GM-14-011 Guidelines for Obtaining GTA Endorsement of Proposed Technology
Issue Date: 4/30/2014
Effective Date: 4/30/2014
Georgia Law establishes the Department of Administrative Services’ (DOAS’) responsibility to conduct procurement of all technology. In practice, DOAS delegates certain procurement activities to agencies. Georgia Law also establishes the Georgia Technology Authority’s (GTA’s) responsibility to establish and enforce specifications and standards for all technology to be purchased, licensed or leased by an agency. Finally, Georgia Law provides an all-encompassing definition of “technology” in context of “information technology”. The statutory definition does not establish a cost threshold or other qualifiers.
GTA has provided a clarification of the definition of the term “technology” to exclude items which might be considered to be “information technology” components when they are embedded in specific purpose digitally operated equipment such as building controls, non-networked copiers and facsimile machines and lab equipment (See Terms and Definitions below).
The statutory assignment of responsibilities necessitates that the staff of GTA have working relationships with DOAS for major procurements and with agencies surrounding delegated technology procurement. For example, GTA will notify agencies and DOAS of its endorsement of specific proposed technology. Also, GTA staff may act as advisors to agencies concerning the availability of statewide contracts that may impact procurements or on processes for procurement of technology.
In satisfying its responsibilities related to procurement of technology, GTA has elected to review, negotiate and endorse proposed technology prior to procurement rather than utilize a form driven application. The review is oriented toward understanding the quality of the proposed technology, the capabilities of the technology, industry experience with the proposed technology, as well as risks of implementing the agency proposed technology. The agency is reminded that investment information becomes more detailed and clear as time progresses from the time the agency declared intent to invest with an APR to the time it developed requirements defining the proposed technology. The only defined documentation required bySM-14-008 “GTA Endorsement of Proposed Technology” are copies of procurement documents. However, the information in procurement documents may need to be supplemented with details to explain the capabilities of the technology, the maturity of the technology and factors impacting the sizing of proposed technology.
This guideline outlines and explains Agency actions that may be required for compliance with SM-14-008 “GTA Endorsement of Proposed Technology”
- The cost thresholds for technology subject to review by the State CTO are set in SM-08-103 “Technology Review (eAPR)”. Note that when technology costs less than the cost threshold, the technology remains subject to SM-14-008, but review responsibilities are delegated to the Agency IT Coordinator.
- The Agency IT coordinator needs to provide sufficient time to develop the package to submit to the State CTO. The package is due at the State CTO (submitted to[email protected] email address) no later than 10 days prior to release of procurement instrument. The Agency IT coordinator would be prudent to allow more than 10 days if GTA’s Enterprise Governance and Planning has not been provided an APR or provided prior knowledge of the proposed technology acquisition. Also, the Agency IT Coordinator should ensure that sufficient time has been planned for internal reviews of the package by the following agency staff prior to submission:
- Project Manager and/or Project Integrator
- Procurement Staff
- Agency Information Security Officer
- Agency Privacy Officer
- Agency Chief Information Officer
- The Agency Business Owner of the proposed technology.
- At a minimum, the only documents required for submission are copies of procurement documents. However, the standard requests supplemental information, if not already provided adequately in the procurement documents or other documents such as the agency’s APR, business case and other documents. Supplemental information can best be described as information that can be used to understand the technology, its capabilities, quality, maturity and fit for use in the agency/State, and to judge technology sizing, when appropriate. For example, the agency should ensure that information such as the following is somewhere in the procurement documents, or be prepared to discuss it. Not including this type of information will necessarily lengthen the State CTO review time:
- Placement of the technology within industry state of art and best practices
- Is the technology so old as to present a risk of vendor non-support or security?
- Is the technology so new as to present risks during implementation, support or use?
- Are required devices vetted by industry usage?
- Identify the fit of the technology into the enterprise environment?
- Is the technology in common production use?
- Is support for the technology available in current staff skill sets?
- What adjustments may be required in current architectural plan?
- Are electronic linkages to other state systems planned?
- If the technology will not operate in the State’s enterprise operational environment, mention the approved agency exemption to do so, or identify:
- Potential risks to agency in:
- Electronic linkages to other state systems,
- Support staff required, and
- Operational staff.
- Capabilities of a third party provider:
- Fiscal stability,
- Primary and secondary operational facilities,
- Staffing security
- Backup, recovery provisions.
- Evidence that the potential provider complies with or agrees to comply with State technology and security standards.
- Are electronic linkages to other state systems at risk?
- Can the agency provide sufficient evidence of planning to mitigate risks identified from technology?
- Can the agency provide sufficient evidence of compliance with State technology and security standards, particularly:
- The IV&V standards
- The State Security Policy and Standards
- The project management standards relative to complexity of project and specific technology
- Necessary exemptions from State standards in place
- Can the agency provide appropriate acceptance of risk and positive assurances of individuals within the agency who fulfill roles such as the CIO, ISO and Privacy Officer?
- When a decision is made by the State CTO, a letter with reasons of support or non-support will be sent to the agency Business Owner for the proposed technology. With endorsement, the agency may proceed with procurement. If the State CTO does not endorse the proposed technology, he will provide reasons. The agency has the following options:
- Provide a response as part of negotiation. The State CTO will be open to discussion with more complete information. However, without endorsement, the agency may not move forward with procurement.
- Address the non-endorsement reasons. In most cases, if the risks which led the State CTO to withhold endorsement are mitigated by the agency, endorsement will be subsequently provided.
Technology - "Technology" or "technology resources" means hardware, software, and communications equipment, including, but not limited to, personal computers, mainframes, wide and local area networks, servers, mobile or portable computers, peripheral equipment, telephones, wireless communications, public safety radio services, facsimile machines, technology facilities including, but not limited to, data centers, dedicated training facilities, and switching facilities, and other relevant hardware and software items as well as personnel tasked with the planning, implementation, and support of technology. (OCGA 50-25)
Cost is the sum of all anticipated expenditures over the life of the project, including but not limited to: consultant fees; salaries for new and existing employees; software license and maintenance fees; hardware and maintenance expenses; telecommunication and connectivity expenses; deployment expenses; training expenses and any other expenses associated with the project. However, cost shall not include existing, full-time state personnel tasked with the planning, implementation, and support of technology.
Agency IT Coordinator is GTA’s single point of contact is defined in SM-08-103 “Information Technology Review Standard” and includes responsibilities for coordinating the agency response to and agency-delegated responsibilities related to SM-14-008 “GTA Endorsement of Proposed Technology” (see guideline point 1 above).
Business Owner – The executive in charge of an organization, who serves as the primary customer and advocate for an IT project. The Business Owner is responsible for identifying the business needs and performance measures to be satisfied by an IT project; providing funding for the IT project; establishing and approving changes to cost, schedule and performance goals; and validating that the IT project initially meets business requirements and continues to meet business requirements. The Business Owner is responsible and accountable for ensuring the technology investment meets the business and regulatory requirements.
Initiatives, regardless of cost, involving acquisition of the following items are exempt from technology review by GTA. Exempted items are established in SM-08-103 “Technology Review (eAPR)” and include the following:
a. Building control systems and maintenance
b. Closed circuit TV systems and maintenance
c. Computer controlled industrial equipment and maintenance
d. Consumable IT supplies (media, toner, ink, etc)
e. Standalone/non-networked digital copiers and maintenance
f. Standalone/non-networked facsimile machines
g. Instructional equipment and maintenance
h. Laboratory equipment and maintenance
i. Life support and monitoring equipment and maintenance
j. Mailing equipment/systems and maintenance
k. Scientific equipment and maintenance
l. Routine maintenance and routine software modifications of existing systems.
RELATED ENTERPRISE POLICIES, STANDARDS AND GUIDELINES
GTA Endorsement of Proposed Technology SM-14-008
Information Technology Review SM-08-103