DAR File No. 39026
This rule was published in the January 15, 2015, issue (Vol. 2015, No. 2) of the Utah State Bulletin.
Technology Services, Administration
Rule R895-6
IT Plan Submission Rule for Agencies
Notice of Proposed Rule
(Amendment)
DAR File No.: 39026
Filed: 12/23/2014 01:48:38 PM
RULE ANALYSIS
Purpose of the rule or reason for the change:
State agencies are required by statute to submit information technology (IT) plans for review and approval by the Chief Information Officer (CIO). This rule provides the format and content requirements for IT plan submission. The reason for the change is to clarify the updated process for agencies to provide IT plan submission.
Summary of the rule or change:
State agencies are required by statute to submit IT plans for review and approval by the Chief Information Officer (CIO). This rule provides the format and content requirements for IT plan submission. The reason for the change is to clarify the updated process for agencies to provide IT plan submission.
State statutory or constitutional authorization for this rule:
- Section 63F-1-206
- Section 63F-1-204
Anticipated cost or savings to:
the state budget:
There is no aggregate anticipated cost or savings to state budget. The changes to the rule are simplifying the process for state agencies only.
local governments:
There is no aggregate anticipated cost or savings to local government. The changes to the rule are simplifying the process for state agencies only, and do not affect local government.
small businesses:
There is no aggregate anticipated cost or savings to small businesses. The changes to the rule are simplifying the process for state agencies only, and do not affect small businesses.
persons other than small businesses, businesses, or local governmental entities:
There is no aggregate anticipated cost or savings to persons other than small businesses, businesses, or local government entities. The changes to the rule are simplifying the process for state agencies only, and do not affect other persons.
Compliance costs for affected persons:
There are no compliance costs for affected persons. The changes to the rule are simplifying the process for state agencies only.
Comments by the department head on the fiscal impact the rule may have on businesses:
The rule causes no fiscal impact to businesses. The changes to the rule are simplifying the process for state agencies only.
Mark VanOrden, CIO
The full text of this rule may be inspected, during regular business hours, at the Division of Administrative Rules, or at:
Technology ServicesAdministration
Room 6000 STATE OFFICE BUILDING
450 N STATE ST
SALT LAKE CITY, UT 84114
Direct questions regarding this rule to:
- Stephanie Weiss at the above address, by phone at 801-538-3284, by FAX at 801-538-3622, or by Internet E-mail at [email protected]
Interested persons may present their views on this rule by submitting written comments to the address above no later than 5:00 p.m. on:
02/17/2015
This rule may become effective on:
02/24/2015
Authorized by:
Mark VanOrden, Executive Director and CIO
RULE TEXT
R895. Technology Services, Administration.
R895-6. IT Plan Submission Rule for Agencies.
R895-6-1. Purpose.
State agencies are required by statute to submit IT plans for review and approval by the Chief Information Officer (CIO) office. This rule provides the format and content requirements for IT Plan submission.
R895-6-2. Authority.
This rule is issued by the Chief Information Officer under the authority of Section 63F-1-206 of the Technology Governance Act, in accordance with Section 63G-3-201 of the Utah Rulemaking Act, Utah Code Annotated, and section 63F-1-204 of the Utah code, Agency Information Technology Plans.
R895-6-3. Scope of Application.
All state agencies of the executive branch of the State of Utah government shall comply with this rule, which provides a consistent technology planning method for the State of Utah.
[R895-6-4. Definitions.
(1) "Project" Investment in development of a
new application/system or to upgrade or enhance an existing
information system.
(2) Plan Timeframe: One fiscal year into the
future.
(3) Severity level: Severity level is rated on four
categories: impact on citizens, visibility to the public and
Legislature, impact on state operations, and the consequences of
doing nothing. The severity rating reflects the impact on
external stakeholders.
(4) Risk level: The risk criteria measure the impact of
the project on the organization, the effort needed to complete
the project, the stability of the proposed technology, and the
agency preparedness. The risk rating reflects the impact on the
internal stakeholders.
]R895-6-[5]4. Compliance and Responsibilities.
The following are the compliance issues and the responsibilities for state agencies:
(1) Any state executive branch agency that
develops, hosts, or funds information technology projects or
infrastructure shall submit a plan following the format outlined in
R895-6-[6]5 below.
(2) The CIO office shall provide education and instruction to the agencies to enable consistent response.
(3) Finalized and approved Agency IT Plans shall be delivered to the CIO office, in electronic format, by July 1 of each year.
(4) Agency IT Plans shall use document formatting methods as defined in CIO instruction.
(5) Agency IT Plans at a division level, shall be combined for submission to the CIO office at the Agency/Department level.
(6) Amendments to the IT Plan shall be
submitted
throughout the fiscal year for any [significant ]change in a project, any new project, or any removal of a project.[or if an IT supplemental appropriation is requested during
the budget process.]
R895-6-[6]5. Agency IT Plan Format.
The following is the IT plan format:
(1) SUBMIT AN EXECUTIVE SUMMARY.
(a) [Department/Agency Mission Statement.]The information technology objectives of the Agency.
(b) [Department/Agency Business Objectives that have IT projects
supporting them.]Any performance measures used by the Agency for implementing the
Agency's technology objectives.
(c) [Statement of IT Vision/Mission.]Any planned expenditure related to information
technology.
(d) [Description of accomplishments of past calendar
year.]The agency need for appropriations for information
technology.
(e) [IT Budget Summary for Department/Agency.]How the agency's development of information technology
coordinates with other state and local governmental
entities.
(f) [Verification of compliance procedures for information
technology policies, administrative rules, and statutes.]Any efforts the agency has taken to develop public and private
partnerships to accomplish information technology objectives of the
agency.
(g) [Describe performance measures used by the agency for
implementing the agency's information technology
objectives.]The efforts the agency has taken to conduct transactions
electronically in compliance with Utah Code Section
46-4-503.
(h) The agency's plan for the timing and method of verifying the department's security standards, if an agency intends to verify the department's security standards for the data that the agency maintains or transmits through the department's servers.
(2) IT PLAN DETAILS.
(a)
Complete a project description for each information technology
project, utilizing the document formatting methods as defined by
CIO instruction.[Security Plan Documentation.
(b) Disaster Recovery/Business Resumption Plan
Documentation.
(c) If a supplemental IT appropriation is anticipated,
describe.
(d) Describe anticipated changes in objectives, projects
or initiatives.
(e) If a building block request for an IT appropriation
is anticipated, describe.
(3) PROPOSED PROJECT DESCRIPTION
Complete a project description for each IT project
including the following information:
(a) Project organizational impact:
(i) Division (or other dept. sub-unit) project;
identify:
(ii) Department project.
(iii) Cross-department project.
(b) Project Name.
(c) Project Manager.
(d) Project Purpose (check all that apply):
(i) Maintain/enhance existing infrastructure.
(ii) New infrastructure.
(iii) Maintain/enhance existing
application/product.
(iv) Develop new application/product.
(v) Support of UCA 46-4-503.
(vi) Pilot project.
(vii) Implement/enhance GIS.
(viii) Collaboration with local government.
(ix) Public/private partnership.
(x) Other, please specify.
(4) DOCUMENT SUPPORT OF EXECUTIVE BRANCH STRATEGIC
GOALS.
(5) DESCRIBE PROPOSED PROJECT AND ITS ANTICIPATED
BENEFITS.
(6) IDENTIFY THE IMPACT ON DTS SERVICES THAT MAY RESULT
WITH THE DEVELOPMENT OF THIS PROJECT.
(7) LIST ESTIMATED START AND END DATE FOR
PROJECT.
(8) ESTIMATE PROJECT COSTS INCLUDING LABOR, HARDWARE,
SOFTWARE, CONTRACT SERVICES AND OTHER.
(9) ESTIMATE ANNUAL OPERATION/MAINTENANCE COSTS.
(10) DESCRIBE RISK LEVEL OF PROJECT FOLLOWING CIO
INSTRUCTION FOR FORMAT.
(11) DESCRIBE SEVERITY LEVEL OF PROJECT FOLLOWING CIO
INSTRUCTION FOR FORMAT.
(12) DESCRIPTION OF IT ALIGNMENT WITH BUSINESS
OBJECTIVES.]
R895-6-[7]6. Exceptions.
Any variance to format or content as established in this rule shall be approved by the CIO office.
R895-6-[8]7. Rule Compliance Management.
The CIO may enforce this rule by non-approval of the IT Plan as defined in Utah Code, Section 63F-1-204.
KEY: IT planning
Date of Enactment or Last Substantive Amendment: [September 16, 2009]2015
Notice of Continuation: March 27, 2014
Authorizing, and Implemented or Interpreted Law: 63F-1-206; 63F-1-204; 63G-3-201
Additional Information
More information about a Notice of Proposed Rule is available online.
The Portable Document Format (PDF) version of the Bulletin is the official version. The PDF version of this issue is available at https://rules.utah.gov/publicat/bull-pdf/2015/b20150115.pdf. The HTML edition of the Bulletin is a convenience copy. Any discrepancy between the PDF version and HTML version is resolved in favor of the PDF version.
Text to be deleted is struck through and surrounded by brackets ([example]). Text to be added is underlined (example). Older browsers may not depict some or any of these attributes on the screen or when the document is printed.
For questions regarding the content or application of this rule, please contact Stephanie Weiss at the above address, by phone at 801-538-3284, by FAX at 801-538-3622, or by Internet E-mail at [email protected]. For questions about the rulemaking process, please contact the Division of Administrative Rules.