ATTACHMENT 6 - Strategic Plan for Information Technologies, Chapters 3 & 7

This Attachment is an extract from the 1994 Strategic Plan For Information Technologies. Since the writing of the plan, OIT, the DAS procurement division and DAS/CATER have been incorporated into DOIT. Any reference in this attachment to OIT or DAS/CATER should be replaced with DOIT.

Chapter 3: Information Technology Related Policies

There are three broad types of policies which are important to the efficient and effective use of information technology by State agencies: those related to the implementation of information technology, those related to the management of information technology, and a more comprehensive policy related to the availability and use of the State's information.

Implementation Policies
Policies for implementing information technology are necessary to advance the application of technology in the State, and to allow agencies to move forward in achieving State planning objectives. A program for information technology policy development will be undertaken over the next several years to achieve these objectives. A series of policies are postulated here to begin to establish a program of policy and standards for the State.

Open Systems and Standards
The State of Connecticut has adopted an open systems approach to the design, acquisition and implementation of information systems, telecommunications systems and other forms of information technology. This approach will be based primarily on accepted international and federal standards and guidelines. The use of an open systems approach will ultimately lead to less diversity in the State's information technology environment. An open approach should also lower the cost of enhancing or replacing acquired technology in the future.

State Enterprise Architecture
The State of Connecticut will implement a State enterprise architecture that integrates both information systems and telecommunications systems architectures. The architecture defines the standards, policies and guidelines needed to achieve the accessibility, portability, security, integrity and interoperability needed by the State enterprise and the agencies in developing and implementing new services, applications and systems.

Standard Systems Life Cycle Approach
Agencies will utilize a standard systems life cycle to guide the planning, development and operation of information technology systems. The life cycle represents a guideline for the planning and development process. The phases are generic and represent checkpoints for budget and administrative control. The agency system life cycle incorporates a systems development methodology and a project management methodology.

Common Data Dictionaries, Directories, Repositories
Common data dictionaries must be developed if the statewide sharing and exchange of data are to be successful. They also will be required if Electronic Data Interchange (EDI) is to become an important information processing technology for the State of Connecticut. OIT will require the use of common data dictionaries in all development projects involving enterprise applications and inter-agency applications.

Business Continuity and Disaster Recovery
Agencies will plan for the recovery from disasters and will implement these plans. Elements of disaster recovery plans will be included in the operational requirements of their information systems. Agency policies and initiatives must be put in place to ensure disaster recovery capabilities at all levels of the organization.

Local Area Network (LAN) Policy and Recommendations
Ooita's stated position on Local Area Networks (LAN's) is that: (1) LAN's, like client server solutions, are but one architectural approach to providing office computing or application systems for users, (2) LAN's require the same level of business and technology planning as any other solution, and (3) LAN's, because of their distributed nature, can be very support and planning intensive, especially in the areas of text, data and application management, network management, security and disaster recovery implementation.

OIT's policy on any LAN, including personal computer (PC) based LAN's, is as follows: Any agency must justify that LAN is the best and most cost effective solution to solving an agency's business problems. In addition, only approved PC LAN network operating systems will be used to implement PC LAN's.

Standard PC, Workstation, Office Automation and Productivity Products
The agencies have started to standardize their selection of office automation products. The current focus is on products that run on a range of PC and workstation platforms (i.e., DOS, Windows, OS/2, Macintosh/OS and UNIX). In the future, application development, help-desk and training support from the central agencies will be limited to these products. In addition, standardization on a limited set of products will permit the State to exploit discounts resulting from volume purchases. In Chapter 8, Table 8.2 identifies the initial set of word processing, spreadsheet and database products that are being recommended for purchase under this standardization effort. It is expected that agencies will begin to apply architecture product standards to their procurement of calendaring products, Computer Aided Design (CAD) products, desktop publishing tools and electronic mail products. Products for electronic mail will conform to or support the X.400 1988 standard as specified in the State enterprise architecture.

Central Procurement Contracts for Information Technology
DAS/BBS and DP Procurement will undertake contracts with the major vendors selling the products on the recommended products list to establish easy, low cost procurements by agencies. These contracts also will address maintenance and support which can represent an appreciable part of an agency's information technology budget. The DAS/BBS data processing training program will continue to coordinate the effort to secure cost effective user training for these products.

Policies Related to Business and Management

Business policies for managing information technology are a necessary adjunct to policies dealing with design and implementation. A program for information technology policy development will be undertaken over the next several years to achieve these objectives. A series of business policies are postulated here to support the management of information technology.

Managing the Information Technology as a Strategic Asset
The State of Connecticut will manage and control the information technology base as a strategic asset. Information resources will be shared among agencies and users in an efficient manner with a philosophy of equal access to information.

Business Planning Precedes Information Technology Planning
OIT promotes business planning as a requirement for the effective planning of technology by agencies. The process of strategic business planning is a necessary precursor to agency information technology planning.

Annual Agency Information Technology Planning
Agencies will undertake information technology planning each year and provide information technology plan documents that are consistent with the agency's business plans and the State of Connecticut Strategic Plan for Information Technologies. These documents will set forth the requirements and directions of the agency.

Approved Plan Required for Purchases
OIT will only approve agency requests for hardware, software, maintenance services or consulting that comply with the Strategic Plan for Information Technologies and with the agency's information technology plan as approved by OIT. This is mandated by PublicAct91-12.

Acquisition of Telecommunications Systems and Services
The Office of Information and Technology is responsible, under section 16a-118 of the General Statutes, for planning for the State's overall telecommunication infrastructure and assisting State agencies in planning for the acquisition and implementation of telecommunication systems and services. Under the same statute, the Department of Administrative Services is responsible for purchasing, leasing, and contracting for all such telecommunication systems and services.

Because the State of Connecticut is a very large user of telecommunication systems and services, expending approximately $30 million per year in this area, one of this office's primary goals is to ensure that the State obtains telecommunication facilities, equipment and services that are consistent with the State of Connecticut Strategic Plan for Information Technologies (Plan). To this end, this office must make sure that such systems and services are procured at rates that are consistent with both the State's large volume of usage and the Plan's statutory requirement for a "cost-effective statewide telecommunications network." Accordingly, all proposed purchases, leases, and contracts with providers of telecommunication systems must be reviewed and approved by this office, to secure the maximum benefit to the State and to provide this office with a thorough understanding of the overall financial impact. All approved purchases, leases, and contracts shall be negotiated and executed by the Department of Administrative Services, Purchasing Division.

Training of Personnel

The State of Connecticut will continue to offer information technology training to the State's skilled technical personnel and business users. This will ensure that the knowledge of the technology staff and users will remain up to date, thus protecting the State's major investment in human resources and information technology. OIT regards training as part of the cost of doing business when planning for information technology. Agencies must therefore include training in their information technology plans and in their budget requests.

Policy Regarding Access to Information

Sec. 16a-113 (3) requires the development of a comprehensive information policy for State agencies that clearly articulates:

  1. the State's commitment to the sharing of its information resources,
  2. the relationship of such resources to library and other information resources in the State, and
  3. a philosophy of equal access to information.

This policy is under development, as stated in Chapter 2. A draft of a first attempt at such a policy was prepared by the students of the University of Connecticut School of Law, under the direction of Professor Dennis Stone. Although much work remains to turn this draft into a finished document, it represents an important beginning. The final product will depend upon accepted definitions of privacy and confidentiality rights, on accepted rules for what State information is free and what information can legally be sold, and the resolution of a number of other information related issues which may have to be resolved by statute.

Freedom of Information and Computerized Public Records
Each agency is responsible for providing access by the public to nonexempt data and information in public records that are in digital format (e.g., data, image). Copies of nonexempt data and information contained in computerized public records, properly identified, will be provided on paper print out, disk, tape or any other electronic storage media or device requested by the public, where possible. An equitable pricing structure will be used by the agencies. This pricing structure must be consistent with the P.A. 91-347 (as amended).

In order to help public agencies develop rules to determine an equitable pricing structure, a newsletter was issued by the Office of Information and Technology updating the agencies on the content and intent of this act. The current version of that newsletter is presented in Appendix V.

P.A. 91-347 also requires all public agencies, in developing new systems, modifying older systems, or making substantial modifications to their hardware of software configurations, to place special emphasis on improving the public's access to information. The Office of Information and Technology has produced guidelines for developing information systems in the light of the new freedom of information statutes. These guidelines are included as Appendix VI.

Public Access to State Databases and other State Information
In the spring session of CY1994, the General Assembly passed another law related to information policy and public access to information. This act, P.A. 94-131, requires the agencies to begin planning for the public to have access to agency databases by computer, and to determine the possible cost of such access. Guidelines for complying with this requirement are to be produced by the Office of Information and Technology.

This act also requires all agencies to give the public toll-free access to basic information. As the date for implementation of this part of the act is January 1996, guidelines and budget estimates for complying with this part of the act are currently under development.

Chapter 7: An Enterprise Information Technology Architecture for the State of Connecticut and its Agencies

It would not be feasible for OIT, or any other single group, to define the information technology architectures for all agencies. Even though agencies may end up with solutions that seem similar on the surface, the actual details and configurations are unique to each agency. There are, however, numerous commonalties in all agency information technology architectures, since most agencies have similar business processes. There also are some limitations that apply to utilizing information technology by the agencies. These commonalties and limitations are derived from the enterprise architecture as presented in this and the following chapter.

Agency Use of the Enterprise Architecture

The enterprise architecture is a high level, conceptual architecture. Thus, the specification and definition of the five primary architectural elements and their topologies (relationship to locations) are the responsibility of each agency or super agency. There is no specific technology or configuration that all agencies should use in solving their business problems. Each agency should determine the best solution to its problems and document that solution.

Agencies need to define their own standards, policies and guidelines as part of their architectural design process. In some cases, for example when interconnectivity or interoperability with other agencies is a business requirement, the standards (and policies) in the enterprise architecture will take precedence. In other cases, such as the use of POSIX compliant operating systems, Relational Data Base Management Systems (RDBMS), Computer Aided Software Engineering (CASE), etc., interconnectivity is not the primary concern, but consistency and portability in implementation is. Agencies should follow those enterprise standards as well. The Connecticut Standards Profile (Appendix I) is the source for these standards and provides sufficient flexibility for the agencies to meet a wide range of business objectives. Where there are no standards defined, agencies should choose standards that reflect the State's commitment to open systems.

Organizational Principles and Goals

The enterprise architecture is organized around five business principles and goals. These reflect the enterprise-wide business goals, principles and policies outlined previously in Section 1 of this strategic plan. Each agency, in its own information technology architecture, needs to relate the use of information technology to its business goals, principles and requirements. This could include performance and availability goals and requirements, as well as legislative mandates or regulations. In determining the goals or principles of their information technology architectures, agencies should keep the enterprise goals and principles foremost in their thinking. In addition, the agencies will have additional principles and goals in their architectures that support their business objectives and policies. The five enterprise level business principles and goals of the State of Connecticut enterprise architecture are as follows.

Information as a Strategic Asset
Information and associated technologies are key components of the business of any State government. They will be managed as strategic assets of the State of Connecticut enterprise; this has implications for security provisions, disaster recovery (and business continuity) planning and strategic planning. As a strategic asset, information technology must be acquired, developed and maintained in a cost-effective manner by all levels of State government. The guiding principle should be adherence to standards and the overall State of Connecticut goal of open systems that enhance portability, scalability and flexibility.

Accessibility and Availability
Information is to be available to any user (or application) with the need and authority to have access. This would apply wherever that information is needed, whenever it is required, and in whatever form that information is needed. This accessibility must be provided, regardless of the underlying technological infrastructure. With the advent of expanded freedom of information rules, this accessibility and availability will eventually be extended outside of State government to businesses, municipalities and the general public. As a complementary factor to accessibility, information needs to be secure from loss or disruption either by natural disaster, neglect, misuse or intentional act (see security below).

Portability and Scalability
Solutions, i.e., applications and data, are to be transportable, reusable and relatively easy to modify as conditions and needs change. Solutions, and the underlying technological infrastructure and platforms, must also be scalable to the size, capacity and functionality needed to get the job done (also called "right sizing"). Portability applies in general to people in terms of skill sets, knowledge and experience.

Integrity and Security
Information and the results of application processing need to be accurate, reliable, up to date and consistent; this is true regardless of the basic topologies and processing structures employed (e.g., centralized, distributed, client-server, etc.) In addition, it is crucial to be able to demonstrate the authenticity and validity of information sources, of changes to that information, and of procedural actions. In a like manner, information and technology infrastructure need to be secure from accidental or unauthorized access or modification.

Open Solutions and Flexibility
The fundamental organization model of the enterprise architecture is that of open solutions, built upon widely accepted standards, wherever possible. Open solutions maintain the flexibility needed for agencies to choose or implement cost efficient and functionally effective solutions today, solutions that also preserve options in the future. Open solutions and flexibility are the other aspect of portability and scalability. Consistent use of sound design and developmental practices, in conjunction with a new generation of tools and products, is a basic requirement to achieving openness and flexibility.

Policies and Guidelines

The policies and guidelines in the enterprise architecture are primarily inter-agency (or super agency or agency enterprise group) in scope. Many of the policies are applicable to intra-agency situations as well. The following policies and guidelines are fundamentally the same as those of previous strategic plans, modified to reflect changing conditions and an evolving information technology usage with the agencies. They also reflect the five architectural principles and goals, but have an emphasis on implementing the principles of accessibility and integrity. Currently, there are six key policies and guidelines in the enterprise architecture:

Standards in the Enterprise Architecture

The standards in the enterprise architecture are both inter-agency (or super agency or agency enterprise group) and intra-agency in scope. The standards reflect enterprise-wide concerns and long-term directions and goals. The standards in the enterprise architecture are primarily based on international standards (such as CCITT and ANSI) and industry consortia standards (such as X/Open, Open Systems Foundation). Additional standards are based on specific implementation of the international and industry standards that have achieved (or attracted) industry-wide commitment. The specification of a standard is referenced to the appropriate Federal Information Processing Standard (FIPS) whenever possible. This is to ensure that procedures for conformance testing exist, and that usable products are available. A profile of current architectural standards is found in Appendix I. This profile is rather extensive, as it must ensure that the five architectural principles and goals can be implemented or reached. A more detailed specification of standards for the three core architectural elements (data, applications, communications) follows in the next chapter.

Generic Technology in the Enterprise Architecture

The specification of infrastructure, processing platforms, software, etc., within the enterprise architecture is possible only in a generic sense. The architecture component list (see Appendix II) forms the initial basis of this specification, at least for software. The standards profile also contains specifications for certain classes of hardware platforms and components. These standards, which generally reflect industry standards, maintain some degree of consistency, portability and openness in a variety of platforms. A more detailed treatment of generic technology for the three core architectural elements, as well as processing platforms and operating systems, follows in the next chapter.

Previous Strategic Plans advocated the use of a Government Open System Interconnection Protocol (GOSIP) compliant suite of networking protocols and applications in all information technology communication solutions. Given the lack of response by the vendor community to GOSIP and the increased usage of Transmission Control Protocol/Interconnection Protocol (TCP/IP) in all sectors, as well as federal intentions for GOSIP, a strategy based solely on GOSIP is no longer advocated.

Back to Table of Contents
Back to Comptroller's Home Page