IRM P03

1. Purpose. Reclamation's Information Technology (IT) systems are a vital part of the infrastructure supporting the organization's mission of managing, developing, and protecting water, power, and related resources in an environmentally and economically sound manner. The proper management of IT systems and the information managed by such systems is critical to the organization in supporting the achievement of strategic objectives; improvements in mission and operational capabilities; addressing legislative requirements and policies and directives issued by the Department of the Interior and Office of Management and Budget (OMB); and the delivery of services to internal and external customers.

2. Scope. This policy applies to:

   A. All Reclamation directors, managers, supervisors, and personnel responsible for managing IT portfolio systems, and the investments, supporting systems, and other IT resources supporting mission operations and capabilities, which are components of those systems;

   B. All Reclamation-owned, -operated, and -maintained IT systems, including specialized, telecommunications, and other systems (e.g., SCADA, Hydromet, GIS, Dam Safety); and,

   C. All Reclamation-owned systems operated and/or systems and the data maintained by contractors or temporary personnel in other organizations, as well as Department systems supported by Reclamation and e-government initiatives sponsored by the Department or other Federal agencies.

3. Responsibilities.

   A. Reclamation's CIO is responsible and accountable for directing the bureau's IT Management Program. In this role, the CIO has the authority to promulgate IT policy and guidance and to monitor the implementation of IT requirements and systems, as well as to suspend the development, deployment, or operation of IT systems that pose excessive risk to the organization, mission capabilities, or operations. The CIO will work with the Reclamation Leadership Team regarding IT management program requirements and mission responsibilities.

   B. Reclamation Directors and System Executive Owners are responsible and accountable for ensuring IT systems and resources are designed, acquired, developed, operated, and managed in accordance with the IT Management Program policies, directives and standards, and guidelines and in support of Reclamation missions. Directors and System Executive Owners also are responsible for keeping the CIO adequately informed of IT management issues (e.g., IT security matters, system accreditation issues, IT investment decisions, IT life-cycle and acquisition decisions, IT workforce training needs and requirements, and IT performance accomplishments).

   C. Reclamation System Business Owners/Functional Sponsors are responsible for supporting the design, development, acquisition, operation, security, and maintenance of IT systems supporting mission-related operations. They also are responsible for effectively managing supporting resources (funding and personnel) essential to the development, operation, security, investment management, and maintenance of IT systems.

   D. Reclamation Managers and Regional Chief Information Officers or IT Managers are responsible for ensuring compliance with bureau-and department-level IT management program requirements within their organizations. This includes following and enforcing applicable IT requirements related to the design, development, operation, and maintenance of systems supporting mission-related operations or activities (e.g., developing and reviewing IT business cases, following IT acquisition and life-cycle documentation requirements, and ensuring compliance with IT security and enterprise architecture policies and procedures).

   E. Reclamation Regional IT Security Managers are responsible for ensuring compliance with applicable IT security requirements and providing technical advice and support to managers, directors, system executive and business owners, the Bureau Information Technology Security Manager, and the CIO regarding the management and implementation of IT security policies and procedures.

   F. Reclamation IT System Project Managers, System Managers, System Security Managers, and Project Team Members are responsible for implementing IT design, development, acquisition, operation, security, investment management, and maintenance requirements for assigned systems. This includes keeping Reclamation Directors, System Executive and Business Owners, Division Chiefs, Area Managers, Regional IT System Security Managers, Bureau IT Security Manager, and the Chief Information Officer Council (CIOC) aware of IT system requirements, critical milestones, investment requirements, security issues, and staff training needs.

   G. The Chief Information Officer Council (CIOC), which also serves as Reclamation's IT Investment Review Board, is responsible and accountable for identifying issues and making recommendations to the CIO on IT business practices, security issues, investment needs, and architecture requirements, including the areas of IT strategic planning, enterprise solutions, investment or capital planning and management, policy development, and oversight across Reclamation. The CIOC shall also be responsible for fostering the employment of sound project management and portfolio management practices as part of an IT investment review process within Reclamation.

4. Definitions.

   A. Enterprise Architecture . The framework that defines the overall structure of the business or organization and the information and technology infrastructure that supports the business and/or organization, based on defined business needs and principles that guide implementation choices and investment decisions.

   B. Enterprise Solutions . The systems, technologies, and services developed and deployed in a manner that supports organization-wide needs and which over time can be reused or expanded upon to meet evolving needs.

   C. Information Technology (IT). The equipment, interconnected system or subsystem of equipment used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or communication of information by an organization. The term includes computers, networks, ancillary equipment, software, firmware, services (including support services), and related resources.

   D. Information Technology Business Practices . The manner in which automated systems or technologies and the information stored, processed, and accessed by these systems are designed, configured, interconnected, managed, and operated in the process of supporting business or mission operations and objectives.

   E. Information Technology Management. The management principles associated with planning, directing, and controlling the processes, procedures, and uses of information technology to better enable an organization to achieve mission goals and objectives, as well as maximize returns on technology investments, including system life-cycle management; IT investment or capital planning; security management; risk management; architecture; IT human capital management; and IT resource management.

   F. Information Technology Portfolio System . A collection of IT components (e.g., systems, technologies, telecommunication systems, information services) identified in Reclamation's IT Investment Portfolio (Exhibit 53). All Reclamation IT components are part of systems managed within the portfolio.

   G. Process Maturity . The stages or levels at which organizations have defined or established policies, procedures, business practices, and performance metrics that support the achievement of business or mission objectives; sound business and investment decisions; and opportunities for cost savings or other efficiencies.

5. Goals and Objectives. Reclamation's IT Management Program.

   A. Adopt Sound IT Practices. Develop and promote the adoption of sound IT management policies and practices that align with legislative and other Federal requirements, as well as IT process maturity practices endorsed by the Department, OMB, the Federal CIO's Council, leading IT and Federal consortiums and audit organizations, and the IT industry, as deemed appropriate;

   B. Implement Sound IT Practices. Support the implementation of sound IT management practices, including IT strategic planning, enterprise architecture development, IT investment planning and management, IT security management, IT acquisitions, IT development and maintenance practices, information and records management, and IT human capital planning and management; and,

   C. Foster Improvements in IT Processes and Practices. Foster improvements in IT process maturity practices to increase mission and operational effectiveness and cost efficiencies, including accountability over IT systems and resources; security over IT systems, operations, and assets; the protection of IT investments; and, risk reduction strategies. This also includes fostering improvements in the functional areas described in Secretarial Order 3244, including information management, telecommunications management, inventory and asset management, strategic planning, project management, and IT human capital management.

6. Principles.

   A. Adopt Sound IT Practices. Reclamation's Information Technology Management Program (IT Management Program) will incorporate best practices as deemed appropriate for managing IT resources and to promote improvements in mission capabilities and operations. As part of this program, measures shall be established and used to periodically assess progress and promote mission effectiveness and efficiency.

   B. Implement Sound IT Practices. The IT Management Program will further support guidance and practices that protect IT resources as part of a defined effort, which involves security management; capital planning and investment control; enterprise architecture objectives; systems development life cycle; and other critical management objectives aimed at enhancing investment decision-making capabilities.

   C. Foster IT Skill Improvements. The IT Management Program will also include guidance that supports IT training efforts aimed at enhancing the skills of users, managers, IT technical personnel, IT security personnel, and improving the management of IT investments as required by legislation, the OMB and by the Department of the Interior (Secretarial Order 3244 and other IT-related orders and directives).

(221) 06/30/05
NEW RELEASE