KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY # 1100 REVISION # 2
1.0 TITLE: Authority to approve specifications and acquisitions of computer and communications equipment, software, and services.
1.1 EFFECTIVE DATE: July 1, 1996
1.2 TYPE OF ACTION: New
2.0 PURPOSE: To establish policy for review of specifications and approval to acquire information processing equipment, programs, or related maintenance services.
3.0 ORGANIZATIONS AFFECTED: All divisions, departments and agencies of the state.
4.0 REFERENCES:
4.1 K.S.A. 75-4706 requires that all information processing equipment, systems, programs, or maintenance thereon have the prior approval of the KIRC. It also requires that all specifications for bids for such equipment, systems, programs, or maintenance be reviewed by the CIA, excluding the Information Network of Kansas.
4.2 K.S.A. 75-4741 authorizes the KIRC to: (1) establish policies, rules, and regulations necessary to implement the act; (2) to approve major information and telecommunications projects and provide authorization to proceed with program plans at specific points of completion; and (3) to prescribe guidelines, standards, policies and procedures for advance planning documents for acquisition of information systems related assets.
4.3 K.S.A. 75-4709 provides that the Secretary of Administration shall make provision for and coordinate all telecommunications services for all divisions, departments and agencies of the state pursuant to policies established by the KIRC.
5.0 DEFINITIONS:
5.1 Information processing equipment, computer hardware, and computer systems are defined as one or more products or set of products used for general purpose computing or data processing. This applies to all sizes of equipment from hand-held computers to large, multi-user mainframe host systems, including all interconnected equipment. Included within this definition are local area networks that function and are administered as a system. Excluded are computers that are embedded in equipment that serves a purpose other than general purpose computing. Examples of excluded systems are computers that control the operating functions of industrial equipment, computers attached to flow control valves, and computers that control facility environments or security.
5.2 General purpose computing is the logical processing of data, images, and sound for the business of government. Included are single purpose systems that index, maintain, and display fingerprints or documents, gasoline dispensing systems, and library systems. Single user systems such as personal computers as well as multi-user systems of all sizes are included.
5.3 Communications equipment serves the function of moving text, software, graphics or images, or audio and voice between two or more addresses. Communications equipment is covered by this policy as are systems that provide services on the network such as video conferencing systems, document archival and retrieval, network directory services, voice mail, and kiosks.
5.4 Software is defined as any product that when loaded into a computer or communications equipment controls or facilitates its operation. This includes software that is commercially developed, developed by state employees or contractors, or software that has been placed into the public domain. Software intended for use with equipment covered by this policy is also covered by the policy.
5.5 Maintenance services are defined as services to maintain, repair, or enhance the operation of equipment, systems, or software covered by this policy.
5.6 Other service contracts that will result in the development or construction of equipment, systems, or software are covered by this policy. Thus, a contract for management services that will result in the specifications, development, or acquisition of software as part of the contract is within the scope of this policy.
5.7 Specifications are defined as any description of the physical, functional, or performance characteristics of an item or service that is going to be purchased. It may include a requirement for inspection, testing, training, and other criteria or services.
6.0 POLICY:
6.1 The KIRC delegates authority to the senior elected or appointed official for an agency, board, or commission to prior approval for the acquisition of covered equipment, software and services, if the equipment, software, or service is replacing existing assets and is not in support of a business systems project or an information technology project. If the acquisition will be in support of a project, then the approval for acquisition is based upon approval of the project phase in which the acquisition occurs.
6.1.1 Excluded from this policy are radio frequency networks and equipment that require FCC license; this equipment shall be covered by specific policies and procedures of the Secretary of Administration and the Division of Information Systems and Communications (DISC).
6.2 Those to whom approval authority is delegated will review each proposed acquisition and grant prior approval to acquire the asset in writing. Approval constitutes certification that: (1) the acquisition is not part of a larger acquisition that has been artificially broken into smaller contracts or orders to avoid review at a higher level; (2) the products or services being acquired conform to state, including the KIRC and CIA policies, standards, and guidelines and applicable contracts; and (3) that proper procedures are in place to assure proper delivery, acceptance, and accountability for the acquired products or services.
6.3 KIRC approval or approval by a delegated authority does not constitute a basis to avoid review and compliance with policies, procedures or guidelines that may be required by the Director of Purchases, Department of Administration.
6.4 The CIA delegates authority to approve specifications for equipment and services covered by this policy consistent with the KIRC delegation of authority to approve acquisitions. Specifications must be reviewed and approved prior to or concurrently with acquisition review. One objective of the KIRC in specification review is to ensure that equipment and software will be compatible with that used by other agencies in the state so that should the need arise, another agency could participate in using the system or accessing data in the system with their systems and networks. Another objective is to maximize the use of statewide contracts so as to obtain the best possible services and pricing from our vendors.
6.4.1 Those to whom approval authority is delegated must review each specification and sign approval in writing. Approval constitutes certification that: (1) the specifications for the products or services being acquired conform to the policies, standards, and guidelines and applicable contracts of the state; and (2) the specifications do not include requirements that result in an inability to use an existing state contract for a similar product or service or to avoid competitive acquisition unless written Asole source@ justification for those specifications is included in the approval statement signed by the approving authority.
6.4.2 CIA approval or approval by a delegated authority does not constitute a basis to avoid review or compliance with policies, procedures or guidelines that may be required by the Director of Purchases, Department of Administration.
6.4.3 An agency may request review of specifications for major acquisitions for compatibility with other state systems through their information systems director and the Information Technology Advisory Board.
6.5 Reporting:
6.5.1 Officials that grant approval for acquisition under this policy will provide a monthly summary report of the equipment, software and services being acquired or that were acquired as a result of the approval process. The report should be sent to the CIA. The CIA will assemble the reports for distribution to members of the KIRC at their next regular meeting. Reports should be provided by the 10th of the month and should cover the prior month. Reports should consist of equipment and software that cost in excess of $500.00 and services in excess of $10,000.00. Reports should categorize like items or services together and group these for items purchased from existing state contracts and those that were not. Please provide category, group, and report dollar totals. A sample report has been attached for clarification. Reports need not include repair parts, components, or supplies.
6.6 Removal of Delegated Authority:
6.6.1 Delegated authority under this policy may be removed from one or more state organizations by the KIRC.
7.0 PROCEDURES:
7.1 Information for KIRC presentation or CIA review should be addressed as follows:
Office of the Chief Information Architect
Mark for: Acquisition or Specification Approval Information
Statehouse, Room 263-E
Topeka, KS 66612-1592
8.0 RESPONSIBILITIES:
8.1 Heads of divisions, departments, agencies, boards and commissions are responsible to establish procedures for their organizations to comply with the requirements of this policy.
8.2 The Chief Information Architect is responsible for the maintenance of this policy.
9.0 CANCELLATION:
9.1 DISC Policy and Procedure Memorandum 3200.06 dated 8/18/94
9.2 DISC Policy and Procedure Memorandum 3608.00 dated 11/1/91
10.0 CONTACT PERSON: Chief Information Architect 913-296-3011
ATTACHMENT 1
Sample Acquisition Report
AGENCY
February 1997
KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY #1200 REVISION #0
1.0 TITLE: Acceptable use of the Internet
1.1 EFFECTIVE DATE: December 1, 1996
1.2 TYPE OF ACTION: New
2.0 PURPOSE: To establish a common, uniform use policy for all state agencies regarding use of the Internet by employees.
3.0 ORGANIZATIONS AFFECTED: All divisions, departments and agencies of the state.
4.0 REFERENCES:
4.2 K.S.A. 75-4741 authorizes the KIRC to: provide direction and coordination for the application of the state's information resources.
5.0 DEFINITIONS: The following definitions are applied throughout this policy and procedure memorandum.
5.1 Official State Internet Use is the access to or distribution of information via the Internet by state officers or employees which is in direct support of Official State Business. AOfficial State Business@ is defined in K.A.R. 1-17-1 as AThe pursuit of a goal, obligation, function, or duty imposed upon or performed by a state officer or employee required by employment with this state.@
5.2 Other Appropriate Use. By authorizing the payments for access to KAN-WIN and/or the Internet Service Provider the head of a State Agency has the implicit authority and responsibility to determine when and under what circumstances the officers and employees of that agency can use the Internet for activity other than described in 5.1.This will constitute other appropriate use.
6.0 POLICY: In order to establish a common, uniform policy for all state agencies regarding use of the Internet, the following procedures are established.
6.1 Officers and employees of the state shall not use the Internet for other than official business unless the heads of their agencies have established written policies regarding other appropriate use of the Internet .
6.2 The head of any state agency may establish a policy in writing to allow officers and employees of that agency to use the Internet, provided that any costs associated are properly reimbursed, and that the use policy prohibits illegal and unethical practices.
6.3 Each agency that has established policies, or that establishes new policies and procedures for use of the Internet shall maintain on file a copy of those written policies and procedures. The written policy must contain well defined procedures to account for Internet activity and to recover the costs for this activity if appropriate.
6.4 Any officer or employee of the state who violates the provisions of their respective agency=s policies and procedures, or the procedures of this policy and procedure memorandum regarding Internet activity, shall be subject to disciplinary action, including, but not limited to demotion, suspension, and termination. In every case, however, the offending officer or employee shall be required to reimburse the state for the total value of any Internet fees incurred in violation of this policy and procedure memorandum and of any state agency=s established policies and procedures.
7.0 PROCEDURES:
7.1 Agencies must publish and distribute the Internet policy to all employees of the respective agency by March 1, 1997.
8.0 RESPONSIBILITIES:
8.1 Heads of divisions, departments, agencies, boards and commissions are responsible to establish procedures for their organizations to comply with the requirements of this policy.
8.2 The Chief Information Architect is responsible for the maintenance of this policy.
9.0 CANCELLATION: None.
10.0 CONTACT PERSON: Fred Boesch, Chief Information Architect (or Designee).
KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY # 2400 REVISION # 0
1.0 TITLE: Project Approval, Review, and Reporting
1.1 EFFECTIVE DATE: January 2, 1996
1.2 TYPE OF ACTION: New
2.0 PURPOSE: To establish policy direction for the approval, review, and reporting of projects that include the use of information systems or communications technology.
3.0 ORGANIZATIONS AFFECTED: All division, departments and agencies of the state.
4.0 REFERENCES:
4.1 K.S.A 75-4741 authorizes the Kansas Information Resources Council to approve major information technology and telecommunications projects and provide authorization to proceed with project plans at specific points of completion.
5.0 DEFINITIONS:
5.1 Information technology and telecommunications projects are any business systems, process re-engineering, or other systems projects that will include the acquisition or development of information systems or telecommunications technology or the modification of existing systems. Technical projects that enhance, change, or replace existing equipment or software are also covered by this policy.
5.2 Project sponsor is the senior executive of the state agency that advocates approval and funding of a project. If multiple agencies are involved, it is the senior executive from the agency receiving the funding or providing the organizational leadership for the project.
5.3 Project manager is the person who has responsibility to organize and manage all of the tasks and resources involved in a project necessary to achieve the project objectives. The project manager is normally appointed by and reports to the project sponsor or project steering committee.
5.4 Project steering committee is a group of executives from all or at least all of the major stakeholders in a project that affects or involves more than one organization. The committee including the sponsor, appoints the project manager; provides policy; provides organizational, resource, or procedural issue resolution; provides project oversight; and directs project reporting.
5.5 Total cost of a project includes expenditures from all sources of funding for all assets, resources, facilities, personnel, supplies and services that may be required and will include the cost, for record purposes, of internal assets and personnel committed to the project.
5.6 Project phases are natural break points in a project. They occur because although a general project plan and estimates are established for project proposals, the detailed planning of all of the tasks, resources estimates and assignments, schedules, and costs can only be done in increments. Some project phases may occur because a determination of results achieved must be made before proceeding, as in a prototype process or system. Some project phases may occur simply to ensure that the project remains manageable.
6.0 POLICY:
6.1 Prior approval must be obtained to start a project and to start each new phase of a project. Approval to proceed on a project shall be granted based upon satisfactory completion of the previous phase and the detailed planning of the phase to be undertaken. Satisfactory completion means that all tasks have been completed; all assets scheduled to be acquired are under contract; all scheduled deliverables have been received and accepted; all scheduled policies have been put in place; and that all schedules and financial plans and contracts are considered to be satisfactory. Detailed planning means that all tasks have been defined for duration, dependency, resources, and scheduling; that all deliverables have been defined and scheduled; that a financial plan exists, including the identification of all assets to be acquired and contractual services to be used; and that project management is in place.
6.2 The Kansas Information Resources Council (KIRC) has authority to approve project initiation and the start of each project phase. The KIRC delegates this authority to heads of agencies for projects with a total cost of less than $1,000,000. Heads of agencies will establish a written record of review and approval to proceed for projects under this delegation. The KIRC may remove this delegation of authority for one or more projects or one or more agencies.
6.3 All projects with a total cost of $500,000 or more will be reported to the KIRC on a quarterly basis. The KIRC may require presentation and review of any project that it deems appropriate.
6.4 The KIRC may require an outside review of a project in order to obtain the benefit of additional expertise or to supplement its efforts to fulfill its oversight role. Agencies will support external reviews in order to minimize the time and costs involved.
7.0 PROCEDURES:
7.1 Project status reports will provide the information in the structure as outlined in the attachment to this policy. Clear, concise, factual information is desired. Summary reports from project management tools may be used if the report is clear in presentation and all symbols are explained. A Gantt chart will retain the original approved project/phase/activity/task start and target completion dates and will show revised and actual start and completion dates, milestones, and progress. Financial plans will also retain the original approved and revised project estimates during the project. Project reports are due to the Chief Information Architect by the 10th of the month following each calendar quarter.
7.2 Project reports for approval to start projects will follow the guidance for project reports in the attachment to this policy. Emphasis by reviewing authorities should be placed upon the continued need to achieve the project objectives by the sponsoring agency and the availability and commitment of all resources required for the next phase. A detailed project plan, the source and definition of all deliverables, the definition of all assets and services to be acquired, and a detailed financial plan must exist for the upcoming phase. Project management and the definition of the project organization must be in place before starting a project. Documentation of these elements must be provided together with a presentation to the approving authority. If the approving authority is the KIRC, this material should be provided to the Chief Information Architect by the 10th of the month.
7.3 Project reports for approval to proceed with the next phase of a project will follow the guidance for project reports in the attachment to this policy. Emphasis by reviewing authorities should be placed upon the continued need to achieve the project objectives by the sponsoring agency and the availability and commitment of all resources required for the next phase. A detailed project plan, the source and definition of all deliverables, the definition of all assets and services to be acquired, and a detailed financial plan must exist for the upcoming phase. Documentation of these elements must be provided together with a presentation to the approving authority. If the approving authority is the KIRC, this material should be provided to the Chief Information Architect by the 10th of the month.
7.3.1 Assets and services that were defined in a project phase approved by the KIRC do not require KIRC approval for acquisition. Agencies will ensure compliance with state and KIRC policies, standards and procedures in executing these acquisitions.
7.4 New projects introduced through the budget process for fiscal year 1997 received no prior review by the KIRC. After the Chief Information Architect has reviewed, summarized, and presented agency technology plans to the KIRC, the KIRC will review these newly introduced projects. This review will examine alignment of project objectives and outcomes with the agency’s mission, objectives, and performance measures and the soundness of the business case for the project. The review will also ensure that stakeholder organizations associated with the target service process, including those in other jurisdictions, are represented on the project steering committee. Agencies will also provide information on systems functions and technology to be used, when known, to enable determination that a project will not result in unnecessary duplication of systems or utilize technology that would preclude other agencies from participating in the use of the systems or its data. This review is in addition to the review covered in paragraphs 7.2 and 7.3 above, though the reviews may be done concurrently.
7.4.1 The Chief Information Architect and the Information Technology Board (ITAB) will review projects with a cost of $500,000 or more for potential duplication of systems or the use of technology that would preclude other agencies from participating in the use of the system or its data and report these conclusions to the KIRC.
7.4.2 New projects for fiscal year 1998 will be covered by a future policy provision and process that will enable the KIRC to perform this review prior to their consideration by the Budget Division and the Legislature.
8.0 RESPONSIBILITIES:
8.1 Heads of divisions, departments, agencies, boards and commissions, are responsible to establish procedures for their organizations compliance the requirements of this policy.
8.1 The Chief Information Architect is responsible for the maintenance of this policy.
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Chief Information Architect 913-296-3011
ATTACHMENT 1
BUSINESS/SERVICE PROJECT REPORT
Introduction
Agency: [Lead Agency initiating, managing or coordinating the project]
Sponsor: [Name and title of senior executive or official sponsoring the project]
Project Manager: [Person responsible for managing all project tasks & resources] Organization: [Project Manager’s Organization]
Project Title: [Project descriptive title] Acronym/Code: [Acronym or short title]
Description
Project Business Objectives: [State the business objectives that will be achieved as a result of the project.]
Description of project: [Concise description of customers, services, business processes, organizations, assets and the changes and technologies that will be applied.]
Scope of the project: [In terms of the services, processes and assets described above, convey what is and what is not included in the project.]
Business Case For Project
Performance Objectives Impact: [State the current objectives as reported to the budget office and the target objectives to be achieved as a result of project accomplishment.]
Operating Cost Impact: [State the impact upon agency operating costs, including personnel costs and FTE levels, that will result from project accomplishment.]
Revenue Impact: [State the revenue level at project initiation and the level that will be achieved after project accomplishment.]
Other qualitative or quantitative benefits: [Other benefits to be achieved from the project.]
Other project risks or potential costs: [Describe project risks and potential costs associated with those risks and any other costs that may accrue.]
Project Financials
Total project cost: [Insert a summary spreadsheet of originally estimated total project costs for facilities, office equipment, computer systems, software, telecommunications, temporary or additional staff costs, contract services and other costs. Also provide the internal staff FTE level that will be devoted to the project for which costs have not been included.]
Source of funds: [Provide a spreadsheet showing funding sources and amounts by fiscal year anticipated to meet the total project cost.]
Current total project financial status: [Provide summary project financial status showing current estimated total project costs, funding approved to date, obligations to date, anticipated additional funding requiring approval to complete the project for each category of costs.]
Current fiscal year project financial status: [Provide a current fiscal year spreadsheet of funding allocated by source, obligations to date, and balance available.]
Project Management
Project management structure: [Provide an organization chart and concise narrative describing how the project is managed and how tasks are carried out. Include steering committees, managers, and project staff organization for both technical and non-technical personnel for all organizations involved.]
Other organizations involved in the project: [Provide a list of organizations impacted by the project and organizations included in the project management structure.]
Project Deliverables: [List the significant project deliverables with a planned date and an actual delivered date.]
Project Status
Project Plan with status: [Provide a copy of the project plan, in a Gantt chart format, at a summary level showing the project phases, activity or high level task description, planned start and completion dates, actual start and completion dates, with other information as displayed by the project management software tool used by the project team.]
Project status issues: [If applicable, provide a concise narrative describing why the project is not on target for funding, schedule, or achievement of objectives and what actions are being taken to mitigate the impact.]
Policy or other issues: [If applicable, describe any current policy or other issues confronting the project.]
ATTACHMENT II
PROJECT PHASES
A description of project phases is dependent upon the methods used and the size and scope of the project. The phases shown here may themselves be multiple phases for some projects while for other projects they may be very short and of limited scope, but repeated several times as a system is built subsystem by subsystem. In all cases, it is critical that each phase be assessed at completion to ensure that all tasks and deliverables have been achieved; that the project requirement still exists; that the project appears to be meeting its objectives; and that the plan of tasks, resources, schedules, deliverables, and costs has been finalized in detail for the next phase.
Requirements Planning Phase - This may be several phases of a project depending on what prior work has been done as well as the size and scope of the target business processes. Possible preliminary activities could be a Business Area Analysis (BAA) and/or re-engineering of target business processes. The requirements phase will generally involve a number of knowledgeable operating and management personnel, several technical personnel, and a facilitator in Joint Requirements Planning (JRP) sessions. For small specific processes it may take the place of process re-engineering. In other cases, it may be used to establish automation requirements and a general project plan. An alternative analysis will finalize a recommended solution, business case, and project and financial plans.
Design Phase - During this phase, operating and management personnel and several supporting technical personnel may use Joint Application Design methods to develop the specifications for the system design and acceptance criteria. The results should support acquisition of the supporting automation or technical design for internal development. Early prototypes may be built during this phase.
Construction Phase - During this phase, the application software is purchased or developed and computer and communications systems are established to examine and test the base system. The final systems customization and business process procedures are developed and tested. Systems cut over and integration activities are planned, developed, and tested. Just in time training of personnel may take place at the end of this phase and during the next phase.
Implementation - During this phase, additional end user computer systems and communications may be installed, just in time training conducted, conversion of data bases, systems cut over, and integration of the new system with other systems may take place. For very large systems or systems involving many organizations, this may be multiple phases as portions of the system are implemented or the system is implemented across a number of organizations.
ATTACHMENT III
TRANSMITTAL PAGE
PROJECT STATUS REPORT
TO: Office of the Chief Information Architect
FROM: [Project Sponsor - Name and title of senior executive or official sponsoring the project]
DATE:
PROJECT TITLE: [Project descriptive title]
PROJECT STATUS SUMMARY
On Schedule? (Yes, No)
Within Budget? (Yes, No)
Scope Change? (No, Yes)
Variances are to be discussed in the Project Status section of the report.
CHECKLIST FOR COMPLETENESS
__________ Letter of Transmittal
__________ Introduction
__________ Business Case For Project
__________ Project Financials
__________ Project Management
__________ Project Status
KANSAS INFORMATION RESOURCE COUNCIL
INFORMATION TECHNOLOGY POLICY #2410 REVISION #1
1.0 TITLE: Year 2000 Asset Readiness Reporting
1.1 EFFECTIVE DATE: January 28, 1997
1.2 TYPE OF ACTION: New
3.0 ORGANIZATIONS AFFECTED: All divisions, departments, and agencies of state government that have not certified that their computing resources are year 2000 ready.
4.0 REFERENCES:
5.0 DEFINITIONS/BACKGROUND:
5.1 Computing resources include:
5.2 Older computer software often used a 2 position year such as 85 to represent 1985. When dates are used in comparisons or calculations incorrect results may occur when the year becomes 2000 or later. The current standard uses a four position year as in 1986 or 2001 to distinguish the century, and properly functioning software will use the century in date calculations under most circumstances.
5.3 The onset of failure for software, hardware and firmware that can not accommodate the year 2000 depends upon the date calculations performed. Calculations for future periods may fail prior to the year 2000.
5.4 The owner of an asset is the agency sponsor or responsible custodian.
6.0 POLICY:
YEAR 2000 PROJECT REPORTING REQUIREMENTS
Submit Completed Critical Asset Inventory to CIA |
No Further Action |
Monthly Report |
KIRC Policy 2400 Approval |
|
| Agency has not completed Asset Inventory | X |
|||
| Agency has a letter on file with the CIA stating that they are Year 2000 ready or that Year 2000 susceptible resources are not mission critical | X | |||
| Agency has an active Year 2000 project with total cost under $1,000,000.00 | X | |||
| Agency's Year 2000 project costs will exceed $1,000,000.00 | X | X |
7.0 PROCEDURES:
8.0 RESPONSIBILITIES:
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Chief Information Architect 913-296-3011
KANSAS INFORMATION RESOURCE COUNCIL
INFORMATION TECHNOLOGY POLICY #2412 REVISION #1
1.0 TITLE: Year 2000 Date Data Interchange
1.1 EFFECTIVE DATE: March 1, 1997
1.2 TYPE OF ACTION: New
2.0 PURPOSE: To establish a policy concerning the electronic interchange of date data between state agencies, boards and commissions.
3.0 ORGANIZATIONS AFFECTED: All branches, divisions, departments, and agencies of state government.
4.0 REFERENCES:
5.0 DEFINITIONS/BACKGROUND:
6.0 POLICY:
7.0 PROCEDURES:
8.0 RESPONSIBILITIES:
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Chief Information Architect 913-296-3011
KANSAS INFORMATION RESOURCE COUNCIL
INFORMATION TECHNOLOGY POLICY #2414 REVISION #0
1.0 TITLE: Year 2000 Readiness Warranty
1.1 EFFECTIVE DATE: Upon Receipt
1.2 TYPE OF ACTION: New
2.0 PURPOSE: To establish a policy concerning the year 2000 readiness of software, hardware, systems, services and any equipment containing date sensitive processors.
3.0 ORGANIZATIONS AFFECTED: All branches, divisions, departments, and agencies of state government.
4.0 REFERENCES:
4.1 K.S.A. 75-4741 authorizes the Kansas Information Resource Council to approve policies for the management of the state=s information resources.
5.0 DEFINITIONS/BACKGROUND:
5.1 In the past, some computer software was created using a two digit year, such as 85 to represent 1985. This software assumed a century of 19 as in 1985. As we approach the year 2000, this software can fail to perform date calculations or worse, perform them and produce erroneous results. The failure can occur prior to the year 2000 when date calculations involve future periods.
5.2 Assets must meet the following four criteria to be year 2000 ready:
C General integrity: No value for current date will cause interruptions in the desired operation --- especially from the 20th to the 21st centuries.
C Date integrity: All manipulations of time-related data (dates, duration, days of week, etc.) will produce accurate and correct results for all valid date values within the application domain.
C Explicit century: Date elements in interfaces and data storage require specifying century to eliminate ambiguity.
C Implicit century: For any date element represented without century, the correct century is unambiguous for all manipulations involving that element.
6.0 POLICY:
6.1 Agencies are to include language in all contracts for software, hardware, systems, services and any equipment containing date sensitive processors that protects them from year 2000 date change problems.
6.2 For software, hardware, systems, services, and any equipment containing date sensitive processors not supported by agency personnel and not covered by 6.1 above, agencies should contact the original supplier or the current support provider to determine the asset=s present readiness or services required for year 2000 readiness.
7.0 PROCEDURES:
7.1 Assets or services supported under contract:
The following language should be included in all solicitations and both new and existing contracts for software, hardware, systems, services and any equipment containing date sensitive processors.
C The contractor warrants fault-free performance in the processing of date and date related data (including, but not limited to, calculating, comparing, and sequencing) by (identify the hardware, software, service or system). Fault free performance includes, but is not limited to the manipulation of data with dates prior to, through, and beyond January 1, 2000, and shall be transparent to the user.
C Hardware and software products, individually and in combination, shall successfully transition into the year 2000 with the correct system date and correct calculations which utilize or refer to the date data, without human intervention, including leap year calculations. Hardware and software products, individually and in combination, shall also provide correct results when moving forward or backward across the year 2000.
7.2 Assets or services not supported by contract:
For assets or services determined not to be year 2000 ready agencies should make arrangements to test and take appropriate steps to correct, replace or de-activate the asset or service prior to the onset of any year 2000 associated problem.
8.0 RESPONSIBILITIES:
8.1 Heads of agencies, boards and commissions, will establish procedures for their organization's compliance with the requirements of this policy.
8.2 The Chief Information Architect is responsible for the maintenance of this policy.
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Chief Information Architect 913-296-3011
KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY #3100 REVISION #0
1.0 TITLE: Information Technology Advisory Board Charter
1.1 EFFECTIVE DATE: February 1, 1996
1.2 TYPE OF ACTION: New
2.0 PURPOSE: To officially establish an Information Technology Advisory Board (ITAB) to the Chief Information Architect (CIA) and the Kansas Information Resources Council (KIRC).
3.0 ORGANIZATIONS AFFECTED: All divisions, departments, agencies, boards and commissions of the state.
4.0 REFERENCES: K.S.A. 75-4741 sets forth the general powers and duties of the Kansas Information Resources Council.
5.0 DEFINITIONS:
5.1 Information technology is an inclusive term to address the services and functions commonly associated with information systems and telecommunications.
5.2 Common contract requirements refers to information technology services (including telecommunications) needed by many agencies. These services may include contract software development, commonly used hardware and software products, data related products and services, management or technical consulting, hardware and software maintenance, performance of technical service functions by private organizations where it is advantageous to do so.
6.0 POLICY:
6.1 The Information Technology Advisory Board shall:
6.1.1 Address information technology issues and provide policy, standards, guidelines, or procedural recommendations to the Chief Information Architect and the Kansas Information Resources Council;
6.1.2 Initiate and develop specifications for statewide contracts for common information technology requirements from suppliers qualified by the Division of Purchases.
6.1.3 Review proposed programs and projects and make recommendations regarding the appropriateness of planning, technologies used, compliance with policy and standards, and resource estimates;
6.1.4 Contribute to and support the Strategic Information Management Plan and the annual Information Technology Plan;
6.1.5 Promote coordination and cooperation among state organizations’ programs for effective integration and high quality services and the efficient use of information resources, and;
6.1.6 Address other information technology resource management issues at the request of the CIA and the KIRC and make recommendations thereon.
7.0 PROCEDURES:
7.1 Each KIRC member shall appoint as their representative to the ITAB the person most qualified to discharge the intent of this charter. The KIRC or the Chief Information Architect may seek representation from additional state agencies to serve as voting members. Additional local, state, federal and private sector non-voting members may participate as deemed appropriate by the ITAB.
7.2 The Chief Information Architect shall establish the Board and convene regularly scheduled meetings to address information technology related issues facing state government. The CIA shall serve as Chairperson of the Board and provide staff support to the Board.
7.3 The Board shall organize and direct Technical Advisory Committees to address specific technology issues and resource management issues as necessary. ITAB members shall contribute personnel to support the activities of these committees.
7.4 The Board shall elect any officers from among its members that are deemed necessary to discharge its duties.
8.0 RESPONSIBILITIES:
8.1 Each KIRC member shall appoint as their representative to the ITAB the person most qualified to discharge the intent of this charter.
8.2 The Chief Information Architect shall establish the Board and convene regularly established meetings to address information technology related issues facing state government.
8.3 Each member of the ITAB shall carry out and support the duties and responsibilities of Board members as intended by this charter.
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Chief Information Architect
KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY # 4210 REVISION # 0
1.0 TITLE: Communications Network and Systems Access Security Architecture.
1.1 EFFECTIVE DATE: November 1, 1995
1.2 TYPE OF ACTION: New
1.3 KEY WORDS: Communications networks, security, computer networks, architecture, audit, access control, authentication, information systems.
2.0 PURPOSE: To establish guidelines and a recommended security architecture to allow agencies to establish and implement security policies for the access to information systems, networks or facilities.
3.0 ORGANIZATIONS AFFECTED: All divisions, departments and agencies of the state.
4.0 REFERENCES:
4.1 K.S.A 75-4709 provides that the Secretary of Administration shall make provision for and coordinate all telecommunications services for all divisions, departments and agencies of the state pursuant to policies established by the KIRC.
4.2 K.S.A 21-3755
5.0 DEFINITIONS:
5.1 Security architecture is defined as a model or common way of thinking about security as it applies to computer systems or networks. Using the architecture, an agency can determine the level of security required by their system or LAN. They can then apply standard solutions for implementing this level of security.
5.2 Systems and LANs define one or more computers (PC, mainframe, server, etc) and associated local area connections (if networked) for which access protection is being evaluated. LANs (local area network) is a network confined to a local collection of systems typically a work group or building floor. A LAN is generally very restricted in distance.
5.3 Network or communications network or WAN is defined as one or more LANs connected via communications media for the purpose of transfer of electronic data between systems. A WAN (wide area network) typically connects LANs or individual systems of multiple agencies over a shared network and across potentially large distances (for example, KANWIN covers the state of Kansas).
5.4 KANWIN is the KANsas Wide area Information Network, a wide area data network spanning the state of Kansas. This network is used or will be used by state agencies, municipalities, and other local government entities. This is a multi-protocol data network meaning that data can be transmitted in more than one form (protocol). KANWIN supports (transports) TCP/IP (open systems, Transport Control Protocol/Internet Protocol), IPX (Novell, Internet Exchange Protocol), SNA (IBM, Systems Network Protocol).
5.5 Security plan is defined as a collection of statements about the sensitivity of information on a system or LAN, the requirements for how that data must be protected, and the actions to be taken in the event the protection is violated.
5.6 Audit is defined as the collection and periodic review of network or system access information. This assumes some computer or other device records access related information in a secure place that can be reviewed at a later time.
5.7 Screening determines if communications traffic may pass through a network device based solely on destination and source information of the network packet containing the data. Screening in this context implies their is no authentication of the actual originator of the data.
5.8 Authentication is defined as the act of requiring the 'person' requesting access to a network, LAN, or system to identify themselves through one or more identification schemes. Screening only makes decisions based on source and destination addresses. Authentication makes decisions based on 'who' was at the source. Authentication can be as simple as a computer id and password or as complex as one time passwords, challenge response passwords, or physical identification (retinal, voice, image, etc).
6.0 POLICY:
Information systems, networks or network facilities utilized by state agencies for the sharing or delivery of information are growing at a dramatic rate. It is very likely that all state agency systems and networks will either eventually be connected to each other, or be able to share common data or network systems. For this reason, it is extremely important that a security architecture is established over access to these systems and networks. DISC PPM 1201.00, PPM 4206.00 and K.S.A. 21-3755 all address security related issues. This policy describes an architecture with varying levels of security necessary to efficiently protect state agency data from unauthorized access.
7.0 PROCEDURES:
This communications network and systems access security architecture is designed around
six levels of security, where each successive level provides increased protection to the data, systems or networks that are being secured.
7.1 Security:
The following is a table describing the six levels of security that DISC recommends as agencies build individual security plans for the protection of communications network, systems or services and the data that uses those networks, systems and services.
LEVEL 0 Unrestricted access. This level represents the unrestricted environment where there are no access controls and no assumptions can be made about anyone operating at this level. Essentially, there is no security at this level.
LEVEL 1 Audit and screening of unnecessary access. At this level simple auditing and screening procedures are established. To pass Level 1 security, the security manager generally provides systems that require simple logging of the access. Since there is no user authentication (passwords) at this level, the logging is generally accomplished by logging of network addresses or some other identifier. Security at this level may also exclude some traffic that has no reason to cross the boundary.
LEVEL 2 Audit and screening of illegal access. At this level logging is still only by address or some other identifier but now specific protocols or applications are prevented from passing. For a network this might mean All inbound TELNET is blocked. For a system this could be all dial-in traffic after 6:00 p.m. Data and systems in this environment are not critical and can be reconstructed in a reasonable amount of time if destroyed.
LEVEL 3 Audit, screening and loose authentication. At this level users are required to identify themselves by a basic mechanism, such as a password. This is "loose" because the user does not have to do much to prove they are who they say they are. Audit information now contains user identification as well as addresses. Data in this environment must be protected from unauthorized access. If seen by unauthorized personnel it is unfortunate, but not a major problem. Audit trails are very important so that security managers are aware that information has been accessed by unauthorized parties.
LEVEL 4 Audit and physical access only. At this level, more sophisticated authentication schemes are employed to ensure that the user is really who they say they are. This is generally accomplished by systems that utilized one time passwords, challenge/response systems, or physical identification. Data in this environment is extremely sensitive such that if the data is viewed by unauthorized personnel severe consequences would occur.
LEVEL 5 Audit and physical access only. This level is the most secure level. Access at this level is so strict that remote access is not allowed and only the most strenuous authentication is employed. This level of security would be employed to protect resources for which absolutely no illegal access can be tolerated without very severe consequences.
7.2 Reviews:
7.2.1 DISC is in the process of reviewing all levels of the state network and all DISC controlled systems and services to identify the appropriate level of security to be employed at each point. This information will be published in future memorandums so that agencies will clearly understand how access will be managed and controlled.
7.2.2 Agencies should review this memorandum and review their own security environment to determine which level of access is appropriate for their particular data environment.
7.2.3 It is essential that all future applications that are developed by agencies include a review that identifies which level of security will be established for the application. This review should assure that the application contains enforceable plans to maintain that level of security.
8.0 RESPONSIBILITIES:
8.1 Heads of divisions, departments, agencies, boards and commissions are responsible to establish procedures for their organization to comply with the requirements of this policy.
8.2 DISC is responsible for the maintenance of this policy.
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Andy Scharf, Bureau of Telecommunications, 913-296-3463.
KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY # 4220 REVISION # 0
1.0 TITLE: Security Policy and Procedures for the KANWIN Network.
1.1 EFFECTIVE DATE: November 1, 1995
1.2 TYPE OF ACTION: New
1.3 KEY WORDS: Security policy, KANWIN, communications network, Internet, TCP/IP, IPX, routers, LAN, audit, firewall, modem, acceptable use
2.0 PURPOSE: To define responsibilities for security on the state multi-protocol network (KANWIN - Kansas Wide area Information Network) and the security policy that will be implemented by DISC for KANWIN. It also defines acceptable use policies for this network.
3.0 ORGANIZATIONS AFFECTED: Current and future users of KANWIN
4.0 REFERENCES:
5.0 DEFINITIONS:
5.1 Security policy is defined as a collection of statements about the sensitivity of information on a system or LAN, the requirements for how that data must be protected, and the actions to be taken in the event the protection is violated.
5.2 KANWIN is the KANsas Wide area Information Network, a wide area data network spanning the state of Kansas. This network is used or will be used by state agencies, municipalities, and other local government entities. This is a multi-protocol data network meaning that data can be transmitted in more than one form (protocol). KANWIN supports (transports) TCP/IP (open systems, Transport Control Protocol/Internet Protocol), IPX (Novell, Internet Exchange Protocol), SNA (IBM, Systems Network Protocol).
5.3 Router is defined as a communications device that 'decides' down which path or circuit collections of data (packets) should be sent. These decisions are made based on what is the 'best' path to send a packet to its destination address. Best can be determined by many factors such as line speeds, cost of service (leased lines versus phone lines), and other factors.
5.4 Frame Relay is a method of transporting data packets across 'long distance' wires (as opposed to an ethernet or token ring LAN). Frame relay is a service offering by SW BELL (in our case) that we purchase on a monthly basis. Frame relay enables a site to have just one 'wire' into their site while being able to communicate to any number of sites on the network as though their were individual wires between each of the sites. It is a cost effective way to implement a large network.
5.5 Dialup is defined to mean the use of a data modem and a normal dial phone line to create a temporary connection from a user site to an access point in the KANWIN network. Dialup speeds are considerably less than what is available over a frame relay circuit but are also considerably cheaper when the frequency of using the network is very low.
5.6 The Internet is defined as the international formal Department of Defense data network formed during the late 60's and early 70's. This network interconnects millions of computers world-wide. The protocol used on this network is strictly TCP/IP. There is a standardized naming and addresses policy for any site connected to this network. KANWIN follows this standard which also means all sites connected to KANWIN must follow the standard as well. DISC maintains a registry of addresses and legal names (domain names) for use by state agencies.
5.7 Shared portion of KANWIN is defined to be that network infrastructure shared by multiple agencies. This includes circuits, DISC routers, DISC hubs (LAN wiring devices), our Internet link, and DISC network management systems and associated devices. Agency LANs are NOT part of the shared network nor are agency (versus DISC) hubs.
5.8 Audit is defined as the collection and periodic review of network or system access information. This assumes some computer or other device records access elated information in a secure place that can be reviewed at a later time.
5.9 Violation is defined in this context to refer to the act of someone gaining access to a system or data that they are not authorized to access.
5.10 Screening is defined as determining if communications traffic may pass through a network device based solely on destination and source information of the network packet containing the data. Screening in this context implies their is no authentication of the actual originator of the data.
5.11 Authentication is defined as the act of requiring the 'person' requesting access to a network, LAN, or system to identify themselves through one or more identification schemes. Screening only makes decisions based on source and destination addresses. Authentication makes decisions based on 'who' was at the source. Authentication can be as simple as a computer id and password or as complex as one time passwords, challenge response passwords, or physical identification (retinal, voice, image, etc).
5.12 Firewall is defined as a computer or other communications device used to control access to/from a network or computer. The firewall shields a system from potential attacks by unauthorized individuals.
5.13 TELNET is a TCP/IP application that enables PC's to 'emulate' or mimic the function of a terminal across a TCP/IP network (such as KANWIN or the Internet) for accessing a remote computer.
6.0 POLICY:
6.1 Statement of Responsibility:
Agencies are responsible for the protection of their data and LANs connected to KANWIN. DISC will be responsible for the security of the shared portion of the KANWIN (backbone routers and circuits). That is, the network responsibility ends at the router port to which the agency LAN is connected.
6.2 Network policy for KANWIN:
It is important to remember, any network or system can be violated given enough time. Therefore, any security strategy must take into account how to detect the fact that a violation is in process or has occurred, hence the need for auditing and proper backups. An agency must always assume the network is unsafe when preparing their security policies.
DISC must provide a compromise between security and usability regarding KANWIN to ensure that agencies can make the most use of the network. Therefore, DISC will provide high security of the network infrastructure such as routers and hubs but minimal security with regards to access into and out of KANWIN.
6.2.1 Security:
DISC will provide Level 1 security (auditing/screening) at the KANWIN boundaries and Level 3 security (loose authentication) on the KANWIN infrastructure. See Policy #4210 Communications Networks and Systems Access Security Architecture for a description of security levels.
6.2.1.1 DISC will insert a screening firewall at the external entry ports into KANWIN. The screening function will filter at the packet level those protocols that have no reason to be crossing the network boundary including probes commonly used by hackers. Specific filtering rules will not be published for security reasons. Questions about allowed access should be addressed to DISC.
6.2.1.2 Valid traffic through the firewall will be uninhibited but logged.
6.2.1.3 DISC reserves the right to implement additional security features in site routers if deemed important to security of KANWIN and its users. This could include encryption or additional filters to restrict types of outbound or
inbound traffic (e.g. if there are unsecured dial modems on the LAN, we may not want to allow unrestricted TELNET from the LAN into KANWIN).
6.2.2 Audit:
All sessions established through the firewall will be recorded to an audit log.
6.2.2.1. In the event of unauthorized access into KANWIN, we will use this information to attempt to identify the perpetrator and prosecute, if applicable.
6.2.3 Acceptable Use:
Each agency is responsible to see that its employees are using KANWIN in an acceptable fashion. This includes use that exits KANWIN through the Internet gateway or other future gateways.
6.2.3.1 KANWIN, as with any other state resource, must be used for official business only, unless the heads of their respective agencies have established written policies regarding use of KANWIN for "personal" access. Notification of violations of this policy will be sent to the appropriate agency for action.
6.2.3.2 A user on KANWIN who is found to have violated net policies or interfered in an unacceptable fashion on another system on or off KANWIN may be subject to disciplinary action. The records for such events will be turned over to the appropriate agency for attention. Examples of unacceptable activities include, but are not limited to:
6.2.3.2.1 Offensive mail or excessive (and unnecessary) distribution.
6.2.3.2.2 Attempting to crack the security of another agency or the network routers.
6.2.3.2.3 Unauthorized destruction of other users’ data or programs.
6.2.3.2.4 Unauthorized distribution of passwords or other access information.
These policies will be updated as dictated by changes in technology or management direction.
7.0 PROCEDURES:
8.0 RESPONSIBILITIES:
8.1 Heads of divisions, departments, agencies, boards and commissions are responsible to establish procedures for their organizations to comply with the requirements of this policy.
8.2 DISC is responsible for the maintenance of this policy.
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Andy Scharf, Bureau of Telecommunications, 913-296-3463.
KANSAS INFORMATION RESOURCES COUNCIL
INFORMATION TECHNOLOGY POLICY # 8000 REVISION # 0
1.0 TITLE: Development of a Data Administration Program.
1.1 EFFECTIVE DATE:
1.2 TYPE OF ACTION: New
2.0 PURPOSE: To commit the state to the development of a formal Data Administration Program that recognizes and promotes the importance of data and information as valuable resources requiring management of their creation, use, storage, documentation, and disposition; encourages the management of data from both an agency-wide and state-wide view; improves data planning and access through the use of consistent methods, tools and technologies; identifies data that are critical to the mission of the state or that are common to multiple organizations within or among state agencies; and specifies the location of a central site for the development and maintenance of a statewide repository for metadata information, common data definitions, and ownership responsibilities in order to facilitate the exchange of information among agencies and the public.
3.0 ORGANIZATIONS AFFECTED: All division, departments and agencies of the state.
4.0 REFERENCES:
4.1 K.S.A 75-4741 authorizes the Kansas Information Resources Council to approve policies for the management of the state’s information resources.
5.0 DEFINITIONS:
5.1 Data. Representation of facts, concepts, or instructions in a formalized manner suitable for communication, interpretation, or processing by humans or by automatic means. Any representations such as characters or analog quantities to which meaning is, or might be, assigned.
5.2. Data Administration. An ongoing, centralized, administrative function that coordinates the design, implementation, and maintenance of an effective data structure of the entities and relationships that comprise the integrated enterprise-wide database(s), and makes this information available to a community of information resource users. Responsibilities typically assigned to this function include information strategy planning, data and process modeling (both conceptual and logical), and the development of standards, policies, and procedures to define, collect, and organize data to meet managers' and users' existing and future information needs.
5.3 Data Custodian. Guardian or caretaker; the holder of data; the agent charged with the data owner's requirement for processing, communications, protection controls, access controls, and output distribution for the resource. The data custodian is normally a provider of services. The data custodian may be a central data center providing services to a number of agencies which are data owners.
5.4 Data Dictionary. A source of information about entities, data elements representing entities, relationships between entities, their origins, meanings, uses, and representation formats.
5.5 Data Model. A description of the organization of data in a manner that reflects the information structure of an enterprise.
5.6 Data Owner. The business function manager or agent assigned ownership responsibility for the data resource.
5.7 Data Repository. A database of metadata stored in a manner that permits ease of access and reporting.
5.7 Enterprise View. Information needs of an entire agency, rather than the needs of a single application or business unit. The enterprise view can be derived from the business model produced through information strategy planning.
5.8 Information. Data that have been organized or prepared in a form that is suitable for decision-making.
5.9 Metadata. Information that describes the definitions, structures, formats, allowable values, and use of the data resource. Data about data.
5.10 Statewide Enterprise View. Information needs of the entire State of Kansas, rather than the needs of a single agency or business unit.
6.0 POLICY:
6.1 It is the policy of the State of Kansas that each agency develop, implement, and maintain an Agency Data Administration Program.
6.2 Each agency shall produce an Agency Data Administration Policy statement that incorporates the recommendations of the Kansas Information Resources Council (KIRC), and goals, objectives, and methods oriented toward accomplishing the objectives of this rule. The Agency Data Administration Policy shall address the development and implementation of standards and procedures for data administration (data elements, names, definitions, values, formats, and database constructs).
6.3 The Agency Data Administration Program shall support both information systems strategy planning and the development and maintenance of application systems.
6.4 Agency Data Administration Program shall be integrated with the agency information system development methodology.
6.5 The Agency Data Administration Program shall incorporate data policies that are consistent with public access and security policies.
6.6 The Agency Data Administration Program shall incorporate data policies that support the maintenance of an Agency Data Repository for the storage of agency metadata. The agency repository should be consistent with the statewide repository so that metadata can be easily ported between them.
6.7 The Division of Information Systems and Communications (DISC) with the assistance of the Data Sharing Committee shall coordinate agencies metadata and operate a central site for the development and maintenance of a distributed statewide repository to provide access to metadata information, common data definitions, and ownership responsibilities.
7.0 PROCEDURES:
7.1 The Agency Data Administration Policy must be defined by March 1, 1997 and implemented by July 1 1998.
7.2 Each agency shall, at least annually, beginning September, 1997, provide a copy of its existing Agency Data Administration Policy, report on the status of Data Administration implementation, and assess the percentage of agency data currently being covered by the Agency Data Administration Program. In addition, the agency shall identify the plans and goals to be achieved by its Data Administration Program during the planning period.
8.0 RESPONSIBILITIES:
8.1 Each agency shall designate and train an individual (the agency Data Administrator) to supervise or conduct the Data Administration activities of the agency utilizing the most appropriate information technology and methodologies. Written notification of Data Administrator appointments and changes shall be promptly sent to the Chief Information Architect’s Office.
8.2 Each agency shall assure that Data Administration review and approval is incorporated into the agency information system development methodology to ensure consistency with the Agency Data Administration Policy and the enterprise view of data.
8.3 The agency Data Administrator shall clearly and consistently define and assign data administration responsibilities to data owners and data custodians.
8.4 The agency Data Administrator or a designated representative, shall participate in interagency data administration activities organized by the central data repository staff within DISC with the assistance of the Data Sharing Committee, and approved by The Information Technology Board (ITAB) in order to identify state-wide Data Administration issues and make recommendations to the ITAB concerning, but not limited to:
1. Standards relating to data as an asset to the State of Kansas;
2. Data that are critical to the mission of the State, or common to multiple agencies;
3. Policies that ensure the establishment of a statewide enterprise view of information;
4. Enhancements to the state Data Administration Program;
5. Minimum requirements for Agency Data Administration Programs; and
6. Data administration education and awareness.
8.5 The Chief Information Architect is responsible for the maintenance of this policy.
9.0 CANCELLATION: None
10.0 CONTACT PERSON: Chief Information Architect 913-296-3011