Washington State Enterprise Technology Dictionary

Amounts owed to private persons or organizations for goods and/or services received by the state. Accounts Payable does not include amounts due to other agencies, funds, or other governments

General content changes like an organization, name, phone number, mailbox or URL in a policy or standard or a clarification or other revision that does not change the effect of the policy or standard.

A computer program or set of programs that meet a defined set of business needs.  A program or group of programs designed for end users. These programs are divided into two classes: system software and application software. While system software consists of low-level programs that interact with computers at a basic level, application software resides above system software and includes applications such as database programs, word processors and spreadsheets. Application software may be grouped along with system software or published alone. For the purposes of integration applications consume an integration service such as a web service or API.

A set of protocols, routines, functions and/or commands that programmers use to develop software or facilitate interaction between distinct systems. APIs are available for both desktop and mobile use, and are typically useful for programming graphic user interface components, as well as allowing a software program to request and accommodate services from another program. This definition explicitly excludes any "API" that relies on local binding (e.g. via loading a DLL) to function.

An action that indicates a change to an employee's appointment within the agency or movement of an employee between different agencies without a break in service - may include but not limited to movement to another position, adjustment of hours worked, changes from salaried to hourly, or reallocation of a position

An attempt to bypass security controls on an IT system in order to compromise the data.

Defines the set of capabilities to support the identification and monitoring of activities within an application, system, or network

Advantage, privilege, right, or financial reimbursement (such as that made under an insurance policy, medical plan, or pension plan)

A plan of financial operation embodying an estimate of proposed expenditures for a given period of time or purpose and the proposed means of financing them.

An application or system which has a direct impact on the delivery of services to department/agency employees, clients or consumers.

The Management of tangible or intangible assets held and used in state operations, which have a service life of more than one year and meet the state's capitalization policy. Capital assets of the state include land, infrastructure, and improvements to land, buildings, leasehold improvements, vehicles, furnishings, equipment, collections, and all other tangible and intangible assets that are used in state operations

Within the TBM Program, agencies are responsible for categorizing and documenting their costs to the program taxonomies. The TBM Program provides templates that agencies use to capture and submit categorization to the program.

The Tools or systems that allow multiple parties to interact and share documents or data through a shared work space or environment. Multiple parties contribute or update the shared environment and view, update, edit, & share files. This includes systems such as SharePoint, MAX, Web Conferencing, Cisco TelePresence, etc.)

Defines the set of capabilities to support the administration of online groups that share common interests

Continuity of Operations involves the activities associated with the identification of critical systems and processes, and the planning and preparation required to ensure that these systems and processes will be available in the event of a catastrophic event and involves the internal actions necessary to develop a plan for resuming operations after a catastrophic event occurs. This can include Contingency Planning, Continuity of Operations and Service Recovery work.

Continuous Monitoring includes all activities related to the real-time monitoring of security controls employed within or inherited by a system. (see Appendix G of NIST Special Publication 800-37)

The firm, its employees and affiliated agents. Contractor also includes any firm, provider, organization, individual, or other entity performing the business activities of the agency. It will also include any subcontractor retained by Contractor as permitted under the terms of the Contract.

A method of accounting which provides for accumulating and recording of all the elements of cost incurred to accomplish a purpose, to carry on an activity or operation, or to complete a unit of work or a specific job. Cost accounting approach concerned with matching costs with activities (called cost drivers) that cause those costs. It is a more sophisticated kind of absorption-costing and replaces labor based costing system. ABC states that (1) products consume activities, (2) it is the activities (and not the products) that consume resources, (3) activities are the cost drivers, and (4) that activities are not necessarily based on the volume of production. Instead of allocating costs to cost centers (such as service delivery, marketing, finance), ABC allocates direct and indirect costs to activities such as processing an order, attending to a customer complaint, or delivering a service

The sum established by the agency/institution as available for the entire project, including the construction budget, acquisition costs, furnishings and equipment, compensation for professional services and all contingencies. The cost estimate is used to develop capital project budgets

The basic financial groupings of cost data. The smaller list simplifies reporting and provides a finance view of IT spend and represents the logical accounting buckets for IT charges.  Cost Pools are mapped on the Chart of Accounts. For the State of Washington, Cost Pool mapping is generally done by mapping Objects, Sub-Objects, and/or Sub-Sub-Objects to a Cost Pool.

Credential Issuance and Management: the researching, tracking and providing of user access credentials (logical and physicals) and associated security features for the protection of federal information and information systems from unauthorized access, use, disclosure, disruptions, modification, or destruction, as well as the creation and implementation of related security policies, procedures and controls. This includes background checks and related personnel security management services.

Defines the set of capabilities to support the use and management of ciphers, including encryption and decryption processes, to ensure confidentiality and integrity of data

Data Centers are facilities that house and protect critical IT equipment supporting delivery of government services including the space, power, environment controls, racks, cabling and external labor. 

We distinguish between Agency Data Centers, and the State Data Centers because by statute we are directed to migrate TO the State Data Center and away from Agency Data Centers.

State Data Centers include:

• The Olympia-based State Data Center (SDC) operated by Consolidated Technology Services (CTS)
• The Quincy-based Disaster Recovery Services Data Center leased by CTS.
• Other Facilities such as Computer rooms and MDF/IDF/telco closets that house IT equipment primarily supporting local building operations in corporate headquarters, call centers or other general purpose office buildings.

NOTE: This definition is used in the TBM program and also reside in Standard 113.30: TBM Taxonomy.

The practices, architectural techniques and tools for achieving the consistent access and delivery of data across the spectrum of data subject areas and data structure types in the enterprise to meet the data consumption requirements of all applications and business processes.

Defines the set of capabilities to provide for the efficient discovery of non-obvious, valuable patterns and relationships within a large collection of data

A named collection of related records maintained on a storage device, with the collection containing data organized or formatted in a specific or prescribed way, often in tabular form.

Act of including Formal notification of the intent to retire some or all components of an Integration service such as API or web service, made some period ahead of time in order to allow consumers the opportunity to update consuming applications.

Restarting technology operations after an outage using processes, policies and procedures prepared for recovery or continuation of mission-essential technology infrastructure after a disaster. 

These processes are found in a DR Plan.  DR is a subset of business continuity and COOP.

The three principal goals of DR are to:

• Save data,
• Save hardware, software and facilities
• Resume critical processes/restore data.

Defines the set of capabilities to support the creation, use, archiving and deletion of unstructured data. This includes the set of capabilities to support the design, generation and maintenance of electronic or physical forms and templates

The latest date a manufacturer will provide security patches.  Some manufacturers have an end of mainstream support date and an extended end-of support date.  In these cases, after the end of mainstream support, no additional software feature/function enhancements or fixes are issued but security patches are until the end of extended support.  The recommended best practice is to migrate before end of mainstream support.

Enterprise Licenses and Software includes License Management and Software Distribution; it supports the purchase, upgrade and tracking of legal usage contracts for system software and applications and supports the propagation, installation and upgrade of written computer programs, applications and components.

Enterprise Search includes Query capabilities, Precision / Recall Ranking, Classification and Pattern Matching

Providing users with disabilities with content and interaction that is similar or identical to that provided to users without disabilities, in a form that produces a similar user experience.  Users should be provided direct access to the same content unless providing direct access to that content is not possible due to technical or legal limitations.

A simple, very flexible text format derived from SGML. Originally designed to meet the challenges of large-scale electronic publishing, XML is also playing an increasingly important role in the exchange of a wide variety of data on the Web and elsewhere.

Is the process of copying or moving a file from one computer to another over a network or Internet connection. It enables sharing, transferring or transmitting a file or a logical data object between different users and/or computers both locally and remotely.

A Quality Assurance (QA) provider's assessment of the project's use of project management best practices, as well as their assessment of deficiencies or gaps in the application of those best practices that may have an adverse impact on the project.  Findings are assumed to require corrective actions.

Flexible work is an alternative schedule that allows full-time employees to eliminate at least one work day every two weeks by working longer hours during the remaining days, resulting in less commute trips (compressed workweek), or allows the employees some flexibility in starting and ending times outside the agency's normal work hours (flextime) consistent with WAC 357-28-225

The process of correlating one set of records with another set of records and/or a physical inventory count that involves identifying, explaining, and correcting differences

The composite activity of analyzing, recording, summarizing, reporting, and interpreting the financial transactions of a governmental entity

A query language for APIs and a runtime for fulfilling those queries with your existing data. Graph QL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.

A guideline is a compilation of best practice offered in support of a policy or standard.

The process of onboarding a new employee into Washington state service

Defines the set of capabilities to support the management of permissions for logging onto a computer, application, service, or network; includes user management and role/privilege management. This includes Identification and Authentication for digital signatures

The work of one or more professionals responsible for monitoring and assessing the health and effectiveness of project management plans and processes as well as an overall assessment of a projects's short and longer term risks.  To preserve independence, the QA provider(s) report outside the project management organizational structure, generally to the project's Executive Sponsor and the State CIO.  In Washington state government, independent Project QA is considered different than product or technical quality assurance which might include testing and other independent verification and validation activities.

Information Exchange and Transformation - The tools and systems used to search, link, analyze, share and transport information such as reports or critical mission data. Transformation includes the set of capabilities to support the removal of incorrect or unnecessary characters and data from a data source

Per RCW 43.105.020, "Information technology" includes, but is not limited to, all electronic technology systems and services, automated information handling, system design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications, requisite system controls, simulation, electronic commerce, radio technologies, and all related interactions between people and machines.

IT infrastructure consists of the equipment, systems, software, and services used in common across an organization, regardless of mission/program/project.  IT Infrastructure also serves as the foundation upon which mission/program/project-specific systems and capabilities are built.  Approaches to provisioning of IT infrastructure vary across organizations, but commonly include capabilities such as Domain Name Server (DNS), Wide Area Network (WAN), and employee locator systems. Additional common capabilities examples include IT security systems, servers, routers, workstations, networked Supervisory Control and Data Acquisition (SCADA) systems, and networked printers (multifunction devices).

A tool to assist agencies and the Office of the Chief Information Officer to assess the cost, complexity, and statewide significance of an anticipated information technology project (RCW 43.105.245).

Technology-centric term primarily concerned with connecting IT systems.

Provides a level of indirection between the consumer of functionality and its provider. A service consumer interacts with the service provider via the Integration Layer. Hence, each service interface is only exposed via the Integration Layer (e.g., ESB), never directly and point-to-point integration is done at the Integration Layer instead of consumers/requestors doing it themselves. Consumers and providers are decoupled; this decoupling allows integration of disparate systems into new solutions.

Shared boundary between two functional units, defined by various characteristics pertaining to the functions, physical interconnections, signal exchanges, and other characteristics, as appropriate.

An IT system or network designed and intended for use only by state of Washington employees, contractors, and business partners.

Software and/or hardware designed to detect an attack on a network or computer system. A Network IDS (NIDS) is designed to support multiple hosts, whereas a Host IDS (HIDS) is set up to detect illegal actions within the host. Most IDS programs typically use signatures of known cracker attempts to signal an alert. Others look for deviations of the normal routine as indications of an attack.

Supervision and management of the supply, storage, and accessibility of items held in inventory to ensure an adequate supply of available material without excessive oversupply, back orders or stock outages

Defines the set of capabilities to receive and track user-reported issues and problems in using IT systems, including help desk calls

IT Infrastructure Maintenance involves the planning, design, and maintenance of an IT Infrastructure to effectively support automated needs (i.e. platforms, networks, servers, printers, etc.).

IT Strategy and Innovation includes all activities outside of normal Strategic Planning that focus on trying new approaches, new systems and thinking about/ planning IT investments in different ways.

A lightweight data-interchange format. It is a language independent text format that is easy for humans to read and write. It is easy for machines to parse and generate.

A method of identifying and defining job duties and responsibilities

Defines the set of capabilities to support the transfer of knowledge to the end customer.

Life Cycle Replacement is the replacement of a product that is at the end of it service life, or is no longer supported, or no longer meets the business need of the agency.

Software (such as a Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.

The process of preparing management reports and accounts that provide accurate and timely financial and statistical information required by managers to make day-to-day and short-term decisions. Unlike financial accounting, which produces annual reports mainly for external stakeholders, management accounting generates monthly or weekly reports for an organization's internal audiences such as department managers and the chief executive officer. These reports typically show the amount of available cash, sales revenue generated, amount of orders in hand, state of accounts payable and accounts receivable, outstanding debts, raw material and inventory, and may also include trend charts, variance analysis, and other statistics

Support the maintenance and administration of data that describes data

Any hand-portable device capable of text, voice, email, instant messaging (“IM”), photo messaging or other types of data communication. This policy is not meant to apply to: cars, boats, airplanes, laptop computers, desktop computers, unpiloted aerial vehicles (drones), gps receivers, radios

Modularity refers to the extent to which a software/Web application may be divided into smaller modules. Software modularity indicates that the number of application modules are capable of serving a specified business domain. Allows typical applications to be divided into modules, as well as integration with similar modules, which helps developers use prewritten code. Modules are divided based on functionality, and programmers are not involved with the functionalities of other modules. Thus, new functionalities may be easily programmed in separate modules. It is a practical application of the principle of "Separation of Concerns" by dividing a complex system into simpler and more manageable modules that will work together Modularization can take place in two ways: The Composition or bottom-up approach takes modules and puts them together to form a larger system The alternative approach is to take a complete system and decompose it into its modules. This approach is known as the decomposition or top-down approach. Modules are technically connected to one another. The measure of inter-module relation is known as coupling. Design goals require modules to have low-coupling and high cohesion. Cohesion is a measure of the inter-relatedness of elements (statements, procedures, declarations) within a module. A module is said to have high cohesion if all the elements in the module are strongly connected with one another. Tight coupling of modules makes analysis, understanding, modification and testing of modules difficult. Reuse of modules is also hindered. Modularity enhances the understandability of software systems and change process. Developers need not have to understand the entire system for changes to be made as details are localized into components; modularity separates concerns down to the modules and is thus a direct realization of the principle of "Separation of Concerns"

A device available to other computers on a network. Examples include servers, firewalls, routers, switches, workstations, networked Supervisory Control and Data Acquisition (SCADA) systems, and networked printers (multifunction devices).

The administration of employee compensation and benefits on a scheduled basis through a centralized payment system

A systematic process of objectively obtaining and evaluating evidence regarding the performance of an organization, program, function, or activity. Evaluation is made in terms of its economy and efficiency of operations and effectiveness in achieving desired goals. The performance audit function provides an independent review of management's performance and the degree to which actual performance meets pre-stated goals

Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media in an IT facility.

A technology policy outlines what needs to be accomplished or achieved and the roles and responsibilities of the various entities.

Defines the set of capabilities to support the administration of a group of investments held by an organization

Defines the set of capabilities to manage business processes, including business process mapping, remapping, reengineering, and business process improvement efforts

Procurement Activities are the processes to purchase/acquire RF System components to include infrastructure, subscribers, accessories, hardware and or services to support operations.

Project 25 (P25) is a suite of standards for digital mobile radio communications designed for use by public safety organizations in North America. P25 radios are a direct replacement for analog UHF (example FM) radios but add the ability to transfer data as well as voice.

The acquisition of goods or services, including the leasing or renting of goods

A Request for Proposal, a Request for Quote and Qualification, an interagency agreement proposal or an agency recruitment or any other effort that is intended to result in the acquisition or hire of a QA resource.

The QA Practitioners suggested course of action to address a negative finding.

The period of time following an event within which a service or activity must be resumed or a technology resource recovered.

Repeater is the RF communications equipment rebroadcasts a received signal to extend line of site communications.

The capability of remaining or returning to a normal situation after an event by having multiple ways of performing a function.  This may include people, processes or technology.  Generally speaking, this means there would be no single point of failure that could stop a process.

Radio Frequency (RF) Communications is the use of electromagnetic radiation spectrum or radio waves, with the use of transmitter, receivers, and antennas for voice communications.

Radio Frequency (RF) Communications Building is the building or location used for the RF communications, RF Equipment, Infrastructure or other RF Communications assets that support RF Communications.

Radio Frequency (RF) Communications Technology is the devices and or systems designed to operate in the radio frequency (RF) spectrum, transmits and/or receives a radio wave, which includes but is not limited to, mobile/wireless phones, broadcast radio/television, Wi-Fi, microwave, blue-tooth and two-way radios systems and equipment.

Radio Frequency (RF) Equipment includes transmitters, receivers, base stations, and repeaters used for RF Communications.

Radio Frequency (RF) Services are the activities provided or performed by owner/operator, vendor, consultant to support RF systems, involving installation, removal, maintenance, repair, tuning, programming, licensing, administration, and operations supporting the task, activities, and or mission of the owner/operator, and other approved users.

Routine Maintenance is the normal maintenance of RF Equipment, Infrastructure, Assets, Buildings, Towers, Systems, Trunked Radio Systems, or Subscribers that has been established by the equipment manufacture or agency to ensure availability of RF communications during day-to-day operations as well as an emergency.

A secure version of File Transfer Protocol (FTP), which facilitates data access and data transfer over a Secure Shell (SSH) data stream. It is part of the SSH Protocol. This term is also known as SSH File Transfer Protocol.

The security requirements and methods applied by agencies to manage IT security risk including but not limited those defined in the OCIO IT security standards.

Security Requirements at a minimum: technical, electronic, physical, and administrative processes to prevent cyber, physical, and or unauthorized access to RF systems infrastructure, frequency, and operations.

A requestor that consumes or uses an automated IT Service provided by a Service Provider. Entities (systems, people, and organizations) that needs to make use of services offered by providers.

Computer application readable description of capabilities, requirements, general characteristics, abstract message operations, concrete network protocols, endpoint addresses, and structure and content of messages received by and sent by the service.

Style of software design where services are provided to the other components by application components, through a communication protocol over a network. The basic principles of service-oriented architecture are independent of vendors, products and technologies. A service is a discrete unit of functionality that can be accessed remotely and acted upon and updated independently, such as retrieving a credit card statement online. According to TOGAF, under the terms of an SOA, a service has four properties: It logically represents a business activity with a specified outcome. It is self-contained. It is a black box for its consumers. It may consist of other underlying services.

A service-oriented architecture design principle for creating services that can be used for business purposes beyond those initially specified in requirements. Reusable services are designed so their solution logic is independent of any particular business process or technology.

A protocol for implementing Web Services. SOAP features guidelines that allow communication via the Internet between two programs, even if they run on different platforms, use different technologies and are written in different programming languages.

Shared, common infrastructure for lifecycle management such as a services registry, policies, business analytics; routing/addressing, quality of service, communication; Development Tools for security, management, and adapters.

A standard provides more details about how a policy or portions of policy will be implemented.

Strategic workforce planning looks at system-wide issues and strategies to: Support the organization's strategic plan (e.g., reorganization and redeployment) Address external workforce factors that affect the entire business (e.g., succession planning for retirement bubbles, or staff reduction planning for budget cuts). Maintain organizational capacity (e.g., in-service training) Mitigate risk exposure (e.g., safety planning and Equal Employment Opportunity training)

Substantially Enhanced is the system whose equipment and or software has been replaced or upgraded with later generation or versions, and whose operations have been changed with advanced features not included in the original system specifications.

The specific staffing strategies designed to develop an internal pool for anticipated vacancies

For the purpose of go live readiness, supporting organizations include the agency(s) and any vendor(s) who are involved in operations and support of the ongoing system/investment. Processes include any unique to the time immediately after go-live as well as those on-going processes required to effectively operate and maintain the system/investment once it is implemented into production.

Support the balance and allocation of memory, usage, disk space and performance on computers and their applications.

This term, as used in TBM policy and accompanying standards is defined per our current TBM product. A ‘project’ is a discrete area within the product in which datasets, models, metrics and reports reside; these are configured according to specific business rules defined by the project administrator. Agency-specific projects allow for greater reporting accuracy than the multi-agency project, which allows less granularity and customization of business rules.

Telework is the practice of working from home or other alternative locations closer to home through the use of technology which allows the employee to access normal work material (email, telephone, electronic documents, etc.). Telework may be scheduled or done on an ad hoc basis.

The process of submitting, approving, and adjusting an employee's work hours and planned/unplanned leave hours

Training is activities designed to develop employees' job-related knowledge and skills for present job assignments as well as future career development goals.  The enterprise level administrative function is the maintenance of training records for state employees.

Trunked Radio System -is the RF system that uses multiple sites or locations with 3 or more radio channels to allow multiple talk groups to communicate over a large area independently.

Two-way Radio is a device that can transmit and receive.

Characterized by absence of trusted status. Assumed to be unreliable, untruthful, and inaccurate unless proven otherwise.

Defines the set of capabilities to provide telephony or other voice communications

A comprehensive analysis that attempts to define, identify, and classify the security holes (vulnerabilities) in a system, network, or communications infrastructure within the assessment scope.

A software service used to communication between two devices on a network. More specifically, a Web service is a software application with a standardized way of providing interoperability between disparate applications. It does so over HTTP using technologies such as XML, SOAP, WSDL, and UDDI.

An OASIS specification that defines mechanisms to allow different security realms to federate, such that authorized access to resources managed in one realm can be provided to security principles whose identities and attributes are managed in other realms. This includes mechanisms for brokering of identity, attribute, authentication and authorization assertions between realms, and privacy of federated claims.

Ensuring the safety and health of employees within the workplace