Background: Information Technology Work Group. The state has undertaken a variety of efforts in recent years to examine opportunities to improve the administration and coordination of state information technologies (IT). In 2007 the Legislature created the Information Technology Work Group (Work Group), which is composed of legislative members, state agency directors, chief information officers, and members of the business community. In November of 2007, the Work Group made a number of recommendations regarding IT project approval and oversight, purchasing practices, and the shared use of the Department of Information Services (DIS) infrastructure. The Work Group also recommended that a consultant be hired to conduct an evaluation of IT in support of the continued efforts of the Work Group. In September of 2008, the House of Representatives signed a contract with Pacific Technologies, Inc. (PTI) to conduct an evaluation of, and develop a strategy for, the governance and delivery of state IT services.

Recent IT Reports. In 2009 the Legislature received three reports related to the provision of IT in state government. While the scope and objectives of the reports vary, all three reports provide high-level recommendations regarding how the state could increase efficiency in the provision of IT.

Pacific Technologies, Inc. Report. The PTI report was completed in June of 2009 at the request of the Legislature and the Work Group. In their final report, PTI made a number of recommendations regarding IT governance and service delivery, including recommendations to:

refocus the Information Services Board (ISB) on setting and guiding IT direction for the state;

establish a Project Review Board for level 3 projects;

centralize desktop and infrastructure support functions to achieve economies of scale, while leaving application support in state agencies; and

optimize and reduce IT infrastructure in alignment with enterprise architecture best practices.

Unisys Report. The Unisys report was commissioned in 2009 as part of the authorization from the Legislature to the DIS to construct a new state data center and office building. Specifically, Unisys was directed to outline how the state could consolidate independent agency data centers to achieve cost-savings to offset higher facility costs. In its report, Unisys recommended that efforts be made to standardize IT in state government. According to Unisys, greater standardization would allow the state to achieve greater economies of scale, reduce costs, and provide for a more efficient transition to the new state data center. Such standardization efforts could include: discontinuing individual agency server purchases; developing virtualization standards; consolidating servers; and establishing data storage requirements.

State Auditor's Report. In January of 2010, the State Auditor issued an "Opportunities for Washington" report, which identified a number of areas with respect to IT where the state could improve service and reduce costs. The State Auditor's report identified several opportunities for improving service and cutting costs: (1) reduce the number of agency data centers; (2) consolidate International Business Machines (IBM) mainframes under one shared service provider; (3) standardize and centralize IT support; (4) consolidate servers within the DIS and better use technology to reduce the number of servers needed; (5) use network resources more efficiently by eliminating duplication and using resources provided by the DIS; (6) include e-mail administration as part of the central e-mail service; and (7) provide competitively priced shared data storage at the DIS. However, the State Auditor acknowledged that changes should be made to how the DIS operates before further consolidation or sharing of IT infrastructure services occurs.

DIS. The DIS was formed in 1987 as a result of consolidating the state's four independent data processing and communications systems. The Director of the DIS is responsible for overseeing the functions of the DIS, as well as maintaining a strategic planning and policy component for the state by serving as the state Chief Information Officer (CIO). The DIS provides IT services, upon request, to state agencies, local governments, and public benefit nonprofit entities in the state on a cost-recovery basis. The DIS also performs work delegated to it by the ISB, including the review of agency portfolios, the review of agency investment plans and requests, and implementation of statewide and interagency policies, standards, and guidelines.

ISB. The ISB was also formed in 1987. The ISB is given a broad range of duties under statute, including policy development, strategic IT planning, oversight of executive branch agencies' IT projects, and delegating authority to the DIS and the agencies. One of the ISB's primary functions is reviewing and providing oversight and spending authorization for larger, higher risk IT projects administered by executive branch agencies.

Wireless Service. Many state agencies provide portable handheld wireless devices to their employees. Agencies may purchase wireless service plans or phones through an IT Master Contract offered through the DIS, but generally may also purchase wireless service or phones from other sources.

Personal Computers. State agencies may purchase personal computers (PCs) through an IT Master Contract administered by the DIS. In addition, state agencies may participate in the DIS Lease Program for PCs, which typically reflects a four-year replacement cycle. According to the 2009 PTI Report, state agencies maintain approximately 33 percent more PCs than employees. The PTI found that the state could reduce its PC inventory by 25 percent and still have one PC for every agency employee, which could reduce support demands.

Data Storage and Data Centers. The state has both centralized data center capacity, as well as independent data processing capabilities in numerous agency data centers. The capabilities of these in-house data centers ranges from servers placed in office space to full-fledged facilities with dedicated cooling, power, and staff.

State agencies currently have varied data storage requirements, equipment, resources, and multiple variations in implementation of data retention policies. The Unisys report found that among the 21 agencies surveyed, there were over 195 different storage devices within the agencies data centers.

Summary of Bill: IT Spending Restrictions. The following limitations are placed upon IT procurement by state agencies for the 2009-11 biennium:

State agencies may not purchase or implement new IT projects without securing prior authorization from the OFM. The OFM may only approve IT projects that contribute towards an enterprise strategy or meet a critical, localized need of the agency.
State agencies may not purchase servers, virtualization software, data storage, or related software without securing prior authorization from the OFM. The OFM will grant approval only if the purchase is consistent with the state's overall migration strategy to the state data center and is critical to the operation of the agency.

Institutions of higher education, the State Board for Community and Technical Colleges (SBCTC), offices headed by a statewide elected official, the legislative branch, and the judicial branch are exempt from these spending restrictions.

IT Savings. The OFM, with the assistance of the DIS, must identify areas of potential savings that will achieve the savings identified in the Omnibus Appropriation Act. These areas of potential savings must include wireless service, telephony, desktop computers, e-mail services, and data storage. OFM must work with state agencies, including DIS, to generate savings equal to the amount specified in the Omnibus Appropriations Act. To accomplish this objective, state agencies must provide total cost of ownership data to the OFM upon request regarding IT products and services. The OFM must reduce agency allotments by the amounts specified in the Omnibus Appropriations Act to reflect these savings. The allotment reductions must be placed in unallotted status and remain unexpended.

Higher education institutions, the SBCTC, offices headed by a statewide elected official, the legislative branch, and the judicial branch are exempt from this provision pertaining to achieving IT savings.

Pilot Projects. The OFM, in consultation with the DIS and the ISB, must develop and execute a pilot program to contract with one or more private providers for the delivery, support, maintenance, and operation of IT through application managed services or other similar programs. This pilot must operate across one or more functional areas, or for the IT needs of one or more state agencies. In selecting a private provider for the pilot program, the OFM must engage in a competitive bid or request for proposals process.

The objective of the pilot program will be to assess: (1) the agency's IT application portfolio; (2) opportunities to use best practices and tools; and (3) whether the agency should proceed with application managed services or other similar programs based on the results of the assessment. The DIS and the OFM must prepare a report of the findings of the assessment by September 1, 2010, and a final report of the pilot results by June 30, 2011.

IT Inventory. The DIS must conduct a detailed inventory from existing data sets of all IT assets owned or leased by state agencies. This inventory must be used to inform the development of a state IT asset management process. Prior to implementation of any state IT asset management process, the DIS must submit its recommended approach to the ISB for approval.

Wireless Phone Service. State agencies must purchase cellular or mobile phone service from the state Master Contract, unless the state agency provides to the OFM evidence that the agency is securing wireless devices or services from another source for a lower cost than through participation in the state Master Contract. Institutions of higher education, the SBCTC, offices headed by a statewide elected official, the legislative branch, and the judicial branch are exempt from this requirement.

IT Reporting. Additional requirements are added to the State Budget and Accounting Act related to IT reporting. The OFM must collect from agencies information to produce reports, summaries and budget detail of all current and proposed expenditures for IT by state agencies. In addition, the OFM must collect information for all existing IT projects as defined by ISB policy. The OFM must work with the DIS to maximize the ability to draw this information from the IT portfolio management data collected by the DIS.

The biennial budget documentation submitted by the OFM must include an IT plan identifying proposed IT projects and their current and projected costs according to a method similar to the capital budget process. This plan must be submitted electronically, in a format agreed upon by the OFM and the Legislative Evaluation and Accountability Program Committee (LEAP). The OFM also must institute a method of accounting for IT-related expenditures, including creating common definitions for what constitutes an IT investment. The DIS, in coordination with the ISB and the OFM, must evaluate agency budget requests and submit funding recommendations to the Legislature. The DIS must also submit recommendations regarding consolidation of similar proposals or other efficiencies it may find in reviewing proposals. The DIS must also include additional items in its report to the Legislature on major IT projects. This report must include original and final budgets, original and final schedules, and data regarding progress made towards meeting the performance measures included in the original proposal. The first report is due December 15, 2011, and every two years thereafter.

Enterprise Strategy for IT. The OFM must develop an enterprise-based strategy for IT in state government. In developing an enterprise-based strategy for the state, the ISB is encouraged to consider several strategies as possible opportunities for achieving greater efficiency, including personal computer replacement policies, shared services initiatives, pilot programs, data storage, and partnerships with private providers. The legislative and judicial branches are encouraged to coordinate with, and participate in, shared services initiatives, pilot programs, and development of the enterprise-based strategy.

ISB Oversight. The ISB must develop contracting standards for IT acquisition and purchased services and work with state agencies to ensure deployment of standardized contracts. The ISB, in consultation with the OFM, must review state agency IT budgets. IT projects under the ISB purview must be reviewed based on independent technical and financial information, regardless of whether the project or service is being provided by public or private providers. This review must be conducted by independent, technical staff support, if funds are appropriated. The ISB also may acquire project management assistance.

Review of Plan to Consolidate State Data Centers. The OFM must contract with an independent consultant to: (1) conduct a technical and financial analysis of the state's plan to consolidate state data centers and office space; and (2) develop a strategic business plan outlining options for use of the site that maximize its value consistent with the terms of the finance lease and related agreements. The strategic plan must be submitted to the Governor and the Legislature by December 1, 2010.

Review of IT Governance. By December 1, 2010, the DIS and OFM must review: (1) best practices in IT governance, including private sector practices and lessons learned from other states; (2) existing statutes regarding IT governance, standards, and financing to identify inconsistencies between current law and best practices; and (3) what financial data is needed to evaluate IT spending from an enterprise view.