DEFINITIONS - 4819.2

(Revised: 03/2024)

 

The following definitions of administrative and technical terms are provided to assist Agencies/state entities in their application of information technology (IT) policy.

The primary source for technical definitions is the Information Processing Systems Technical Report, American National Dictionary for Information Processing Systems, developed by the American National Standards Committee, X3 Information Processing Systems. In some cases, the definitions have been modified to meet state needs.

Accessibility/Accessible: Individuals with disabilities are able to acquire the same information, engage in the same activities, perform the same functions, and access the same content and services as individuals without disabilities, with similar ease.

Agency: This term refers to one of the state's umbrella Agencies. Umbrella Agencies include the Natural Resources Agency, California Environmental Protection Agency, Government Operations Agency, Business Consumer Services and Housing Agency, California Department of Corrections and Rehabilitation, California State Transportation Agency, Labor Agency and the California Health and Human Services Agency.

Agency-affiliated State Entities: This term refers to State entities that are governed by one of the state's umbrella Agencies. See definition of Agency.

Agency Information Management Strategy: An Agency’s/state entity’s information management strategy is the Agency’s/state entity’s comprehensive plan for using IT to address its business needs, e.g., to successfully carry out its programmatic mission. Ideally, the Agency’s/state entity’s information management strategy represents one aspect of a well-defined, overall Agency/state entity business strategy and is therefore closely aligned to its business strategy. If the Agency/state entity has not established a business strategy, Agency/state entity staff that are responsible for the Agency/state entity information management strategy must make assumptions based on their knowledge of the Agency’s/state entity’s overall mission, its program resources and priorities, and the changing nature of its environment.

Algorithm: A clearly specified mathematical process for computation; a set of rules that, if followed, will give a prescribed result. 

Ancillary Solicitation: An acquisition that may be necessary to achieve and/or support the primary procurement activities and objectives of an IT project. An IT project may be supported by many Ancillary Solicitations.

Artificial Intelligence (AI): A machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. Artificial intelligence systems use machine- and human-based inputs to perceive real and virtual environments; abstract such perceptions into models through analysis in an automated manner; and use model inference to formulate options for information or action.

Assistive Technology: Any item, piece of equipment, software, or system that is designed to increase, maintain, or improve the functional capabilities of individuals with disabilities.

Automated Decision System: A computational process derived from machine learning, statistical modeling, data analytics, or artificial intelligence that issues simplified output, including a score, classification, or recommendation, that is used to assist or replace human discretionary decision making and materially impacts natural persons. An “automated decision system” does not include a spam email filter, firewall, antivirus software, identity and access management tools, calculator, database, dataset, or other compilation of data.

Automation: Automation is the use of technology to perform tasks where human input is minimized.

Business Strategy: An Agency’s/state entity’s business strategy is its overall plan for accomplishing its mission in a changing environment with the resources it can reasonably expect to be available. Such a strategy typically addresses the Agency’s/state entity’s statutory mission and historical role, the expectations of its key stakeholders (individuals and organizations that affect the Agency/state entity or that the Agency/state entity affects), the factors that are critical to its success as an organization, the Agency’s/state entity’s internal strengths and weaknesses, and the political, social, economic, and technological forces in its environment that support or constrain its programs. Business strategies articulate the key issues that must be successfully addressed by the Agency/state entity and identify the priorities and required resources for proposed actions. A strategy may have a timeframe that is as short as a few months. However, most Agency/state entity business strategies present a three- to five-year perspective, with some Agencies/state entities finding it useful to extend their strategic vision as much as ten to 20 years into the future. Strategic planning is not a one-time effort; it is a fundamental, continuing management process that allows the Agency/state entity to respond in an effective manner to a changing environment.

California Project Management Framework: The California Project Management Framework (CA-PMF) is a collection of project management best practices and scalable resources, tools, and templates to be used by project management practitioners to effectively plan and manage projects. The CA-PMF is based on the Project Management Body of Knowledge (PMBOK® Guide), as well as project management lessons learned in the State of California.

Chatbot: Computer programs that simulate and process human conversation, either written or spoken, to allow humans to interact with digital devices as if they were communicating with a real person.

Cloud Computing: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

• Essential Services: On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service
• Service Models: SaaS, PaaS, IaaS
• Deployment Models: Private Cloud, Community Cloud, Public Cloud, Hybrid Cloud

Commercial Off-the-Shelf (COTS): A computer hardware or software product that is ready-made for specific uses and available for sale to the general public. COTS products are designed to be installed without requiring custom development. For example, Microsoft Office is a COTS product that is a packaged software solution for businesses and individuals. The set of rules for COTS is defined by the Federal Acquisition Regulation (FAR).

Computer Accessibility: In human-computer interaction, computer accessibility (also known as accessible computing) refers to the accessibility of a computer system to all people, regardless of ability.

Confidential Information: Information maintained by Agencies/state entities that is exempt from disclosure under the provisions of the California Public Records Act (Government Code sections 7920.000-7931.000) or other applicable state or federal laws. See SAM Section 5320.4.

Consequential Decisions: A decision or judgment that has a legal, material, or similarly significant effect on an individual’s life relating to the impact of, access to, or the cost, terms, or availability of, any of the following:

(1) Employment, workers management, or self-employment.

(2) Education and vocational training.

(3) Housing or lodging.

(4) Essential utilities.

(5) Family planning and child protective services.

(6) Health care or health insurance.

(7) Financial services.

(8) The criminal justice system.

(9) Legal services.

(10) Voting.

(11) Access to benefits or services or assignment of penalties.

Continuing Costs: Costs associated with the operation and maintenance of an IT system or application after development and implementation of the system.

Critical Application: An application that is so important to the state that the loss or unavailability of the application is unacceptable. With a critical application, even short- term unavailability of the information provided by the application would have a significant negative impact on the health and safety of the public or state workers, including the fiscal or legal integrity of state operations, or on the continuation of essential Agency/state entity programs.

Data: A representation of facts, concepts, or instructions in a formalized manner suitable for communication, interpretation, or processing by humans or by automated means.

Data Processing: The systematic performance of operations upon data, e.g., handling, merging, sorting, computing. Synonymous with information processing.

Data Processing System: A system, including computer systems and associated IT personnel, that performs input, processes storage, output, and control functions to accomplish a sequence of operations on data.

Data/Information Storage: The retaining of data/information on any of a variety of mediums (i.e., magnetic disk, optical disk, or magnetic tape) from which the data can be retrieved.

Data Transmission: The conveying of data from one functional unit to one or more additional functional units through the transmission of signals by wire, radio, light beam, or any other electromagnetic means. (Voice or video transmissions are not considered data transmission for the purposes of state policy.)

Project Cost Delegation: See SAM Section 4819.39.

Development: Activities or costs associated with the analysis, design, programming, staff training, data conversion, acquisition, and implementation of new IT applications.

Department of General Services (DGS) Delegated Purchasing Authority: Through Statutory Authority, DGS may grant delegated purchasing authority to Agencies/state entities to procure non-information technology goods and information technology goods and services with a total cost equal to or less than the delegated purchasing authority amount under each category, as defined within the State Contracting Manual (SCM), Volume 2, Chapter 1.

Domain Name Service: A series of computer databases that resolve or link Internet Protocol (IP) addresses with an alphanumeric domain name. Domain names are divided into hierarchical fields separated by a period. The field to the farthest right is the top-level (or first-level) domain, in “ca.gov” for example, "gov" is the top-level domain. In the same example, "ca" is the second-level within the domain, and the field to the left of the second-level domain is the third-level domain (e.g., cdt.ca.gov). Names that fall to the right of the domain following a "/" are subdirectories of the domain (e.g., ca.gov/services).

Electronic and Information Technology (EIT or E&IT): Includes IT and any equipment or interconnected system or subsystem of equipment that is used in the creation, conversion, or duplication of data or information. The term electronic and IT includes, but is not limited to, telecommunications products (such as telephones, cell phones, smart phones, and radio receivers), information kiosks and transaction machines, World Wide Web sites, multimedia, and office equipment such as copiers and fax machines.

Emergency: “A sudden, unexpected occurrence that poses a clear and imminent danger, requiring immediate action to prevent or mitigate the loss or impairment of life, health, property, or essential public services.” SAM Section 6560 specifies that when the Governor declares an emergency, expenditures cannot exceed $25,000, unless approved by the Department of Finance.

Generative Artificial Intelligence (GenAI): The class of AI models that emulate the structure and characteristics of input data in order to generate derived synthetic content. This can include images, videos, audio, text, and other digital content.

Hardware: See Information Technology equipment.

Hybrid Cloud: The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

Information Processing: The systematic performance of operations upon data, e.g., handling, merging, sorting, computing. Synonymous with data processing.

Information Technology: Information technology (IT) means all computerized and auxiliary automated information handling, including systems design and analysis, conversion of data, computer programming, information storage and retrieval, voice, video, data communications, microwave, light ware, routers, network equipment, requisite systems controls, and simulation.

Information Technology Activities: Any activity listed below, or any combination of these activities for a single IT project, is to be considered an "IT activity."

1. IT facility preparation, operation and maintenance.
2. Information management planning.
3. Feasibility determination, development and implementation of application systems or programs, or changes to application systems or programs to meet new or modified needs, or maintenance, including: Project Approval Lifecycle Stage/Gate deliverable preparation, systems analysis, systems design, purchase and installation of software, programming, conversion of data or programs, documentation of systems and procedures, and project appraisal or assessment.
4. Operation of application systems or programs including handling, assembling, or editing of input-output data or media where IT equipment or IT personnel are used.
5. Information Technology Procurement.
6. Installation, operation, and maintenance of data processing equipment, IT equipment, goods and services, and software.
7. Other installation management activities include: performance measurement, system tuning, and capacity management.
8. Preparation and administration of requests for proposals or bid solicitations for contracts for any of the above activities.
9. Preparation of contracts, interagency agreements, and purchase estimates for any of the above activities.
10. Employment of personnel in support of, or directly related to, any of the above activities, including administration, technical services, clerical services, travel, training, and preparation of periodic and special reports.
11. Control functions directly related to any of the above activities.

IT Equipment: Information Technology devices used in the processing of data electronically. The following are examples of IT equipment:

1. Mainframes and all related features and peripheral units, including processor storage, console devices, channel devices, etc.;
2. Minicomputers, midrange computers, personal computers, laptop, tablets, smart phones and all peripheral units associated with such computers;
3. Special purpose systems including word processing, Optical Character Recognition (OCR), bar code readers/scanners, and photo composition;
4. Communication devices used for transmission of data such as modems, data sets, multiplexors, concentrators, routers, switches, local area networks, private branch exchanges, network control equipment, and microwave or satellite communications systems; and
5. Input-output (peripheral) units (off-line or on-line) including display screens, optical character readers, magnetic tape units, mass storage devices, printers, video display units, data entry devices, plotters, scanners, or any device used as a terminal to a computer and control units for these devices.

Information Technology Expenditure: The expenditure of funds regardless of source by any Agency/state entity for IT activities, equipment, facilities, personnel, services, supplies and the automated processing of information.

Information Technology Infrastructure: An Agency’s/state entity’s IT infrastructure is the base or foundation for the delivery of information to support the Agency’s/state entity’s programs and management. The infrastructure contains elements upon which an Agency’s/state entity’s IT activities are dependent. An Agency/state entity must therefore define, implement, and manage these infrastructure elements to employ IT successfully.

The desirable characteristics of this infrastructure are efficient support for the exchange of information within the Agency/state entity, and between the Agency/state entity and other organizations; reliable availability of information processing capabilities whenever and wherever they are needed; preservation of the integrity and confidentiality of information maintained by the Agency/state entity; sufficient flexibility to allow the timely and efficient addition of new information management capabilities and modifications of established capabilities; and consistency with a coherent set of technical and managerial standards for the employment of IT.

Typical elements in an IT infrastructure include:

Application Systems: The applications that an Agency/state entity purchases and/or develops to achieve personal productivity and program support benefits.

Architecture: The guidelines or blueprints an Agency/state entity follows in designing, acquiring, and implementing IT solutions. Organizationally approved definitions, specifications, and standards are the primary components in an Agency’s/state entity’s IT architecture.

Communications: Local area and wide area network components, including linkages with other organizations.

Equipment: An Agency’s/state entity’s hardware platforms and components ranging from individual personal computers to mainframes and associated peripherals.

Facilities: The electrical, ventilation, fire suppression, physical security, wiring, and other components required to support an Agency’s/state entity’s IT capability, including the physical structure itself.

Funding: Current and projected funding for IT planning, acquisition, development, and operations activities.

Partnerships: Relationships with other public and private sector organizations that support and enable the Agency’s/state entity’s pursuit and use of IT.

People: An Agency’s/state entity’s technical staff, user community groups, and executive steering and oversight committees that are charged with IT planning, approval, development, management, operations, and security responsibilities.

Plans: Detailed designs or methods for aligning IT activities with Agency/state entity business strategies and accomplishing business objectives. Typical Agency/state entity IT plans include strategic, risk management, and operational recovery.

Policies: The rules, conventions, and protocols adopted by the Agency/state entity to govern the pursuit and use of IT.

Processes and Procedures: The defined steps for planning, approving, acquiring, developing, operating, maintaining, enhancing, and using IT within the Agency/state entity.

Service Definitions: The types of services provided, accepted service levels, and service delivery time frames established for an Agency’s/state entity’s IT support organization.

Software: The set of operating system, utility, communications, user interface, and management programs that enable users to operate and control computers and develop application systems.

The infrastructure includes elements owned by the Agency/state entity and available under contract or through interagency agreement. For Agencies/state entities that employ the services of a consolidated data center, for example, the required data center resources are considered part of the Agency’s/state entity’s infrastructure.

Reengineering the Business Process: The search for and implementation of radical changes in business processes that result in dramatic efficiencies, reductions in turnaround time, improvements in quality, or improvements in customer service.

Strategic Planning Process for Information Technology: The process of aligning Agency/state entity plans for, and uses of, IT with the Agency’s/state entity’s business strategies.
Information Technology Procurement: Any process to obtain IT goods/services through competitive, non-competitive, purchase or lease, for the benefit of the State. Sometimes referred to as contracting, purchase or acquisition.

Information Technology Project: A unique endeavor involving activities required to plan, design, develop, implement, operate and maintain an Information Technology (IT) solution that meets a specific and measurable policy or programmatic objective. IT projects include the entire systems development lifecycle from project initiation through the normalized operational cycle. IT activities related to the refresh of non- data center hardware required to operate an IT project shall not be considered an IT project. See SAM Section 4819.37 for Project Delegation Criteria.

Information Technology Project Oversight Framework: Minimum requirements for IT project management, risk management, and IT project oversight activities for Agencies/ state entities. Description of control agency project reporting requirements and processes for assessing Agency/state entity project management and oversight activities. See SIMM Section 45.

Information Technology Personnel: All state personnel employed in IT or telecommunications classifications as defined by the Department of Human Resources or by the Trustees of the California State University and Colleges, and all personnel of other classifications in Agencies/state entities who perform IT activities for at least 50 percent of their time. Users of personal computers and office automation are not included in this category unless they are in IT classifications or spend at least 50 percent of their time performing IT activities.

Information Technology Supplies: All consumable items and necessities (excluding equipment defined as IT equipment) to support information technology activities and IT personnel,  including:

1. Documents (such as standards and procedures manuals, vendor-supplied systems documentation, and educational or training manuals);
2. Equipment supplies (such as printer cartridges and magnetic tape); and
3. Furniture (such as terminal tables and printer stands).

Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems; storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).

Input-Output Unit/Device: A unit or device in an IT system by in which data may be entered into the system, received from the system, or both.

Large Language Model: A specialized type of artificial intelligence (AI) that has been trained on vast amounts of text to understand existing content and generate original content.

Life Cycle: The anticipated length of time that the IT system or application can be expected to be efficient, cost-effective and continue to meet the Agency’s/state entity’s programmatic requirements. Synonymous with operational life.

Machine Learning: A set of techniques that can be used to train AI algorithms to improve performance at a task based on data.

Maintenance: Activities or costs associated with the ongoing upkeep of operational applications of IT. Maintenance includes correcting flaws, optimizing existing systems or applications, responding to minor changes in specified user requirements, renewal of equipment maintenance agreements, software or hardware upgrade or refresh to maintain the health of the systems, and meeting normal workload increases using substantially the same applications, facilities, IT personnel, supplies and software.

Metadata: Information about a dataset that makes it easier to find, understand and use.  Metadata may describe the dataset’s structure, elements, creation, access, format, and content. Metadata may also include the title and description, method of collection, limitations, author, publisher, area and time period covered, license, date and frequency of release.

Microservice Architecture: An approach to software development where an application is built as a collection of small, independent services. Each service focuses on a specific function and can be developed, deployed, and scaled independently. They communicate through Application Programming Interface (API), and the architecture promotes decentralization, loose coupling, independent scaling, and technology diversity. It enables fault isolation, resilience, and continuous deployment. Microservice architectures offer benefits such as scalability, flexibility, and faster development, but also introduce complexities. Overall, they provide a modular and agile approach to building and evolving applications.

Mobile Web: Mobile web refers to access to the Internet or Web applications using a mobile device, such as a smart phone connected to a wireless network.

Multi-Cloud: Multi-Cloud refers to an approach in cloud computing where an organization or individual utilizes the services and resources of multiple cloud service providers simultaneously. It involves distributing workloads, applications, and data across different cloud platforms, instead of relying on a single cloud provider.

Natural Language Processing: Takes communications by humans and transforms the information into something more suitable for computer use and analysis.

Network Equipment: Equipment facilitating the use of a computer network. This includes routers, switches, hubs, gateways, access points, network bridges, modems, firewalls, and other related hardware and software.

Non-affiliated State Entities: This term refers to State entities that are not governed by an Agency. See definition of Agency.

Non-Delegated Project: An IT Project that meets one or more of the criteria listed in SAM Section 4819.37. Non-Delegated Projects must be formally approved by the Department of Technology through the Project Approval Lifecycle. Agency/state entity directors are delegated approval authority for IT Projects that do not meet any of the criteria listed in SAM Section 4819.37.

One-Time Costs: Costs associated with the analysis, design, programming, verification and validation services, staff training, data conversion, acquisition, and implementation of new IT applications. See SIMM Section 19F (Financial Analysis Worksheets).

Open Data: Data that can be freely accessed, used, modified, and shared by anyone for any purpose (http://opendefinition.org/). For Data.ca.gov, open data is regularly updated and comes from an authoritative source.

Open-Source Software: Software that includes distribution terms that comply with the following criteria provided by the Open-Source Initiative. The open source definition used here is from the Open Source Initiative and is licensed under a Creative Commons Attribution 2.5 License (http://creativecommons.org/licenses/by/2.5/)

1. Free Redistribution: The software can be given as part of a package with other applications;
2. Source Code: The code must either be distributed with the software or easily accessible;
3. Derived Works: The code can be altered and distributed by the new author under the same license conditions as the product on which it is based;
4. Integrity of the author's source code: Derived works must not interfere with the original author's intent or work;
5. No discrimination against persons or groups;
6. No discrimination against fields of endeavor: Distributed software cannot be restricted in who can use it based on their intent;
7. Distribution of license: The rights of the program must apply to all to whom the program is re-distributed without need for an additional license;
8. License must not be specific to a product; Meaning that an operating system product cannot be restricted to be free only if used with another specific product;
9. License must not contaminate other software; and
10. License must be technology-neutral.

Operational Life: See Life Cycle.

Operations: Activities or costs associated with the continued use of applications of IT. Operations includes IT personnel associated with computer operations, including network operations, job control, scheduling, key entry, and the costs of computer time or other resources for processing.

Peripheral Unit/Device: With respect to a particular processing unit or device, any equipment that can communicate directly with that unit or device.

Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure that includes network, servers, operating systems, or storage but has control over the deployed applications and possibly application-hosting environment configurations.

Power Management: A feature of some electrical appliances, especially copiers, computers and computer peripherals such as monitors and printers, which turns off the power or switches the system to a low-power state when in active.

Previously Approved Effort/Project: An IT activity or project previously approved by the California Department of Technology or the Agency’s/state entity’s executive officer in accordance with SAM Section 4819.3. Qualification of an activity as a previously approved effort requires an approved Stage 4 Project Readiness and Approval AND an approved Post-Implementation Evaluation Report (PIER). Applicable activities include meeting modified needs, improving the effectiveness of the activity, program or system maintenance, or extension of existing services to new or additional users performing essentially the same functions as those that the project was designed to support. A previously approved effort/project must use substantially the same equipment, facilities, technical personnel, supplies and software to meet substantially the same requirements or to meet normal workload increases. (Note: "Substantially the same equipment" does not include the addition, upgrade or replacement of a central processing unit.)

Primary Solicitation: The acquisition that will procure and obtain the main IT Goods and/or Services for an IT project solution. An IT Project may only have one Primary Solicitation but may be supported by many Ancillary Solicitations.

Private Cloud: The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

Procurement Oversight: An independent review and analysis to determine if the procurement methodology is sound and feasible. Procurement Oversight includes coaching, guidance and direction in all aspects of IT procurement. Oversight activities may include procurement planning, assistance in developing deliverables, review and approval of procurement documents and the execution and award of contracts.

Program: A sequence of instructions suitable for processing. See Information Processing or Data Processing.

Programming: The designing, writing, testing, debugging, and documentation of programs.

Project: See Information Technology Project.

Project Approval Lifecycle (PAL): The policy, procedures and templates that make up the State of California’s process for gaining approval of IT projects. The Project Approval Lifecycle is divided into four stages that are separated by gates. Each stage consists of a set of prescribed, cross-functional, and parallel activities to develop deliverables used as the inputs for the next gate. The gates provide a series of “go/no go” decision points that request only the necessary and known information needed to make sound decisions for that particular point in time.  The four stages, which document the business analysis, alternatives analysis, solution development and project readiness analysis, must be approved by the Department of Technology prior to the encumbrance or expenditure of funds, including the use of staff resources, on any IT project beyond the Project Approval Lifecycle.

Project End Date: The proposed project end date should reflect the conclusion of project activities: The last date that proposed project activities are estimated to be completed. This should exclude any activities related to the Post Implementation Evaluation Report (PIER).

Project Oversight: An independent review and analysis to determine if the project is on track to be completed within the estimated schedule and cost and will provide the functionality required by the sponsoring business entity. Project oversight identifies and quantifies any issues and risks affecting these project components.

Project Planning Start Date: The project planning start date is the date an Agency/state entity begins a Stage 2 Alternatives Analysis. The planning phase of an IT project proposal begins with the Stage 2 Alternatives Analysis and ends at the conclusion of Stage 4 Project Readiness and Approval (Gate 4).

Project Planning End Date: The project planning end date should reflect the conclusion of project planning activities: The last date that project planning activities are estimated to be completed at the conclusion of Stage 4 Project Readiness and Approval (Gate 4).

Project Start Date: The project start date is the date an IT project proposal is approved and funded. For most projects dependent on a funding request, this date will be July 1st of the year the project funding is approved. For projects without this dependency, the project start date is the project approval date (Gate 4 approval).

Proprietary Software: Computer programs that are the legal property of one party, the use of which is made available to a second or more parties, usually under contract or licensing agreement.

Public Cloud: The public cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Public Facing Applications: Applications available to the broadest base of potential users as well as designed and delivered with the intent of access by all individuals or organizations over the public internet.

Public Information: Any information prepared, owned, used or retained by an Agency/state entity and not specifically exempted from the disclosure requirements of the California Public Records Act (Government Code sections 7920.000-7931.000) or other applicable state or federal laws.

Sensitive Information: Information maintained by Agencies/state entities that require special precautions to protect it from unauthorized modification or deletion. See SAM Section 5320.4. Sensitive information may be either public or confidential (as defined above).

Server Room: Any space that houses computer operations. Such computer operations could utilize mainframes, servers, or any computer resource functioning as a server.

Shutdown:  Turning off the power in a controlled manner.

Software: Programs, procedures, rules, and any associated documentation pertaining to the operation of a system (contrast with hardware).

Software as a Service (SaaS): The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user- specific application configuration settings.

Staff Augmentation Procurement: The acquisition of contracted services to address state staff resource constraints or skill gaps for IT project activities.

Staff Redirection: The redirection of existing Agency/state entity staff resources to support IT project activities or backfill behind existing staff redirected to support IT project activities. Contracted services are not considered Staff Redirection.

Stage/Gate Deliverables: The formal deliverable documents that support the Project Approval Lifecycle. Stage/Gate deliverables are the Stage 1 – Business Analysis, Stage 2 – Alternatives Analysis, Stage 3 – Solution Development and Stage 4 – Project Readiness and Approval. Formal project approval occurs upon approval of the Stage 4 Project Readiness and Approval.

State Entity: Includes every state office, officer, department, division, bureau, board, and commission, including Constitutional Officers. “State entity” does not include the University of California, California State University, the State Compensation Insurance Fund, the Legislature, or the Legislative Data Center in the Legislative Counsel Bureau.

Statewide Information Management Manual (SIMM): The Statewide Information Management Manual (SIMM) as structured by the Department of Technology that contains standards, procedures, instructions and guidelines, as well as samples, models, forms and communication documents that Agencies/state entities must use, or will find helpful to use, in complying with established state policy relating to IT. For clarity, references in SIMM to "Department of Finance" that are not related to budget documents, such as Budget Change Proposals or Finance Letters, should be read as references to the "California Department of Technology."

State Telecommunications Management Manual (STMM): The State Telecommunications Management Manual (STMM), as structured by the Department of Technology, contains state telecommunications policies and procedures based on SAM 4500-4555 and Government Code Section 11534-11543. The STMM is continually updated to reflect current telecommunications policies and practices, and links to helpful outside resources are included throughout the STMM.

System Standby: A low-power mode for electronic devices such as computers, televisions, and remote-controlled devices (aka “sleep mode”). These modes save significant electrical consumption compared to leaving a device fully on and idle but allow the user to avoid having to reset programming codes or wait for a machine to reboot.

Technology Letter: Letters issued by the Department of Technology conveying official communications regarding state IT, announcing new or changes to existing IT policies and procedures, or announcing new or changes to existing state IT services or standards.

Technology Modernization: Actions an organization takes to move away from an outdated and/or unsupported technology or process, to adopt, adapt, or upgrade its technology to current industry best practices and/or standards to allow stable, scalable, and resilient support of the business needs.

Technology Remediation: The act of correcting an error, or mitigating a threat, vulnerability or identified gap, or responding to unexpected events, or preventing negative outcomes after an assessment of existing technology and/or the business process.

Technology Stabilization: Actions an organization takes to sustain and/or improve the reliability and availability of its current technology to efficiently support its current business needs.

Telecommunications: Includes voice and data communications, the transmission or reception of signals, writing, sounds, or intelligence of any nature by wire, radio, light beam, or any other electromagnetic means.

Tenant Managed Services: Centralized Tier III-equivalent data center space providing participating state Agencies/state entities the ability to operate their own environment with a degree of independence in the overall management of their server infrastructure. Additionally, Agencies/state entities can plan utilization of the Tenant Managed Services (TMS) as a disaster recovery site.

Tier III-Equivalent Data Center: Data Center facility consisting of multiple active power and cooling distribution paths; however, only one path is active. The facility has redundant components and is concurrently maintainable providing 99.982% availability.

Total Planning Cost: The total planning cost is the sum of all costs associated with the planning activities conducted in Stage 2 Alternatives Analysis through Stage 4 Project Readiness and Approval.

Total Project Cost: The total project cost is the sum of ALL costs associated with the project planning phases (Stage 2 through Stage 4) and the project execution phase (design, development, and implementation), plus one full year of maintenance and operations costs.

Validation: The process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. [IEEE-STD-610]

Verification: The process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase. [IEEE-STD-610]

Virtualization: A framework or methodology of dividing the resources of a computer into multiple execution environments, by applying one or more concepts or technologies such as hardware and software partitioning, time-sharing, partial or complete machine simulation, emulation, quality of service, and many others.

Workgroup Collaboration Platform: Cloud-based collaboration tool that integrates features such as chat, conferencing, calendaring, notes, and attachments organized by topics and accessible through a specific URL or invitation. Within the platform, members can create channels or topics of conversation and collaborate through a shared workspace.

Workload Increase: Employing substantially the same resources (equipment, facilities, IT personnel, supplies, software) to process a greater volume of the same or similar information. The results of the processing are the same or similar outputs distributed to comparable users.

Zero Trust Architecture (ZTA): Zero Trust Architecture (ZTA) is a security trust model that assumes that no entity should be inherently trusted, whether internal or external. It requires strict verification and authentication for users, devices, and applications seeking access to resources. The core principles of ZTA include least privilege access, micro-segmentation, network segmentation, continuous monitoring and analytics, and security automation and orchestration. By implementing these principles, ZTA aims to enhance security, minimize the impact of breaches, and protect sensitive data by consistently verifying and validating entities before granting access.