ATTACHMENT 6 - Strategic Plan for Information Technologies, Chapters 3 & 7
This Attachment is an extract from the 1994 Strategic Plan For Information Technologies. Since the writing of the plan, OIT, the DAS procurement division and DAS/CATER have been incorporated into DOIT. Any reference in this attachment to OIT or DAS/CATER should be replaced with DOIT.
Chapter 3: Information Technology Related Policies
There are three broad types of policies which are important to the efficient and effective use of information technology by State agencies: those related to the implementation of information technology, those related to the management of information technology, and a more comprehensive policy related to the availability and use of the State's information.
Implementation Policies
Policies for implementing information technology are necessary to advance the
application of technology in the State, and to allow agencies to move forward in achieving
State planning objectives. A program for information technology policy development will be
undertaken over the next several years to achieve these objectives. A series of policies
are postulated here to begin to establish a program of policy and standards for the State.
Open Systems and Standards
The State of Connecticut has adopted an open systems approach to the design, acquisition
and implementation of information systems, telecommunications systems and other forms of
information technology. This approach will be based primarily on accepted international
and federal standards and guidelines. The use of an open systems approach will ultimately
lead to less diversity in the State's information technology environment. An open approach
should also lower the cost of enhancing or replacing acquired technology in the future.
State Enterprise Architecture
The State of Connecticut will implement a State enterprise architecture that integrates
both information systems and telecommunications systems architectures. The architecture
defines the standards, policies and guidelines needed to achieve the accessibility,
portability, security, integrity and interoperability needed by the State enterprise and
the agencies in developing and implementing new services, applications and systems.
Standard Systems Life Cycle Approach
Agencies will utilize a standard systems life cycle to guide the planning, development and
operation of information technology systems. The life cycle represents a guideline for the
planning and development process. The phases are generic and represent checkpoints for
budget and administrative control. The agency system life cycle incorporates a systems
development methodology and a project management methodology.
Common Data Dictionaries, Directories, Repositories
Common data dictionaries must be developed if the statewide sharing and exchange of data
are to be successful. They also will be required if Electronic Data Interchange (EDI) is
to become an important information processing technology for the State of Connecticut. OIT
will require the use of common data dictionaries in all development projects involving
enterprise applications and inter-agency applications.
Business Continuity and Disaster Recovery
Agencies will plan for the recovery from disasters and will implement these plans.
Elements of disaster recovery plans will be included in the operational requirements of
their information systems. Agency policies and initiatives must be put in place to ensure
disaster recovery capabilities at all levels of the organization.
Local Area Network (LAN) Policy and Recommendations
Ooita's stated position on Local Area Networks (LAN's) is that: (1) LAN's, like
client server solutions, are but one architectural approach to providing office computing
or application systems for users, (2) LAN's require the same level of business and
technology planning as any other solution, and (3) LAN's, because of their distributed
nature, can be very support and planning intensive, especially in the areas of text, data
and application management, network management, security and disaster recovery
implementation.
OIT's policy on any LAN, including personal computer (PC) based LAN's, is as follows: Any agency must justify that LAN is the best and most cost effective solution to solving an agency's business problems. In addition, only approved PC LAN network operating systems will be used to implement PC LAN's.
Standard PC, Workstation, Office Automation and Productivity Products
The agencies have started to standardize their selection of office automation products.
The current focus is on products that run on a range of PC and workstation platforms (i.e.,
DOS, Windows, OS/2, Macintosh/OS and UNIX). In the future, application development,
help-desk and training support from the central agencies will be limited to these
products. In addition, standardization on a limited set of products will permit the State
to exploit discounts resulting from volume purchases. In Chapter 8, Table 8.2 identifies
the initial set of word processing, spreadsheet and database products that are being
recommended for purchase under this standardization effort. It is expected that agencies
will begin to apply architecture product standards to their procurement of calendaring
products, Computer Aided Design (CAD) products, desktop publishing tools and electronic
mail products. Products for electronic mail will conform to or support the X.400 1988
standard as specified in the State enterprise architecture.
Central Procurement Contracts for Information Technology
DAS/BBS and DP Procurement will undertake contracts with the major vendors selling the
products on the recommended products list to establish easy, low cost procurements by
agencies. These contracts also will address maintenance and support which can represent an
appreciable part of an agency's information technology budget. The DAS/BBS data processing
training program will continue to coordinate the effort to secure cost effective user
training for these products.
Policies Related to Business and Management
Business policies for managing information technology are a necessary adjunct to policies dealing with design and implementation. A program for information technology policy development will be undertaken over the next several years to achieve these objectives. A series of business policies are postulated here to support the management of information technology.
Managing the Information Technology as a Strategic Asset
The State of Connecticut will manage and control the information technology base as a
strategic asset. Information resources will be shared among agencies and users in an
efficient manner with a philosophy of equal access to information.
Business Planning Precedes Information Technology Planning
OIT promotes business planning as a requirement for the effective planning of technology
by agencies. The process of strategic business planning is a necessary precursor to agency
information technology planning.
Annual Agency Information Technology Planning
Agencies will undertake information technology planning each year and provide information
technology plan documents that are consistent with the agency's business plans and the
State
of Connecticut Strategic Plan for Information Technologies. These documents will set
forth the requirements and directions of the agency.
Approved Plan Required for Purchases
OIT will only approve agency requests for hardware, software, maintenance services or
consulting that comply with the Strategic Plan for Information Technologies and with the
agency's information technology plan as approved by OIT. This is mandated by
PublicAct91-12.
Acquisition of Telecommunications Systems and Services
The Office of Information and Technology is responsible, under section 16a-118 of the
General Statutes, for planning for the State's overall telecommunication infrastructure
and assisting State agencies in planning for the acquisition and implementation of
telecommunication systems and services. Under the same statute, the Department of
Administrative Services is responsible for purchasing, leasing, and contracting for all
such telecommunication systems and services.
Because the State of Connecticut is a very large user of telecommunication systems and services, expending approximately $30 million per year in this area, one of this office's primary goals is to ensure that the State obtains telecommunication facilities, equipment and services that are consistent with the State of Connecticut Strategic Plan for Information Technologies (Plan). To this end, this office must make sure that such systems and services are procured at rates that are consistent with both the State's large volume of usage and the Plan's statutory requirement for a "cost-effective statewide telecommunications network." Accordingly, all proposed purchases, leases, and contracts with providers of telecommunication systems must be reviewed and approved by this office, to secure the maximum benefit to the State and to provide this office with a thorough understanding of the overall financial impact. All approved purchases, leases, and contracts shall be negotiated and executed by the Department of Administrative Services, Purchasing Division.
Training of Personnel
The State of Connecticut will continue to offer information technology training to the State's skilled technical personnel and business users. This will ensure that the knowledge of the technology staff and users will remain up to date, thus protecting the State's major investment in human resources and information technology. OIT regards training as part of the cost of doing business when planning for information technology. Agencies must therefore include training in their information technology plans and in their budget requests.
Policy Regarding Access to Information
Sec. 16a-113 (3) requires the development of a comprehensive information policy for State agencies that clearly articulates:
This policy is under development, as stated in Chapter 2. A draft of a first attempt at such a policy was prepared by the students of the University of Connecticut School of Law, under the direction of Professor Dennis Stone. Although much work remains to turn this draft into a finished document, it represents an important beginning. The final product will depend upon accepted definitions of privacy and confidentiality rights, on accepted rules for what State information is free and what information can legally be sold, and the resolution of a number of other information related issues which may have to be resolved by statute.
Freedom of Information and Computerized Public Records
Each agency is responsible for providing access by the public to nonexempt data and
information in public records that are in digital format (e.g., data, image). Copies of
nonexempt data and information contained in computerized public records, properly
identified, will be provided on paper print out, disk, tape or any other electronic
storage media or device requested by the public, where possible. An equitable pricing
structure will be used by the agencies. This pricing structure must be consistent with the
P.A. 91-347 (as amended).
In order to help public agencies develop rules to determine an equitable pricing structure, a newsletter was issued by the Office of Information and Technology updating the agencies on the content and intent of this act. The current version of that newsletter is presented in Appendix V.
P.A. 91-347 also requires all public agencies, in developing new systems, modifying older systems, or making substantial modifications to their hardware of software configurations, to place special emphasis on improving the public's access to information. The Office of Information and Technology has produced guidelines for developing information systems in the light of the new freedom of information statutes. These guidelines are included as Appendix VI.
Public Access to State Databases and other State Information
In the spring session of CY1994, the General Assembly passed another law related to
information policy and public access to information. This act, P.A. 94-131, requires the
agencies to begin planning for the public to have access to agency databases by computer,
and to determine the possible cost of such access. Guidelines for complying with this
requirement are to be produced by the Office of Information and Technology.
This act also requires all agencies to give the public toll-free access to basic information. As the date for implementation of this part of the act is January 1996, guidelines and budget estimates for complying with this part of the act are currently under development.
Chapter 7: An Enterprise Information Technology Architecture for the State of Connecticut and its AgenciesIt would not be feasible for OIT, or any other single group, to define the information technology architectures for all agencies. Even though agencies may end up with solutions that seem similar on the surface, the actual details and configurations are unique to each agency. There are, however, numerous commonalties in all agency information technology architectures, since most agencies have similar business processes. There also are some limitations that apply to utilizing information technology by the agencies. These commonalties and limitations are derived from the enterprise architecture as presented in this and the following chapter.
Agency Use of the Enterprise Architecture
The enterprise architecture is a high level, conceptual architecture. Thus, the specification and definition of the five primary architectural elements and their topologies (relationship to locations) are the responsibility of each agency or super agency. There is no specific technology or configuration that all agencies should use in solving their business problems. Each agency should determine the best solution to its problems and document that solution.
Agencies need to define their own standards, policies and guidelines as part of their architectural design process. In some cases, for example when interconnectivity or interoperability with other agencies is a business requirement, the standards (and policies) in the enterprise architecture will take precedence. In other cases, such as the use of POSIX compliant operating systems, Relational Data Base Management Systems (RDBMS), Computer Aided Software Engineering (CASE), etc., interconnectivity is not the primary concern, but consistency and portability in implementation is. Agencies should follow those enterprise standards as well. The Connecticut Standards Profile (Appendix I) is the source for these standards and provides sufficient flexibility for the agencies to meet a wide range of business objectives. Where there are no standards defined, agencies should choose standards that reflect the State's commitment to open systems.
Organizational Principles and Goals
The enterprise architecture is organized around five business principles and goals. These reflect the enterprise-wide business goals, principles and policies outlined previously in Section 1 of this strategic plan. Each agency, in its own information technology architecture, needs to relate the use of information technology to its business goals, principles and requirements. This could include performance and availability goals and requirements, as well as legislative mandates or regulations. In determining the goals or principles of their information technology architectures, agencies should keep the enterprise goals and principles foremost in their thinking. In addition, the agencies will have additional principles and goals in their architectures that support their business objectives and policies. The five enterprise level business principles and goals of the State of Connecticut enterprise architecture are as follows.
Information as a Strategic Asset
Information and associated technologies are key components of the business of any State
government. They will be managed as strategic assets of the State of Connecticut
enterprise; this has implications for security provisions, disaster recovery (and business
continuity) planning and strategic planning. As a strategic asset, information technology
must be acquired, developed and maintained in a cost-effective manner by all levels of
State government. The guiding principle should be adherence to standards and the overall
State of Connecticut goal of open systems that enhance portability, scalability and
flexibility.
Accessibility and Availability
Information is to be available to any user (or application) with the need and authority to
have access. This would apply wherever that information is needed, whenever it is
required, and in whatever form that information is needed. This accessibility must be
provided, regardless of the underlying technological infrastructure. With the advent of
expanded freedom of information rules, this accessibility and availability will eventually
be extended outside of State government to businesses, municipalities and the general
public. As a complementary factor to accessibility, information needs to be secure from
loss or disruption either by natural disaster, neglect, misuse or intentional act (see
security below).
Portability and Scalability
Solutions, i.e., applications and data, are to be transportable, reusable and
relatively easy to modify as conditions and needs change. Solutions, and the underlying
technological infrastructure and platforms, must also be scalable to the size, capacity
and functionality needed to get the job done (also called "right sizing").
Portability applies in general to people in terms of skill sets, knowledge and experience.
Integrity and Security
Information and the results of application processing need to be accurate, reliable, up to
date and consistent; this is true regardless of the basic topologies and processing
structures employed (e.g., centralized, distributed, client-server, etc.) In
addition, it is crucial to be able to demonstrate the authenticity and validity of
information sources, of changes to that information, and of procedural actions. In a like
manner, information and technology infrastructure need to be secure from accidental or
unauthorized access or modification.
Open Solutions and Flexibility
The fundamental organization model of the enterprise architecture is that of open
solutions, built upon widely accepted standards, wherever possible. Open solutions
maintain the flexibility needed for agencies to choose or implement cost efficient and
functionally effective solutions today, solutions that also preserve options in the
future. Open solutions and flexibility are the other aspect of portability and
scalability. Consistent use of sound design and developmental practices, in conjunction
with a new generation of tools and products, is a basic requirement to achieving openness
and flexibility.
Policies and Guidelines
The policies and guidelines in the enterprise architecture are primarily inter-agency (or super agency or agency enterprise group) in scope. Many of the policies are applicable to intra-agency situations as well. The following policies and guidelines are fundamentally the same as those of previous strategic plans, modified to reflect changing conditions and an evolving information technology usage with the agencies. They also reflect the five architectural principles and goals, but have an emphasis on implementing the principles of accessibility and integrity. Currently, there are six key policies and guidelines in the enterprise architecture:
Open, Industry Standard Operating Systems-The strategic direction of the State of Connecticut is toward the use of open, industry standard, POSIX compliant operating systems for servers and shared logic platforms. These operating systems must support open, industry standard inter-process communications protocols wherever appropriate. Microsoft DOS plus Windows is the preferred operating system for desktop platforms based on Intel processors. The widespread use of such operating systems and inter-process protocols is important if the State is to achieve its goals of interoperability, portability and openness.
Relational Data Base Management Systems (RDBMS)-The strategic direction of the State of Connecticut is toward the global use of RDBMS technology when data repositories, database systems or transaction processing solutions are used for major or mission critical applications. The particular solution implemented should have sufficient functionality to ensure that the principles of access, interoperability, integrity and the implementation of business rules can be achieved.
Common Data Definitions-The strategic direction of the State of Connecticut is toward the use of common data definitions wherever appropriate. The use of common definitions in application development will be facilitated by the widespread use of software development tools, and indirectly through the use of Electronic Data Interchange (EDI) technologies. The effective use of statewide information repositories is incumbent on the use of common definitions. A more widespread use of Geographic Information Systems (GIS) is also dependent on common definitions of geographic data elements.
Industry Standard and Open Interconnection Protocols-The current strategic direction of the State of Connecticut is toward the use of industry standard and federal open communication networking protocols and applications in all wide-area and intra-agency networking solutions. Certain applications and higher level protocols (such as electronic mail, directory services and inter-process communications) will also follow open, industry standards. Local Area Network (LAN) protocols for Personal Computers (PC's) are based on previously endorsed vendor specific products. OIT is closely monitoring industry developments in all areas and will modify this policy accordingly.
Office Automation/Productivity Software-The strategic direction of the State of Connecticut is toward the use of a more standardized suite of automation and productivity software at all platform levels. The guiding principle is a combination of the functionality of the products, its availability on multiple platforms and the extent that the product supports interchange standards. Agencies are strongly encouraged to standardize on consistent internal solutions to their needs. Areas of applicability include word processing, spreadsheet, graphics and drawing, CAD, desktop publishing, database products and electronic mail.
Local Area Networks-LAN's (either PC or client-server) are considered just one possible solution to sharing data and applications in solving business problems, not the only solution. Any agency decision to use PC LAN technology, or a client -server solution in their information technology architectures, should have a good business case for doing so. PC LAN Network Operating Systems (NOS) are currently limited to two specific products (Banyan Vines and Novell NetWare). Further discussion of this topic is found in Chapter 8.
Standards in the Enterprise Architecture
The standards in the enterprise architecture are both inter-agency (or super agency or agency enterprise group) and intra-agency in scope. The standards reflect enterprise-wide concerns and long-term directions and goals. The standards in the enterprise architecture are primarily based on international standards (such as CCITT and ANSI) and industry consortia standards (such as X/Open, Open Systems Foundation). Additional standards are based on specific implementation of the international and industry standards that have achieved (or attracted) industry-wide commitment. The specification of a standard is referenced to the appropriate Federal Information Processing Standard (FIPS) whenever possible. This is to ensure that procedures for conformance testing exist, and that usable products are available. A profile of current architectural standards is found in Appendix I. This profile is rather extensive, as it must ensure that the five architectural principles and goals can be implemented or reached. A more detailed specification of standards for the three core architectural elements (data, applications, communications) follows in the next chapter.
Generic Technology in the Enterprise Architecture
The specification of infrastructure, processing platforms, software, etc., within the enterprise architecture is possible only in a generic sense. The architecture component list (see Appendix II) forms the initial basis of this specification, at least for software. The standards profile also contains specifications for certain classes of hardware platforms and components. These standards, which generally reflect industry standards, maintain some degree of consistency, portability and openness in a variety of platforms. A more detailed treatment of generic technology for the three core architectural elements, as well as processing platforms and operating systems, follows in the next chapter.
Previous Strategic Plans advocated the use of a Government Open System Interconnection Protocol (GOSIP) compliant suite of networking protocols and applications in all information technology communication solutions. Given the lack of response by the vendor community to GOSIP and the increased usage of Transmission Control Protocol/Interconnection Protocol (TCP/IP) in all sectors, as well as federal intentions for GOSIP, a strategy based solely on GOSIP is no longer advocated.