Definition of Terms Used in OCIO Policies and Reports
CURRENT STATUS: Use of a single definitions repository will support alignment and consistency in use of terms across various policies, standards or reports produced by this office. This glossary is being built as policies/standards are created or reviewed.
Administrative Revisions:
General content changes like an organization, name, phone number, mailbox or URL in a policy or standard or a clarification or other revision that does not change the effect of the policy or standard.
Business Application/System:
An application or system which has a direct impact on the delivery of services to department/agency employees, clients or consumers.
Business Continuity:
The activities performed by the agency to ensure critical functions are available to entities needing access to those functions. Business continuity is related to restoring normal day-to-day functions in the event of service disruptions. Business continuity planning is different than disaster recovery planning.
Communication
The exchange or sharing of data including, but not limited to, text, IM, email, voice records and other records.
Continuity of Operations Planning (COOP)
The effort to ensure that mission-essential functions continue to be performed during a wide range of emergencies which could be localized or widespread.
Cost Pools:
The basic financial groupings of cost data. The smaller list simplifies reporting and provides a finance view of IT spend and represents the logical accounting buckets for IT charges. Cost Pools are mapped on the Chart of Accounts. For the State of Washington, Cost Pool mapping is generally done by mapping Objects, Sub-Objects, and/or Sub-Sub-Objects to a Cost Pool.
Covered Technology:
All public-facing content, including websites, applications, documents and media, blog posts, and social media content. Certain non-public-facing content that must also comply. Examples include: All electronic content used for official business to communicate: emergency notifications, initial or final decisions adjudicating administrative claims or proceedings, internal or external program or policy announcements, notices of benefits, program eligibility, employment opportunities or personnel actions, formal acknowledgements or receipts, questionnaires or surveys, templates or forms, educational or training materials, and web-based intranets
Critical Issue:
A known system defect or enhancement request that if left unresolved could significantly impact business operations, compliance with statute or policy, the integrity of the system or data or otherwise create a public health, safety or other significant risk areas.
Data Center:
NOTE: these are the definitions used in the TBM program and also reside in Standard 113.30: TBM Taxonomy.
Data Centers are facilities that house and protect critical IT equipment supporting delivery of government services including the space, power, environment controls, racks, cabling and external labor.
-
We distinguish between Agency Data Centers, and the State Data Centers because by statute we are directed to migrate TO the State Data Center and away from Agency Data Centers.
-
State Data Centers include:
-
The Olympia-based State Data Center (SDC) operated by Consolidated Technology Services (CTS)
-
The Quincy-based Disaster Recovery Services Data Center leased by CTS.
-
Other Facilities such as Computer rooms and MDF/IDF/telco closets that house IT equipment primarily supporting local building operations in corporate headquarters, call centers or other general purpose office buildings.
Disaster Recovery
Restarting technology operations after an outage using processes, policies and procedures prepared for recovery or continuation of mission-essential technology infrastructure after a disaster.
These processes are found in a DR Plan. DR is a subset of business continuity and COOP.
The three principal goals of DR are to:
-
Save data,
-
Save hardware, software and facilities
-
Resume critical processes/restore data.
End of Support
For the purpose of this policy, this is defined is the latest date a manufacturer will provide security patches. Some manufacturers have an end of mainstream support date and an extended end-of support date. In these cases, after the end of mainstream support, no additional software feature/function enhancements or fixes are issued but security patches are until the end of extended support. The recommended best practice is to migrate before end of mainstream support.
Enterprise Mobility Management (EMM)
Software that allows agency support staff to not only manage a container on the mobile device, but also control the flow of information between the mobile device and agency computing resources such as collaboration software, cloud storage, shared applications. Additional functions may include: issuance, inventory tracking, policy enforcement on the device.
Executive Sponsor
The senior executive responsible to the agency and the State CIO/OCIO for the project.
Equivalent Access:
Providing users with disabilities with content and interaction that is similar or identical to that provided to users without disabilities, in a form that produces a similar user experience. Users should be provided direct access to the same content unless providing direct access to that content is not possible due to technical or legal limitations.
Finding
A Quality Assurance (QA) provider's assessment of the project's use of project management best practices, as well as their assessment of deficiencies or gaps in the application of those best practices that may have an adverse impact on the project. Findings are assumed to require corrective actions.
Governance
The processes, groups and activities associated with decision making and the exercising of authority.
Guideline:
A guideline is a compilation of best practice offered in support of a policy or standard.
Independent Project Quality Assurance
The work of one or more professionals responsible for monitoring and assessing the health and effectiveness of project management plans and processes as well as an overall assessment of a projects's short and longer term risks. To preserve independence, the QA provider(s) report outside the project management organizational structure, generally to the project's Executive Sponsor and the State CIO. In Washington state government, independent Project QA is considered different than product or technical quality assurance which might include testing and other independent verification and validation activities.
Information Technology (IT):
Per RCW 43.105.020, "Information technology" includes, but is not limited to, all electronic technology systems and services, automated information handling, system design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications, requisite system controls, simulation, electronic commerce, radio technologies, and all related interactions between people and machines.
IT Expenditures:
Within the TBM Program, the source financial information used for identifying IT expenditures is from the statewide Agency Financial Reporting System (AFRS) and based on these components:
- New IT acquisitions (coded in AFRS as Project Type X)
- IT maintenance and operations (coded in AFRS as Project Type Y)
- Data processing services (AFRS Sub-Object EL)
NOTE: AFRS Sub-Object EL is defined in the OFM State Administrative and Accounting Manual (SAAM) 75.70.20 as “Charges by state agencies for information technology services. Examples include computing services, hosting services, network services, web services, statewide systems (AFRS, HRMS, etc.), and planning and policy assessment by agencies such as the Department Enterprise Services, the Office of Financial Management, Office of the Chief Information Officer and Consolidated Technology Services.”
IT Resource Tower (ITRT):
IT Resource Towers (ITRT) are functional IT groupings that can be used to benchmark to industry. They can be split into more granular ITRT Sub-Towers to gain visibility into specific functions within a tower. They also map up to utilization data in Accelerators, as well as to Applications and Services. The translation of financial information into functional IT towers (ITRTs) involves mapping from Cost Centers, and combining GL, Labor and Asset allocations.
Major Project
A project subject to State CIO/OCIO oversight based on the IT Project Assessment tool, a statute or some other factor as determined by the State CIO.
Mobile Device
Any hand-portable device capable of text, voice, email, instant messaging (“IM”), photo messaging or other types of data communication. This policy is not meant to apply to: cars, boats, airplanes, laptop computers, desktop computers, unpiloted aerial vehicles (drones), gps receivers, radios.
Mobile Device Management (MDM)
Policy:
A technology policy will outline what needs to be accomplished or achieved and the roles and responsibilities of the various entities.
Quality Assurance Plan
A document that describes how the QA Practitioner will deliver its service.
Quality Assurance Solicitation
A Request for Proposal, a Request for Quote and Qualification, an interagency agreement proposal or an agency recruitment or any other effort that is intended to result in the acquisition or hire of a QA resource.
Recommendation
The QA Practitioners suggested course of action to address a negative Finding.
Recovery Point Objective (RPO):
The point in time, prior to a disruption or outage, to which essential data can be recovered after an outage. This defines the maximum level of data loss that is acceptable in the event of an outage or incident.
Recovery Time Objective (RTO):
The period of time following an event within which a service or activity must be resumed or a technology resource recovered.
Resilient:
The capability of remaining or returning to a normal situation after an event by having multiple ways of performing a function. This may include people, processes or technology. Generally speaking, this means there would be no single point of failure that could stop a process.
Service Disruption:
An unplanned event that causes an information system to be inoperable for a period of time.
SMART
SMART is a mnemonic for Specific, Measurable, Achievable, Relevant and Time bound. These characteristics are helpful to remember when identifying project objectives.
Standard:
A standard provides more details about how a policy or portions of policy will be implemented.
Start of a Project
For the purposes of project investment, approval, oversight and quality assurance, the start of the project is at the beginning of planning.
Sunset Review:
A mandatory periodic review of a technical policy and standard that:
- Determines the continued need for the policy or standard, and
- Evaluates the full content of the policy or standard for accuracy, clarity and completeness.
Sunset reviews may occur ahead of the published sunset review date if needed.
Technology Business Management (TBM):
A set of best practices for running IT like a business - and more importantly for effectively and consistently (using a data-driven agreed upon framework) communicating not just the cost of IT, but also attributing that cost to business services. Key to TBM is the ability of IT and business leaders to have data-driven discussions about cost and value of IT to best support business goals.
TBM Categorization:
Within the TBM Program, agencies are responsible for categorizing and documenting their costs to the program taxonomies. The TBM Program provides templates that agencies use to capture and submit categorization to the program.
TBM Cost Center:
The cost center used in the TBM program is agency defined. Agencies can select up to three fields coded in the statewide Agency Financial Reporting System (AFRS) for their TBM Cost Center.
TBM Project:
This term, as used in TBM policy and accompanying standards is defined per our current TBM product. A ‘project’ is a discrete area within the product in which datasets, models, metrics and reports reside; these are configured according to specific business rules defined by the project administrator. Agency-specific projects allow for greater reporting accuracy than the multi-agency project, which allows less granularity and customization of business rules.
Undue Burden:
Undue burden means significant and unreasonable difficulty or expense. In determining whether an action would result in an undue burden, an agency shall consider all agency resources available to the program or component for which the covered technology is being developed, procured, maintained, or used.
Workgroup:
An ad hoc or standing group of subject matter experts who support the development and maintenance of policies, standards and/or guidelines.
