STATE INFORMATION MANAGEMENT PRINCIPLES - 4800
The California Department of Technology (Department of Technology) has broad responsibility and authority to guide the application of information technology (IT) in California State Government. The Department of Technology’s areas of responsibility include policy making, interagency coordination, IT budget and procurement review, technical assistance, and advocacy. In view of the scope of these activities and their potential impact on state government, the Department of Technology has articulated the fundamental principles, policies, and procedures to govern the use of IT in Sections 4800 through 5180 of the State Administrative Manual (SAM).
Note that any and all project approvals or conditions made by the Department of Technology’s predecessor organizations, the California Technology Agency (CTA) prior to July 1, 2013, the Office of the State Chief Information Officer (OCIO) prior to January 1, 2011, or the Department of Finance (Finance) prior to
January 1, 2008; remain in effect unless otherwise notified. Priority of Information Technology.
Information technology (IT) is an indispensable tool of modern government. Accordingly, each Agency/state entity is expected to seek opportunities to use this technology to increase the quality of the services it provides and reduce the overall cost of government.
Each Agency/state entity director should be knowledgeable about the information requirements and information management practices of the Agency/state entity and should provide active leadership in the exploration of new opportunities to use IT. Each Agency/state entity should establish clear lines of authority and responsibility for information management.
Each Agency/state entity shall establish and maintain an information management function consistent with its own operational needs and organizational structure. This function shall serve to ensure the Agency/state entity’s ability to identify the information it collects, maintain the integrity and security of the information, and provide for appropriate access to the information.
Management Methods.
Each Agency/state entity shall employ proven management methodologies to guide and control the planning, acquisition, development, operation, maintenance, and evaluation of information management applications. Pilot projects and/or independent oversight shall be required for larger, more complex applications.
Decisions regarding the application of IT shall be based on analysis of overall costs and benefits to the people of California over the life of the application. Each Agency/state entity shall plan far enough into the future to ensure that adequate time is available for analysis of alternatives, for obtaining necessary management approvals, and for the administration of procurements. Agencies/state entities shall determine the impact of their decisions across Agency/state entity lines and give priority to alternatives that provide the greatest benefit from a statewide perspective.
Record of Decisions.
Each Agency/state entity shall maintain records of management decisions concerning the use of IT. These records must be sufficiently detailed to satisfy the requirements of oversight agencies as well as internal management. The records must address such topics as:
- Identification of IT needs;
- Setting of priorities for applications of IT;
- Evaluation of application alternatives;
- Project management and control;
- Contingency planning and risk management; and,
- Operational controls and maintenance provisions.
Agency/State Entity Personnel.
Agency/state entity managerial, technical and user personnel should possess the knowledge and skills necessary to use IT to the best advantage for the state. Each Agency/state entity should regularly assess the IT skills and knowledge of its personnel in relation to job requirements, identify and document training needs, and provide suitable training within the limits of available resources.
In selecting or developing applications of IT, each Agency/state entity shall consider the benefits and costs of maintaining compatibility with other planned and existing applications within the Agency/state entity and in other Agencies/state entities. Such consideration of compatibility shall include computer languages, applications and system software, computer hardware and telecommunications equipment, data formats, and the specific knowledge and skills required of state personnel.
In acquiring equipment, software, and services involving IT, Agencies/state entities shall seek maximum economic advantage to the state. Procurements shall normally be competitive, in conformance with the applicable sections of the Public Contract Code and SAM. Agencies/state entities shall use master contracts whenever the functional requirements for which the contract was awarded are substantially the same as the Agency/state entity’s requirements.
Each Agency/state entity shall adopt policies and establish procedures for assignment of costs associated with IT by program or operational unit within the Agency/state entity, as well as for the assignment and recovery of the costs of services provided to other Agencies/state entities, private individuals, and organizations.
Each Agency/state entity shall adopt and maintain a risk management program for the purpose of identifying and avoiding or minimizing threats to the security of information it maintains and the operational integrity of its information systems, telecommunications systems, and data bases
Applications of IT shall be fully documented with respect to the needs of (1) non- technical users; (2) technical personnel; (3) Agency/state entity measurement; and (4) outside auditors. The adequacy of documentation shall be an evaluation criterion in all procurements involving IT (equipment, software, services and telecommunications facilities). Project plans shall include specific provision for the creation of suitable documentation.
Provision for Emergencies.
In planning for the use of automated information systems and telecommunications facilities, Agencies/state entities shall develop policies and procedures to be followed in times of emergency; when systems are preempted to preserve the public health, welfare or safety; and when other events occur which prevent reliance on automated systems for extended periods of time.
Individual Rights.
Information management policies and procedures shall be consistent with the California Constitution, the Public Records Act, the Information Practices Act, and other applicable laws. Each Agency/state entity shall safeguard the right to privacy of individuals who are the subjects of the records it maintains.
Ethics.
In the conduct of their operations and in the accomplishment of the policies stated above, Agencies/state entities and their employees shall employ IT in a legal and ethical manner consistent with government statues, rules and regulations. IT shall not be used for purposes that are unrelated to the Agency/state entity’s mission or that violate state or federal law. Contract provisions, including software licensing agreements, shall be strictly followed.
Revisions
No Revisions for this item.