IPMA Home | IPMA News IPMA News : December 2003 Edited By Mary Ellen Bradley and Andy Marcelia

DSHS Enterprise Architecture Program

"Protect IT!" security awareness video now available

News from the Past

Summary of November 13, 2003 IPMA Board Meeting

DSHS Enterprise Architecture Program

-- by DSHS Information System Services Division

The Department of Social and Health Services (DSHS) is embarking on a project to develop an enterprise architecture and institutionalize it as a framework for decision-making. Typical enterprise architecture deliverables are used primarily within the information technology community. However, DSHS is taking the opportunity to broaden the program beyond just information technology decisions and use it as a common language and framework for all enterprise level decisions. With this in mind, the enterprise architecture project required and has received executive level sponsorship across all DSHS administrations.

Melissa Cook of the M A Cook Corporation has been selected as the vendor of choice to lead us in this endeavor. Melissa has practical experience in developing enterprise architecture frameworks for large, complex organizations such as Ford Motor Company and Hewlett-Packard Company.

The enterprise architecture framework that has been adopted by the executive sponsors is below:

The framework starts with business drivers to ensure that the architecture aligns with the needs of the business. The rest of the framework is divided into three primary columns, one each for data, process and technology. Each individual column has its own set of unique principles and there are also a set of over-arching principles that apply to all three columns. Each column is then further broken down into a formal classification scheme such as subject areas for data, business process definitions for the process column and a technology classification scheme for the technology column. The remaining rows of the framework include models and standards for each column. This overall framework is based upon a modified view of the Zachman Framework, an information systems architecture framework developed in the early 1980?s by John Zachman of IBM and modified by the M A Cook Corporation based on pragmatic experience in using the framework in organizations.

An enterprise architecture is defined as a "framework for decision making". A key component of the framework is guiding principles.

A Word on Principles (From a white paper on principles available from M A Cook Corporation)

A principle is a statement that guides decision-making. Principles are usually statements that start with the word should. For example, a principle such as "should have leading safety record in its category" would guide one to purchase a safer car.

What is the difference between a principle and a policy?

A principle that starts with the word must or will is more likely a policy. Policies are typically needed to guide decision making for technologies that have very high risks such as those involved in security or privacy. Policies are typically auditable. Principles guide decisions but may be traded off against one another or over ridden for justifiable reasons in certain situations. In the car example, there may be a safety principle and a lowest cost principle that may require tradeoffs in certain purchasing situations.

How are principles used in an Enterprise Architecture?

EA principles can be used to guide information technology decisions such as: project scope, design, software and technology purchases and deployment options. For example, an EIA principle "should conform to enterprise data standards" would guide data base design. "Should have the fewest number of physical servers possible" would guide deployment decisions. "Should deliver business value in less than 6 month increments" would guide project scope decisions.

What are the elements of a good principle?

Principles should be controversial or arguable. They probably don?t need to be defined if everyone already agrees. For example, it would be hard to find anyone to disagree with the statement "should have software of high quality".

Principles often reflect lessons learned or past mistakes that need to be avoided. For example, a large, multi year cancelled project may be the driver behind "Should deliver business value in less than 6 month increments".

Principles should be crisp and succinct. Principles are not rambling documents or white papers.

Principles compliance should be easily discernable.

There should only be one statement or test per principle. Having principles with multiple tests makes it difficult to check compliance.

Principle documentation should consist of:

• A statement of the principle (one sentence)
• Rationale
• Implications of the principle
• Compliance test questions if helpful. (yes/no if possible)
• Supporting models and standards if required

Additional documentation can be useful but the principle statement should be self-explanatory.

Current DSHS Enterprise Architecture Status:

We are in the process of developing and finalizing the DSHS business drivers through a series of executive interviews across the department.

In addition, we have introduced several potential principles to the executive sponsors and have received approval for the first over-arching principle of the framework. This principle, called the "commonality principle" is typically one of the most controversial principles in organizations. Its objective is to define the level of commonality or standardization that an organization desires across its divisions or in the DSHS case, administrations. The DSHS has adopted the following commonality principle in this area:

DSHS Commonality Principle:

Data, Process and Technology should be common when there is a business case.

The wording of this principle indicates that the department is only interested in commonality where a clear business case or justification can be made.

Rationale: Funding models and governance is decentralized in DSHS and impacted by external organizations such as the federal government which makes it very difficult to implement programs that cross administrations. Therefore, a clear business case is required to gain and sustain management support for commonality. This doesn?t mean that DSHS won?t pursue commonality, only that DSHS has a clear understanding of the business case to ensure sustainable success before embarking on these types of programs.

Implications: The choice of this principle will allow redundancy where business cases are not clear. Where business cases can be made, common approaches will need to be flexible to support multiple administrations. Common programs will require a change in funding and governance process for common programs

The commonality principle requires a model and some common language to assist in implementation. Below is the DSHS tiering matrix that identifies a common language around "tiers" that provide for varying degrees of commonality as decision are made using this principle. For example. the tiering matrix can be used to describe current and future levels of commonality for a particular subject area of data, a business process or technology such as an application.

DSHS will be proceeding to develop the rest of the framework and the governance processes necessary to ensure its implementation. In addition, the federal government has sponsored the creation of the Federal Enterprise Architecture Program (FEAP) over the last few years and DSHS is reaching out to integrate any related architecture deliverables into their program.

Return to Top

"Protect IT!" security awareness video now available

-- by DIS Communications Office

Every state employee plays a critical role in helping maintain Information Technology (IT) security within their agencies. "Protect IT!," a 25-minute training video is now available to provide a quick and consistent message to increase awareness and implement day-to-day precautionary practices.

In 2002, the Information Services Board (ISB) assessed agency compliance with the IT Security Policy. As a result, the ISB indicated a need for more resources to increase end-user security awareness training. "Protect IT!" is available for no charge to state agency security managers and trainers.

The video includes a series of vignettes, acted out by professional actors and state employees, to demonstrate the role that every employee plays in maintaining IT security:

• Best practices for computer security,
• Washington state security related policies,
• Physical/building security,
• Identity theft,
• Software piracy,
• Appropriate use of e-mail and the Internet and
• Computer viruses and worms.

To accommodate a variety of business environments, the video is available in three formats:

• Web ready (to use at the desktop with Windows media player)
• CD (to run on a PC and/or can be projected to a larger screen)
• VHS (to run on a VHS player)

Agency managers can use "Protect IT!" to consistently train employees about the important role they play in maintaining IT security in their agencies.

Individuals who are responsible for agency security training may contact Mary Lou Griffith for a free copy of the video at marylous@dis.wa.gov or 360-902-2978.

Return to Top

News from the Past

5 Years Ago -- December 1998 IPMA Newsletter

10 Years Ago -- November 1993 IPMA Newsletter (Not available at this time)

15 Years Ago -- December 1988 IPMA Newsletter (Not available at this time)

20 Years Ago -- December 1983 Association of Data Processing Managers Newsletter

25 Years Ago -- December 1978 Association of Data Processing Managers Newsletter

Return to Top

Summary of November 13, 2003 IPMA Board Meeting

Members Present: Jim Albert, Mary Ellen Bradley, Phil Grigg, Sheryl Hall, Dennis Jones, Dennis Laine, Mike McVicker, Christy Ridout, Darrel Riffe, and Shelagh Taylor. Phil Coates, CFO and Forum Events Manager, Jim Andersen, were also present.

Mike McVicker, IPMA Chair, opened the November 2003 meeting of the IPMA Board of Directors at 7:38 a.m.

REPORTS

Secretary/Treasurer: The minutes from the October 2003 Board meeting were approved.

The Board approved the October 2003 financial status and activities reports.

Forum: Jim Andersen presented the Forum status report.

• A possible theme for the 2004 Forum is: "Getting past the hype - Delivering Business Value."
• The committee is working on development of breakout sessions and possible keynote speakers.
• Vendor exhibits will open later each day. The proposed hours are: Tuesday 9:00 - 4:30 and Wednesday 9:00 - 3:30.
• Attendance registrations will be changed to include a classification matrix. Possible classification options are: Applications Development, Data Administration, Desktop support, Back Office support, IT management and Other.
• Vendors have requested a brochure be produced and distributed that lists participating vendors by product lines. The committee is exploring options and issues related to this request.
• The contract has been signed with GES (the organization that provides the vendor display area facilities) for three years. The advantage to the IPMA is that the per booth base rate will remain the same in 2004 as it was in 2003. Booth rates for 2005 may increase up to 2% and 2006 may increase up to 3%. New services that the IPMA has GES perform will be added to the base amount.
• The booth fee to vendors will remain the same in 2004 as it was in 2003.

Executive Summit: Phil Grigg presented the Executive Seminar status report.

• The 2003 Executive Seminar was a profitable event for the IPMA
• Left over tokens of appreciation have been given to the Forum Committee
• Presentation materials have been placed on the IPMA website
• The contract for the 2004 Executive Seminar has been signed with Campbell?s Resort.
• Phil and Darrel are scheduled to visit the Shilo at Ocean Shores in preparation for the 2005/2006 seminars. The board authorized Phil and Darrel to sign a contract for the 2005 seminar. Plans beyond that will be explored at the January board retreat.

Business Planning: Phil Coates presented the results of a meeting he had with Keith Cameron, the IPMA?s financial consultant at Merrill Lynch. The meeting indicated that the IPMA can afford to fund a scholarship endowment at Evergreen State College. An improved cash management plan was also recommended. IPMA would maintain a cash balance at the end of the year that would cover nearly all eventualities for the coming year. Anything in excess of that amount would be moved into securities that pay a better rate of return. The board approved the establishment of the endowment at Evergreen and the changed cash management plan. The board will further explore the appropriate level of philanthropy at it?s January retreat.

Professional Development: Dennis Jones reported that the October .NET seminar was an unqualified success with 86 attendees. Dennis stated that there were several problems with the sound system. This has been a recurring problem with the seminars held there. The board directed Jim Andersen to explore options related to purchasing sound equipment for the IPMA to use at various events.

Sheryl Hall reported that the first event for 2004 will be held January 22 and is entitled "Disaster Recovery / Business Continuity."

Communications: Mary Ellen Bradley reported that the November 2003 IPMA News was posted on the website and notifications e-mailed November 12th. She pointed out that it contains a very good Retirement Systems article.

OTHER BUSINESS:

Board Elections: The ballots will be sent out to current IPMA members as soon as the accompanying message from the board chair is complete.

The meeting was adjourned at 9:00 a.m.

Return to Top

IPMA, P.O. Box 1943, Olympia, WA 98507-1943