SAM – INFORMATION TECHNOLOGY
(California Department of Technology)
Note: Effective January 1, 2008, the Office of Information Security (Office) restructured and renumbered the content and moved SAM Sections 4840 – 4845 to SAM Sections 5300 – 5399. See also the Office's Government Online Responsible Information Management (GO RIM) Web site at for statewide authority, standards, guidance, forms, and tools for information security activities.
CHAPTER 4900 INDEX
PURPOSE / 4900
Basic Policies / 4900.2
Agency Information Management Strategy Documentation / 4900.3
Agency Information Management Strategy Reporting Requirements / 4900.5
EXHIBITS AND SUPPORTING DOCUMENTS / 4903
Information Management Organization / 4903.1
Information Management Costs / 4903.2
CONCEPTUALLY APPROVED IT PROJECT PROPOSALS REPORT / 4904
ENTERPRISE ARCHITECTURE / 4906
CALIFORNIA PROJECT MANAGEMENT METHODOLOGY (CA-PMM) / 4910
PROJECT APPROVAL LIFECYCLE
PROJECT APPROVAL LIFECYCLEPURPOSE / 4920
PROJECT APPROVAL LIFECYCLEBASIC POLICY / 4921
PROJECT APPROVAL LIFECYCLESCOPE / 4922
PROJECT APPROVAL LIFECYCLEPARTICIPATION / 4923
PROJECT APPROVAL LIFECYCLEDOCUMENTATION / 4924
CONSISTENCY WITH AGENCY INFORMATION MANAGEMENT STRATEGY AND CONCEPTUALLY APPROVED IT PROJECT PROPOSALS REPORT / 4925
PROJECT APPROVAL LIFECYCLEPROCESS / 4927
PROJECT APPROVAL LIFECYCLESTAGE/GATE DELIVERABLES / 4928
(Continued)
Rev. 433
SAM – INFORMATION TECHNOLOGY
(California Department of Technology)
(Continued)
CHAPTER 4900 INDEX (Cont. 1)
OVERVIEW / 4941
COMPLIANCE REVIEW / 4942
AUDIT OF INFORMATION TECHNOLOGY PROJECTS / 4943
PERIODIC PROJECT REVIEWS AND REPORTS / 4944
SPECIAL PROJECT REPORT – GENERAL REPORTING REQUIREMENTS / 4945
Special Project Report – Content And Format / 4945.2
MAINTENANCE AND OPERATIONS PLAN POLICY / 4946
POST – IMPLEMENTATION EVALUATION REPORT / 4947
Post – Implementation Evaluation Report – Content And Format / 4947.2
TECHNOLOGICAL ALTERNATIVES – SELECTION CRITERIA
INTRODUCTION / 4981
Policy / 4981.1
TECHNOLOGICAL ALTERNATIVES – DATA CENTERS
INTRODUCTION / 4982
Data Center Consolidation And Determination Of Agency - Data Center Assignments / 4982.1
Policies For Data Center Management / 4982.2
TECHNOLOGICAL ALTERNATIVES – CLOUD COMPUTING POLICY
INTRODUCTION / 4983
Policy / 4983.1
TECHNOLOGICAL ALTERNATIVES – DESKTOP AND MOBILE COMPUTING POLICY
DESKTOP AND MOBILE COMPUTING / 4989
Definition Of Desktop And Mobile Computing / 4989.1
Exclusions / 4989.2
Agency/State Entity Roles And Responsibilities / 4989.3
Policy Compliance / 4989.8
PURPOSE 4900
(Revised 6/2015)
Strategic planning is essential to the successful adoption of IT in state government. An Agency/state entity information management strategy provides a means of coordinating systems development throughout the Agency/state entity over the long term. It enables the Agency/state entity to build systems within a common infrastructure and recognizes that no investment in systems should be made without proper planning. Inherent in the concept of information strategy is the commitment to develop business systems that are based on the real business priorities of the Agency/state entity.
The purposes of the planning requirements in this section are to ensure that:
- Agency/state entity plans for and uses of IT are closely aligned with Agency/state entity business strategies;
- Each Agency/state entity identifies opportunities to improve program operations through strategic uses of IT; and
- Each Agency/state entity establishes and maintains an IT infrastructure that supports the accomplishment of Agency/state entity business strategies, is responsive to Agency/state entity information requirements, and provides a coherent architecture for Agency/state entity information systems.
Rev. 430
SAM – INFORMATION TECHNOLOGY
(California Department of Technology)
BASIC POLICIES 4900.2
(Revised 6/2015)
Each Agency/state entity must establish an ongoing strategic planning process for IT and submit its strategic plan to the California Department of Technology for approval. The strategic planning process established by an Agency/state entity should be consistent with its needs, resources, uses of IT, and management style. However, the strategic planning process should:
- Be consistent with the current statewide strategic direction for IT, with relevant statewide policies contained in the State Administrative Manual, Statewide Information Management Manual and current management memos, and with Agency/state entity policies for the management of information and IT;
- Include active participation of Agency/state entity executive and program management;
- Align Agency/state entity strategies for IT with Agency/state entity business strategies;
- Identify emerging threats and opportunities in the Agency/state entity’s environment that have a potential impact on the Agency/state entity’s information management and its use of IT;
- Assess the strengths and weaknesses of the Agency/state entity in terms of its IT infrastructure and information management capabilities;
- Assess the potential of new information technologies to enable new business strategies and further the accomplishment of established strategies;
- Provide for the creation and maintenance of an Agency/state entity IT infrastructure that will support Agency/state entity information requirements and business strategies; and
- Establish goals and priorities for the acquisition of new information management capabilities.
Each Agency/state entity may determine the format and content of the documentation of its strategic plan for IT. The documentation must satisfy Agency/state entity management requirements and be sufficiently detailed to provide the Department of Technology with a clear understanding of the Agency/state entity’s information management strategy. Agency Information Management Strategy (AIMS) documentation guidelines can be found in SIMM Section 110.
(Continued)
(Continued)
BASIC POLICIES 4900.2(Cont. 1)
(Revised 6/2015)
It is the responsibility of the Agency/state entity to ensure that the information available to the Department of Technology represents its current strategy. The Department of Technology will base its decisions regarding the approval of an Agency/state entity’s IT activities and support for its budget augmentations in part upon its understanding of the Agency's Information Management Strategy (AIMS) and the relationship between the AIMS and the Agency/state entity’s overall business strategy. In general, activities and proposals that are not supported by an AIMS that meets the basic requirements of this section or that are inconsistent with an Agency/state entity’s established strategy will not be approved or supported by the Department of Technology. Any Agency/state entity that does not have an approved AIMS will have all IT project delegation rescinded, including delegation for expenditures under the Desktop and Mobile Computing Policy (SAM Section 4989.)
The Agency/state entity must submit documentation of its information management strategy to the Department of Technology at the time it completes its initial strategic planning effort and, thereafter, whenever there is a significant change in strategy. SAM Section 4900.3 provides guidelines for the AIMS documentation that must be submitted to the Department of Technology. Additionally, the Agency/state entity must annually certify that the AIMS approved by the Department of Technology represent its current strategy. See SAM Section 4900.5 and SIMM Section 60.
Note that approval of an Agency/state entity’s AIMS does not imply approval of specific projects, nor does it guarantee funding for the plan or specific projects an Agency/state entity may initiate under the plan. Project funding must be addressed through the budget process, where final determination will be based on statewide as well as Agency/state entity priorities.
AGENCY INFORMATION MANAGEMENTSTRATEGY
DOCUMENTATION 4900.3
(Revised 6/2015)
Each Agency/state entity is expected to tailor the documentation of its information management strategy to its own needs and to provide the Department of Technology with sufficient information for the Department of Technology to understand that strategy in light of the Agency/state entity’s overall business strategy. AIMS documentation guidelines can be found in SIMM Sections 60 and 110.
Agencies/state entities are requested to address at least the following in their submittal to the Department of Technology:
Changes in Mission and Programs. A summary of expected changes in the Agency/state entity’s mission and programs that will require changes to the Agency/state entity’s information management capabilities.
Agency Business Strategy.A summary of the Agency/state entity’s business strategy for the period covered by the information management strategy.
Information Technology Vision. A summary of the Agency/state entity’s values and principles that articulate the conceptual basis or foundation for the Agency/state entity’s chosen IT infrastructure.
Impact on Information Management. An assessment of the impact of the Agency/state entity’s business strategy upon its information management practices.
New Information Technologies. A statement of how new information technologies will be employed in the business strategy.
Current Information Technology Infrastructure. A description of key elements in the Agency/state entity’s current IT infrastructure: standards, hardware, software, communications, personnel, partnerships, and application systems.
Planned Information Technology Infrastructure. A description of how that infrastructure will be developed or leveraged to meet future information requirements.
Information Management Priorities, Objectives, and Resources.A statement of the Agency/state entity’s priorities, objectives, and resources for achieving the development or acquisition of new information management capabilities.
Activities to Reengineer Agency/state entity Business Processes. A description of changes the Agency/state entity has made, or is making, to restructure its business operations in an effort to achieve dramatic improvements in critical measures of performance, such as efficiency, turnaround time, customer satisfaction, and quality.
An Agency/state entity may prepare a separate summary of its information management strategy for submission to the Department of Technology or it may choose to provide the Department of Technology with copies of its internal documents. The Department of Technology may request additional information to clarify its understanding of an Agency/state entity’s strategy. Agencies/state entities are encouraged to submit informational copies of their business strategies with their information management strategies and to provide oral briefings to the Department of Technology in conjunction with submitting their strategies.
AGENCY INFORMATION MANAGEMENT
STRATEGY REPORTING REQUIREMENTS 4900.5
(Revised 6/2015)
The AIMS must be submitted to the Department of Technology at the time the Agency/state entity completes its initial strategic planning effort. A revised AIMS must be submitted to the Department of Technology for approval whenever there is a significant change in the Agency/state entity’s strategy. Additionally, to assist the Department of Technology in reviewing an Agency/state entity’s IT Budget Change Proposals (see SAM Section 4819.42), the Agency/state entity annually must certify, by August of each year, or as instructed by the Department of Technology, that the AIMS approved by the Department of Technology represents its current strategy. SIMM Section 60 provides a template for the AIMS transmittal letter, which must be signed by the Agency/state entity director or chief deputy director, for this annual certification.
EXHIBITS AND SUPPORTING DOCUMENTS 4903
(Revised 6/2015)
The documents required in SAM Sections 4903.1-4903.4 supplement the information in the Agency/state entity AIMS by providing details about the organization or information management within the Agency/state entity and the resources available to the Agency/state entity.
INFORMATION MANAGEMENT ORGANIZATION 4903.1
(Revised 6/2015)
By June of each year, or as instructed by the Department of Technology in SIMM 05A, each Agency/state entity must submit to the Department of Technology organization charts showing:
- The relationship between the organizational unit or units responsible for information management functions (including telecommunications) and other units within the Agency/state entity; and
- The internal organization of the unit or units responsible for information management functions, including telecommunications. The internal organization chart should indicate numbers of positions by classification.
INFORMATION MANAGEMENT COSTS 4903.2
(Revised 6/2015)
By February 1 of each year, or on an annual basis, as instructed by the Department of Technology in SIMM 05A, each Agency/state entity is required to summarize its actual and projected IT costs for the past year, and current year. The format and instructions for submittal required by the Department of Technology are specified in SIMM Section 55.
Rev. 430
SAM – INFORMATION TECHNOLOGY
(California Department of Technology)
CONCEPTUALLY APPROVED IT PROJECT PROPOSALS REPORT 4904
(Revised 10/2015)
To forge the necessary integration of the business and Information Technology (IT) functions in California state government, the California Department of Technology (Department of Technology) publishes a Conceptually Approved IT Project Proposals Report each quarter. The Report will be based on the approved Stage 1 Business Analyses from Agencies/state entities[1]. This information represents the Executive Branch's plan for IT investments in support of the California IT Strategic Plan. The information in the Conceptually Approved IT Project Proposals Report is used to:
- Ensure that IT investments drive program efficiency and effectiveness and improve the quality of government services for Californians.
- Facilitate improvements in internal business processes and financial management through IT investments.
- Link IT investments to Agency/state entity priorities and business direction.
- Promote the alignment of IT investments with the Agency/state entity's enterprise architecture (Technology, Standards, and Infrastructure).
- Enhance and promote enterprise data sharing through IT investments.
- Facilitate consideration and conceptual approval to pursue selected IT investments.
See SIMM Section 19A for Project Approval Lifecycle Stage/Gate deliverable Preparation Instructions.
Rev. 432
SAM – INFORMATION TECHNOLOGY
(California Department of Technology)
ENTERPRISE ARCHITECTURE 4906
(Revised 6/2015)
The statewide Enterprise Architecture (EA) is developed in a cooperative, managed, and coordinated effort facilitated by the California Department of Technology. The National Association of State Chief Information Officers methodology and the Federal Enterprise Architecture framework included in SIMM Section 58A are adopted as the state’s standards to develop and maintain the statewide EA.
Accordingly, Agencies/state entities shall implement EA in accordance with SIMM Section 58D. In addition, Agencies/state entities shall, to the extent practical, utilize the EA Practices included in SIMM Section 158.
CALIFORNIA PROJECT MANAGEMENT METHODOLOGY 4910
(CA-PMM)
(Revised 6/2015)
The California Project Management Methodology (CA-PMM) is based on project management best practices as described in the Project Management Institute’s Project Management Body of Knowledge (PMBOK). The purpose of the CA-PMM is to provide consistent project information regardless of the Agency/state entity that is managing the project to provide policymakers greater visibility as to the status of IT projects and enable project executives, control agencies, and other interested parties to review and evaluate the status of IT projects as well as provide informed direction and guidance to IT Project Managers.
The CA-PMM provides the framework for the entire Project Management Cycle from project concept to maintenance and operations. Included in the CA-PMM are a set of templates to support the Project Management Life Cycle and a Reference Manual that contextualizes the different elements of the Project Management Life Cycle. See SIMM Section 17 for the Toolkit, the Reference Manual, and the specific conditions for utilizing the CA-PMM.
Rev. 430
SAM – INFORMATION TECHNOLOGY
(California Department of Technology)
PROJECT APPROVAL LIFECYCLE PURPOSE 4920
(Revised 1/2016)
The Project Approval Lifecycle (PAL) represents an opportunity for Agency/state entity’s management to assess the full implications of a proposed IT project. The PAL is also the means of linking a specific IT project to the Agency/state entity’s strategic business plans and IT plans, and to ensure that the proposed project makes the best use of the Agency/state entity’s IT infrastructure. The PAL is divided into four stages, separated by gates (business analysis, alternatives analysis, solution development and project readiness and approval). Each stage consists of a set of prescribed, cross-functional, and parallel activities to develop deliverables used as the inputs for the next stage. The gates provide a series of “go/no go” decision points that request only the necessary and known information needed to make sound decisions for that particular point in time. As additional information is collected and refined through the lifecycle, the cost estimates, schedules, and business objectives will be progressively updated and evaluated to determine if the project is still practical and if the investment should continue to move forward towards project approval. The model also integrates procurement into the project approval lifecycle, providing better estimates regarding a project’s budget and schedule. The purpose of the PAL is to accomplish the following:
- Better business outcomes for the State through successful IT projects.
- Result in more successful projects and fewer Special Project Reports.
- Improve efficiencies through effective project planning and analysis to meet State business needs, while also ensuring compliance with State IT policies.
- Introduce scalability to the project approval process based on business and/or technical complexity.
- Ensure each decision point requires only the necessary and appropriate level of information needed to make a sound decision, estimate, or product for that particular stage.
- Determine whether there is a substantiation for a proposed project, i.e., whether the expenditure of public resources on the project is justified based on the following:
- Responsiveness to a clearly-defined, program-related problem or opportunity;
- Selection of the best of the possible alternative;
- Agency/state entity’s technical and program capabilities; and
- Financial and/or non-financial benefits over the life of the solution that exceed development and operations costs. Project benefits typically include reduced program costs, avoidance of future program cost increases, increased program revenues, or provision of program services that can be provided most effectively through the use of IT.
(Continued)
Rev. 433
SAM – INFORMATION TECHNOLOGY
(California Department of Technology)
(Continued)
PROJECT APPROVAL LIFECYCLE PURPOSE 4920 (Cont. 1)
(Revised 6/2015)
- Provide a means for achieving agreement between Agency/state entity’s executive management, program management, and project management regarding:
- The scope, benefits, schedule, and costs of a proposed project;
- Management responsibilities over the course of the project; and
- Opportunities to collaborate with the Department of Technology.
- Provide executive branch control agencies and the Legislature with sufficient information to assess the merits of the proposed project and determine the nature and extent of project oversight requirements.
- To the extent feasible, ensure each step and work product in the lifecycle is useful input into subsequent steps.
- Ensure that a “no” or a “go back and re-think” decision is communicated as early as possible if the level of detail provided is inadequate.
PROJECT APPROVAL LIFECYCLE BASIC POLICY 4921
(Revised 6/2015)