2011 state IT annual report

State of Georgia
State IT Annual Report FY 2011
Georgia Technology Authority 47 Trinity Avenue, S.W. Atlanta, Georgia 30334 www.gta.georgia.gov
Page 1 of 47

Purpose
The State IT Annual Report (SITR) outlines IT's current state in Georgia as assessed by the State Chief Information Officer (CIO). The report is also a requirement listed within the enabling legislation of the Georgia Technology Authority (GTA). The SITR is intended to provide information to state leaders to help them make informed decisions about significant investments in technology. Budgets and expense data suggest the annual IT investment for Georgia exceeds $1 billion. Good stewardship of these investments is a primary goal of the State CIO. With each IT investment decision, it is important to the citizens of the state that the right choices are made. This report provides information on many of these strategic enterprise investments and serves as a report card of accountability to our stakeholders. To further illustrate the importance of accountability, the SITR provides background on the different ways Georgia is currently improving how technology is being planned, managed, and implemented today.
There has been notable progress during 2011 in Georgia's large IT transformation effort, but there is still much more to be done during the next couple of years to achieve the vision of a modern and secure IT network and infrastructure. The IT transformation includes state systems spread across many agencies being centralized and virtualized into a state-controlled harden facility. This report outlines the current and future technology challenges facing Georgia. The report provides insights on strategic activities being considered and those currently under way. It highlights progress on current technology initiatives to allow stakeholders to monitor the steps being taken toward IT transformation. The SITR addresses technology accomplishments made across the enterprise over the last year. Improved business outcomes are highlighted to illustrate the critical difference IT is making in improving the delivery of services across the enterprise. The network and infrastructure foundation is being built on solid IT engineering, well-defined processes, best practices, state published standards, and ongoing oversight to guarantee adherence to state standards.
The report represents IT for the state's executive branch agencies only. Not included in the report is information about IT matters for legislative branch, judicial branch agencies, or the University System of Georgia. The data used to create the report is provided by executive branch agencies and is compiled by GTA to reflect the direction of the State CIO in improving the use of technology in the operation of state government. The SITR contains the following sections:
Executive Summary Highlights IT Current State Stakeholder Value Business and IT Integration IT Governance and Risk Management IT Financial Management IT Road Map Appendix
Page 2 of 47

Executive Summary
The state spends more than $1 billion annually on technology. We must ensure that decisions about how we spend those dollars are made with the citizen in mind and that our technology investments better enable them to connect with their government.
2011 was a good year for moving IT forward in Georgia state government. GTA is pleased with the success achieved as a state and looks forward to building upon that foundation. A state-of-the-art managed network and IT infrastructure will position Georgia among the best-managed states in business efficiencies and citizen-focused services and applications.
Georgia is leading the way in its IT privatization efforts. A recent assessment noted that Georgia's privatization effort through outsourcing is the largest and most complex of its kind in state government today. Georgia is making significant progress as we continue on the difficult journey of IT transformation. Though budgets are strained, the state's IT enterprise continues to evolve. Over the last year, our ongoing efforts to change how technology is managed in state government have been met with challenges and opportunities. The cultural shift from agencies' operating their own networks and infrastructure to one of working through GTA to manage outsourced service providers is a momentous shift for any organization.
The need to mature the new privatization outsourcing model must continue in order to provide the levels of service Georgia must have to meet the needs of its citizens. Our resolve is strong, and it is absolutely necessary to stay the course to ensure Georgia can keep up with the ever-changing world. Trends in both government and the private sector continue to support the direction we are taking, which is already resulting in lower risk to the state and more secure systems that enable us to protect citizens' private information. While we still have a tremendous amount of work to do, we are succeeding in our efforts to better connect Georgians with their government through technology and to deliver the services they expect.
Going forward, our biggest challenges are creating even greater operational and financial transparency and better governance for the state's IT enterprise. Achieving these goals will enable state leaders to make the best fact-based decisions possible about how tax dollars are invested in technology to support government operations.
More specifically, we need to:
Make improvements to the governance model for IT expenditures Require agencies to maintain and manage technology budgets in a standardized and
more transparent manner Develop a framework for the state's application portfolio so we can make rational
decisions about the state's systems and Complete the state IT transformation to ensure a robust and secure environment
As we continue down our path, the technology function must be attuned to the business needs of state agencies and the constituents they serve. Providing agencies with platforms and infrastructure that can support citizens' need for mobility is critical today and for tomorrow in the fast-changing arena of IT. Agency information technology leadership must have a seat at the decision-making table as true partners in the process when business decisions are being made.
Page 3 of 47

Highlights
IT Current State
The GETS program has resulted in several steps forward in network services, upgrades, server consolidation, virtualization, and refreshing end-user computers.
Server consolidation and virtualization activities to reduce cost made incremental strides by consolidating the server environment of five agencies.
In FY 2011, 80 percent of agencies that are required to submit IT expenditure reports spent over $1 billion on IT operations, IT projects, and application support.
The state's IT project portfolio shows an increase of $71 million for FY 2011, primarily due to the increased number of projects in the health-care sector. The FY 2011 portfolio tracked over 30 projects totaling about $235 million that span multiple years and 15 agencies.
Over the last three years, the Critical Projects Review Panel and project assurance saved taxpayers an estimated $150 million that would have been lost to failed or challenged technology projects.
The Critical Projects Review Panel saved the state about $67.2 million in FY 2011 on a critical-project portfolio of $144 million.
If the state were not to engage in project management best practices and periodic reviews, we could put $192 million of taxpayer money at risk.
Stakeholder Value
Dependable, modern, and secure technology systems and a strategic partnership between technology and business managers are enabling state agencies to provide new and innovative business services. The State IT Annual Report includes several case studies.
Business and IT Integration
Georgia is using strategic planning to align technology resources with state business goals and objectives.
About 30 agency strategic plans have been reviewed for opportunities to leverage information technology to meet state business needs; the reviews identified ITdependent projects and instances of similar efforts across agencies.
IT strategic planning provides value to Georgia by helping to identify needs shared by multiple agencies; strategic planning enables a forum for sharing IT best practices and allows agencies to benefit from IT expertise at a critical point in business planning.
The GETS program enables state leaders to collaborate on strategic, integrated business solutions and share in decision making for the IT enterprise.
IT Governance and Risk Management
More structured governance and better stewardship of the state's IT assets are leading to advances in risk management, security, and business continuity.
In 2008, GTA adopted the risk management framework created by the federal government in accordance with the Federal Information Security Management Act (FISMA) of 2002.
Page 4 of 47

Georgia's information security program consists of more than 60 agency-level programs operating under policies and standards established by GTA; since the program's creation in 2008, the state has seen a reduction in both the number of reported incidents and citizens affected.
State agencies are conducting business continuity planning, but many have not identified priorities for the recovery of key functions in the event of an emergency; GTA is assisting agencies in their planning and coordination efforts.
The state has significantly improved the success rate of technology project delivery; Independent Verification and Validation (IV&V) services are used for large, complex projects and saved an estimated $29.6 million in 2008.
IT Financial Management
The GETS business case provides a sustainable model for IT fiscal oversight and projects the state will save $181 million over the life of the contracts with its service providers.
Through IBM, the state is investing $184 million in infrastructure, and through AT&T, the state is investing $99 million in the network long-term technology investments the state could not make on its own.
Greater financial transparency and a clearer understanding of IT resources are resulting in better decision making.
IT Road Map
The Georgia IT road map is a collaborative document developed by state agency CIOs to outline priorities for improving and stabilizing technology across the state; the road map sets the course for IT for the next three years.
The five focus areas for the IT road map are business process, workforce mobility, access, cloud-based sourcing, and data management.
The state's IT infrastructure services provider for GETS, IBM, is assessing several technology strategies, including handheld computing devices and cloud computing.
The long-term strategy of AT&T, the state's managed network services provider, includes cloud-based applications, unified communication, cloud security, and security for mobile devices.
Page 5 of 47

IT Current State
IT Snapshot During 2011, the state continued on the journey of transformation through privatization. As identified in the 2010 SITR, Georgia's information technology was in a nonintegrated environment that was difficult and inefficient to operate. The need for network and infrastructure standards that could be enforced was critical for Georgia to move the state to a more secure environment. Since the 2010 report, the state has continued to make improvements while controlling costs and continuing to support the various functions performed by state agencies. Transition to a new and modern Tier IV state data center is ongoing, and state agencies are feeling both the benefit and pain of change as they evolve into the different world of outsourcing. Over the last three years, lessons have been learned and adjustments made to help improve the relationships with our service providers and the quality of service they provide. A well-respected consulting firm was retained by the State CIO to assess the Georgia Enterprise Technology Services (GETS) contract and make recommendations on how the outsourcing agreement could be improved to increase quality of service to our customers. Recommendations were received, and actions items as outlined in the assessment are under way. These include modifications of governance and communication roles for GTA as well as setting performance expectations with our vendor partners. Today the state's IT transformation is providing greater transparency in how state agencies spend technology dollars, allowing agencies to make better decisions about IT investments.
Page 6 of 47

The GETS program has resulted in several steps forward in network services, upgrades, server consolidation, virtualization and refreshing end user computers. These are essential projects that allow the state to reach its goal of taking a proactive approach to increase the security of our network and systems. As agency applications require more and more bandwidth, Georgia is upgrading the network to increase reliability that will lead to fewer outages and faster responses for network recovery.
Server consolidation and virtualization activities to reduce cost made incremental strides by consolidating the server environment of five agencies. Critical applications are being tested for high-quality user acceptance. The end user computer refresh was welcomed by many agencies to replace old and aging desktop and laptop computers. This effort will accelerate in FY 2012 with more agencies reaping the benefits of newer operating systems and tools that will increase productivity.
The items below provide more details on these initiatives that are critical to the state having the right platforms, infrastructure and technology appliances to better serve the citizens of Georgia.
Enterprise IT Project Portfolio
The project portfolio shows an increase of $71 million dollars, primarily due to the increased number of IT projects undertaken in the health-care sector. The FY2011 portfolio
Page 7 of 47

is tracking over 30 projects totaling over $235 million that span multiple years and 15 agencies as indicated in the graph below.
These numbers are expected to increase next year as a new portfolio management information system will be implemented beginning in January 2012. This application will allow individual agencies to track and manage their technology investments from cradle to grave and provide business driven metrics for better decision making and an enterprise roll-up capability for statewide transparency and collaboration.
Page 8 of 47

<> GTA has operated the Critical Projects Review Panel for over seven years. It is chaired by the State CIO and has demonstrated consistent improvement in project success and outcomes. Over the last three years, the panel reviews coupled with project assurance have saved taxpayers an estimated $150 million that would have been lost to failed or challenged technology projects. The chart below puts in perspective the value and benefit of portfolio management and oversight:
Page 9 of 47

Critical Projects Panel Review will save the state up to $67.2 million in FY 2011 on a critical project portfolio of $144 million
Applying industry statistical information* to our current active and approved portfolio of critical projects, we get the following results: 30% of projects would be cancelled = $43.2 million
52% would cost $189% of the original estimated = $142 million 18% would be successful with no cost increases = $26 million
Without disciplined project, program and portfolio management, the current portfolio of $144 million would deliver only 70% of the
functionality originally planned and would cost the state about $221.2 million.
*Based on Standish Group CHAOS Report One can surmise by the above analysis that the efforts of the Critical Projects Review Panel and project assurance teams have a tremendous impact on cost savings for the state of Georgia. It should also be pointed out this analysis pertains to approximately 30 technology initiatives across 15 agencies. The chart below displays how the state of Georgia compares to government and industry metrics compiled for the Standish Group's 2010 Chaos Report. If the state were not to engage in project management best practices and periodic reviews, we could put $192 million of taxpayer money at risk, based on the government Standish standards.
Page 10 of 47

The data from the chart above also indicates a decline over the past three years in our performance compared to the Standish Group ratings for government projects. This can be attributed to two primary factors. First, the Critical Projects Review Panel has increased the number of projects that are being reviewed from an average of eight per year to over 20 per year. The number of higher-challenged projects will naturally increase. The second factor is a noticeable need for increased project management competencies, particularly in those agencies the panel has recently begun reviewing. We can conclude that efforts to develop project management competencies should continue and be expanded where applicable.
Georgia Enterprise Technology Services
Managed Network Services
The state of Georgia's managed network services provider, AT&T, has enhanced the Internet redundancy and security posture for all GETS customers. GETS provides managed network services to over 1400 at-will entities across the state, many of which are local governments. AT&T upgraded the state's Internet connectivity and security by installing redundant connectivity in two major southeastern cities, thereby giving the state full WAN failover capability. Along with this redundant connectivity, AT&T installed state-of-the-art security protection at each of these facilities to guard against malicious Internet attacks.
Page 11 of 47

As part of the GETS program, AT&T is in the process of upgrading all full-service GETS network customers. AT&T is replacing all network hardware with new Cisco Systems equipment and moving those agencies to AT&T's state-of-the-art Multi-Protocol Label Switching network. To date, 487 sites have been upgraded with the remaining 1,423 sites to be completed in the fourth quarter of 2012. These upgrades will enhance resiliency and reliability for all network customers. Additional benefits realized in this program are centralized network services such as domain name service, IP address management, and enhanced security services and proactive monitoring. This work is extremely important as Georgia state government systems experience as many as 15 million probes per day from those looking for holes in our security. Agencies are in an ongoing ever changing battle to protect their systems and data.
Server Consolidation
A key success factor in completing the IT transformation is the ability to complete the enterprise server consolidation. This aspect of the project has proven to be a challenging and daunting task, beginning with the complexity of systems, applications, numerous firewall rules, and configurations that are unique to each agency. This challenge has caused delays in the project timeline and other transformation interruptions. A change in the approach has been vetted and successfully piloted, and is now being utilized to move forward. Project timelines have been adjusted, and the work will be completed. In addition to saving money and reducing risk, server consolidation will act as a catalyst for other technology optimization initiatives across the enterprise. When Georgia's enterprise server consolidation project is complete, 1,300 servers will have been replaced by about 700 servers, most of which will operate in the North Atlanta Data Center, the state's primary data center. This data center is designed to comply with the requirements of the Uptime Institute's Tier 4 Standard, the gold standard of uptime resiliency. These requirements are designed to meet the needs of an enterprise the size of the state of Georgia and with the criticality of its life-impacting services.
The SCON project involves a full project implementation methodology, including defining the specific requirements for each agency to ensure agency business applications will be able to properly function in the consolidated GETS Hosting Environment (HE). Agencies included in SCON efforts over the last year were the Office of Planning and Budget, Department of Juvenile Justice, Department of Driver Services, Governor's Office and Department of Revenue. Agency teams were directly involved to provide remediation of affected applications by conducting a full test methodology, including user acceptance testing. A total of 132 agency application, database and web servers have been migrated into a consolidated virtualized environment at the North Atlanta Data Center since August 2010. These agencies' migrated servers are currently supported by IBM's steady state team, allowing agencies to focus IT resources on application-related activities.
In September 2011, the SCON team completed a very complex migration of the Department of Revenue's (DOR) Integrated Tax Solution (ITS), which positioned DOR for continued growth of the system. The ITS application performs administration for various types of taxes including sales, withholding, and corporate. The ITS will be described in further detail in this section.
The SCON will save the state dollars. These savings result from the privatization outsourcing contract for IT infrastructure services that is administered by GTA. The net effect of the enterprise server consolidation project will be reduced risk, reduced costs, and
Page 12 of 47

greater financial transparency. A clearer understanding of each application's infrastructure costs will allow agencies to make informed decisions regarding their needs. End User Computing Refresh The GETS program requires our service provider to refresh (replace with new) laptop computers every three years and desktop computers every five years. These refresh cycles match IT industry best practices. The total number of state EUC devices in scope is roughly 36,000. FY 2010 was a year of engagement during which GTA, IBM (the state's infrastructure service provider) and IBM's subcontractor, Dell, formalized the End User Computing Refresh Program processes to effectively engage all GETS full-service agencies. Good progress was made that year, and roughly 1,700 EUC devices were refreshed. FY 2011 has seen continued refinement of those initial processes and a significant acceleration of refresh activity. Approximately 8,800 additional devices have been refreshed, making the total to date roughly 10,500, or 29% of the state's total EUC devices. In FY 2011, GTA and IBM accelerated the refresh plan to ensure all laptop and tablet computers will be replaced before the end of the third contract year. All desktop computers will be refreshed before the end of the fifth contract year. This was a significant accomplishment that will ensure the state realizes the maximum value from the GETS contract. IT Hardware Assets Infrastructure in GETS' scope is about 400 Windows and 1,600 Unix servers.
The GETS program continues to address this diversity in hardware by setting standards for future procurements (for in-scope agencies). For example, GETS has established standards for network, server, firewall, desktop, laptop and tablet computers, and procures them "as a service". This standardization leads to cost savings through consistent support processes, and the combined volume leads to more competitive pricing. Agencies are able to buy
Page 13 of 47

these "services" as needed and easily return devices when they are no longer needed. This approach has been especially beneficial to the state this year as state agencies reduced staff.

Tracking IT Investments

The state of Georgia spends well over $1 billion every year on information technology, including services, equipment, application development, application maintenance, and personnel. However, knowing exactly how much is spent, where the money actually goes, and what taxpayers are getting in return can be difficult to identify. IT expenses are often part of program budgets and are not identified as "IT". There is significant expense insight for in-scope GETS agencies. The reporting process will continue to mature for non-GETS infrastructure agencies.

The General Assembly has charged GTA with compiling information from state agencies about their IT expenditures and presenting a report to state leaders every year (see O.C.G.A. 50-25-7.10). With comprehensive and accurate information, state leaders can make facts-based decisions about the allocation of limited state resources to support technology.

In FY 2011, 80 percent of agencies that are required to submit expenditure reports spent over $1 billion on IT. However, some state entities with large IT expenditures are not required to submit reports, such as the University System of Georgia. The level of agency compliance increased significantly for FY 2011 with 59 required agencies submitting data.

Agency Participation Year to Year

FY 2009 FY 2010

Agencies Required to Report

69

74

Agencies Reporting

54

45

Percentage

78%

61%

Agencies Not Required to Report

16

15

Agencies Reporting Voluntarily

11

5

Percentage

69%

33%

Agencies Receiving IT Services from Another Agency

33

30

FY2011 74 59
80% 15 4
27% 30

Although the number of agencies submitting reports increased significantly, the amount spent on IT was slightly lower than the $1.12 billion reported in FY 2010. Data for some categories were not provided consistently among all agencies, which affect the totals being reported. GTA will continue working to increase both the quantity of agencies submitting data and the quality of data received.

The table below shows the dollars invested in the support of IT operations for the state as reported for FY 2011. It also provides related data to identify an increase or decrease from the preceding year.

Page 14 of 47

GETS agencies, nonGETS services
GETS agencies with GETS services
TOTAL

FY 2009

FY 2010

FY 2011

IT Infrastructure Operations

$26,175,509

$8,123,823

$274,800,000

$172,260,785 $198,436,294

$178,998,843 $187,122,666

Project Portfolio TOTAL

$284,300,000

$163,403,020

$185,495,681

Application Support TOTAL

$383,600,000

$733,292,722

$675,047,739

Aggregated Total

$942,700,000

$1,095,132,036

$1,047,666,086

Year Over Year ($18,051,686)
$6,738,058 ($11,313,628)
$22,092,661
($58,244,983) ($47,465,950)

The changes in IT expenditures between FY 2010 and FY 2011 may not be entirely due to actual agency change in spending but more accurate reporting. The failure of many agencies to report their expenditures may also skew the results.

In previous years, GTA developed projections to fill the gaps resulting from the lack of agency submissions. However, beginning with FY 2011, GTA provided the agencies with more control over their submissions and will no longer use projections but will rely on data reported by state agencies.

Though much progress is being made to improve IT financial management, challenges still exist throughout the enterprise and require attention. In FY 2010, GTA identified some of the challenges in how IT budgets are created, tracked, and mapped to expenses according to state accounting practices. These problems have existed within the state for some time and will require a consolidated effort across agencies to address them. During FY 2011, the data quality problem continued and all efforts are being directed to the quality and accuracy of data each year.

Georgia's leadership needs a clear, complete, and accurate accounting of how state agencies are spending taxpayers' dollars on IT.

Page 15 of 47

Stakeholder Value
Overview
Technology in the state exists to enable government to serve its citizens. Georgia's focus since the implementation of the IT transformation effort in 2008 is to enhance service delivery by improving how citizens connect to their government. Getting the right foundation in place to build upon will be essential to connecting Georgians with their government. The focus continues to be on improving the customer experience and value to stakeholders. In addition to the citizens of the state, the term "stakeholders", in its broadest definition, includes the state workforce, which needs to have increased quality of service from service providers to provide a higher level of service to their customers.
Throughout FY 2011, the state worked to strengthen the governance of the state's IT enterprise. Through greater transparency in IT project management, operations and costs, state leaders are able to make better fact-based decisions about investments in technology. Our commitment is to continue to work with our private-sector partners to transform the state's use of technology through consolidation, virtualization, and integration.
With dependable, modern, and secure technology systems and a strategic partnership between technology and business, we will be able to provide innovative business services and ensure a robust, transparent IT enterprise where decisions are made with the citizen in mind.
E-Government
Although most citizens visit government websites to get information, more and more users are expecting to perform transactions with government online and on mobile devices. Online applications save citizens time, since access is available 24x7. Moving more services to an online model saves government money: Some states estimate that online transactions save 90% of the cost of an in-person transaction. Georgia's infrastructure transformation is putting the foundation in place to build these citizen-focused, online and mobile applications to better serve the citizen's needs.
Georgia state agencies already offer a variety of convenient online services to save Georgians a trip to government offices. These services are available in such areas as employment resources, business and professional licensing, education and training, emergency services, health and medical services, real estate and property, and tax information. View a list of online services.
Although state agencies are moving toward a more robust online presence, having a website with online functionality is simply not enough anymore. The mobile web is booming, and agencies must design their sites to make them readable on mobile phones. Most successful companies now have mobile versions of their applications, but government has not yet followed suit. The state is just beginning to look at developing applications for citizens to download so they can access services anywhere as well as any time.
Page 16 of 47

Online Services
Social Media
The emergence of social media sites such as Facebook and Twitter gives the state an enormous opportunity to inform and interact with its citizens. Many state agencies have already implemented Twitter and Facebook pages, but most exist only as another way to distribute information, such as a news release. However, these social networks can potentially give citizens a new way to talk with government. The state must work toward a social media policy that encourages two-way communication and allows more citizens the opportunity to ask questions and provide input to their government.
Ready Georgia Phone Application
Twenty thousand people have downloaded a new smartphone app that could save lives. Launched by state emergency officials in September 2011, the Ready Georgia app gives users up-to-the-minute information on preparing for disasters such as tornadoes, hurricanes, and flooding. It also helps in the event that a disaster occurs. The geo locator in the app sees the user's location and delivers a warning. When an alert comes up, it asks users if they are okay and gives instructions appropriate to the type of disaster
The free app also gives information on evacuation routes, shelter locations, and public health outbreaks. A function allows users to make a checklist of supplies needed in the case of an emergency. The app, which runs on both the iPhone and the Android smartphone, can be found at http://ready.ga.gov/mobileapp. It was funded by a grant from the Centers for Disease Control and Prevention awarded only to Georgia, New York and Louisiana.
GETS Managed Network Services
The state of Georgia's managed network services provider, AT&T, has enhanced the Internet redundancy and security posture for all state of Georgia GETS customers. By installing redundant connectivity in two major southeastern cities, the state now has full WAN failover capability for the first time. Along with this redundant connectivity, AT&T installed state-of-the-art security protection at each of these facilities to guard against malicious Internet attacks.
DOR Integrated Tax System
The development of the Integrated Tax System (ITS), which began in September 2008 with the sales tax component, is designed to consolidate 23 separate Department of Revenue (DOR) tax systems into a single system. The system provides business and individual taxpayers with a secure electronic self-service system to access registration, file returns, make payments and review up-to-date account information. Instead of having to use various databases, taxpayers and DOR employees now have access to tax information for more efficient and comprehensive service. The ITS makes the processing of business and individual tax matters easier for filers and the state. Other completed projects within the ITS improve management of withholding taxes, corporate taxes and individual taxes. All of these functions were completed on time and within budget. Currently more than 11,625,000 accounts are managed in ITS.
Page 17 of 47

Business and individual taxpayers can now sign up to access the Georgia Tax Center (GTC), http://gataxinfo.org, the customer face of the ITS, to submit and amend returns, update account information, view account balances, make payments, appeal assessments and view correspondence. In addition, businesses can use GTC to report sales and use taxes, employee taxes withheld and international fuel taxes.
The ITS will result in improved accuracy of returns, automated payments of taxes and assessments, a free paperless way to do business with DOR and improved data security. An additional benefit is a reduction in the number of servers from 57 for the old systems to 12 for ITS. This decrease of almost 80 percent saves the state valuable dollars and energy resources. Fewer servers will improve compliance with federal regulations regarding the disclosure and storage of tax information. This use of technology also has improved the system for counties receiving their real-time share of state sales tax dollars. Reducing the number of tax payments that are prorated results in improved cash flow.
The rollout of the ITS will continue in 2012, with the addition of functions for motor fuel tax submission, alcohol and tobacco licensing and filing, excise tax submission and contractor licensure and bonding.
DCH Medicaid Management Information System
The Medicaid Management Information System (MMIS) is the claims processing and information retrieval system required for all states. The mission of MMIS is to support the Medicaid business functions and maintain information in such areas as provider enrollment; client eligibility, including third party liability; benefit package maintenance; managed care enrollment; claims processing; and prior authorization. Department of Community Health (DCH) MMIS computer systems process Medicaid and PeachCare for Kids claims.
In March 2008, Electronic Data Systems, now known as Hewlett-Packard Enterprise Services (HPES), was awarded the contract to design, develop and implement a MMIS that would meet the growing needs of Georgia's Medicaid program. In 2009, HPES was awarded the contract to serve as the fiscal agent for Medicaid. Immediately thereafter, HPES began converting seven years' worth of historical data.
The preparations for conversion included developing extensive test plans touching on all aspects of business operations. Additionally, both DCH and HPES prepared both operational and business continuity plans in the event that claims processing and payments were delayed for any significant period.
In 2010, HPES also conducted numerous provider training sessions. At these sessions, the providers also met the new HPES field representatives. DCH and HPES communicated the change to the providers through multiple communications channels such as banner messages, provider associations, the provider newsletter (FOCUS), podcasts, emails and the Provider Readiness portal.
The system went live on November 1, 2010, to 40,000 providers. The cost for the new system was approximately $390,000,000.
Below are the benefits of the new system to providers and DCH:
Once providers submit their claim, the claim will be paid that week.
Page 18 of 47

Providers can follow up at any time on claims status for both paper and electronic claim submissions.
Providers can go online to determine eligibility before providing the service, thereby preventing fraud and waste.
Online provider enrollment and service authorization save time and money. Online training is available. Remittance Advice (RA) vouchers are accessible online. Policy changes can quickly be updated on the system. MMIS will adjudicate claims according to a fixed weekly payment cycle. Many clerical steps required for paper claims processing have been eliminated. MMIS will better help DCH prevent fraud and waste. MMIS is highly adaptable to new business requirements and can be reconfigured
quickly.
Georgia Superior Courts eFiling
The Georgia Superior Court Clerks Cooperative Authority was established in 1993 with the legislated mandate of implementing and administering a statewide central index for UCC filings. Georgia was the first state to have a centralized index. Since its establishment, the authority has not only fulfilled its original purpose, but also has accepted additional projects at the request of other agencies and the Georgia General Assembly. These projects include administering a statewide index for real estate and personal property records, maintaining the central database of notaries public, and administering a statewide database on civil case filings.
The authority has developed and implemented eFiling programs in cooperation with the Superior Court Clerks of Georgia in an effort to improve the technology of the Superior Court Clerks offices and to find new ways to streamline the document filing process at no cost to state or local government. According to its charge and legislative mandate in OCGA 15-6-94, the authority is to "develop, acquire, and distribute record management systems, information, services, supplies, and materials for superior court clerks of the state." The authority recognizes that the adoption and use of electronic filing technologies may vary from county to county. Therefore, a county's participation in Superior Court Clerks portal is voluntary.
Currently, the authority offers electronic filing for the PT-61 Real Estate Transfer Tax (RETT) filing process, UCC, Real Estate, Lien, Civil Case, and Child Support documents in participating counties. Information on all the systems can be found at http://www.gsccca.org/efiling/default.asp. Registration on the site is free. A complete Filer Guide which takes the user step-by-step through the registration and filing process is available under the Support tab. Once registered, users may begin filing immediately.
The authority also has a premium search capability for the PT-61 Real Estate database. The search allows for several different searches and views of the results. The premium search function as well as a description of its functionality can be found at http://www.gsccca.org/search/PremiumOverview.
More information about the authority can be found at http://www.gsccca.org.
Page 19 of 47

IT Telework Support
The state's IT transformation included an initiative to replace the way that the state of Georgia allows remote access into the state network. The Managed Remote User Service Internet Protocol Security (MRS IPSec) Project began December 2010 and was completed in July 2011. The MRS IPSec's primary purpose is to support the various teleworking needs of state agencies. The MRS IPSec is a client-based service using the AT&T Global Network Client and allows access to the Georgia agency networks via the Internet. A two-factor authentication token-based security option is also provided for agencies that require another layer of defense to prevent unauthorized users from gaining access to agency networks.
AT&T, one of the GETS service providers, identified MRS IPSec service requirements and developed a plan for a new service. AT&T addressed security compliance and internal requirements prior to transforming the IPSec Virtual Private Network (VPN) environment and migrating it from IBM, another GETS service provider, to AT&T. AT&T assessed the GTA and agency environments to ensure a seamless transformation to the new platforms. Device types, applications, authentication mechanisms, and transport types were evaluated. Where feasible, current processes and procedures were maintained.
AT&T successfully implemented Virtual Routing and Forwarding (VRF)-aware IPSec configuration to control traffic isolation on the routers for multiple state agencies and Hot Standby Router Protocol (HSRP) for redundancy at the Georgia Department of Revenue, the Georgia Department of Community Health, the Georgia Bureau of Investigation, the Georgia Department of Human Services, and the Georgia Department of Behavioral Health and Developmental Disabilities.
AT&T's MRS IPsec uses two different types of VPN access to provide secure connectivity into the GTA core network from the Internet or resources located at other state of Georgia network sites requiring end-to-end client encryption. This connectivity is accomplished through either a managed IPSec service or the AT&T Secure Sockets Layer (SSL) VPN platform. The two platforms allow agencies flexibility depending upon the security, remote worker environments, and application requirements.
The SSL VPN solution is primarily built around the requirements of the Georgia Crime Information Center (GCIC) network and applications. The solution deployed for the IPSec remote users will also be leveraged for GCIC Metro Header sites. Therefore, additional security compliance regulations apply to the solution to maintain Federal Information Processing Standard (FIPS) 140-2 compliance. This requirement added complexity to managing and provisioning equipment for the service.
During the IPSec assessment and evaluation, AT&T collected information from each agency about the IPSec implementations and any encryption standards required by regulations. AT&T is using the information to rationalize the implementation of IPSec for users and determine if IPSec clients or SSL VPN client-less access will be used by the agency. AT&T is leveraging information gathered by IBM about the various VPN solutions to determine user counts and authentication mechanisms for each IPSec deployment. This information will allow AT&T to make recommendations to agencies about the appropriate remote user technology and determine the sizing of the IPSec environment moving forward.
Page 20 of 47

Business & IT Integration
In Georgia state government, challenges remain on how best to seamlessly bring both the agency business directives and information technology planning together to effectively meet the goals and objectives of the state. In many organizations today, the business operations are responsible for providing the entity's direction while the information technology operation is responsible for providing and delivering the best technical solution to support that direction. Information technology thus becomes the support arm to the business, not particularly the driver. According to Gartner, changes in the role of IT will help to ensure that IT interests are addressed within the strategic planning function ("The Future of EA in 2020: EA is Integral to Strategic Planning," Betsy Burton, Philip Allega and Brian Burke, November 2011, Gartner). GTA is working to shift the role of IT to better support the needs of the business.
There are several attributes that support good alignment for the best uses of technology. These best practices include:
Clearly defined business objectives and performance measures Business owner and stakeholder involvement in decision making Good communications across all levels of the organization and throughout activities Jointly developed requirements that include business and technology considerations Budget and schedule estimates that are tracked and refined Business owner understanding of the resources needed to apply IT to business Consistent communications
GTA continues to make great strides in promoting these best practices through recent partnership activities:
Chief Information Office (CIO) GETS and Non-GETS Councils Agency Advisory Council CIO IT Roadmap workshop activities CIO Strategic Alignment Survey Strategic planning workshop Business Council 2012
In today's business environment, the distance between business and technology is quickly fading. Success in business operations are more closely linked to technology today than at any time in recent history, and the dependency between the two is growing.
Strategic Planning for IT in Georgia
How is Georgia preparing for the growing dependency between business operations and technology?
To answer this question, strategic planning for IT in Georgia is being advocated like never before. The State CIO continues to champion and challenge business leaders to look at technology as a strategic enabler. Moving forward, GTA is attempting to shift the state paradigm from looking at IT as an expense to that of an investment. Throughout state government, agencies are facing the reality of tightening budgets, which is causing them to set priorities and make decisions on how funding will be allocated. Planning becomes a vital
Page 21 of 47

part of that effort. When this occurs, there are three primary objectives for strategic planning for IT:
Understanding agency business need Understanding IT capability currently or soon to be available Marrying business need to IT capability
GTA plays an important role by ensuring the right information about technology is provided to agencies and the Governor's Office of Planning and Budget (OPB) during the annual strategic planning process.
Because Georgia's IT strategic planning process is integrated with the broader strategic planning process owned by OPB, GTA relies on the timely and accurate submittal of agency strategic plans to OPB. Georgia's IT strategic planning is designed to provide decision makers with better information to make better, statewide IT decisions for Georgia. It also provides information to individual agencies that may help them better support their business objectives with appropriate technology.
In addition to receiving information submitted to OPB, GTA works directly with agency technology leaders and our external service providers to define the technology plan for the state. Our service providers are industry-leading experts in computer services and managed network operations.
Strategic planning for IT provides value to Georgia in three ways:
1. Statewide IT strategic planning helps identify needs shared by multiple agencies early on to avoid multiple instances of the same systems or applications. Understanding shared needs also allows pooling of resources and reduced cost through enterprise-wide economies of scale.
2. It provides a forum for sharing and discussing IT best practices. This can help agencies be more efficient in achieving their business objectives.
3. Georgia's IT strategic planning process also allows agencies to take advantage of IT expertise at a critical point in business planning. Many agencies can't afford the range of IT expertise needed to leverage emerging technologies to achieve their vision.
While strategic planning for IT consumes very few GTA resources, it is essential for Georgia to become more efficient and to sustain the gains it achieves.
Strategic Planning Results for FY 2012
At the end of the FY 2012 planning cycle (planning for FY12-14), GTA reviewed approximately 30 agency strategic plans provided by OPB through the state strategic planning process. We noted IT-dependent projects that were identified during the process. We also examined agency strategies to identify any additional IT dependencies. We use IT dependencies to identify potential problems within agencies and to find multiple instances of similar efforts that cross agency bounds.
The FY 2012 strategic planning process was moved back to allow for the transition of the new Georgia governor. As a likely result of the transition to the new administration, agency strategic plans are generally less complete in terms of identifying the IT dependencies of
Page 22 of 47

specific agency strategies. OPB is now focused on strategic planning and an enterprise strategic planning improvement effort led by OPB, and involving GTA and other enterprise service agencies, is underway.
By comparison, analysis of agency strategic plans in FY 2011 helped clarify how agencies depend on IT to contribute to Georgia's strategic objectives. An analysis of last year's data revealed that several agencies were planning to implement similar technologies within the strategic planning cycle (three years) and GTA is working with affected agencies to take advantage of economies of scale on these projects. Some agencies had also planned individual development activities that are better developed or hosted outside of the agency for security, durability or economic reasons.
For FY 2012, an analysis of selected agencies provides the following observations:
The majority of agencies do not communicate the dependency of agency objectives on information and communications technologies.
For about two thirds of agencies, planned spending on future IT projects is either much higher or much lower than actual current spending on IT critical projects. While this could reflect funding changes, it is more likely an artifact of a lack of rigor in aligning strategic activities with IT investment.
Improvements in citizen access to services, generally through better online access, is a common theme for agency IT efforts. There is also a significant interest in providing access through mobile devices such as smartphones and tablets.
Several medical information systems (or medical records systems) are under independent development in three or more agencies. Anticipated spending for these systems is relatively high.
The tracking of planned activity on agency applications remains difficult based on information submitted through agency strategic plans. GTA will need to work with agencies to define appropriate application information and ensure this information is incorporated into the agency strategic plan.
For the state of Georgia to connect citizens to government, we will continue to find ways to close the gaps between what the business expects and what IT delivers.
Collaboration
The private sector continues to offer an increasing number of innovative, online and mobile services to its customers. These services benefit customers by providing greater convenience and speed of service delivery, and it is less expensive for businesses when customers take advantage of these self-service options.
That citizens increasingly expect this same level of customer service from state government is no surprise. Meanwhile, the historic pressures on agency budgets are leading to greater pressures on technology to support more cost-effective ways of doing business. Unfortunately, barriers in the state's IT enterprise must be overcome before these expectations can be met.
One of the first barriers an out-of-date, insecure and unreliable IT infrastructure is being addressed by the Georgia Enterprise Technology Services (GETS) program. GETS is
Page 23 of 47

transforming state government's IT infrastructure through a partnership with IBM and AT&T, two of the world's leading providers of technology services.
Redundant IT systems are being consolidated and upgraded with new, more reliable equipment. For example, separate e-mail systems in 12 participating agencies are being combined into a single system that's more reliable and cost-effective to operate. Recent upgrades to the state's data network have resulted in a 100 percent increase in capacity; as examples:
Agencies that previously could not watch webcasts of legislative sessions are now able to do so from their desktop computers.
Agencies that could not utilize virtual meetings, including video, are now able to do so.
Remote offices are now able to share document images and many other innovative technologies that increase employee productivity but require greater bandwidth.
Consolidation is leading to "IT as a utility" in state government. Freeing agency IT staffs from "keeping the lights on" will enable them to focus on greater integration and data sharing among state agencies a second barrier to innovative service delivery.
Examples already exist, but far more remains to be done. For instance, whenever someone applies for a fishing or hunting license from the Department of Natural Resources, the database at the Office of Child Support is accessed to determine if the applicant pays child support. If the applicant is behind on payments, the hunting or fishing license is denied.
Getting agency business leaders and agency IT staffs to work together as strategic partners is a third barrier to innovative service delivery. GTA continues to work with agencies to share data in order to improve the services provided to agencies and their customers.
GTA launched an initiative in 2010 to improve the integration of agency business planning with agency technology planning. Two councils were formed one for agency chief information officers and another for agency business leaders. GTA worked with the councils to identify gaps in how technology and business work together within their respective agencies. GTA also sponsored an information session that brought the two councils together to learn about private-sector best practices for integrating business and technology planning.
For 2011, business and technology leaders are following a set of activities to improve their collaboration while GTA is monitoring their progress and providing assistance as needed.
Our goal is to make sure business and technology leaders are at the table together when making decisions about strategic directions for service delivery. This level of integration and collaboration will go a long way toward providing Georgians with the fast, reliable and convenient services they expect and deserve while constraining the cost of delivering those services.
Collaboration includes working with our agencies' customers to assist with and provide oversight of high impact statewide IT projects. The overarching goal is to ensure these projects result in value to the state. GTA is fully engaged with agencies on how to better manage these projects. Some of our engagement projects during 2011 included the Department of Community Health, Health Information Exchange and Medicaid Incentive
Page 24 of 47

Program; the Department of Revenue, Integrated Tax System Project; and the Department of Public Health, Babies Can't Wait Project.
In addition, GTA projects, such as the GETS Program and the Broadband Mapping Program, are improving because of the project management tools and expertise that we apply to these projects to ensure their success in such areas as cost, schedule, and performance. Governance and portfolio management of projects are great tools to ensure good stewardship of state resources.
Broadband
Broadband is another area where Georgia is taking a significant step in collaborative partnerships that leverage economic development opportunities in the state. Several carriers are moving forward with new deployments of 4th generation technology systems, and there is an explosion in mobility applications for businesses and individuals. It is clear that partnership and collaborative efforts that lead to good governance structure will be the new model for successful broadband expansion and adoption.
GTA has engaged with regional commissions, municipalities, citizens and state agencies to provide technology expertise and information to help develop technology solutions. The program areas below outline GTA's dedication to our collaborative approach and how they will continue to add value to the state.
Through a $5.2 million grant from the U.S. Department of Commerce, GTA has engaged with state regional commissions, municipalities, citizens, and other state agencies to provide technology expertise and information to help develop technology solutions through one-one-one engagement, and through information sharing on at www.georgiabroadband.net.
We are committed to expanding and fine-tuning these important, collaborative partnerships that we believe will result in benefits to citizens, cost reduction, economic development, and improved processes.
Georgia Science and Technology Commission
Collaboration between the public and private sectors is seen as pivotal to promoting science and technology in Georgia. Senate Resolution 68, passed by the General Assembly in the 2011 legislative session, created the Science and Technology Strategic Initiative Joint Study Commission, which is comprised of representatives from sectors. Its goals are to:
Inventory Georgia's existing science and technology assets to determine strengths and weaknesses
Review state and national policies to determine best practices and lessons learned for advancing the science and technology sectors
Recommend content for a strategic science and technology plan, the state's first such plan
Recommend actions and legislation
To learn more about the commission and its activities, visit www.scitechplan.georgia.gov.
Page 25 of 47

IT Governance and Risk Management
IT Governance
During FY2011, the state is making significant progress in the governance of its technology enterprise. Several strategies have been adopted in recent years to assure greater success for technology projects. We are seeing positive results from those efforts, which include greater oversight by state leaders of high-dollar initiatives.
There is still progress to be made in how the state makes decisions about technology investments. Many times decisions are reached without adequate information to understand the potential costs, risks, and impacts of new technology solutions. We have worked to ensure that investments are implemented efficiently, but we now need to focus on whether those investments deliver the services and benefits needed by the state.
GTA is working with business and technology leaders in state agencies to improve their collaboration. Our goal is to make sure these leaders are at the table together when making decisions about strategic directions for service delivery and new investments. We are eliminating barriers to their collaboration. We are shifting the thinking and focus from "how to keep the lights on" to enabling business services with technology. One recent example is where individual agencies invested in time-tracking software. After seeing the patterns emerge, GTA was able to find a collaborative, enterprise approach that will save all agencies dollars in future support costs, while providing an easier and less-costly path for other agencies that want to take advantage of the enterprise solution.
Going forward, the state needs to improve its management of the business applications supporting critical agency services. Agencies invest more on the development and support of their business applications than any other category of technology expenditures. However, the evidence points to a lack of adequate lifecycle management. We need to do a better job of system lifecycle planning upfront for new systems, upgrades to existing business applications, and even their eventual retirement or replacement.
A strong governance program for the state's IT enterprise will ensure the best decisions possible are being made about investments in both technology infrastructure and services in support of the business and Georgia's citizens.
Enterprise Performance Life Cycle
Enterprise Performance Life Cycle (EPLC) provides guidance to agencies in Georgia state government in their management of technology investments in order to achieve consistently successful outcomes that maximize alignment with enterprise-wide and agency-specific goals and objectives. Successful IT investments need reasonable baselines established, sound management practices in place, stakeholders involved, and outcomes evaluated, measured and controlled.
GTA approaches the management of IT initiatives with an enterprise perspective. By managing and governing its investments from an enterprise perspective, Georgia will be in a better position to take advantage of economies of scale, common needs, data sharing, and alignment to overall business strategies. State agencies manage and govern their IT investments using common practices and methods which support integration,
Page 26 of 47

accountability, and transparency. The enterprise perspective also improves compliance with legislative and regulatory requirements. EPLC is focused on the lifecycle of IT investments. The state of Georgia uses IT investments to support multiple policies and programs across agencies. The EPLC framework applies to all state agency technology investments and initiatives, including but not limited to, new projects, major enhancements to existing applications, steady state systems, new Commercial Off-the-Shelf (COTS) product acquisitions, 'Hosted' or Software-as-a-Service (SaaS) solutions, and infrastructure projects. IT investments include desktop and laptop computers, application software, and computer systems interconnected through statewide networks. EPLC includes three processes and seven stages with associated responsibilities, exit criteria, deliverables, and reviews for each process and stage. The EPLC framework supports the following GTA standards: Performance Lifecycle Framework, SM-10-006, and Performance Lifecycle Management, SM-10-007. With so many systems spread across the state enterprise, the state needs a comprehensive way to view these investments and to ensure they are being planned, built, and run in a manner that best utilizes the scarce resources of the state on behalf of Georgia's citizens.
Page 27 of 47

To provide guidance for enterprise-wide investments in technology, it is necessary to organize the investments at the key points of decision making. We start by segmenting investments into three key processes in their life cycle:
Plan - Are we investing in the right things? In this process, we organize to determine whether to make the investment. The outcome of this phase is a determination of whether this initiative has the prerequisites and the potential to make the investment of time, resources, and funds worth the benefits that will be realized once it is complete. For grant-funded projects, it is imperative to understand the cost once the grant concludes and whether the state is willing to commit in principle to the future funding to sustain the ongoing cost of the initiative.
Build - Are we doing them the right way and doing them well? In this process, we organize to determine whether the investment is adequately tracking to a successful deployment and whether it will generate the benefits defined in the Plan Process. The outcome of this process is a determination of whether this initiative has the prerequisites and the ability to run and operate based on the services defined.
Run - Are we getting the benefits expected? In this process, we organize to determine whether the benefits are worth the ongoing investment or cost in the time, resources and funds. The outcome of this process is a determination of whether this ongoing investment has a justifiable benefit for the costs of operation.
Reducing Risk
While information technology represents more than $1 billion of the state's $18 billion budget, these systems often provide vital functions and support critical services within state agencies for our constituents.
At one extreme, when these systems fail, they can cost people their lives, their livelihood, or impact their lives in other significant ways. But many small failures can have cumulative effects leading to significant service and performance issues:
Redundant systems waste precious funds. Archaic systems require expensive resources to maintain. Viruses disrupt work. Lost data can generate onerous fines and weaken the public's trust in its
government. Non-integrated systems cost people's time. Badly managed projects hemorrhage budgets and workloads. Improper procurements can leave a legacy of contractual issues for years.
And yet, these are all risks that we know how to manage and control.
The state's decision to centrally manage a large portion of its technology infrastructure through a partnership with private-sector service providers is leading to significant risk reduction in our IT enterprise. There have also been parallel efforts to mitigate key risks to the state in four critical areas:
Security We have created, deployed, educated and trained agency security officers on a framework to secure state data and systems.
Business Continuity We have conducted business continuity and disaster recovery exercises to test our capabilities and to understand the gaps.
Page 28 of 47

Planning We have conducted technology strategic planning for all agencies in concert with the Office of Planning and Budget (OPB).
Project Management We are continuing efforts to mature project-management capabilities throughout the state enterprise to ensure maximum return on IT investments.
While there has been progress in assuring basic and essential services to Georgians, we still have significant risks and gaps:
Most agencies have not properly identified their critical systems and many have an incomplete list of sites they support.
Technology procurements still have problems with timeliness and use of consistent processes.
GTA provides risk management for Georgia's data and information systems to ensure security, privacy, reliability and protection of the state's investments. The gap in agency preparedness is a primary concern. Agency management must put a higher priority on planning and assuring and protecting the systems and data used to provide Georgia's citizens with critically needed services. GTA continues to assess, measure and report on state agencies' performance in providing programs to effectively reduce information technology risk.
Information Security
The protection of Georgians' private information in the possession of the state is a primary focus of the state's information security program. Since the creation of a new information security program in 2008, Georgia has seen a reduction in both the number of reported incidents and citizens affected.
Chart 1: Number of citizens notified due to a state security incident.
This progress is extremely important as the state only notifies citizens when a citizen's information has been accessible by unauthorized people, creating a situation where those citizens are susceptible to identity fraud. While there has been definite progress, even the results in 2011 leave room for progress.
Page 29 of 47

Information Security Program Structure Georgia's information security program consists of over 60 agency-level programs operating under the policies and standards established by GTA. In 2008, GTA adopted the risk management framework (RMF) created by the federal government as directed by the Federal Information Security Management Act (FISMA) of 2002. As such, each agency is responsible for using the RMF for each of the information systems it operates.
Chart 2: FISMA implementation progress for high and moderate impact systems.
Since the adoption of the FISMA RMF, GTA has collected reports from agencies on an annual basis to measure their progress at implementing the RMF. FISMA divides systems into three impact categories based on the potential impact (damage) should a worst-case security incident occur. GTA has asked agencies to first focus on those systems with the potential for the most damage, called high impact, followed by those in the moderateimpact group. Collectively, these systems have the potential to cause serious damage or worse to either the state or its citizens. As the chart shows, agencies reported operating fewer systems in 2011, but they also reported fewer systems with security plans (instructions to those operating the system for appropriate security controls) and even fewer independent assessments (assessments of the effectiveness of the plans and their implementation). This lack of progress after four years has led to some changes in GTA's approach to information security. GTA's New Approach to Information Security GTA's Information Security Office has started to conduct Program Reviews for Information Security Management Assistance (PRISMA) for all state agencies, starting with those agencies with the most sensitive information. These reviews are delivered to agency senior
Page 30 of 47

management and include a roadmap for agency compliance with federal and state information security requirements. These reviews will not improve the security of the state, but hopefully agencies will be able to find the funds necessary to execute these roadmaps and improve their information security posture.
Along with the PRISMA reviews, GTA has worked with the State Personnel Administration, the University System of Georgia, and some outside consultants to develop a set of job descriptions and low-cost classes for agency information security personnel. These classes qualify for continuing education credit and target many of the knowledge and training issues identified within the state.
GTA is also looking for new, proactive measures to protect its citizens' privacy while enabling the state's agencies and businesses. One such method was to join the state's Fusion Center and commit to creating a cyber-security capability in support of the center. In this capacity, GTA staff will analyze cyber-threat information and produce alerts and warnings for state agencies as well as other parts of the state, including certain elements of the private sector, thereby enabling them to better protect themselves from cyber threats.
A final, proactive solution is the development of the Georgia Privacy Credential. This credential targets protecting Georgia's citizens while enabling Georgia's businesses. It is based on the federal government's PIV-I program created by President Bush's Homeland Security Presidential Directive 12. This is a voluntary program targeting the elimination of identity fraud while enabling our citizens to conduct Internet transactions with confidence.
Business Continuity
Services provided to Georgia citizens are growing more dependent on technology and the processes that support those services. As a result, they become more susceptible to interruptions of support utilities such as electricity, water, or network access. It is likely that the lives of Georgia citizens will be impacted by a failure of some key state service, but with the cooperation of all state agencies, GTA can help to minimize the threat of disasters.
Organizations both public and private use business continuity planning to identify which functions are essential and how soon each essential function must be available to avoid unacceptable loss due to a service interruption. Once business continuity planning is complete, planning for re-establishing infrastructure as outlined in disaster recovery planning may proceed.
GTA is charged with providing guidance for Business Continuity Planning (BCP) for the state. Today, Georgia agencies are conducting continuity planning, but many have not identified and set priorities for the recovery of their key functions, the personnel who support these functions, or where these functions should take place if the main agency location is inaccessible. Moving forward, additional emphasis will be directed toward ensuring the readiness of critical state business in preparation for prolonged service interruptions. State agencies must become better prepared for all types of interruptions, both manmade and natural.
BCP activities within agencies need to increase. These activities will ensure that each agency in Georgia can survive and continue to conduct business in the event of service interruptions. Minimizing the interruptions and data loss will save the state money and reduce the impact on Georgia citizens and businesses.
Page 31 of 47

GTA continues to assist agencies in their planning and coordination efforts to build solid and viable business continuity plans. By providing a single-resource subject matter expert (SME) to assist agencies throughout the entire business continuity planning process, GTA has been successful in developing a framework for business continuity management for the state that all enterprise agencies can easily follow.
GTA funds a standard set of hosted BCP tools that are available for use by the enterprise and are free of charge. These tools are available on a 24/7/365 basis. In addition, GTA has:
Assisted eight agencies with the creation of their crisis communication plans Assisted five agencies in the successful testing of their call lists using the emergency
notification system tool Led, guided, and directed a successful test of eight agency crisis communication
plans using the Emergency Notification System tool Provided, facilitated, and conducted the following workshops:
o Resilient Accord Continuity of Cyber Security Operations; attended by 30 agencies
o Determined Accord Pandemic Preparedness; attended by 28 agencies o Overview of Federal Continuity Directive 1 (FCD1) and Continuity Guidance
Circular 2 (CGC2); attended by 25 agencies Partnered with the Federal Emergency Management Agency (FEMA), Department of
Homeland Security (DHS), and the Center for Disease Control (CDC) to conduct a Pandemic Determined Accord tabletop exercise Attend FEMA Region IV conference calls and meetings Other GTA activities include:
o Conducting two successful crisis communication tests using the emergency notification system that GTA provides to agencies free of charge
o Hosting a monthly Business Continuity and Disaster Recovery workgroup meeting made up of state of Georgia business continuity planners and coordinators
Without proper preparation, agencies will not be able to ensure continuity of business to support Georgia citizens in the event of an emergency. Georgia needs to devote more attention to assuring that key services that citizens rely upon can be sustained if a prolonged outage or service interruption occurs. GTA will continue to promote and foster business continuity planning methodology, framework, and processes, which help to ensure the continuity of business operations within the state.
Business Continuity and Disaster Recovery
Project Assurance
In government, four out of five technology initiatives will fail or not fully deliver on their initial promise. In the last five years, the state has invested over $450 million in large technology projects which, based on industry trends, had a risk of costing the state $212 million more than planned and delivering only 79 percent of what was requested, with 29 percent of these projects cancelled outright.
The state of Georgia has significantly improved on the success rate of technology project delivery through training, education, and consultative support. These efforts have included industry-based standardized approaches to project management, better tools, better
Page 32 of 47

communication, and oversight of the largest, most complex and critical projects in state government. Project assurance is one of the most important tools the state has implemented for project delivery effectiveness, and it has significantly improved success rates.
Higher return on investment for projects
Project assurance is a structured review of technology projects to evaluate and determine how they can be successful. Project assurance looks at project organization, sponsorship, plans, risks, issues, change, dependencies, resources, and processes to determine how well they are being executed in the context of the specific project, and then makes recommendations to mitigate risks. It does not conduct quality assurance of project deliverables but is concerned with the way projects are being managed. It provides line management with an independent view of the project status and makes recommendations as needed.
Independent Verification & Validation (IV&V)
Some projects that are large and complex represent a critical risk to the business of the state and require extra care in their project assurance. In these cases we use Independent Verification and Validation (IV&V). The key difference with IV&V is the emphasis on "Independent". GTA procures independent, third party assurance services to perform project assurance for the largest and most critical technology projects. Each of these vendors has been vetted for their high-level expertise in project management practices and industry expertise. This approach to project assurance ensures that industry best practices will be incorporated into the project effort, project issues and risks will be identified and addressed early, and project decisions will be based on verifiable data. Using independent vendors to deliver confirmed facts and data to key decisionmakers improves the state's effective return on IT investments by reducing project failures, by increasing the percentage of projects that are delivered within budget and schedule, and by more closely aligning projects with business priorities and strategy. The primary objective of IV&V is to provide an objective assessment of products and processes throughout the lifecycle of a technology project.
Industry practice dictates that IV&V services be provided by organizations that are technically, managerially, and financially independent of the development project. An assessment of the IV&V practice in 2008 estimated a savings of $29.6 million on a cost of IV&V services of approximately $2.1 million.
Page 33 of 47

IT Financial Management
Overview
Over the last three years GTA has transformed how it provides services. This has resulted in a new approach to financial management that brings greater transparency to most Georgia agencies. Agencies that purchase services through the GETS (Georgia Enterprise Technology Services) program better understand the cost of services and are able to make more informed choices about technology.
Through GETS, GTA has created a sustainable IT model for the future. The GETS business case for the IBM and ATT contracted services provides Georgia leadership with a sustainable model for IT fiscal oversight and projects the state will save $181 million over the life of the contracts with its service providers.
Further, through this long-term partnership, the state is making investments in technology that we could never make on our own. Through IBM, we are investing $184 million in our infrastructure, and through AT&T, we are investing $99 million in our network. Through GETS, financial transparency provides GTA the ability to track against its original business case assumptions to measure the financial benefits of privatization. This type of analysis was previously not possible.
With the ability to see the consumption and cost for all GETS services, usage, and trend analysis by type of service is now possible. For GETS customers, we can now see total usage and spend detail for each type of contracted service, such as End User Computing, Mainframe, and Voice Services. As more state entities purchase IT services through the GETS program, GTA will be better able to provide more enterprise and statewide IT financial data than ever before.
What the state is doing
GTA has embarked on a long-term transformation that will align state government's IT enterprise with the needs of many of Georgia's largest agencies. The transition began with infrastructure and managed network services, areas that presented the greatest risk to Georgia and its citizenry. As we move forward, we will shift focus to IT governance and risk management.
We seek to improve access to agency IT financial information to provide a clearer understanding of how resources are used and to provide recommendations for IT investments to Georgia leadership. Improving IT fiscal oversight comes with challenges due to limited visibility into IT cost that is outside the scope of GETS services.
The challenges to IT financial management are many:
Budgets are broken down into object classes and account codes not specified by the Office of Planning and Budget (OPB); as a result, it is nearly impossible to understand how agencies anticipate spending funds on IT and breakdown IT spending in advance.
The responsibility for tracking IT budgets and IT spending are outside of GTA. Not all non-state (including federal) funds are included in the annual budget. The state does not govern detailed quality of budget and spending tracking.
Page 34 of 47

OPB and the State Accounting Office have separate, manually entered versions of budgets.
OPB uses a separate tool, BudgetNet, for capturing budgets that must be synchronized with PeopleSoft in a semi-manual process.
Why we are taking this action
The actions we are taking to improve financial management of IT in Georgia may seem obvious to the outside observer. Consequently, the more appropriate question might be, "Why now?" Transforming the delivery of IT services to state agencies, although disruptive and difficult in the short run, provides the opportunity to make significant changes in the way we track finances. We expect to see improvements in transparency, reduced redundancy and greater economies of scale.
Through GETS, financial transparency provides GTA the ability to measure the financial benefits of privatization. This type of analysis was previously not possible. This new approach provides the ability to see the consumption and cost for all GETS services and to perform usage and trend analysis by type of service.
What is the benefit of this action?
Improving IT financial management is resulting in better decision making with a consolidated enterprise view of IT finances. There is value in understanding the cost of implementing and using IT. Consolidating fiscal oversight also allows for the identification of duplicative spending across agencies. The benefits of these improvements are more effective IT spending and ultimately more efficient government for Georgia. Some other benefits of improved financial management are:
Better decision making (e.g., about 70% of IT cost is not related to agency headcount)
Less duplicated spending Better transparency in cost and benefits of services Ability to view IT resource consumption in a standardized, enterprise approach Market-based delivery of MNS and infrastructure services Ability for the Office of Planning and Budget (OPB) to validate and provide oversight
into GETS services Better understanding of the factors driving IT consumption Better ability to map expenses to budgets for GETS services OPB is provided with information concerning agency IT usage and Agencies now understand the costs of services in better detail and can make more
informed choices about how much IT service they actually need
Where we are headed with IT financial management
While we have gained some significant advantages from a service-oriented approach to financial management, there are opportunities for further improvement. We will pursue additional benefits as follows:
GTA currently has a limited view of financial information about services that are not provided through the GETS initiative. With more uniform use of enterprise-wide
Page 35 of 47

financial systems, we would be able to have better understanding of IT spending across state government. Increased and more accurate reporting of IT financial information through the State IT Annual Report Better processes for associating planned budgets and actual expense Better understanding of application spending across agencies will allow better decision making at the state level Better reporting of all IT usage (in addition to the detailed information we are collecting from GETS agencies) will allow better state-wide decision making For more detailed information about GTA recommendations for consolidated IT financial management, see "Consolidated Enterprise IT Fiscal Oversight Assessment", GTA Finance, April 7, 2010.
Page 36 of 47

IT Road Map
Overview The Enterprise IT Road Map is critical to the direction of IT for the state of Georgia. The State CIO's responsibilities include not only assisting with the strategic day-to-day IT operations of the state, but also establishing an IT vision and mission for the state. The state of Georgia's IT vision is "To create a transparent, integrated enterprise where technology decisions are made with the citizen in mind". In support of this vision, the Georgia Technology Authority's mission is "To connect Georgians to their government." To accomplish these outcomes, the Georgia IT road map was established to set the course for IT for the next three years. The document outlines the IT priorities for improving and stabilizing technology across the state. The effort to create this strategic document was collaborative; CIOs from more than 28 state agencies came together to develop it in partnership with the state CIO. While GTA is coordinating work on the IT road map, agencies from across state government are working together to identify future IT that supports the business operations of all state agencies and the services that communities and citizens need from their state government. Moving forward, Georgia agency CIOs will work in tandem with GTA strategists to craft an effective plan for evolving Georgia's use of new technologies. Georgia IT Road Map Focus Areas Five focus areas have been identified for the initial Georgia IT road map. Agency CIOs from diverse agencies will help improve the state's performance in these areas. Over time, new areas will be identified and added to the road map.
Page 37 of 47

Business Process: Using proven technology to improve outcomes. Purpose: To understand successful applications of technology to solve agency problems and modify business process to take full advantage of available technology.
Workforce Mobility: Providing Georgia workforce with infrastructure, devices and applications to perform duties where they are as opposed to where the office is located. Purpose: To allow Georgia state employees to have mobile access to the applications and information they need to deliver services.
Access: Allowing citizens access to state services across multiple platforms (cell, Wi-Fi, tablets, smartphones, laptops, e-readers). Purpose: To allow Georgia citizens to access state services and information in a fast and convenient way.
Cloud-based Sourcing: Enabling the rapid adoption of market leading/driven technologies to provide timely and cost-effective solutions to business needs; allowing access to services to support business functions. Identify and acquire the best service delivery model for any given requirement or challenge. Purpose: To understand successful approaches to supporting functions needed to provide services; to adapt a best-investment approach to spending on function support.
Data Management: Developing a shared vision and direction to facilitate collaboration using a data management approach (data management comprises all the disciplines related to managing data as a valuable resource). Purpose: Collaboration on technology decisions.
The state of Georgia's current IT service delivery model as contracted through GETS creates dependencies with our two primary service providers, IBM and AT&T. These partnerships enable both the current and future IT direction of the state and are critical to ensuring the achievement of the State CIO's technology goals and objectives. Not only are our service providers responsible for ensuring the technology infrastructure in support of critical day-to-day business and IT operations, they are responsible for assisting in the strategy creation and deployment of innovative technology in support of the state's IT vision. The two remaining portions of this section outline how our two primary service providers will assist GTA in sustaining and enhancing IT across the state enterprise.
IT Infrastructure Service Provider Long-range IT Planning
The state's IT infrastructure service provider for GETS, IBM, is assessing a number of technology strategies to help GTA advance support and services for state agencies. Technology moves quickly, and to assure we are able to support agencies with current technologies, we must remain flexible and adaptive.
Handheld Computing Devices
New generation handheld computing devices such as iPhones, iPads and Android-based phones and tablets are rapidly replacing or augmenting more established PC, laptop and BlackBerry devices. These new personal devices are capturing the market by providing portability and application capabilities that have not been available with the more established infrastructures. To ensure state agencies are able to benefit from these newer technologies, IBM is working with our contractors to provide secure and fully compliant support for these new capabilities.
Page 38 of 47

Cloud Computing
The cloud computing paradigm seeks to provide services and technologies to customers in secure and predictable ways without requiring the need for capital expenses and infrastructure support costs on the part of the customers. In this way, services can be ramped up or down quickly to meet changing requirements.
IBM is positioned to help GTA and state agencies benefit from cloud computing by providing a very broad range of secure and reliable capabilities such as software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) across a broad range of technologies.
The primary obstacle to enabling full benefits from cloud computing is regulatory in nature. Public clouds may not provide the necessary controls, in many cases, to enable full regulatory compliance. At the North Atlanta Data Center, IBM is establishing a computing infrastructure that is highly virtualized. This strategy will make it much easier for GTA/IBM to establish a private cloud that can be leveraged by all state agencies to facilitate the delivery of servers, storage and services within a fully compliant and secure environment.
By providing infrastructure and services from a private cloud, GTA would be able to support state agencies much more quickly and cost effectively as new requirements surface. By sharing infrastructure and support costs to the maximum extent possible within a private cloud, GTA would offer more predictable pricing and faster service deployment. State agencies would be able to "fine tune" their use of required resources and services, making their overall costs lower and more predictable.
Cloud Computing Basics
Managed Network Service Provider Long-range IT Planning
The state's managed network service provider, AT&T, is working with GTA to develop a long-term strategy for evolving the current contract to better serve state agency needs. The primary focus is to add cloud-based applications, unified communication, cloud security and security for mobile devices. These services will leverage AT&T's secure IP network backbone and infrastructure that currently serves the state of Georgia. Additionally, the use of cloud technologies allows agencies to quickly leverage new managed information technology services with minimal capital investment.
Cloud Application Services
Our service provider is in the process of evaluating and beginning trials for key cloud applications that are hosted within its data centers. The convergence of enterprise cloud and mobile computing means that state agencies will be seeking applications that can be leveraged on both wired and wireless devices. AT&T has embedded cloud capabilities into the wired and mobile networks to allow AT&T to deliver cloud services and applications straight to any device. The applications that are currently in the pilot phases are Hosted Unified Communications and Hosted Contact Center services. Both services have applications that can be used by any wired and wireless devices. The initial agency investment is minimal, and the hosted applications can be accessed securely via the existing state backbone already in place. An additional example of a cloud application service is AT&T Connect for web/audio conferencing capabilities that allow users to leverage the same
Page 39 of 47

conferencing applications on a PC, smartphone or touch pad device. AT&T is continuing to evolve its portfolio to meet the needs of state government business.
Unified Communications
For the state of Georgia to benefit from an IP telephony solution, the applications and features have to be a quantum leap from traditional voice service. AT&T is in the process of developing a Hosted Unified Communication service that will provide a targeted migration and allow users to add functionality without a large investment in premise-based equipment or infrastructure upgrades. The new service offers telephony, mobility integration, web/audio conferencing, instant messaging and presence from a single software client. The software client used with the service can be delivered on a laptop, smartphone or tablet PC. The service can also leverage a user's existing voice communications services like cellular, Centrex, key systems or PBX services. AT&T can simply allow users to route calls to the appropriate end-user device based upon the user's preferences. AT&T is in the process of beginning a trial at GTA to evaluate the technology while the product matures.
Cloud Security
The ability to leverage cloud security technologies is a tremendous advantage to agency customers. Security technology evolves at a very rapid rate due to the constant threat of new security vulnerabilities that are exploited by individuals all over the world. Cloud security services are available from AT&T to provide firewall services, website filtering/monitoring, anti-malware, intrusion prevention, e-mail virus protection, e-mail encryption and data loss prevention within cloud platforms. The services are maintained by expert managed services teams that have experience across multiple customers and know how to manage and deploy the latest security technologies. State agencies will have access to a menu of additional security mechanisms to protect their environment using high-end, shared platforms from a global service provider. Additionally, since the state of Georgia network is integrated into the AT&T backbone, it is easy to leverage these technologies quickly and securely by re-routing traffic logically from the state network.
Secure Mobile Access to Agency Networks
The state of Georgia has a large number of mobile devices such as smartphones, tablet devices and PDAs that are being used for agency business. The expansion of these technologies provides great efficiencies, but it can also threaten the security posture of agency data. AT&T is in the process of deploying technologies such as SSL VPN to provide secure access from these devices to agency networks. AT&T will also begin working with GTA on other mobile device security services that will provide security posture checks on these types of devices before they are used to access the state network. Without the appropriate device security mechanisms in place, it will be very difficult to ensure adherence to best practices in security and compliance with federal regulations.
Innovation
One key purpose of the IT roadmap is to ensure Georgia agencies have access to the most appropriate IT to support their objectives. New IT capabilities allow innovation of business solutions. To take advantage of emerging IT capabilities, agencies may sometimes need to make fundamental changes to the way they provide services. Without the willingness and knowledge to change, agencies will not gain the efficiencies and productivity improvements
Page 40 of 47

from emerging business solutions. GTA is working with a variety of state agencies to identify opportunities for innovation that will be most valuable for the state.
The primary functions of IT innovation in Georgia government are:
1. Technology transfer: Identify and migrate innovative new technology into state government to solve business problems.
2. Educate agencies: GTA educates other agencies on results (good or bad) of technology pilots.
3. Facilitate technology pull: GTA reviews agency proposals for innovative use of technology in solving agency business problems and identifies the most promising applications for investigation and initial deployment.
4. Push new technologies: GTA scouts out new technologies and pushes them into agencies.
Innovation requires change. How change is implemented in agencies is the responsibility of agency leadership. The Georgia IT Road Map combines IT knowledge from across the state to identify, communicate, and facilitate opportunities for innovation. Sources of change within agencies may be described in five Levels:
Localized changes: Improving individual processes (activities) to bring greater efficiency, productivity, or reduced cost
Integration: Making processes or different parts of the organization work together more effectively and efficiently
Process design: Changing a process to give dramatic improvements in quality, cost, performance, or ease of use
Infrastructure: Changing the composition of and improving the way the external infrastructure works
Purpose: Changing the nature of the organization by changing its vision, mission, or target market
GTA will work closely with IT leaders in state agencies to ensure that all levels of innovation are supported efficiently at the agency. The IT Road Map will also help ensure that the state takes advantage of economies of scale and innovates without redundancy.
GTA has identified actions that will help agencies utilize those emerging technologies that are appropriate for their agencies. These actions will be led by GTA but will benefit IT leaders at agencies throughout Georgia. Five actions support innovation of agency business processes:
Work with agency business leaders to verify agency goals, objectives, and roadblocks to their realization
Scan for effective technology applications to similar problems in other states (through the National Association of State Chief Information Officers, Gartner, Forester, personal contacts, etc.); use part of each Business Technology Council meeting to share proven solutions from other states with similar problems
Identify top vendors with successful solutions Use part of the Business Technology Council meetings to present solutions to agency
business leaders and capture new business problems Establish convenience contracts with top vendors
Page 41 of 47

Appendix

Attachment A

Tracking IT Agency
These agencies are required to report by law
AGENCY_NAME 1 Administrative Office of Georgia Courts 2 Aviation Hall of Fame Authority 3 Brain & Spinal Injury Trust Fund Authority 4 Cancer Advisory Committee/Cancer Coalition 5 Civil War Commission 6 Composite State Board of Medical Examiners 7 Council on American Indian Concerns 8 Criminal Justice Coordinating Council 9 Department of Administrative Services 10 Department of Banking and Finance 11 Department of Behavioral Health and
Developmental Disabilities 12 Department of Community Affairs 13 Department of Community Health 14 Department of Corrections 15 Department of Defense 16 Department of Driver Services 17 Department of Early Care and Learning 18 Department of Economic Development 19 Department of Human Services 20 Department of Juvenile Justice 21 Department of Natural Resources 22 Department of Public Health 23 Department of Public Safety 24 Department of Revenue 25 Department of Transportation 26 Department of Veterans Services 27 Employees' Retirement System 28 Georgia Agricultural Exposition Authority 29 Georgia Agrirama Development Authority 30 Georgia Aviation Authority

REPORTE D 2009
X

REPORTE D 2010
X

REPORTE D 2011

X

X

X

X

X

X

X

X

X

X

X

(New in

X

X

2010)

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

(New in 2010)

Page 42 of 47

31 Georgia Board for Physician Workforce

32 Georgia Building Authority

X

X

X

33 Georgia Bureau of Investigation

X

X

X

34 Georgia Commission on Equal Opportunity

35 Georgia Commission on the Holocaust

36 Georgia Council for the Arts

X

37 Georgia Council on Developmental Disabilities

38 Georgia Development Authority

X

39 Georgia Drugs and Narcotics Agency

X

40 Georgia Emergency Management Agency

X

X

41 Georgia Environmental Facilities Authority

X

42 Georgia Fire Academy

X

X

43 Georgia Firefighter Standards and Training Council
44 Georgia Firefighters Pension Fund

X

X

45 Georgia Forestry Commission

X

X

46 Georgia Housing and Finance Authority

X

X

47 Georgia Lottery Corporation

48 Georgia Medical Center Authority

49 Georgia Music Hall of Fame Authority

X

50 Georgia Peace Officer Standards and Training Council
51 Georgia Police Academy

X

X

52 Georgia Ports Authority

X

X

X

53 Georgia Professional Standards Commission

54 Georgia Public Defender Standards Council

55 Georgia Public Safety Training Center

X

X

X

56 Georgia Public Telecommunications Commission

X

X

57 Georgia Real Estate Commission & Appraisers

Board

58 Georgia Regional Transportation Authority

X

X

X

59 Georgia Seed Development Commission

60 Georgia Sports Hall of Fame Authority

X

61 Georgia State Financing and Investment Commission
62 Georgia Student Finance Commission

X

X

X

X

X

63 Georgia Technology Authority

X

X

X

64 Georgia World Congress Center Authority

X

X

X

65 Governor's Office of the Child Advocate

66 Governor's Office for Children and Families

X

X

67 Governor's Office of Consumer Protection

X

X

Page 43 of 47

68 Governor's Office of Student Achievement

69 Health Planning Review Board

70 Herty Advanced Materials Development Center

X

X

71 Jekyll Island State Park Authority

X

72 Lake Lanier Islands Development Authority

X

X

73 Military Affairs Coordinating Committee

74 Nonpublic Postsecondary Education Commission

X

75 North Georgia Mountains Authority

76 Oconee River Greenway Authority

77 Office of Highway Safety

X

X

78 Office of Inspector General

79 Office of Planning and Budget

X

X

X

80 Office of State Administrative Hearings

X

X

X

81 Office of Treasury and Fiscal Services

X

X

82 OneGeorgia Authority

X

83 Prosecuting Attorneys' Council

84 Southwest Georgia Railroad Excursion Authority

85 State Accounting Office

X

X

X

86 State Board of Pardons and Paroles

X

X

X

87 State Board of Workers' Compensation

X

X

X

88 State Housing Trust Fund for the Homeless Commission
89 State Personnel Administration

X

X

X

X

X

90 State Properties Commission

X

X

91 State Road and Tollway Authority

X

X

X

92 State Soil and Water Conservation Commission

X

X

X

93 Stone Mountain Memorial Association

X

94 Subsequent Injury Trust Fund

X

X

X

95 Teachers' Retirement System

X

X

X

96 Technical College System of Georgia

X

X

X

These agencies are not required to report but may have voluntarily reported.

AGENCY_NAME

REPORTE REPORTE

D 2009

D 2010

1 Board of Regents of the University System of

Georgia

2 Council of Juvenile Court Judges

X

3 Court of Appeals

X

4 Department of Audits and Accounts

X

5 Department of Education

X

X

REPORTE D 2011
X

Page 44 of 47

6 Department of Insurance 7 Department of Labor 8 Department of Law 9 Georgia Military College 10 Public Service Commission 11 Secretary of State 12 State Ethics Commission 13 Superior Court 14 Supreme Court

X

X

X

X

X

X

X

X

X

X

X

Page 45 of 47

Appendix B: IT Spent by Agency
Agency Name Administrative Office of Georgia Courts Brain & Spinal Injury Trust Fund Authority Cancer Advisory Committee/Cancer Coalition Court of Appeals Criminal Justice Coordinating Council Department of Administrative Services Department of Agriculture Department of Audits and Accounts Department of Banking and Finance Department of Behavioral Health and Developmental Disabilities Department of Community Affairs Department of Community Health Department of Corrections Department of Defense Department of Driver Services Department of Early Care and Learning Department of Economic Development Department of Education Department of Human Services Department of Insurance Department of Juvenile Justice Department of Labor Department of Law Department of Natural Resources Department of Public Safety Department of Revenue Department of Transportation Employees' Retirement System Georgia Building Authority Georgia Bureau of Investigation Georgia Council for the Arts Georgia Drugs and Narcotics Agency Georgia Emergency Management Agency Georgia Firefighter Standards and Training Council Georgia Forestry Commission Georgia Military College Georgia Police Officer Standards and Training Council Georgia Ports Authority Georgia Public Safety Training Center
Page 46 of 47

Total IT Spend $0.00 $0.00 $0.00 $0.00
$956,507.00 $1,500,000.00
$0.00 $0.00 $2,600.00
$3,810,329.00 $1,355,096.00 $300,000,000.00 $2,458,786.20
$1.00 $7.00 $5.00 $89,100.00 $750,000.00 $0.00 $948,261.00 $8,840,207.46 $6,545,423.38 $104,000.00 $224,400.00 $6,015.00 $4,559,791.55 $4,300,098.62 $164,789.00 $0.00 $1,085,560.00 $0.00 $0.00 $133,000.00 $2,000.00 $78,120.00 $615,000.00 $10,000.00 $85,000.00 $52,466.79

Georgia Public Telecommunications Commission Georgia Regional Transportation Authority Georgia State Financing and Investment Commission Georgia Student Finance Commission Georgia Technology Authority Georgia World Congress Center Authority Governor's Office for Children and Families Governor's Office of Consumer Protection Governor's Office of Highway Safety Governor's Office of Student Achievement Herty Advanced Materials Development Center Lake Lanier Islands Development Authority Office of Planning and Budget Office of State Administrative Hearings Office of Treasury and Fiscal Services Prosecuting Attorneys' Council Secretary of State State Accounting Office State Board of Pardons and Paroles State Board of Workers' Compensation State Personnel Administration State Properties Commission State Road and Tollway Authority State Soil and Water Conservation Commission Subsequent Injury Trust Fund Supreme Court Teachers' Retirement System Technical College System of Georgia

Total:

$1,172,440.00 $0.16
$2,000.00 $3,453,999.00 $1,250,000.00
$0.00 $15,807.01 $259,470.00
$0.00 $0.00 $0.00 $0.00 $1,454,880.00 $500.00 $0.00 $1.00 $2,100.00 $5,260,466.00 $2,223,303.00 $3,035,893.00 $852,348.00 $0.00 $77.00 $23,857.32 $390.00 $0.00 $182,000.00 $1,505,000.00 $359,371,095.49

The above chart depicts what agencies actually reported in the enterprise IT Governance Report tool for technology expenses for FY 2011. Due to the number of agencies that did not report and some of the known inaccuracies of what was reported, the total technology expense reported by these agencies does not provide the actual dollars spent on IT in Georgia state government during FY 2011. GTA is continuing to work with agencies to increase their ability and desire to report more accurate data in this area.

Page 47 of 47