DHHS Directive Number II-12



Similar documents
U.S. Department of Education. Office of the Chief Information Officer

RRC STAFF OPINION PERIODIC REVIEW AND EXPIRATION OF EXISTING RULES REPORT

G.S. 143B A Page 1

UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET Data Administration and Management (Public)

NC General Statutes - Chapter 147 Article 3D 1

TITLE III INFORMATION SECURITY

Software Licenses Managing the Asset and Related Risks

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

Information Technology Governance Overview and Charter

CLASS FAMILY: Business Operations and Administrative Management

Department of Defense DIRECTIVE

UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO TABLE OF CONTENTS

U.S. Department of Energy Washington, D.C.

APHIS INTERNET USE AND SECURITY POLICY

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

I. Purpose - 1 MD # 0005

State of Minnesota IT Governance Framework

STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE

Audit of Veterans Health Administration Blood Bank Modernization Project

STATE OF HAWAII CHIEF INFORMATION OFFICER AND THE OFFICE OF INFORMATION MANAGEMENT AND TECHNOLOGY UPDATE ON THE INFORMATION TECHNOLOGY STRATEGIC PLAN

Information Resources Security Guidelines

Department of Defense INSTRUCTION

ClOP CHAPTER Departmental Information Technology Governance Policy TABLE OF CONTENTS. Section 39.1

Enterprise Resource Planning Presentation to the Joint Legislative Oversight Committee on Information Technology.

Technical Competency Framework for Information Management (IM)

HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)

COMMAND, CONTROL, COMMUNICATIONS, COMPUTERS AND INFORMATION TECHNOLOGY (C4&IT) INFRASTRUCTURE MANAGEMENT POLICY

Significant Revisions to OMB Circular A-127. Section Revision to A-127 Purpose of Revision Section 1. Purpose

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

CITRIX SYSTEMS, INC. CORPORATE GOVERNANCE GUIDELINES

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

NC General Statutes - Chapter 90 Article 29A 1

PBGC Information Security Policy

Telecommunications Systems Manager I (Supervisor) Essential Task Rating Results

How To Manage Information Security At A University

TITLE I GENERAL PROVISIONS

DEPARTMENTAL DIRECTIVE

Information Security Program Management Standard

Reviews to Determine Architectural Compliance of Information Technology Acquisitions Need to Be Consistently Performed and Documented.

ASSETS: TRACKING, INVENTORY, AND DISPOSAL OF ASSETS, AND ACQUISITION OF REAL PROPERTY

North Carolina Government Data Analytics Center

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

BPA Policy Cyber Security Program

Innovation and Technology Department

Utica College. Information Security Plan

Information Security Program

How To Write A Contract For Software Quality Assurance

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance

Department of Defense DIRECTIVE. SUBJECT: Management of the Department of Defense Information Enterprise

FSIS DIRECTIVE

OCC 98-3 OCC BULLETIN

Public Procurement Position Descriptions

Five-Year Strategic Plan

Department of Defense INSTRUCTION

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

DOD BUSINESS SYSTEMS MODERNIZATION. Additional Action Needed to Achieve Intended Outcomes

Management and Use of Information & Information Technology (I&IT) Directive. Management Board of Cabinet

MaxMD 2200 Fletcher Ave. 5 th Floor Fort Lee, NJ (201) support@max.md Page 1of 10

Professional Level Public Health Informatician

United States Department of Health & Human Services Enterprise Architecture Program Management Office. HHS Enterprise Architecture Governance Plan

Department of Defense DIRECTIVE

National Park Service, Interior 61.2

Guide for the Role and Responsibilities of an Information Security Officer Within State Government

AGENCY FOR HEALTH CARE ADMINISTRATION STATEMENT OF AGENCY ORGANIZATION AND OPERATION

Department of Defense INSTRUCTION

DTCC RISK COMMITTEE CHARTER

U.S. Department of Education Federal Student Aid

Federal Home Loan Bank Membership Version 1.0 March 2013

HIPAA BUSINESS ASSOCIATE AGREEMENT

DIRECTIVE TRANSMITTAL

1. ACF Log No: ACF-OA-PI- 2. Issuance Date: June 11, 2013 PROGRAM INSTRUCTION

INFORMATION TECHNOLOGY PROJECT REQUESTS

Office of Audits and Evaluations Report No. AUD The FDIC s Controls over Business Unit- Led Application Development Activities

Transcription:

DHHS Directive Number II-12 Title: Delegation of Authority to the Director, Division of Information Resource Management Effective Date: November 3, 2008 Revision History: January 1, 2002 Authority: G.S. 143B-10 Session Law 2003-284, Section 10.8A Session Law 2004-124, Section 10.2C Purpose The purpose of this directive is to delegate, clarify and specifically confirm certain authorities of the secretary of the North Carolina Department of Health and Human Services (NC DHHS) to the director of the Division of Information Resource Management (DIRM). The director of DIRM shall serve as the Chief Information Officer for DHHS. This position shall report to the secretary through the Deputy Secretary for the department. The DIRM supports the business functions of the DHHS by providing the department and its divisions and offices with both information resource management (IRM) policy and planning services, and information technology (IT) services. Both information resource management and information technology services shall be in partnership with the DHHS divisions/offices. DIRM shall continuously strive to enhance the department s maximization of enterprise IT solutions and efficiencies. These enterprise solutions further develop and implement IT consolidation by coordinating efforts, avoiding duplications and producing accountability for the IT resources. IRM policy and planning services shall include, but not be limited to, assistance in: (1) policy research, analysis, and development; (2) policy compliance monitoring; (3) short term and long term planning; (4) quality assurance; (5) system-wide security and privacy protection against both deliberate and accidental intrusions and disasters; (6) IT business continuity and disaster recovery planning and implementation; (7) IT project management; (8) compliance with S.L. 2004-129 (Senate Bill 991) requirements; (9) IT procurement and (10) HIPAA coordination.. IT services shall include, but not be limited to, assistance in: (1) computer application systems software planning, development, transfer, maintenance and modification; (2)

Page 2 of 6 telecommunications and network design and management support; (3) computer hardware planning and installation support; (4) technical assistance and consultation in all areas related to the acquisition and installation of computer hardware and software and (5) IT security. The DIRM shall work with departmental and divisional management to help ensure the availability and integrity of high quality automated information systems for the department and its constituent divisions and offices. The DIRM shall provide continuous review of all IT projects proposed and/or initiated throughout the department and departmental divisions, shall maintain a complete inventory of all such technology projects including ongoing project status, and shall assist in the coordination of those projects having planned or potential departmentwide or multi-divisional applications. As the DHHS Chief Information Officer (CIO), the director of DIRM shall have the authority and responsibility for approving all projects that meet S.L. 2004-129 (Senate Bill 991) requirements. The DIRM shall serve as the primary liaison to the State CIO s Office, more specifically the State s Enterprise Project Management Office (EPMO) in relation to projects subject to S.L. 2004-129 (Senate Bill 991). The DIRM shall oversee and coordinate the establishment and on going operations of a privacy and security program for the department s information resources, including policies, procedures, standards to protect the availability and integrity of hardware, software, telecommunication network, applications and IT business continuity. The purpose of this directive is to enable the DIRM to fulfill its function to consult, coordinate and advise the department and its divisions through the delegation of certain authority by the Secretary of the DHHS to the director of the DIRM. Delegation of Authority Nothing in this delegation of authority is intended to supercede the delegated authority of the deputy secretary, assistant secretaries or senior advisor to review and approve any automation plan, including related budgeted cost, submitted by DIRM to either the department, its divisions, or on behalf of local agencies. As provided in G.S. 143B-10(a), the secretary of the DHHS delegates the following functions and responsibilities concerning management and administration to the director of the DIRM, subject to state and departmental policy: 1. The functions of management, related to the DIRM, as defined in G.S. 143B-10, which include: planning, organizing, staffing, directing, coordinating, evaluating, reporting and budgeting. 2. Shall research and provide the ongoing review, of all existing federal, state, and departmental IRM and IT policies, procedures and standards. Such research and review shall be conducted for the purpose of making recommendations to the secretary, the deputy secretary, the assistant secretaries or the senior advisor, for the revision of existing departmental information technology policies, and/or the development and adoption of new policies, in areas related to the role of automation, the scope of automation, the objectives of automation, and/or the acquisition, allocation, management, and security of automation resources. The director of DIRM shall review

Page 3 of 6 any policy modifications proposed by departmental division management and make recommendations to the secretary, the deputy secretary, the assistant secretaries or the senior advisor, with respect to such proposals. 3. Shall verify compliance with all federal, state, and departmental IRM policies. The director of DIRM shall monitor the implementation of all federal, state and departmental IRM policies by the department and its divisions and offices. Appropriate departmental or divisional management shall be notified of any failure to comply with established policies, and the director shall work with management to implement corrective action. Should such corrective action not be established, the director shall notify the secretary, the deputy secretary, the appropriate assistant secretary or the senior advisor. 4. In coordination with the secretary, the deputy secretary, the appropriate assistant secretary or the senior advisor the director of DIRM shall serve as the department s principle advocate and liaison on matters of IRM policy with federal, state and local agencies. The director shall serve as a principle advisor to the department s executive management team on all IRM issues, and provide appropriate consultation and guidance to all divisions and offices within the department to ensure compliance with established policies. 5. The director of DIRM shall assist in and coordinate the development of short and long range strategic IRM and IT plans for the department and departmental divisions. These plans shall meet the requirements established by applicable legislation, the Office of the State CIO and the Office of Information Technology Services (ITS). In coordination and consultation with the secretary, the deputy secretary, the appropriate assistant secretary or the senior advisor the director may establish additional requirements for such IRM and IT plans, and shall monitor the implementation of such plans. The requirements for IRM plans shall address the management of the department s and departmental divisions data as an organizational resource and provide for (1) compatible databases; (2) consistent field definitions to the maximum extent possible; (3) coordinated usage of common data throughout the department; (4) adherence to statewide and DHHS architecture standards; (5) adoption of statewide and DHHS security requirements and (5) maintenance and on-going IT operations. The requirements shall include the determination of both anticipated development and maintenance costs related to proposed projects, and anticipated funding sources. 6. Shall review, approve, or deny all federal Planning Advance Planning Documents (PAPD s), Implementation Advance Planning Documents (including APD updates), all requests for proposals (RFP s) and other IT procurement documents for systems originated by the department or any departmental divisions or offices. The DIRM review shall be performed in coordination and consultation with the department s Office of the Controller, the Office of Procurement and Contracting Services and the Division of Budget and Analysis. After proper review and consultation, the director shall make recommendations to the secretary, the deputy secretary, the appropriate assistant secretary or the senior advisor regarding approval. DIRM shall then monitor the

Page 4 of 6 implementation of all such approved documents to verify compliance with all document provisions and established requirements. 7. Shall provide technical consultation and guidance to all departmental divisions and offices on IRM planning and IRM policy development. DIRM shall provide assistance and coordination in the development of concepts, goals and objectives of all computer systems, on automation resource acquisition and management, on grant proposals for automation services, and on training for automation planning and management issues. 8. Shall research existing federal, state and departmental IRM policies and propose modifications or additions to those policies in order to establish necessary requirements for, coordinate the development of, and monitor the implementation of the department s data and information resource security and disaster recovery programs by the department and its divisions and offices. 9. Shall review, approve or deny all requests for automation projects that involve the acquisition of custom developed software, and the customization of off-the-shelf software that include federal financial participation made by local governmental agencies such as county DSS offices, public health departments or local management entities. This review shall ensure that, per federal requirements, all human service automation projects are statewide in scope and operation. DIRM shall work with the respective DHHS divisions or offices and representatives of the affected local agencies to establish the process for the review and approval of requests. 10. Shall review and approve the acquisition of all information technology resources (e.g., computer hardware, software, consulting services, etc.) proposed by all departmental divisions and offices, regardless of funding source. The review shall include, but not be limited to, a determination of whether or not the IRM resources proposed to be acquired meet the requirements that have been specified by the purchasing division or agency. The director s approval or disapproval shall be consistent with applicable federal, state, or departmental policies, standards, and guidelines. The director shall promptly communicate any concerns, problems, or difficulties DIRM may determine in its review to the appropriate departmental division director in an effort to seek possible solution. Should a solution not be established, the director shall notify the secretary, the appropriate assistant secretary, or the senior advisor. 11. Shall monitor and ensure that departmental system designs and applications are consistent with the ITS, the Office of the State CIO and DHHS IT policies, procedures, standards and requirements. DIRM shall ensure that project management methodology and consistent technical standards are developed, maintained, and followed in the design and implementation phases. DIRM shall use the S.L. 2004-129 (Senate Bill 991) reporting requirements and the DHHS IT policies and procedures in approving or denying IT projects and operations. This review process must also take into consideration the maintenance and ongoing operational costs of the system or change.

Page 5 of 6 12. Shall serve as the department s principle liaison with ITS. DHHS divisions/offices shall be involved in the communication with ITS to ensure that the business needs of the respective divisions are represented. As the principle liaison, DIRM shall establish mechanisms to gather from and distribute to DHHS divisions and offices information to achieve effective and efficient departmental IT operations and support. 13. In partnership with DHHS divisions and offices, DIRM shall provide consultation, technical assistance and oversight for HIPAA (Health Insurance Portability and Accountability Act) implementation and oversight. DIRM shall designate a DHHS Privacy Officer and DHHS Security Officer. 14. Shall consult with and keep the secretary, the deputy secretary, the appropriate assistant secretary or the senior advisor informed on all priority issues related to the impact of new technology, the delivery of automation services, and the operation of automated systems within the department. DIRM shall serve as a principal voting member on the DHHS Information Technology Governance Committee (ITGC) and shall provide staff support to the ITGC. 15. Shall implement a process to receive, review and approve/deny waivers to adherence to DHHS IT policies, procedures, standards and requirements. The process shall be a DHHS policy. 16. Shall provide a clearinghouse for used departmental hardware and software assets to determine if the assets have any departmental use before surplusing. DIRM shall develop procedures for the DHHS divisions and offices to follow when surplusing or disposing of hardware or software to ensure DIRM s inspection of potential surplused assets. 17. Shall be responsible for the development, coordination and maintenance of an automated or physical inventory of all DHHS IT assets. This inventory is intended to supplement and not replace the DHHS Controller s Office Fixed Asset responsibilities. DHHS divisions and offices shall provide assistance and cooperation to DIRM as requested to develop and maintain this IT inventory. 18. The director shall be responsible for ensuring that the division is familiar with and adheres to the department s policy and procedures manual. This delegation of authority shall not deprive the secretary from performing, in lieu of the director of the DIRM, any of the acts set forth above. This delegation of authority may be amended or withdrawn by the secretary at any time and without notice. This delegation of authority shall not apply to any action, which by law, state policy, or NC Governor s Executive Order, may only be executed by the secretary. APPROVED

Page 6 of 6 Dempsey Benton, Secretary Department of Health and Human Services

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information