EOTSS Annual Report 2022: About Us

The Executive Office of Technology Services and Security (EOTSS) seeks to provide secure and quality digital information, services, and tools to customers and constituents when and where they need them. 

As the lead enterprise information technology (IT) and cybersecurity organization for the Executive Branch, EOTSS offers responsive digital services and productivity tools to more than 40,000 state employees. It also provides digital services and tools that enable taxpayers, motorists, businesses, visitors, families, and other citizens to do business with the Commonwealth in a way that makes every interaction with government easier, faster, and more secure. 

Read the text of the graphic.

The Baker-Polito Administration created EOTSS in 2017 in partnership with the Legislature “to improve data security, safeguard privacy, and promote better service delivery” across the Commonwealth. These goals would be achieved through the modernization of the state’s aging IT and security infrastructure, the development of true enterprise strategies and organization structure, and investments in best-in-class technologies and first-class talent.  

EOTSS has broad statutory authority to effectuate the goals prompting IT consolidation in Chapter 64 of the Acts of 2017, as memorialized and articulated in M.G.L. c. 6A, s. 7A and M.G.L. c. 7D. 

Since its creation, EOTSS has made critical investments in infrastructure resiliency, unifying cybersecurity operations, and deploying a Standard Operating Environment (SOE) and technology architecture across all agencies. The organization has also collaborated with agencies to improve the centralized delivery of digital services for constituents, schools, businesses, government agencies, and municipalities. 

The centralization of IT and cybersecurity under EOTSS enabled the state to manage infrastructure and service delivery more efficiently through enterprise leadership, expertise, and economies of scale.  

Additionally, EOTSS delivers value in the following enterprise program areas (among others): 

• IT Capital Investment & Related Program Management  

• Centralized Contract Management and Enterprise Software License Acquisition Management 

• Targeted IT Recruiting 

• Asset Management 

• Privacy & Risk management 

While EOTSS assumed oversight of core IT and cybersecurity infrastructure and services, management of the business application layer was preserved at the agency and secretariat level – where there resides deep subject matter expertise and knowledge of the business and the application layers, and impact with respect to daily operations and respective constituency 

However, agencies continue to work with EOTSS to strategical identify which of their legacy business applications should be kept, replaced, retired, or consolidated. They then collaborate on migration to approved hosting solutions within the EOTSS SOE for those applications that will remain in service.

EOTSS continues to lead the charge in transforming the Commonwealth’s decentralized approach to IT infrastructure and service delivery into a centralized technology organization laser focused on securing digital assets and providing world-class service to customers and constituents.

Modernizing the Commonwealth’s IT landscape remains a top priority on the EOTSS strategic roadmap, as does strengthening the state’s cybersecurity posture to meet today’s emerging threats. The organization will also continue to collaborate across multiple agencies and secretariats to invest in high-impact IT projects that can be efficiently supported over their useful lives.  

All efforts will work towards ensuring a more resilient Commonwealth and the continuity of government operations under any circumstance, as well as improving the constituent digital experience when accessing essential government services.

The EOTSS organizational structure has evolved since 2017 to better reflect the management, operational, and staffing needs of a modern enterprise IT and cybersecurity agency. 

At a high level, 22 EOTSS Departments report up to the Secretary and Commonwealth CIO through four Assistant Secretaries and the General Counsel.  

Secretariat Chief Information Officers (SCIOs) and their respective technology organizations also have a “dotted-line” reporting responsibility to the EOTSS Secretary and Commonwealth CIO. 

Read the text of the graphic.

These 22 departments are staffed by 452 full-time employees and 60 staff augmentation contractors working through 18 vendors (via ITS77).  

EOTSS full-time employees, contractors, and vendors primarily support the enterprise in the following areas:

• Enterprise Cybersecurity & Risk Management – EOTSS maintains operational responsibility for securing the Commonwealth’s infrastructure, networks, data, and systems through the development and maintenance of enterprise security policies and strategies; security operations; incident reporting and response; risk management; and information governance.  

• Infrastructure & Network Services – These services include voice and data networks; enterprise systems and services; mainframe and various hardware environments; architectural and infrastructure hosting services for cloud and other environments, as well as enterprise application maintenance and business support. 

• End-User Support & IT Services – These teams oversee end user software, hardware, voice, and connectivity support for Commonwealth employees, agencies, and IT organizations; they manage the Service Desk, and Desk Side Services.

Read the text of the graphic.

• Digital & Data Services – These teams have responsibility for overall strategy and management of the Mass.gov environment, while also providing leadership and direction to agencies in the delivery of digital services to our residents, visitors, and businesses. The Data Office more specifically establishes data standards and assists with data analysis, visualization, and business intelligence efforts.  

• Strategy Management & Consulting Services – The Office of Strategy Management (OSM) is a business engagement team offering agencies expertise in planning and performance management, project management, business strategy, and research and analysis. They seek to increase the efficiency and responsiveness of state agencies by improving service delivery and adopting new technology-enabled business solutions.

Additionally, the following EOTSS Departments perform niche functions within the organization and for our partners in state and local government: 

• Office Of Municipal and School Technology (OMST) – This Office supports local government efforts to effectively serve their residents, students, and employees through the use of technology. It serves cities, towns, and school districts across the Commonwealth by providing technical assistance to position communities for successful technology initiatives, promoting state resources that can improve local government operations, and administering and providing information about available IT and security grant opportunities. 

• Bureau of Geographic Information Services (MassGIS) – MassGIS is the state’s one-stop-shop for interactive maps and associated descriptive information. The team coordinates GIS activities in state and local government and sets GIS data standards. MassGIS supports emergency response, real-estate research, environmental planning and management, transportation planning, economic development, and engineering services.  

• Interoperable Communications Bureau – This Division provides infrastructure planning project management, grant administration and support to promote interoperable communications amongst first responders, public safety, public health, and other government services across a growing spectrum of communications platforms to include the statewide public safety radio network and public safety wireless broadband network(s). 

• IT Capital Investment Management – The Secretary and EOTSS Office of Capital Planning oversee the IT capital investment portfolio and related program management. This team works in partnership with the Executive Office for Administration and Finance (A&F) and the IT Investment Advisory Board to develop and administer the annual Capital Investment Plan (CIP) with the Governor’s Office.  

• Office of the General Counsel & Legal Services – This Office, along with the Commonwealth’s first Chief Privacy Officer (CPO), oversees the development of policies regarding the appropriate sharing of sensitive data and ensures compliance with federal and state laws concerning the collection, retention, sharing, and disposal of data. It also manages the enterprise e-Discovery team that provides executive branch agencies with technical services for record preservation and e-mail and file extractions.   

• Administration & Finance – Divisions reporting to the Chief Administrative Officer include Human Resources, IT Recruiting, the Fiscal Office, the Procurement team, Contract Management & Software Licensing; and IT Accessibility. 

• Policy & Planning – This Division is responsible for establishing an enterprise IT strategic planning framework; development of a statewide IT roadmap; maintaining enterprise policies, standards, and guidance; and overseeing Executive Office communications, legislative and external affairs.  

In addition to reporting up to their respective cabinet secretaries, Chief Information Officers and their IT and security organizations at the other secretariats also have a “dotted-line” reporting responsibility to the EOTSS Secretary and Commonwealth CIO: 

EOTSS promotes a collaborative relationship with the SCIOs through monthly SCIO Cabinet Meetings, annual strategic planning exercises, and project implementation support and monitoring. 

Body Cam Task Force

Established by the 2020 Police Reform Bill, “An Act relative to justice, equity, and accountability in law enforcement in the Commonwealth.” The Board, chaired by the Secretary of the Executive Office of Public Safety and Security (EOPSS) or designee and is comprised of various law enforcement, civil liberties, and technology stakeholders, is charged with proposing regulations to establish a uniform code for the procurement and use of body-worn cameras by law enforcement officers throughout the Commonwealth. The Secretary of the Executive Office of Technology Services and Security (EOTSS) or designee serves as a member of the Task Force, offering technology procurement and implementation expertise.

State 911 Commission

Established by the 2008 State 911 Bill, “An Act establishing a state 911 department, single 911 surcharge and an enhanced 911 fund.” The Commission, chaired by the Secretary of the Executive Office of Public Safety and Security (EOPSS) and is comprised of public safety and other interested government entities throughout the Commonwealth. The Commission is charged with providing strategic oversight and guidance to the State 911 Department on enhancing 911 service in the Commonwealth. The Commonwealth’s Chief Information Officer (CIO) serves as a member of the Commission, offering public safety radio technology guidance on behalf of the Executive Office of Technology Services and Security’s (EOTSS) Interoperable Communications Bureau (ICB).

Justice Reinvestment Policy Oversight Board (JRPOB)

Established by the 2018 Criminal Justice Reform Bill, “An Act Relative to Criminal Justice Reform.” The Board, chaired by the Secretary of the Executive Office of Technology Services and Security (EOTSS) and comprised of a broad spectrum of criminal justice agency leaders and stakeholders inside and outside of state government, is charged with monitoring the development and implementation of justice reinvestment policies relative to the collection, standardization, and public availability of data.

The Community Compact Cabinet (CCC) champions municipal interests across all executive secretariats and agencies, and develops, in consultation with cities and towns, mutual standards and best practices for both the state and municipalities.   

While the CCC offers partnerships with municipalities in a number of best practice areas, EOTSS and its Office of Municipal and School Technology (OMST) collaborated with the CCC to head up the IT Best Practices Program. This program includes assistance in areas ranging from IT Health Checks to Cybersecurity and Strategic Planning. A rundown of completed IT Best Practice engagements can be found here.

Through the CCC and the EOTSS-designed CCC Connector Portal, the Baker-Polito Administration has centralized links to the municipal grant finder, application submission calendar, and other resources that municipalities need to interact more easily with state government so that they can better serve residents, businesses and visitors. 

The MassGIS team also worked with the Lt. Governor’s Office to create an interactive map that visually demonstrates how communities have engaged with the Administration through the CCC. 

CCC IT Grant Program 

The CCC IT Grant Program is a competitive grant program focused on driving innovation and transformation at the local level via investments in technology. The funding is designed to drive innovation, make government more efficient, save taxpayer money, and make it easier for residents to interact and transact with their local government.  

Grants of up to $200,000 support the implementation of innovative IT projects by funding related one-time capital needs such as technology infrastructure or software. Incidental or one-time costs related to the capital purchase such as planning, design, installation, implementation and initial training are eligible. EOTSS and its OMST partner with the CCC and municipalities on program development and implementation.  

Most recently in December 2021, Lt. Governor Polito announced $3.5 million in IT grants to 70 municipalities through this program. The Baker-Polito Administration has now issued 749 grants through this program worth $19.2 million to help Massachusetts communities become more efficient and innovative while improving their technology infrastructure. 

Here is a list of past recipients and projects of Community Compact IT grants. 

Municipal Fiber Grant Program

This fiscal year, the Baker-Polito Administration announced the rollout of a new Municipal Fiber Grant program aimed at closing critical gaps that exist in municipal networks. The provision of fiber in communities allows for centralized management of IT infrastructure, including an enterprise approach to network monitoring, cybersecurity, records management, and backup and recovery. A cohesive municipal network also creates opportunities to gain economies of scale by aggregating internet bandwidth purchases and the associated security infrastructure. 

EOTSS and its OMST again partnered with the CCC and municipalities on program development and implementation. 

The EOTSS senior leadership team and staff regularly engage with strategic partners in federal, state, and local government – as well as industry partners and non-profit organizations who are well positioned to offer strategic guidance and best practices on cybersecurity, IT product and service delivery, and the digital government experience.   

Some examples of these strategic partnerships are noted below.  

Mass Cyber Center  

The Mass Cyber Center was launched in September 2017 by the Baker-Polito Administration with a vision to enhance opportunities for the Massachusetts cybersecurity ecosystem to compete as a national cybersecurity leader and to strengthen the resiliency of the Commonwealth’s communities, including public and private organizations and businesses.  

The Mass Cyber Center's mission is to enhance conditions for economic growth through outreach to the cybersecurity ecosystem of Massachusetts, while fostering cybersecurity awareness and resiliency within the Commonwealth.  

As outlined later in the Enterprise Security & Risk Management section of this report, EOTSS works with several other federal, state, and industry partners in carrying out its security and risk mission. 

NASCIO 

As a 501c (3) (h) nonprofit association, the primary objective of the National Association of State CIOs (NASCIO) is to provide policymakers with insight and recommendations regarding the implications of technology-related legislation, regulations, policies and proposals.  

NASCIO’s primary advocacy efforts focus on: 

• building awareness of state IT policy issues 

• advancing the role of the state CIO 

• expanding the association's visibility on Capitol Hill and with federal agencies 

Additionally, biannual NASCIO conferences allow for the greater exchange of IT policies, procedures and ideas that are implemented on the state level to address common problems facing all state-level enterprise organizations. NASCIO conferences are based on these guiding principles: 

• be non-partisan 

• be ethical in our actions and relationships 

• foster policies that support the public trust 

• focus on multi-jurisdictional issues 

• promote open standards and best practices 

• promote strategic alignment of government technology investments and state business agendas 

• promote the CIO as the technology leader who drives business innovation and transformation 

SAFECOM 

As outlined on the Cybersecurity and Infrastructure Security Agency (CISA) website, SAFECOM collaborates with emergency responders and elected officials across all levels of government to improve emergency response providers’ inter-jurisdictional and interdisciplinary emergency communications interoperability across local, regional, tribal, state, territorial, international borders, and with federal government entities. “SAFECOM works with existing federal communications programs and key emergency response stakeholders to address the need to develop better technologies and processes for the coordination of existing communications systems and future networks.” 

The EOTSS Secretary currently serves as the NASCIO designee to SAFECOM. Other SAFECOM members include representatives from a wide array of public safety associations and organizations. 

National Association of State Technology Directors (NASTD) 

Founded in 1978, the National Association of State Technology Directors (NASTD) is a member-driven organization that seeks “to advance and promote the effective use of information technology and services to improve the operation of state government.” NASTD represents IT professionals from all 50 states and the private sector. Members provide and manage state government IT services and facilities for state agencies and other public entities. They play a strategic role in planning and shaping state government technology infrastructures and policies.  

GOV Tech & Massachusetts Virtual Digital Government Summit 

In November 2021, the Baker-Polito Administration, in partnership with Government Technology, hosted the 2021 Massachusetts Virtual Digital Government Summit, an annual conference geared toward networking opportunities and the sharing of best practices to enhance technology and cybersecurity services across the public sector. With a focus on the ‘future of work’ in adapting how the business of government is executed, the Summit offered attendees from state and municipal government with a valuable opportunity to build vital relationships with industry leaders and learn about innovative solutions for the challenges governments face in an increasingly digital world.