus in technical and business matters Demonstrate a skill to develop an understanding of business area day to day operations, direction and needs Be an effective communicator who can clearly and concisely explain decisions, options, choices and technology The successful candidate may also have some of the following skills: Microsoft Knowledge Worker Certification SQLServer Development Certification Implementation experience with SharePoint Server 2007 Use Case Markup Language (UML) certification Municipality of Chatham Kent 2008 IT Strategic Plan Page XLIII

Application Business Analyst Job Description: The Municipality of Chatham-Kent requires a permanent full-time Business Analyst to lead the Corporate Applications Group in its Information Technology Services Division. Responsibilities: To lead the Applications Services group as both applications architect and project lead To enforce corporate applications selection standards within the municipality To enforce.net application development standards for the municipality To develop the functional specifications and oversee the selection, design, implementation and configuration of all application instantiation for all business areas within the Municipality To lead specific projects related to the following corporate application initiatives as detailed in the IT Strategic Plan for the period from 2009 2012: o Implementation of the Asset Management Software o Implementation of Public Works Work Force Management o Upgrade or select replacement for corporate Enterprise Resource Planning System o o Launch Enterprise Application Integration review for the Municipality Working with the web group to specify, design and implement a Electronic Document/Records Management System for the Municipality of Chatham-Kent Operate as the relationship manager between the ITS applications group and all business areas with respect to their departmental application needs Work with the Manager of Information Services as well as Business Relationship Manager for both Web and GIS to ensure appropriate interconnection between all critical information services within the Municipality Work with the Manager of Technology Services to ensure that appropriate technology standards are in place and enforced within the municipality which will support both the Web and.net infrastructure environment. Serve as supervisor and mentor to the technical resources within the Applications Services group Qualifications: College diploma or university degree in the field of computer science, business informatics or five years equivalent work experience. A minimum of two years leadership experience in a Enterprise Software Deployment Role A working knowledge of SQL and Oracle Database architectures Detailed operational knowledge of Windows XP and Office 2007 Municipality of Chatham Kent 2008 IT Strategic Plan Page XLIV

A working knowledge of business process documentation and the development of Use Cases Experience working with a Systems Development Life Cycle based software development methodology The successful candidate must have particular personal traits to ensure their ability to manage business relationships: o Be a relationship builder, skilled at leading groups toward the development of consensus in technical and business matters o Demonstrate a skill to develop an understanding of business area day to day operations, direction and needs o Be an effective communicator who can clearly and concisely explain decisions, options, choices and technology The successful candidate may also have some of the following skills: o Project Management Institute Certified o Use Case Markup Language (UML) certification o Training in Oracle Applications, PeopleSoft, SAP or other ERP systems Municipality of Chatham Kent 2008 IT Strategic Plan Page XLV

GIS Business Analyst Job Description: The Municipality of Chatham-Kent requires a permanent full-time Business Analyst to lead the Corporate Applications Group in its Information Technology Services Division. Responsibilities: To lead the GIS group as both applications architect and project lead To enforce corporate applications selection standards within the municipality To enforce GIS and GeoSpatial Data standards within the municipality To develop the functional specifications and oversee the selection, design, implementation and configuration of all GIS applications for all business areas within the Municipality To lead a specific and targeted effort to ensure that GIS and GeoSpatial Data Standards represents the core and basic data infrastructure under all application development efforts within the municipality Operate as the relationship manager between the ITS GIS group and all business areas with respect to their departmental GIS and GeoSpatial needs Develops and implements database standards and policies; this includes developing data conversion processes with conversion vendors if required Provides guidance on data maintenance and management procedures to Municipality s departments; this includes converting, importing or exporting data in and out of the various corporate systems, and integrating data with or into various databases Provides direction to technical consultants for development of corporate database administration and AMFM/GIS tools and applications Demonstrates proven knowledge of database technology and principles such as: Software: Databases (Tools): Operating Systems: ESRI ArcGIS Oracle Unix CMiC Enterprise AIX, Solaris USTI MAS Manager Win XP Tax & Property DBA Studio Win 2003 Application Discover server Harris CIS SQL Plus BASIS Hansen Informix On Point DBAccess Engineering Modelling Sequel platforms ArcSDE WaterCad Crystal Reports Dromey Language XML JAVA Visual Basic Municipality of Chatham Kent 2008 IT Strategic Plan Page XLVI

ArcIMS Familiar with the following data types: AutoCAD, Teranet MPAC CD Oasys Digital Ortho Photography GPS data and collection Requires knowledge of municipal business areas to develop business liaisons necessary with multi disciplinary clients. Manages problem resolution for Corporate Applications. Work with the Manager of Information Services as well as Business Relationship Manager for both Web and Applications to ensure appropriate interconnection between all critical information services within the Municipality Work with the Manager of Technology Services to ensure that appropriate technology standards are in place and enforced within the municipality which will support both the Web and.net infrastructure environment. Serve as supervisor and mentor to the technical resources within the GIS Services group Acts as a liaison with internal and external data users and stakeholders to facilitate data sharing and distribution. Tracks access, usage and performance metrics on corporate database systems Confers with co-workers to determine the impact of database changes on other systems and staff cost for making changes to the databases Participates in departmental goal setting Other duties as assigned Qualifications: College diploma or university degree in the field of computer science, business informatics or five years equivalent work experience. A minimum of two years leadership experience in a municipal or utilities GIS Role A working knowledge of Oracle Database architecture Detailed operational knowledge of Windows XP and Office 2007 Experience with ESRI ArcGIS Experience working with a Systems Development Life Cycle based software development methodology The successful candidate must have particular personal traits to ensure their ability to manage business relationships: o Be a relationship builder, skilled at leading groups toward the development of consensus in technical and business matters o Demonstrate a skill to develop an understanding of business area day to day operations, direction and needs o Be an effective communicator who can clearly and concisely explain decisions, options, choices and technology The successful candidate may also have some of the following skills: Municipality of Chatham Kent 2008 IT Strategic Plan Page XLVII

o o o Project Management Institute Certified Use Case Markup Language (UML) certification Training in Oracle Applications, PeopleSoft, SAP or other ERP systems Municipality of Chatham Kent 2008 IT Strategic Plan Page XLVIII

Network / Server Support The Municipality of Chatham-Kent requires a permanent full-time Network Support person for its Information Technology Services Division. This position will direct and co-ordinate local area computer network activities by performing the following duties: Assisting Database Administrators with all duties of maintaining a client server environment. Configuring, installing and maintaining local area network hardware and software such as personal computers, system software, software applications, printers, servers, routers, bridges, switches, modems, cabling and Internet service (owned or rented). Implementing policies and procedures related to network hardware and software acquisition, use, support and backup Maintaining network users, user environment, directories and security. Developing and implementing disaster plans and recovery procedures, builds in redundancy to reduce the need for disaster recovery procedures. Responding to the needs and questions of network users concerning their access to resources and the operation of various software programs. Communicating standards for use, operations, and security of network, personal computers and data Monitoring traffic load through the municipal network. Communicating with other departments to report and resolve software, hardware and operations problems. Consulting with department managers to develop system solutions consistent with organizational objectives. Researching and evaluating new technologies. Negotiating contracts with and coordinating activities of hardware and software. Installing, testing and making recommendations on software upgrades. Collaborating with Education Coordinator to arrange and/or deliver necessary training programs for users. Collecting and analyzing network and memory utilization. Qualifications: Possess a diploma from a related three-year Community College program along with two to five years experience in a related field. MCSE certified in Microsoft Windows Server 2003, Active Directory, and Exchange 2003 Working knowledge of Microsoft Office Suite 2007 Familiarity with Novel Netware and Lotus Notes Municipality of Chatham Kent 2008 IT Strategic Plan Page XLIX

Working knowledge of Cisco Routers and Switches Municipality of Chatham Kent 2008 IT Strategic Plan Page L

Technician Supervisor Job Description: The Municipality of Chatham-Kent requires a full-time Supervisor for computer/telecom technicians as well as the Help desk within the Technology Services group of Department of Information Technology Services Responsibilities: Manage the day to day operation of the ITS Help desk including: Issue management, trouble ticket resolution and escalation Monthly trouble ticket and issue reporting to the Manager of Technology Services Enforcement of internal and external service level agreements for the municipality as well as the collection of and reporting of appropriate metrics and/or exceptions Working with Manager of Technology Services: Establish and operate an ITIL based Help desk infrastructure for computer and telecommunications support and services within the Municipality Develop and implement a detailed technology maintenance and update methodology for the Municipality Develop and implement a methodology for adds/changes/deletes for all information or telecommunications technology utilized by the municipality or municipal employees at the behest of the municipality Manage and support all media and audio visual technology deployed in the municipality including user access, session setup and teardown Serve as a Relationship Manager between IT users in the municipality and the Help desk Manage inventory for all IT and telecommunications infrastructure within the municipality along the entire technology life cycle from acquisition through to retirement Ensure appropriate training and skills for all technicians with respect to: Microsoft Windows XP/Vista Operating Systems Microsoft Office 2007 including Outlook Mail Other non-business specific global applications such as Acrobat Reader/Writer, Photoshop Support for other ITS and Municipality IT initiatives as required Qualifications: Possess a diploma or degree from a related three-year Community College or University program in Engineering, Computer Science or Business with a focus on technology, or have equivalent industry experience Municipality of Chatham Kent 2008 IT Strategic Plan Page LI

Solid technology experience with PC Desktop infrastructure, technology lifecycle management and basic telecommunications A minimum of 10 years industry experience in IT Help desk Operations A minimum of 2 years industry experience with supervising IT Operations organizations of at least 10 technical individuals Process orientation, metrics driven Desirable but not strictly required skills would include ITIL Foundations Certified Experience in managing an enterprise telecommunications infrastructure group Municipality of Chatham Kent 2008 IT Strategic Plan Page LII

Help desk Coordinator Job Description: The Municipality of Chatham-Kent requires a permanent full-time Help desk Attendant for its Information Technology Services Division. Responsibilities: Follow and ITIL based service support process for user issues which will allow the employee to: o Field incoming help requests from end users via both telephone and e- mail in a prompt and courteous manner. o Document all pertinent end user identification information, including name, department, contact information, and nature of problem or issue. o o o o o o o Build rapport and elicit problem details from Help desk customers. Prioritize and schedule problems. Escalate problems (when required) to the appropriately experienced technician by a predefined escalation path Record, track, and document the Help desk request problem-solving process, including all successful and unsuccessful decisions made, and actions taken, through to final resolution. Apply diagnostic utilities to aid in troubleshooting. Access software updates, drivers, knowledge bases, and frequently asked questions resources on the Internet/Intranet to aid in problem resolution. Identify and learn appropriate software and hardware used and supported by the organization. Perform hands-on fixes at the desktop level, including installing and upgrading software, installing hardware, implementing file backups, and configuring systems and applications. o Install anti-virus software. o Test fixes to ensure problem has been adequately resolved. o Perform post-resolution follow-ups to help requests. o Evaluate documented resolutions and analyze trends for ways to prevent future problems. o Develop help sheets and frequently asked questions lists for end users. Coordinator should have the ability to resolve 80% of client issues with first call or escalate to computer technicians Qualifications: College diploma or university degree in the field of computer science and/or 2 years equivalent work experience. Detailed operational knowledge of Windows XP and Office 2007 Certifications in information technology related fields. Knowledge of basic computer hardware.. Municipality of Chatham Kent 2008 IT Strategic Plan Page LIII

Extensive application support experience. Working knowledge of a range of diagnostic utilities. Good understanding of the organization s goals and objectives. Exceptional written and oral communication skills. Exceptional interpersonal skills, with a focus on rapport-building, listening, and questioning skills. Detailed and meticulous with strong documentation skills. Ability to conduct research into a wide range of computing issues as required. Ability to absorb and retain information quickly. Ability to present ideas in user-friendly language. Highly self motivated and directed. Keen attention to detail. Proven analytical and problem-solving abilities. Ability to effectively prioritize and execute tasks in a high-pressure environment. Exceptional customer service orientation. Experience working in a team-oriented, collaborative environment Municipality of Chatham Kent 2008 IT Strategic Plan Page LIV

Appendix G Terminology Lexicon Term.NET Active Directory (AD) As-Is assessment Definition Both a business strategy from Microsoft and its collection of programming support for what are known as Web services, the ability to use the Web rather than your own computer for various services. Microsoft's trademarked directory service, an integral part of the Windows Server architecture. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. An assessment of the current situation (in relation to the Information Technology department, its processes, its staff, its infrastructure, and the business units it impacts) at the Municipality of Chatham-Kent C# (Sharp) (Pronounced "C-sharp") is an object-oriented programming language from Microsoft that aims to combine the computing power of C++ with the programming ease of Visual Basic. C# is based on C++ and contains features similar to those of Java. C# is designed to work with Microsoft's.NET platform. CA CAO CFO COO Citrix Corporate Applications Chief Administrative Officer. Responsible for administrative management of private, public or governmental corporations. The Chief Financial Officer (CFO) of a company or public agency is the corporate officer primarily responsible for managing the financial risks of the business or agency. This officer is also responsible for financial planning and recordkeeping, as well as financial reporting to higher management. A Chief Operating Officer or Chief Operations Officer (COO) is a corporate officer responsible for managing the day-today activities of the corporation. The COO is one of the highest ranking members of an organization, monitoring the daily operations of the company and reporting to the Board of Directors. The COO is usually an executive or senior vice president. Citrix is a thin client (a client computer or client software in client-server architecture networks which depends primarily Municipality of Chatham Kent 2008 IT Strategic Plan Page LV

Term CKPUC CKTraax CMiC CRM DBA Definition on the central server for processing activities, and mainly focuses on conveying input and output between the user and the remote server), terminal services and remote access software that allow organizations to conveniently manage and deliver applications over the network and over the Internet. Chatham-Kent Public Utilities Commission An in-house Municipality of Chatham-Kent issue tracking tool for tracking accountability and excellence that uses SuiteResponse and Hansen. CMiC is the leader in creating the most complete, integrated and advanced enterprise-wide software solutions. CMiC is the only software provider that offers solutions to cover every aspect of a project-based business, including financials, project management, customer relationship management and human capital management. Customer Relationship Management. An information industry term for methodologies, software, and usually Internet capabilities that help an enterprise manage customer relationships in an organized way. For example, an enterprise might build a database about its customers that described relationships in sufficient detail so that management, salespeople, people providing service, and perhaps the customer directly could access information, match customer needs with product plans and offerings, remind customers of service requirements, know what other products a customer had purchased, and so forth. Database Administrator a person who is responsible for the environmental aspects of a database. In general, these include: Recoverability - Creating and testing Backups Integrity - Verifying or helping to verify data integrity Security - Defining and/or implementing access controls to the data Availability - Ensuring maximum uptime Performance - Ensuring maximum performance given budgetary constraints Development and testing support - Helping programmers and engineers to efficiently utilize the database. DRD Team Direct Reports to Director team Municipality of Chatham Kent 2008 IT Strategic Plan Page LVI

Term EAI ESX (VMWare) GIS GSX (VMWare) Hansen Definition Enterprise Application Integration system a business computing term for the plans, methods, and tools aimed at modernizing, consolidating, and coordinating the computer applications in an enterprise. Typically, an enterprise has existing legacy applications and databases and wants to continue to use them while adding or migrating to a new set of applications that exploit the Internet, e-commerce, extranet, and other new technologies. EAI may involve developing a new total view of an enterprise's business and its applications, seeing how existing applications fit into the new view, and then devising ways to efficiently reuse what already exists while adding new applications and data. VMware ESX Server is an enterprise-level virtualization product offered by VMware, Inc., a division of EMC Corporation. ESX Server is a component of VMware's larger offering, Virtual Infrastructure, which adds management and reliability services to the core server product. The basic server requires some form of persistent storage - typically an array of hard disk drives - for storing the virtualization kernel and support files. Geographical Information System enables you to envision the geographic aspects of a body of data. Basically, it lets you query or analyze a database and receive the results in the form of some kind of map. Geographic information is described explicitly in terms of geographic coordinates (latitude and longitude or some national grid coordinates) or implicitly in terms of a street address, postal code, or forest stand identifier. A geographic information system contains the ability to translate implicit geographic data (such as a street address) into an explicit map location. VMware Server (formerly GSX Server) is an entry-level server virtualization software suite from VMware, Inc. VMware released version 1.0 of Server on July 12, 2006. Server is a continuation of the retired GSX Server product line. VMware Server can create, edit, and play virtual machines. It uses a client-server model, allowing remote access to virtual machines, at the cost of some graphical performance (and 3D support). In addition to the ability to run virtual machines created by other VMware products, it can also run virtual machines created by Microsoft Virtual PC. Application used to maintain licenses, permits and various inspections. The building, licensing and planning departments Municipality of Chatham Kent 2008 IT Strategic Plan Page LVII

Term HR Internet Intranet IT ITS ITSP LAN Definition use this application. Human Resources A worldwide system of computer networks - a network of networks in which users at any one computer can, if they have permission, get information from any other computer (and sometimes talk directly to users at other computers). The Internet is a public, cooperative, and self-sustaining facility accessible to hundreds of millions of people worldwide. Physically, the Internet uses a portion of the total resources of the currently existing public telecommunication networks. Technically, what distinguishes the Internet is its use of a set of protocols called TCP/IP (for Transmission Control Protocol/Internet Protocol). Two recent adaptations of Internet technology, the Intranet and the extranet, also make use of the TCP/IP protocol. A private network that is contained within an enterprise. It may consist of many interlinked local area networks and also use leased lines in the wide area network. Typically, an Intranet includes connections through one or more gateway computers to the outside Internet. The main purpose of an Intranet is to share company information and computing resources among employees. An Intranet can also be used to facilitate working in groups and for teleconferences. An Intranet uses TCP/IP, HTTP, and other Internet protocols and in general looks like a private version of the Internet. With tunneling, companies can send private messages through the public network, using the public network with special encryption/decryption and other security safeguards to connect one part of their Intranet to another. Information Technology the study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware. Information Technology Services Information Technology Strategic Plan Local Area Network - a group of computers and associated devices that share a common communications line or wireless link. Typically, connected devices share the resources of a single processor or server within a small geographic area (for example, within an office building). Usually, the server has applications and data storage that are shared in common by multiple computer users. A local area network may serve as Municipality of Chatham Kent 2008 IT Strategic Plan Page LVIII

Term LDAP Lotus Notes Domino LTO Tape Microsoft Content Management Server (MCMS) Microsoft Exchange Microsoft Groove Definition few as two or three users (for example, in a home network) or as many as thousands of users. Lightweight Directory Access Protocol - a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet. In a network, a directory tells you where in the network something is located. On TCP/IP networks (including the Internet), the domain name system (DNS) is the directory system used to relate the domain name to a specific network address (a unique location on the network). However, you may not know the domain name. LDAP allows you to search for an individual without knowing where they're located (although additional information will help with the search). Lotus Domino is an IBM server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. Linear Tape-Open (or LTO) is a magnetic tape data storage technology developed as an open alternative to the proprietary Digital Linear Tape (DLT). The technology was developed and initiated by Seagate, Hewlett-Packard, and IBM. MCMS (Microsoft Content Management Server) is a Microsoft product intended for small to medium enterprises that require Content management functionality on their web site, Intranet or portal. Microsoft Exchange Server is a messaging and collaborative software product developed by Microsoft. It is part of the Microsoft Servers line of server products and is widely used by enterprises using Microsoft infrastructure solutions. Exchange's major features consist of electronic mail, calendaring, contacts and tasks, and support for the mobile and webbased access to information, as well as supporting data storage. Microsoft Office Groove is a proprietary peer-to-peer collaborative software product aimed at teams with members who are likely to be regularly off-line or who do not share the same network security clearance. The product is included with the Enterprise and Ultimate editions of Microsoft Office 2007 and can be obtained as a standalone application. The central Groove paradigm is the shared workspace, a set of files to be shared plus some aids for group collaboration. A Municipality of Chatham Kent 2008 IT Strategic Plan Page LIX

Term Microsoft InfoPath Microsoft OneNote Microsoft SharePoint Microsoft Windows NT 4 Definition Groove user creates a workspace and then invites other Groove users into it. Each person who responds to an invitation becomes an active member of that workspace and is sent a copy of the workspace that is installed on his or her hard disk drive. All data is encrypted both on disk and over the network, with each workspace having a unique set of cryptographic keys. This local copy avoids the physical distance between the user and his data. In other words, a workspace is the private virtual location where users who are members interact and collaborate. From that moment on, Groove keeps track of the changes being made and keeps all the copies synchronized via the network in a peer-to-peer manner, near-instantaneously. Microsoft InfoPath is an application used to develop XMLbased data entry forms. The main feature of InfoPath is its ability to author and view XML documents with support for custom-defined XML schemas. It can connect to external systems using XML Web Services through MSXML and the SOAP Toolkit, and back-end and middle-tier systems can be configured to communicate by using Web services standards such as SOAP, UDDI, and WSDL. Additionally, since InfoPath documents are raw XML, it is possible to directly repurpose the data in other XML processors. Microsoft OneNote is a tool for note taking, information gathering, and multi-user collaboration by Microsoft. While many earlier systems relied on linear text flow (simple lists), OneNote visualizes notes as a two dimensional page. OneNote also adds modern features such as drawings, pictures, multimedia audio, video, and ink as well as multi-user sharing of notes. SharePoint is a portal-based collaboration and document management platform from Microsoft. It can be used to host web sites, termed SharePoint Portals, which can be used to access shared workspaces and documents, as well as specialized applications such as wikis and blogs, from within a browser. SharePoint functionality is exposed as web parts, which are components that implement certain functionality, such as a task list, or discussion pane. These web parts are then composed into web pages, which are then hosted in the SharePoint portal. SharePoint sites are actually ASP.NET applications, which are served using IIS and use a SQL Server database as data storage backend. Windows NT 4.0 is a preemptive, graphical and businessoriented operating system designed to work with either Municipality of Chatham Kent 2008 IT Strategic Plan Page LX

Term Definition uniprocessor or symmetric multi-processor computers. It is the fourth release of Microsoft's Windows NT line of operating systems and was released to manufacturing on July 29, 1996. It is a 32-bit Windows system available in both workstation and server editions with a graphical environment similar to that of Windows 95 Microsoft Windows Windows Vista is the latest release of the Microsoft Windows Vista operating system platform. Microsoft Windows XP Windows XP is the successor to both Windows 2000 Professional and Windows Me, and is the first consumeroriented operating system produced by Microsoft to be built on the Windows NT kernel and architecture. Windows XP was first released on October 25, 2001 MX Record MTSC NIC Novell Directory Services (NDS) Oracle OS An MX record or Mail exchanger record is a type of resource record in the Domain Name System (DNS) specifying how Internet e-mail should be routed. MX records point to the servers that should receive e-mail, and their priority relative to each other. Municipal Technology Steering Committee Network Interface Card (hardware) - a computer circuit board or card that is installed in a computer so that it can be connected to a network. Network interface cards provide a dedicated, full-time connection to a network. A software product for managing access to computer resources and keeping track of the users of a network, such as a company's Intranet, from a single point of administration. Using NDS, a network administrator can set up and control a database of users and manage them using a directory with a graphical user interface (GUI). Users of computers at remote locations can be added, updated, and managed centrally. Applications can be distributed electronically and maintained centrally. Oracle Database (commonly referred to as Oracle RDBMS or simply as Oracle) is a relational database management system (RDBMS) software product released by Oracle Corporation that has become a major feature of database computing. An Operating System (sometimes abbreviated as "OS") is the program that, after being initially loaded into the computer by a boot program, manages all the other programs in a computer. The other programs are called applications or application programs. The application programs make use of the operating system by making requests for services through Municipality of Chatham Kent 2008 IT Strategic Plan Page LXI

Term OWA PBX PDA PHP PSAB Definition a defined application program interface (API). In addition, users can interact directly with the operating system through a user interface such as a command language or a graphical user interface (GUI). Outlook Web Access a web-based Microsoft Exchange email client Private Branch exchange (PBX) is a telephone exchange that serves a particular business or office, as opposed to one that a common carrier or telephone company operates for many businesses or for the general public. PBXs are also referred to as: PABX - Private Automatic Branch exchange EPABX - Electronic Private Automatic Branch exchange PBXs make connections among the internal telephones of a private organization usually a business and also connect them to the public switched telephone network (PSTN) via trunk lines. Because they incorporate telephones, fax machines, modems, and more, the general term "extension" is used to refer to any end point on the branch. Personal Digital Assistant a term for any small mobile handheld device that provides computing and information storage and retrieval capabilities for personal or business use, often for keeping schedule calendars and address book information handy. The term handheld is a synonym. Most PDAs have a small keyboard. Some PDAs have an electronically sensitive pad on which handwriting can be received. Typical uses include schedule and address book storage and retrieval and note-entering. However, many applications have been written for PDAs. Increasingly, PDAs are combined with telephones and paging systems. A script language and interpreter that is freely available and used primarily on Linux Web servers. PHP, originally derived from Personal Home Page Tools, now stands for PHP: Hypertext Preprocessor. PHP is an alternative to Microsoft's Active Server Page (ASP) technology. As with ASP, the PHP script is embedded within a Web page along with its HTML. Before the page is sent to a user that has requested it, the Web server calls PHP to interpret and perform the operations called for in the PHP script. Public Sector Accounting Board. Municipality of Chatham Kent 2008 IT Strategic Plan Page LXII

Term RPC/HTTPS SAN SCADA SCCM SLA SME SOA Definition Remote Procedure Call / Hypertext Transfer Protocol over Secure Socket Layer. Feature of Exchange and Outlook that allows a connection to an Exchange server, over the internet, without a VPN. Storage Area Network - a high-speed special-purpose network (or sub network) that interconnects different kinds of data storage devices with associated data servers on behalf of a larger network of users. Typically, a storage area network is part of the overall network of computing resources for an enterprise. Supervisory Control and Data Acquisition - a category of software application program for process control, the gathering of data in real time from remote locations in order to control equipment and conditions. SCADA is used in power plants as well as in oil and gas refining, telecommunications, transportation, and water and waste control. SCADA systems include hardware and software components. The hardware gathers and feeds data into a computer that has SCADA software installed. The computer then processes this data and presents it in a timely manner. SCADA also records and logs all events into a file stored on a hard disk or sends them to a printer. SCADA warns when conditions become hazardous by sounding alarms. Microsoft System Center Configuration Manager Service Level Agreement that part of a service contract where the level of service is formally defined. An SLA is a formally negotiated agreement between two parties. It is a contract that exists between customers and their service provider, or between service providers. It records the common understanding about services, priorities, responsibilities, guarantee, and such collectively, the level of service. For example, it may specify the levels of availability, serviceability, performance, operation, or other attributes of the service like billing and even penalties in the case of violation of the SLA. Subject Matter Expert a person who is an expert in a particular area. Invariably, the term is used when there are professionals with expertise in the field of application but without technical project knowledge. Service-Oriented Architecture an architectural style that guides all aspects of creating and using business processes, packaged as services, throughout their lifecycle, as well as defining and provisioning the IT infrastructure that allows Municipality of Chatham Kent 2008 IT Strategic Plan Page LXIII

Term SQL SuiteResponse SWOT Analysis TDM Telephony Definition different applications to exchange data and participate in business processes loosely coupled from the operating systems and programming languages underlying those applications. SOA represents a model in which functionality is decomposed into small, distinct units (services), which can be distributed over a network and can be combined together and reused to create business applications. These services communicate with each other by passing data from one service to another, or by coordinating an activity between two or more services. Structured Query Language - a standard interactive and programming language for getting information from and updating a database. Although SQL is both an ANSI and an ISO standard, many database products support SQL with proprietary extensions to the standard language. Queries take the form of a command language that lets you select, insert, update, find out the location of data, and so forth. There is also a programming interface. A Lotus Notes based Issue Tracking tool that is severely outdated and non-robust. Strengths, Weaknesses, Opportunities, Threats analysis a strategic planning tool used to evaluate the Strengths, Weaknesses, Opportunities, and Threats involved in a project or in a business venture. It involves specifying the objective of the business venture or project and identifying the internal and external factors that are favorable and unfavorable to achieving that objective. Time Division Multiplexing a type of digital or (rarely) analog multiplexing in which two or more signals or bit streams are transferred apparently simultaneously as sub-channels in one communication channel, but physically are taking turns on the channel. In circuit switched networks such as the Public Switched Telephone Network (PSTN) there exists the need to transmit multiple subscribers calls along the same transmission medium. To accomplish this, network designers make use of TDM. TDM allows switches to create channels, also known as tributaries, within a transmission stream. Telephony is the technology associated with the electronic transmission of voice, fax, or other information between distant parties using systems historically associated with the telephone, a handheld device containing both a speaker or transmitter and a receiver. Municipality of Chatham Kent 2008 IT Strategic Plan Page LXIV

Term TSS UPS VMWare VNC VoIP VPN Definition Technical Support Services. Uninterruptable Power Supply - a device that allows your computer to keep running for at least a short time when the primary power source is lost. It also provides protection from power surges. A UPS contains a battery that "kicks in" when the device senses a loss of power from the primary source. If you are using the computer when the UPS notifies you of the power loss, you have time to save any data you are working on and exit gracefully before the secondary power source (the battery) runs out. When all power runs out, any data in your computer's random access memory (RAM) is erased. When power surges occur, a UPS intercepts the surge so that it doesn't damage your computer. VMWare (Virtual Machine) allows multiple operating systems to run simultaneously from one piece of hardware. This type of configuration is also known as Virtualization. Virtual Network Computing (VNC) is a graphical desktop sharing system which uses the RFB protocol to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network. VNC is platform-independent a VNC viewer on any operating system can usually connect to a VNC server on any other operating system. There are clients and servers for almost all GUI operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses for this technology include remote technical support and accessing files on one's work computer from one's home computer. Voice over Internet Protocol - an IP telephony term for a set of facilities used to manage the delivery of voice information over the Internet. VoIP involves sending voice information in digital form in discrete packets rather than by using the traditional circuit-committed protocols of the public switched telephone network (PSTN). A major advantage of VoIP and Internet telephony is that it avoids the tolls charged by ordinary telephone service. Virtual Private Network a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased Municipality of Chatham Kent 2008 IT Strategic Plan Page LXV

Term Definition lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost. WAN Wi-Fi WIKI A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses. Wide Area Network a geographically dispersed telecommunications network. The term distinguishes a broader telecommunication structure from a local area network (LAN). A wide area network may be privately owned or rented, but the term usually connotes the inclusion of public (shared user) networks. Wi-Fi (short for "wireless fidelity") is a term for certain types of wireless local area network (WLAN) that use specifications in the 802.11 family. Wi-Fi has gained acceptance in many businesses, agencies, schools, and homes as an alternative to a wired LAN. Unless adequately protected, a Wi-Fi network can be susceptible to access by unauthorized users who use the access as a free Internet connection. A wiki (sometimes spelled "Wiki") is a server program that allows users to collaborate in forming the content of a Web site. With a wiki, any user can edit the site content, including other users' contributions, using a regular Web browser. Basically, a wiki Web site operates on a principle of collaborative trust. The term comes from the word "wikiwiki," which means "fast" in the Hawaiian language. WEP Wired Equivalent Privacy (Wireless Security protocol) - designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN WLAN WPA Wireless Local Area Network a mobile user can connect to a local area network (LAN) through a wireless (radio) connection. Wi-Fi Protected Access a security standard for users of computers equipped with Wi-Fi wireless connection. It is an improvement on and is expected to replace the original Wi-Fi Municipality of Chatham Kent 2008 IT Strategic Plan Page LXVI

Term WPA-RADIUS Definition security standard, Wired Equivalent Privacy (WEP). WPA provides more sophisticated data encryption than WEP and also provides user authentication (WEP's user authentication is considered insufficient). WEP is still considered useful for the casual home user, but insufficient for the corporate environment where the large flow of messages can enable eavesdroppers to discover encryption keys more quickly. WPA's encryption method is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the weaknesses of WEP by including a per-packet mixing function, a message integrity check, an extended initialization vector, and a re-keying mechanism. WPA provides "strong" user authentication based on 802.1X and the Extensible Authentication Protocol (EAP). WPA depends on a central authentication server such as RADIUS to authenticate each user. Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Having a central service also means that it's easier to track usage for billing and for keeping network statistics. Municipality of Chatham Kent 2008 IT Strategic Plan Page LXVII

Deliverables Index Best Practices and Initiatives within Municipalities... 87 As Is" Infrastructure including connectors... 25 To Be Architecture... 79 Architecture Requirements Analysis... 68 Asset Management / Inventory Software... 30 Budget for Password Management and Mail Replacement... 96 Budgets - Years 3-5... 105 Business Process Documentation...IV Business Processes... 47 Change Management... 113 CKTraxx... 27 Customer Support Changes... 108 Disaster Recovery Planning Guidelines... 122 Geographical Information Systems (GIS)... 41 Governance... 109 High Level Information Systems & Communication Network Architecture... 68 Network Security... 46 Network Topology... 36 Observations from Interviews... 22 Opportunity Analysis - 5 Year... 89 Policies and Procedures...47, 113 Policies and Procedures IT within Business Areas...XXIII Process Changes...109 Required Application Matrix...68 Salary Comparison...88 Security...124 Service-Oriented Architecture...59 Summary of Recommendations Application Infrastructure...131 Summary of Recommendations Business Processes...134 Summary of Recommendations Network Infrastructure...132 Tactical Cycle #1 Infrastructure Rationalization and Renewal...91 Tactical Cycle #2 Security, Redundancy, Reliability...101 Tactical Cycle #3 Realizing the vision: Seamless Access and Communications...104 Technical Standards...64 Technology Refresh Policy...86 Vision Statement for ITS...89 Voice Communications Infrastructure.43 Web Department...48 Web Infrastructure...31 Web/Portal Services...108 Website Statistics... XX Municipality of Chatham Kent 2008 IT Strategic Plan Page LXVIII