|Issuer:||Deval L. Patrick|
|Mass Register:||No. 1255|
|Superseding:||Executive Order No. 523|
Table of Contents
WHEREAS, the national economy, the financial system on which the economy relies, and the state budget are now under significant stress;
WHEREAS, state government must strive to achieve every possible efficiency in its operations and in its delivery of services to the people of the Commonwealth;
WHEREAS, one mechanism for achieving greater efficiency and cost-effectiveness is by further coordinating and centralizing the management and operation of the Executive Department's information technology systems;
WHEREAS, it is also necessary to improve procurement and implementation of information technology;
NOW, THEREFORE, I, Deval L. Patrick, Governor of the Commonwealth of Massachusetts, by virtue of the authority vested in me by the Constitution, Part 2, c. 2, § I, Art. I, do hereby order as follows:
Section 1. This Executive Order shall apply to all state agencies in the Executive Department. As used in this Order, “state agencies” (or “agencies”) shall include all executive offices, boards, commissions, agencies, departments, divisions, councils, bureaus, and offices, now existing and hereafter established.
Section 2. The Commonwealth Chief Information Officer (“CCIO”) appointed by the Secretary of Administration and Finance under G.L. c. 7, sec. 4A(d) shall be the Undersecretary for Information Technology. The CCIO shall appoint a Chief Operating Officer, who shall have immediate charge of service delivery and operational issues and who shall have the same rank as the Secretariat Chief Information Officers appointed under Section 3. The CCIO shall also supervise the Government Innovation Officer appointed under Executive Order No. 542, notwithstanding section 5 of Executive Order No. 542.
Section 3. The secretary of each executive office (“secretariat”) in the Executive Department shall appoint a Secretariat Chief Information Officer (“SCIO”). Such appointments shall be made following consultation with and approval by the CCIO. Each SCIO shall report both to the Secretary of the SCIO's respective secretariat and, through a dotted line relationship, to the Commonwealth CIO. Where operationally warranted, SCIOs shall have the authority, following consultation with agency heads, to appoint chief information officers for agencies within their secretariats (“Agency CIOs”). Each Agency CIO shall report to the SCIO of his or her secretariat. All agency information technology (“IT”) personnel shall report to the Agency CIO or to his or her designee, or where no Agency CIO is appointed, to the SCIO for the agency's secretariat.
Section 4. With the approval of the Legislature, agency budgets for IT shall be aggregated at the secretariat level and managed by each secretariat's SCIO.
Section 5. Each SCIO shall maintain their approved secretariat consolidation plan (“Secretariat Consolidation Plan”) demonstrating how the Secretariat will migrate to the most efficient model for the delivery of IT services. Each Secretariat Consolidation Plan shall address, among other things, how the SCIO will manage and consolidate (or, at the SCIO's discretion, retain at the agency level or regionalize):
- helpdesk services;
- desktop and local area network (LAN) services;
- web site information architecture; and
- application services which the SCIO proposes to provide at the Secretariat level.
Plans shall require SCIO approval for all secretariat and agency IT expenditures regardless of funding source. Subject to such approval, plans may provide for the acquisition and maintenance of agency-specific applications to remain at the agency level. Following the Commonwealth CIO's approval of their respective Secretariat Consolidation Plans, each SCIO shall manage IT for his or her secretariat based on that approved plan.
Pursuant to reporting requirements established by the Commonwealth CIO, each SCIO shall prepare and submit periodic IT plans to the Commonwealth CIO for the CIO's review and approval. Each plan shall address: (a) IT operational and project priorities that are consistent with the secretariat's strategic business goals, (b) IT budgets, (c) major IT procurements planned for the year, (d) strategies for enhancing the efficiency, effectiveness and security of IT services at the secretariat level, and (e) IT staffing plans.
Section 6. The Commonwealth CIO shall issue a high level description of his or her plans for completing the migration of Infrastructure Services for all Executive Department agencies to the Information Technology Division (“ITD”), except those services, if any, that the Commonwealth CIO determines cannot be centralized at ITD due to technical viability or restrictions imposed by state or federal law. The Commonwealth CIO shall complete the migration of Infrastructure Services for all Executive Department agencies to ITD. ITD must substantially complete the consolidation of Infrastructure Services for the Executive Department at ITD. Consolidated Infrastructure Services provided by ITD shall, at a minimum, meet the same service levels as those received by Executive Department agencies prior to consolidation. The Commonwealth CIO may, at his or her discretion and through a written delegation, authorize certain Secretariats to operate specific Infrastructure Services.
Section 7. There shall be an Infrastructure Services Board (“ISB”) which shall advise the Commonwealth CIO regarding service levels for the Infrastructure Services provided by ITD, and be chaired by the ITD Chief Operating Officer. The precise members and make-up of the Infrastructure Services Board shall be determined by the Commonwealth CIO, but its membership shall be drawn from state employees across the Executive Department with knowledge and experience in the field of IT, with additional representatives from the Judicial and Legislative Branches, other constitutional offices, and quasi-public authorities whose entities are or become customers of ITD's Infrastructure Services and who accept an invitation from the Commonwealth CIO to participate. The ISB shall have no decision making authority; its sole function shall be to provide information and advice, as requested, to the Commonwealth CIO.
Section 8. Annually, each SCIO, the cabinet Secretary for the respective Secretariat served by them, and the Commonwealth CIO will collaborate on the drafting and publication of an annual Business Innovation Plan for the Secretariat that:
- describes strategies that the Secretariat will implement in order to use information technology to transform the business of government;
- identifies specific business cost savings and efficiencies that will be generated through strategic use of information technology within each Secretariat; and
- identifies any necessary one-time or ongoing Information Technology investment needed to realize such business cost savings or efficiencies.
Section 9. Annually, the Commonwealth CIO shall, for the purpose of protecting Commonwealth programs, data and information technology, conduct compliance reviews across the executive department to ensure full compliance with statutes, regulations, policies, standards and contractual obligations related to information security and information technology and report annually on the results of such reviews to Cabinet Secretaries and the Governor.
Section 10. The Commonwealth CIO shall have the authority to coordinate Executive Department IT planning by:
- Reviewing and approving Secretariat Consolidation Plans and periodic Secretariat IT plans, and setting timeframes for both secretariat and infrastructure consolidation;
- Reviewing and approving secretariat IT budget requests and establishing IT budget priorities, including for all major IT projects regardless of funding source;
- Developing a comprehensive multi-year strategic plan for IT for the Executive Department, which addresses the acquisition, management and use of IT and specific projects that implement the strategic plan;
- Identifying opportunities for cost savings based on standardization, cross-agency collaboration, use of shared services and centralization of resources; and
- Collaborating with SCIOs and Secretariats on the creation of annual Business Innovation Plans for each Secretariat.
(a) The CCIO shall supervise all Executive Department IT project selection, development and maintenance, and shall supervise procurement in consultation with the Assistant Secretary for Operational Services.
(b) The CCIO shall use a rigorous methodology that incorporates a return on investment and risk calculation to evaluate new IT projects. The CCIO shall seek outside return on investment verification for projects that exceed $20 million, are applying for self-financing (where the revenue or savings expected from the project will cover the cost of the debt service), and those the CCIO identifies as uniquely complex.
(c) The CCIO shall appoint an IT Portfolio Oversight Committee, which shall develop a portfolio strategy, provide input to the CCIO on projects to be funded based on the project evaluation methodology, and review ongoing projects quarterly on an ongoing basis. Membership should include the CCIO, ITD Capital Planning Officer, 4-6 representatives from the secretariats with experience in business and IT, and 1-2 experts from the private sector or academia. Private sector members shall not be eligible to bid on the projects considered by or related to the projects considered by the Committee.
(d) The CCIO shall adopt policies, standards and guidelines governing IT procurement, development and maintenance, specifically including provisions for:
- identifying which IT procurements shall require express approval of the CCIO; .
- effective project management and oversight configurations;
- strategic incentive and requirement structures;
- creating more competition among IT vendors;
- disqualifying underperforming vendors; and
- other best practices identified, including those identified in legislatively required reports.
(e) The CCIO, in consultation with the Assistant Secretary for Operational Services, shall develop a Strategic IT Procurement Team to provide planning, writing and negotiating assistance to agencies procuring large IT projects.
Section 12. Where appropriate, and with the approval of the Secretary of Administration and Finance, the Commonwealth CIO shall have the authority to enforce this Executive Order by determining and imposing remedial courses of action in instances of secretariat or agency non-compliance with this Order's requirements. Such actions may include, without limitation, a freeze on the non-compliant secretariat's or agency's authority to make IT-related expenditures, as well as a loss of eligibility for IT capital funding.
Section 13. The Commonwealth CIO shall report annually to the Executive Office for Administration and Finance concerning: (a) progress made by the Executive Department towards secretariat and infrastructure consolidation; (b) the results of such consolidation; (c) service levels for the consolidated infrastructure services provided to the Executive Department; (d) the cost of such services; (e) Secretariat Business Innovation Plans; and (f) the results of compliance reviews of executive department compliance with information security and technology related laws, regulations, policies, standards and contractual obligations.
Section 14. As used in this Executive Order:
“Information technology” means hardware, software, and telecommunications equipment, including but not limited to personal computers, mainframes, wide and local area networks, servers, mobile or portable computers, peripheral equipment, telephones, wireless communications, handheld devices, cloud-based application and platform services, public safety radio services, facsimile machines, technology facilities including but not limited to data centers, dedicated training facilities, switching facilities, and other relevant hardware and software items as well as personnel tasked with the planning, implementation, and support of technology;
“Infrastructure Services” shall mean data and telecommunications networks, premise or hosted data center services, web site hosting and portal services (except the provision of website information architecture and content), and shared enterprise services such as email and directory services; and
“Telecommunications” means any origination, transmission, emission, or reception of signs, signals, writings, images, and sounds or intelligence of any nature, by wire, radio, television, optical, or other electromagnetic systems.
Section 15. Nothing in this Executive Order shall be construed to require action inconsistent with any applicable state or federal law.
Section 16. This Executive Order shall take effect immediately and shall continue in effect until amended, superseded or revoked by subsequent Executive Order.
Given at the Executive Chamber in Boston this 31st day of January in the year of our Lord two thousand and fourteen, and of the Independence of the United States of America two hundred and thirty-eight.
DEVAL L. PATRICK
Commonwealth of Massachusetts
WILLIAM FRANCIS GALVIN
Secretary of the Commonwealth