SOS IT Infrastructure Improvements/ SOSKB Assessment Project

SOS IT Infrastructure Improvements/ SOSKB Assessment Project

Project Charter For Certification

Executive Sponsor(s) – Dianna J. Duran, Secretary of State

Mary quintana, Deputy Secretary of state

Project sponsor–Ken Ortiz, Chief of staff

Business Owners – Bobbi Shearer, elections & ethics director

Patricia Herrera, Business Services Director

Project Manager – Kari Fresquez, IT director

Original Plan Date: October 24, 2012

Revision Date: October 29, 2012

Revision: 1.1

table of contents

table of contents

1. project background

1.1Executive Summary -rationale for the project

1.2Summary of the foundation planning and documentation for the project

1.3 Project Certification Requirements

2.0 Justification, Objectives and impacts

2.1 Agency Justification

2.2 Business Objectives

2.3 Technical Objectives

2.4 Impact on Organization

2.5 Transition to Operations

3.0 Project/Product Scope of Work

3.1 Deliverables

3.1.1 Project Deliverables

3.1.2 Product Deliverables

3.2 Success and QUALITY METRICS

4.0 Schedule Estimate

5.0 Budget Estimate

5.1 Funding Source(s)

5.2. Budget By Major Deliverable or Type of expense -

5.3 Budget By Project Phase or Certification Phase

6.0 Project Authority and Organizational Structure

6.1 STAKEHOLDERS

6.2 PROJECT GOVERNANCE PLAN

6.3 PROJECT MANAGER

6.3.1 PROJECT MANAGER CONTACT INFORMATION

6.3.2 PROJECT MANAGER BACKGROUND

6.4 PROJECT TEAM ROLES AND RESPONSIBILITIES

6.5 Project management Methodology

7.0 Constraints

8.0 Dependencies

9.0 Assumptions

10.0 Significant Risks and Mitigation Strategy

11.0 COMMUNICATION PLAN FOR EXECUTIVE REPORTING

12.0 INDEPENDENT VERIFICATION AND VALIDATION - IV&V

13.0 Project Charter Agency Approval Signatures

14.0 Project Charter Certification Approval Signature

Revision History

Revision Number / Date / Comment
1.0 / October 24, 2012 / Original SOS Project Charter
1.1 / October 29, 2012 / Project Charter updated to reflect changes recommended by DoIT Oversight

1

Project Charter SOS IT Infrastructure Improvements/SOSKB Replacement1

1. project background

1.1Executive Summary -rationale for the project

The IT Division within the Secretary of State’s Office (SOS) has been underfunded and mismanaged for so many years that it is currently in a state of crisis. Past management considered one problem at a time within the IT division and missed the “big picture” creating silos of information that lack documentation and are burdensome to support. An impact to service is recognized daily in two of the agency’s mission critical systems - the Secretary of State’s Knowledge Base (SOSKB) and the Campaign Finance Information System (CFIS).

The 15 year old SOSKB system is running on obsolete hardware, is too old for successful equipment migration, and is currently at high risk of failing. This puts the SOS at risk of being unable to conduct its many statutory obligations. The small IT staff is currently overburdened by reacting to problems in an overly complex and antiquated IT environment. System downtime and lost or inaccurate data is common due to the age, lack of system controls, and overall data integrity issues in the current systems.

The SOS must also begin planning for the anticipated passage of Constitutional Amendment #3 that is on the November 6, 2012 general ballot. This amendment proposes to move the Corporations Division from the Public Regulation Commission (PRC) to the SOS in order to consolidate business filing activities into one agency. The SOS proposes to add a Corporation Division business assessment study to the scope of this project and begin an analysis immediately after the election if the amendment passes. This will allow the SOS to provide real recommendations to legislators regarding resource requirements for the enabling legislation that will be drafted for the 2013 Legislative Session to migrate the Corporations Division and the related IT services and PRC IT conversion project to the SOS.

The high level scope of this project includes:

1)A business requirements study for replacing the SOSKB system within the SOS Business Services Division;

2)A business requirements study for moving and consolidating the Public Regulations Commission, Corporation Division within the SOS;

3)A network security assessment and implementation of recommended improvements; and

4)Campaign Finance Information System (CFIS) enhancements to implement previously missing system functionality.

If additional funding is secured in FY 14, the SOS plans to utilize the SOSKB requirements study as the basis for replacing the obsolete SOSKB system with a single, comprehensive records management solution which may also incorporate the business needs of the Corporations Division merger into the SOS depending on the outcome of the election and the business requirements study.

1.2Summary of the foundation planning and documentation for the project

An internal assessment of the IT environment was completed in FY12 that identified numerous vulnerabilities in the IT systems that could jeopardize the ability of the office to meet its statutory obligations(See FY13 C-2 Business Case: Infrastructure Replacement for full published details).

The internal assessment completed in FY12 documents vulnerabilities in the IT Division including:

• Obsolete equipment with failing components operating in the production environment;
• Legacy software applications operating in the production environment without support;
• No consolidated storage for file sharing;
• Incomplete backups and no anti-virus solution implemented;
• Lost or unknown administrator passwords;
• Frequent application downtime; and
• Data integrity issues including lost records and lack of standard data controls.

This assessment has set the direction for the agency’s IT goals and objectives and funding request strategy. The agency was awarded $500,000 in emergency funds in FY12 to mitigate some of the most immediate system risks and failing equipment. C-2 project funding was awarded in FY13 to complete the project requirements definition and begin the project implementation. C-2 funding has been requested for FY14 to complete the remaining infrastructure improvement project as outlined in this project charter document which includes the replacement of the mission critical application – the Secretary of State’s Knowledgebase (SOSKB).

1.3 Project Certification Requirements

CRITERIA / YES/NO / EXPLANATION
Project is mission critical to the agency / Yes / Project supports mission critical business applications
Project cost is equal to or in excess of $100,000.00 / Yes / Project cost estimated at $1.6 million
Project impacts customer on-line access / No / Plans to implement future on-line access part of SOW
Project is one deemed appropriate by the Secretary of the DoIT / Yes / Supports agency and state IT strategic plans
Will an IT Architecture Review be required? / No / IT Architecture Implementation not part of this PCC SOW

2.0 Justification, Objectives and impacts

The justification and objectives section relates the project to the purpose of the lead agency and describes the high level business and technical objectives for the project. The section also includes a high level review of the impact to the organization, and of the concerns for transition to operations.

2.1 Agency Justification

Agency’s strategic mission and goals as defined in the agency’s strategic plan:

Number / Description
Agency mission / The mission of the Office of the Secretary of State is to administer elections and government ethics in accordance with state and federal law and to maintain and provide access to the laws, official acts, and other instruments vital to the efficient operation of state government. It is also the mission of the Secretary of State to file and maintain records vital to the interests of commerce and industry.
Agency goal1 / Oversee and maintain records vital to the interest of elections, governmental ethics, commerce and industry in accordance with state and federal law.
Agency Goal 2 / To implement and maintain a high quality information technology infrastructure to serve the Office of the Secretary of State’s staff and constituents.
Agency goal 3 / Ensure compliance with governmental ethics laws through education and enforcement and provide public access to information regarding political spending by public officials, candidates, political action committees and lobbyists.
agency goal 4 / To process business documents and public filings in accordance to all statutory requirements.
agency goal 5 / Maximizing citizen access to comprehensive, timely and accurate information.

2.2 Business Objectives

Measurable business objectives related to this project from the Agency Strategic plan as follows:

Number / Description
Business Objective 1 / Improve user efficiency - Provide staff with updated technology so they may better serve public demand for information and services.
Business Objective 2 / Enhance service delivery to constituents - Establish online services to maximize public access to information and services maintained by the agency.
Business Objective 3 / Preserve and maintain all public business filings through scanned images versus paper.
Business Objective 4 / Establish standardization and uniformity in critical election administration areas.

2.3 Technical Objectives

Technical objectives as defined in the agency’s IT plan:

Number / Description
Technical objective 1 / Improve system reliability and reduce system downtime.
Technical Objective 2 / Reduce IT infrastructure complexity.
Technical Objective 3 / Utilize IT to support and streamline business processes.
Technical Objective 4 / Replace and consolidate legacy equipment and applications.
Technical Objective 5 / Ensure business continuity requirements of mission critical applications are addressed.
Technical Objective 6 / Ensure IT infrastructure is proactively monitored and supported.
Technical Objective 7 / Ensure IT best practices are implemented and followed.
Technical Objective 8 / Maintain systems on a standard refresh cycle.
Technical Objective 9 / Ensure adequate system controls and security is in place.
technical objective 10 / Reduce risk of system disaster and missing records.

2.4 Impact on Organization

The impacts on the organization are areas that need to be addressed by the project through its planning process. They may not be internal project risks, but they can impact the success of the project’s implementation.

Area / Description
End user /

• New business process and system adoption
• Increased reliance and technical skills to perform job tasks

Business Processes /

• Business processes will be streamlined and manual processes may be replaced with automation
• End user adoption to new business processes is key

It Operations and staffing /

• Training and adoption of best practice system administration
• Change from reactive to proactive system administration
• Identify and obtain appropriate resources to sustain new IT environment on an ongoing basis

Customers /

• Customer outreach to inform and train customers on new business policies and processes

2.5 Transition to Operations

The transition to operations areas include items that are asked in the certification form to assure that the project has accounted or will account for these matters in its planning and requirements specifications.

Area / Description
Preliminary Operations location and staffing plans / System operation location expected to be at both SOS and Simms Datacenters until full transition to State owned enterprise datacenters can be executed and supported by existing support staff.
Anticipate filling all remaining vacant IT FTE to fulfill daily administration and IT support functions
Data Security, Business Continuity / System implementation to occur on high availability clustered server infrastructure that replicates data to offsite location for business continuity.
Maintenance Strategy / Annual maintenance agreements to be maintained on all critical hardware and software and system refresh schedule to be implemented.
Interoperability / Software interoperability is a key requirement of the project including storing data and images on a common platform and implementing a common web based accessibility interface.
Record retention / Records retention will be documented in the system requirements document and addressed as part of the software selection process.
Consolidation strategy / Implement a high availability shared storage infrastructure with a single, comprehensive records management solution for all business services records retained by the agency.

3.0 Project/ProductScope of Work

In its efforts to move from the high level business objectives to the desired end product/service the project team will need to deliver specific documents or work products. The State of New Mexico Project Management Methodology distinguishes between the project and the product.

Project Deliverables relate to how we conduct the business of the project. Product Deliverables relate to how we define what the end result or product will be, and trace our stakeholder requirements through to product acceptance, and trace our end product features and attributes back to our initial requirements

3.1 Deliverables

3.1.1 Project Deliverables

This initial list of project deliverables are those called for by the IT Certification Process and Project Oversight memorandum, but does not exhaust the project deliverable documents

Project Charter / The Project Charter for Certification sets the overall scope for the project, the governance structure, and when signed is considered permission to proceed with the project. The Project Charter for Certification is used to provide the Project Certification Committee with adequate knowledge of the project and its planning to certify the initiation phase of the project
Certification Form / The Request for Certification and Release of Funds form is submitted when a project goes for any of the certification phases. It deals with the financial aspects of the project, as well as other topics that indicate the level of planning that has gone into the project. Many of the questions have been incorporated into the preparation of the project charter
Project Management Plan / “Project management plan” is a formal document approved by the executive sponsor and the Department and developed in the plan phase used to manage project execution, control, and project close. The primary uses of the project plan are to document planning assumptions and decisions, facilitate communication among stakeholders, and documents approved scope, cost and schedule baselines. A project plan includes at least other plans for issue escalation, change control, communications, deliverable review and acceptance, staff acquisition, and risk management. plan.”
IV&V Contract & Reports / “Independent verification and validation (IV&V)” means the process of evaluating a project to determine compliance with specified requirements and the process of determining whether the products of a given development phase fulfill the requirements established during the previous stage, both of which are performed by an organization independent of the lead agency. Independent verification and validation assessment reporting. The Department requires all projects subject to oversight to engage an independent verification and validation contractor unless waived by the Department.
IT Service Contracts / The Department of Information Technology and the State Purchasing Division of General Services have established a template for all IT related contracts.
Risk Assessment and management / The DoIT Initial PROJECT RISK ASSESSMENT template which is meant to fulfill the following requirement:
“Prepare a written risk assessment report at the inception of a project and at end of each product development lifecycle phase or more frequently for large high-risk projects. Each risk assessment shall be included as a project activity in project schedule.” Project Oversight Process memorandum
Project Schedule / A tool used to indicate the planned dates, dependencies, and assigned resources for performing activities and for meeting milestones. The defacto standard is Microsoft Project
Monthly Project Status Reports to DoIT / Project status reports. For all projects that require Department oversight, the lead agency project manager shall submit an agency approved project status report on a monthly basis to the Department.
Project Closeout Report / This is the Template used to request that the project be officially closed. Note that project closure is the last phase of the certification process

3.1.2 Product Deliverables

Requirements Documents / SOSKB User/Functional Requirements Document
Network Security Analysis Results Recommendation Document
CFIS Enhancement User/Functional Requirements Document
Design Documents / SOSKB Software Design Document/Vendor Proposal (Phase 2)
CFIS Software Design Document/Vendor Proposal
Database Entity Relationship Diagrams (Phase 2)
Systems Specifications / SOSKB System Specification/Vendor Proposal (Phase 2)
Data conversion specifications (Phase 2)
Systems Architecture / IT Infrastructure Diagrams – technical, application, and security
System and Acceptance Testing / SOSKB Functional software test plan (Phase 2)
CFIS enhancement software test plan (Phase 2)
Operations requirements / Training Manuals (Phase 2)
Business Process Diagrams (Phase 2)

3.2Success and QUALITY METRICS

Metric are key to understanding the ability of the project to meet the end goals of the Executive Sponsor and the Business Owner, as well as the ability of the project team to stay within schedule and budget.

Number / Description
Quality Metrics 1 / Meetthe identified user requirements.
quality metrics 2 / Project stays on time, on scope, and within budget.
quality metrics 3 / Enhance service delivery to the public.
quality metrics 4 / Reduce reactive support time in IT Division.
quality metrics 5 / Increase system uptime.
quality metrics 6 / Increase system controls and security.
quality metrics 7 / Reduce data integrity issues.
quality metrics 8 / Reduce staff time spent fulfilling public record requests.

4.0 Schedule Estimate

The schedule estimate is requested to provide the reviewers with a sense of the magnitude of the project and an order of magnitude of the time required to complete the project. In developing the schedule estimate, certification timelines and state purchasing contracts and procurement lead times are as critical as vendor lead times for staffing and equipment delivery. Project metrics include comparisons of actual vs. target date. At the Project Charter initial phase, these times can only be estimated.

major Contract deliverable / Due Date
SOSKB & Corporations Division Requirements Study – Global Technology Solutions Professional Services Contract / November 2012
Network Security Assessment – Caanes Professional Services Contract / March 2013
CFIS Enhancements – RTS Professional Services Contract / April 2013
SOSKB Replacement – Request for Proposal / April 2013
Project Management Professional Services Contract (Pending Phase 2 approval, FY14) / July 2013
IV&V Professional Services Contract (Pending Phase 2 approval, FY14) / July 2013
SOSKB Replacement – Implementation Contract (Pending Phase 2 approval, FY14) / August 2013

5.0 Budget Estimate

Within the Project Charter budgets for the project can only be estimated. Original budgets requested in appropriations or within agency budgets are probably not the numbers being worked with at project time. Funding sources are asked for to help evaluate the realism of project objectives against funding, and the allocation of budget estimates against project deliverables.