Welcome King County Strategic Priority Project Briefing

1
WelcomeKing CountyStrategic Priority Project
Briefing

• Office of Information Resource Management
• July 27, 2004

2
King County Strategic Priority Project
BriefingLaw, Safety and Justice Integration

• Trever Esko, Program Manager
• Norm Maleng - Business Sponsor
• Ron Sims - Executive Sponsor
• Office of Information Resource Management
• July 27, 2004
• http//kcweb.metrokc.gov/oirm/projects/lsji.htm

3
Recent Activities

• Prototype project completed
• Jail Inmate Look-up Service (JILS)
• Multiple components
• Public facing internet site
• Internal LSJ agency access
• External law enforcement access
• Back-end Web Service for peer-to-peer exchange
• Initiated first official project
• Booking and Referral Filing Project
• Program and Security Audits

4
Major Efforts Underway

• Booking and Referral Filing Project
• First real project
• Addressing highest priorities for criminal
  justice operations
• Criminal justice activities associated with
  booking an individual into jail and law
  enforcement referring a felony case to the
  prosecutor
• 105 work processes
• 37 information exchange events
• 5 King County agencies
• 27 external agencies

5
Major Efforts Underway

• Integration Foundation Architecture Development
• Document the architecture that comprises the
  enterprise integration capabilities
• Will be presented to technology governance
• Components of Foundation Architecture
• Integration concepts
• Integration policies
• Operational policies for integration center
• Integration software tools and capabilities
• Logical architecture of integration environment
• Physical architecture of integration solution

6
Various Operational Needs
7
Addressing Operational Needs
8
Integration Components Required
9
Implemented Integration Stack
10
Other Activities Underway

• Integration Security Audit
• Specifically examine security issues and
  opportunities within the integration environment
  as implemented
• Performed by third party (MTG Consulting)
• Program IVV
• Program audit by third party (MTG Consulting)
• Part of voluntary program QA process
• Environment Upgrade
• BizTalk 2004
• JusticeXML v3.0

11
Next Steps and Timing

• Publish security audit and IVV
• Q3 2004
• Complete various upgrades
• Q3 2004
• Create Integration Foundational Architecture
• Q3 2004
• Continue Booking and Referral Filing
• Q4 2004

12
LSJ-I Timeline
Implement Integration Solution
Improved Criminal History
Foundational Architecture
Pilot Project (JILS)
Booking and Referral Filing
Q2
Q4
Q1
Q3
Q1
Q2
2004
2005
Implementation of Integration Sub-Projects
13
King County Strategic Priority Project
BriefingInformation Security Privacy

• Sharon Glein - Program Manager
• David Martinez - Program Sponsor
• Office of Information Resource Management
• July 27, 2004
• http//kcweb.metrokc.gov/oirm/projects/security_pr
  ivacy.htm

14
Program Objectives

• Remedy information security vulnerabilities
• Improve security and privacy awareness
• Training for business and technical staff
• Implement improvements to IT systems
• Prevent security and privacy incidents
• Recommend organizational changes
• Ensure on-going management of security and
  privacy
• Develop countywide security and privacy policies,
  standards and guidelines

15
Status 2nd Quarter Activities

• Vulnerability Corrective Actions
• Anitian, Covestic, RBA (security consultants)
• Assessed corrective actions taken by agencies
• Developed vulnerability identification and
  remediation procedures and provided instructions
• Agencies continue to report progress

16
Status Selected Agencies Continue to Correct IBM
Identified Vulnerabilities
17
Status Consultants Assessment of Corrective
Actions Taken by Agencies
18
Status All Agencies Continue to Identify Fix
Mandatory Vulnerabilities
19
Status 2nd Quarter Activities continued

• Security and Privacy Policies
• Drafted Security Policy Framework and Enterprise
  Security Policy
• TMB Security Sub Team meeting June 30
• Drafted Enterprise Privacy Policy
• BMC Privacy Sub Team meeting July 1

20
Security Policy Framework draft
21
Enterprise Security Policy draft

• Security Principles
• Accountability - Assessment
• Awareness - Cost Effective
• Equity - Integration
• Management - Timeliness
• Countywide policies
• ISO 17799 compliance and minimum requirements
• Countywide security
• Chief information security officer, information
  security board
• Agency security
• Policies, procedures, subject matter expert

22
Enterprise Privacy Policy draft

• Privacy Elements
• Information Gathering Use - Information Sharing
  
• Information Retention - Information Security
• Right to Choose - Right to Know
• Right to Inspect Correct - Commitment
• Privacy Notice
• Contact
• Employee Expectations
• Agency Policies
• Agency Procedures

23
Status 2nd Quarter Activities continued

• Security Privacy Training - tentative schedule
• Security Essentials (July)
• Risk Management (August)
• Appropriate Use (September)
• Social Engineering (October)
• Security Issues in Hiring/ Terminations/Job
  Changes (November)
• Privacy Expectations of Employees (December)
• Security Issues in Working with 3rd Parties
  (January)

24
Status 2nd Quarter Activities continued

• Security Tools
• Met with Countys information technology vendors
  to find out how they can assist us
• Drafted and issued RFI in July expect responses
  in early August

25
Next Steps for Agency Involvement 3rd/4th Quarter
2004

• Vulnerability Corrective Actions
• Agencies continue to complete identification of
  vulnerabilities, and remediate any found
• Include any known vulnerabilities identified by
  Anitian, Covestic, or RBA as unresolved

26
Next Steps in 3rd/4th Quarter- continued

• Security Policies to Technology Governance
• July Security Organization
• September Personnel Security
• October Risk Management
• December Asset Classification

27
Next Steps in 3rd/4th Quarter- continued

• Privacy Policies to Technology Governance
• July Privacy Notice
• August Sensitive Information
• September Personnel Privacy
• October Data Classification for Privacy
• November Privacy Audit and Compliance
• December Privacy Requirements in System
  Development

28
Next Steps in 3rd/4th Quarter- continued

• Security Privacy Training Sessions
• Continue monthly trainings into 2005
• Security and Privacy awareness training - begin
  in 2005
• Security Tools
• Review RFI materials and presentations
• Participate in pilot testing activities

29
ISP Program Timeline

• Complete Privacy Policies initiative
• Vulnerability Corrective
• Action initiative

• Funding 2004
• Begin Security Tools initiative
• Security Policies initiative
• Privacy Policies initiative

• 2005 continued from 2004
• Security Policies Tools initiatives

• Begin Agencies
• Cleanup
• Vulnerabilities
• Countywide

• 2005 Dependent on 2005 Appropriation
• Personnel Security Privacy Policy
• Implementation
• Risk Management Process
• Privacy Tools
• Transition to Security Organization

• Begin Governance review of
• Security and Privacy
• Policies

Q2
Q4
Q1
Q3
2005
2004
Addressing Security Improvements
30
King County Strategic Priority Project
BriefingNetwork Infrastructure Optimization

• Kevin Fung - Program Manager
• David Martinez Program Sponsor
• Paul Tanaka Program Sponsor
• Office of Information Resource Management
• July 27, 2004
• http//kcweb.metrokc.gov/oirm/projects/NIO.htm

31
NIO Program Objectives

• Mitigate network-related risks to King County
  business
• Technology-related risks
• Operational-related risks
• Realize cost-savings from identified
  opportunities
• Begin transition to next generation network
• Develop countywide standards and guidelines
• Prepare network infrastructure
• Conduct pilots to solidify vision

32
NIO Current Status

• Validation effort completed in early June
• Many opportunities for improvement validated
• Some opportunities require further analysis
• Validation report available via OIRM intranet
  website
• Improvement Measures Underway
• Replacement of unsupported equipment
• Change to King County Code
• Migration to COAF (Centrex Over Alternate
  Facilities)
• Formation of two new countywide groups
• Network Change Management Board
• Network Policy and Standards Development Team

33
Standard Centrex vs. COAF(Centrex Over Alternate
Facilities)

• Standard Centrex
• Phones individually connected to Central Office
• Transport charge for each phone

(
(
(
(
(
Phone Companys Central Office
(

• COAF
• Individual connections bundled onto trunk line,
  fiber, or other alternate facility
• Recurring cost of alternate facility less than
  sum of individual transport charges.

(
Alternate Facility
(
(
(
Phone Companys Central Office
(
(
34
NIO Validation Summary
35
NIO Phase II Deliverables

• Consultant Validation Report available on
  website
• Replacement of unsupported core routers.
• King County code change for multi-year agreements
• Migration of Centrex lines to COAF
• Establishment of Network Change Management
• Network policies, standards, and guidelines
• IP Telephony (VoIP) and Wireless pilots
• Use of King County resources to eliminate leased
  circuits
• Service Metrics for KC WAN and Telecom
• Publication of network OMS procedures
• Advisory staffing plan for Network Services
• Installation/configuration of network tools
• Migration plan for convergence (next generation)

36
Network Change Management Board

• Purpose
• Define Network Change Management
• Develop the change management process to be
  followed by all agencies
• Countywide representation
• Eventual transition to Operations
• First meeting to be scheduled in August

37
Network Change Management Board Representatives
38
Policy and Standards Development

• Purpose
• Draft countywide network policies, standards, and
  guidelines to ensure consistency throughout the
  county
• Types of Standards (sample list)
• Protocols, IP addressing, HW/SW, interface,
  wireless, network security (firewalls, VPN,
  encryption, proxies, NAT, etc.)
• Countywide representation
• Proposals to pass through Governance process
• First meeting to be scheduled in August

39
Network Policy and Standards Development
Representatives
40
NIO Phase II Timeline
Unsupported equipment replaced IP Telephony
Wireless Pilots Migration Plan for
Convergence Additional policies and standards

• Continuing Effort on Phase II Initiatives
• Continued replacement of unsupported equipment
• Continued operational improvement
• Continued standards development
• Phaseout of non-IP protocols
• Implementation of QoS
• Additional pilots

COAF complete Service Level Agreements Published
Practices Network Tools Configuration
KC Code Change
First set of standards
Validation Complete
Q1
Q3
Q2
Q4
Q2
Q3
2004
2005
Implementation of Immediate Opportunities and
Transition to Next Generation
Validation
41
King County Strategic Priority Project
Briefing Business Continuity

• Victoria D. Leighton Program Manager
• Paul Tanaka Business Sponsor
• David Martinez - Program Sponsor
• Office of Information Resource Management
• July 27, 2004
• http//kcweb.metrokc.gov/oirm/projects/bc.htm

42
Program Objectives

• Phase I
• Identify business essential services and
  technology in support of the King County
  Emergency Management Plan and essential business
  operations
• Phase II
• Implement information technology business
  continuity policy
• 2004 2005 Implement consultant recommendations

43
Methodology

• Phase I 2003 - 2004
• Identify business essential services and
  technology in support of the King County
  Emergency Management Plan
• Perform a Risk Assessment of King County
  information technology
• Perform a Business Impact Analysis of King County
  information technology
• Purchase and populate business continuity
  database
• Develop and approve countywide information
  technology business continuity planning policy
• Develop countywide integrated information
  technology business continuity implementation
  plan (HowTo strategy for developing business
  continuity mitigation processes)
• Implement consultant recommendations
• Phase II 2004 - 2005
• Implement consultant recommendations

44
Phase I

• Request for Proposals July 2003
• Final Vendor Selection October 2003
• Contract Signed November 2003
• Project Kickoff Meeting November 2003
• IT Agency Risk Interviews December 2003
• IT Business Impact Interviews January 2004
• Draft IT BC Policy April 2004
• Risk Assessment Report May 2004
• Begin Populating BC Database June 2004
• Business Impact Analysis Report July 2004
• Recovery Gap Analysis Report July/Aug 2004
• IT Business Continuity Aug/Sept 2004
• Implementation Plan

45
Reports

• Business Continuity reports are classified not
  subject to public disclosure
• Completed and draft reports - posted to the
  Outlook Public Folders
• outlook\\Public Folders\All Public
  Folders\Inter-Agency\OIRM\Business Continuity\Non
  Disclosure Reports

46
Risk Assessment Report and Business Impact
Analysis Recommendations

• Establish an information technology business
  continuity policy
• Develop written and tested business continuity
  plans (The County has acquired software to
  facilitate the process)
• Develop security policies, guidelines and
  procedures
• Improve network access security
• Prepare backup and offsite storage standard
  operating guidelines
• Improve the timeliness of backup and offsite
  storage

47
Business Impact Analysis FindingsAgency
Planning that Supports the EMP
Agency Readiness - EMP
48
Business Impact Analysis FindingsApplication
Recovery Objectives
Critical Applications
Agency Readiness Essential Business Services
49
2004 Implementing Consultant Recommendations
initial focus

• Telecommunications
• eCommunications
• Redundant web servers to support the Emergency
  Coordination Center
• Business Operations
• Payroll check printing business continuity
  services
• Alternate data center (warm site) for identified
  essential services

50
Resources on the Web

• Check out our updated intranet site
• New links
• Reports
• Presentations
• Resource links from various sites of industry
  standards for implementing business continuity
• We welcome your feedback, what would you like to
  see
• Link
• http//kcweb.metrokc.gov/oirm/projects/bc.htm

51
(No Transcript)
52
Agency Involvement

• Completed as of July 2004
• Business continuity point of contacts assigned
• Attended LBL briefing on Risk Assessment and
  Business Impact Analysis
• In Process
• Identifying critical servers and their attributes
  Due 7/27/04
• Review with feedback/written comments
• Business Impact Analysis Report Due July 2004
• Recovery Strategies Report Due July/Aug 2004
• Countywide Information Technology Business
  Continuity Implementation Plan Due Aug/Sep 2004

53
Business Continuity Timeline
Major Milestones
Funding
Q2
2005
Q4
2004
IT Business Continuity Implementation Plan
Planning and Analysis
Begin Implementation Proposed Solutions
54
King County Strategic Priority Project Briefing
IT Organization Study

• Jim Keller - Contract Administrator
• TBD - Project Manager
• David Martinez - Project Sponsor
• Paul Tanaka - Business Sponsor
• Office of Information Resource Management
• July 27, 2004
• http//kcweb.metrokc.gov/oirm/projects/Tech_Organi
  zation_Bus_Case.htm

55
Project Objectives (King County Council Proviso
14797)

• Vision and Goals Statement
• Quantifiable Business Case for Reorganization of
  Information Technology Functions Countywide

56
Approach (as identified in the proviso)

• Vision Goals for IT countywide
• Quantifiable Business Case for Reorganization of
  IT Functions Countywide
• At least two options with some level of
  outsourcing and centralization
• Countywide IT organization structure
• Quantifiable cost-benefit analysis
• Preferred option, with criteria used to select
  preferred option
• Primary criteria to select preferred option is
• To reduce IT management costs countywide

57
IT Vision and Goals (draft)

• IT Vision
• Utilizing information and technology to shape a
  better tomorrow by enabling public services and
  streamlining County-wide operations
• IT Goals
• Deliver responsive service to internal customers,
  the public, and other jurisdictions
• Provide reliable, cost-effective technical and
  application architectures
• Create enterprise-wide efficiencies
• Support a culture of effective governance, clear
  accountability and communication
• Ensure IT security and privacy
• Facilitate information sharing internally and
  externally
• Recruit, deploy and retain an appropriately-skille
  d workforce
• Serve as a leader in IT regional initiatives

58
Organization Model Evaluation Criteria(draft)
59
Status

• Request for Proposals February 2004
• Consultant began work May 2004
• Data collection on current
• IT org geography of IT July 2004
• Agency Interviews July 2004
• Vision and Goals draft July 2004
• Evaluation Criteria draft July 2004
• Vision Goals to SAC Aug 2004
• Business Case draft to review Sept 2004
• Consultant report draft final October 2004
• Consultant Presentations begin November 2004

60
IT Organization StudyTimeline
Consultant presentations of recommendations
Recommendation report and business case complete
Q1
Q3
Q4
2005
2004
IT Organization Consultant Study
61
King County Strategic Priority Project Briefing
Financial Business Case Analysis

• Zlata Kauzlaric - Project Lead
• Gary Lemenager - Contract Manager
• Paul Tanaka - Business Sponsor
• David Martinez - Program Sponsor
• Caroline Whalen - Resource Coordinator
• Office of Information Resource Management (OIRM)
• July 27, 2004
• http//kcweb.metrokc.gov/oirm/projects/qbc.htm

62
Objective

• Develop Business Operations Model based onbest
  practices and Quantifiable Business Casefor
  implementation.
• Support policy and budgetary decisions for
• Transformation of business processes
  inpreparation for system replacement
  financial,budget, HR and payroll
• Identify cost of information technology (TCO).
• Deliver in time for the 2005 budget.

63
Project Web Site
http//kctest.metrokc.gov/oirm/projects/qbc.htm
64
Advisory Committee

• Paul Tanaka - CAO
• David Martinez - CIO
• Shelley Sutton - Council
• Leesa Manion /David Ryan - Prosecutor
• Bill Wilson - Sheriff's Office
• Rich Medved - Assessor
• Paul Sherfey - Superior Court
• Steve Call- Budget
• Tricia Crozier - District Court

65
Project Team

• Consultants Dye Management Group, INC., Pacific
  Technologies, Inc.
• County Team Leads
• Budget Jim Walsh, Budget Office
• Financials Eric Polzin, DES/FBOD
• Human Resource Pamela Harding, DES/HRD
• Payroll Tracey Dang, DES/FBOD
• Technology John Anthony, DES/ITS
• Departmental Technology Leads and Subject Matter
  Experts dedicated to the project by the BMC
  members

66
Work Plan
DEC
JAN
FEB
MAR
APR
MAY
DEC
JAN
FEB
MAR
APR
MAY
1.0
Initiate Project
1.0
Initiate Project
2.0
Determine
2.0
Determine
Technology Costs
Technology Costs
3.0
Develop Business
3.0
Develop Business
Operations Model
Operations Model
4.0
Draft Business Case
4.0
Draft Business Case
5.0
Present
5.0
Present
Business Case
Business Case
67
Project Status

• Technology Cost Report Completed
• Technology Cost Updateable Model Completed
• Business Operations Model Report Completed
• Quantifiable Business Case Report Completed
• Presentations under way

68
Technology Cost Report

• The report represents the first complete picture
  of Countys IT spending.
• It analyzes distribution of IT Labor, IT Goods
  and Services, and provides typical performance
  indicators essential for effective management of
  IT.
• It can be further used as a starting point for
  evaluating the Countys approach to managing
  information technology.
• The report is available at the OIRM web site
• http//kcweb.metrokc.gov/oirm/projects/QBC/King_C
  ounty_TCO_final.pdf

69
(No Transcript)
70
(No Transcript)
71
Technology Cost Updateable Model

• The deliverable includes
• Repeatable Total Cost of Ownership Manual" on
  how to update the Model
• Set of spreadsheets populated with collected
  data for the current Technology Cost report
• The spreadsheets will be a starting point should
  the County engage into the Model update effort.

72
Business Operations Model Report

• Assessment It provides assessment of current
  payroll, financials, human resources and budget
  businesses including people, processes and
  technology. The current operating cost is over
  80 million - includes central and departmental
  costs.
• Evaluation The County is woefully lacking in
  modern processes and systems. It must change to
  meet vision and goals approved by the County
  Council.
• Recommendation Business Transformation. It will
  bring contemporary financial and human resource
  best practices to King County. It potentially can
  result in almost 237 million net benefit over 10
  year, with initial investment of 71.5 million,
  and operating costs of 34.5million.

73
Business Case Report

• The Business Case report describes why and how
  the county needs to improve, with implications of
  not pursuing the recommended improvements.
• It is based on national standard, best practices
  for government, and countys Vision and Goals
  Statement.
• The reports are available at the OIRM web site
• http//kcweb.metrokc.gov/oirm/projects/QBC.

74
Business Transformation Example

• The next three slides present an example of
  Business Transformation for financials business
  area.

75
(No Transcript)
76
(No Transcript)
77
(No Transcript)
78
Next Steps to Complete this Phase

• Presentations to BMC, SAC, Executive, Council are
  being prepared, scheduled, conducted.
• Dye Management presentation to QBC Advisory
  Committee and BMC is available on the OIRM web
  site.
• Additional Task Complete and present Data
  Validation effort (comparison of IT cost
  collected from agencies and system reported
  data).

79
Next Phases
80
Thank You and Congratulations

• Extended Project Team includes over 300
  County-wide staff subject matter experts for
  their business areas, and Technology Governance
  bodies BMC and TMB.
•  Thank you to all County Participants for their
  work and support of the Project, and
  congratulations on successful completion of this
  phase!

81
Quantifiable Business Case AnalysisTimeline
Initiate Project
Dec 2003
Planning and Design
82
Thank youhttp//kcweb.metrokc.gov/oirm/index.ht
m