Annual state IT report [2014]

2

Annual State Information Technology Report
3

4

Table of Contents
State Chief Information Officer Statement................................................................................... 9 Purpose .................................................................................................................................11 Executive Summary ................................................................................................................13 Governor's Goals ....................................................................................................................15
Alignment of Business and Technology Goals ..........................................................................17 Goal 1: Enable all state employees who need to work remotely, when appropriate. ..................17 Goal 2: Improve Georgia citizen access to state services. ......................................................18 Goal 3: Innovate state government with effective, enterprise-wide integration of technology.....19 Goal 4: Create an enterprise portfolio of shared, technology-enabled services. ........................19 Goal 5: Improve the use of state data for decision making and information sharing..................20 Goal 6: Develop an agile approach to funding agency adoption of technology solutions. ............21
Current State .........................................................................................................................22 IT Investment Tracking ........................................................................................................22 Enterprise IT Spend..........................................................................................................22 IT Snap Shot.......................................................................................................................24 IT Investment Management ..................................................................................................24 IT Application Portfolio .........................................................................................................25 IT Project Portfolio ...............................................................................................................26 Percentage of IT Project Spend by Agency...........................................................................27 Planned New Investments by Agency..................................................................................28 Project Delivery Effectiveness ............................................................................................28 Georgia Enterprise Technology Services (GETS) ......................................................................30 Program Overview............................................................................................................30 Program Status ................................................................................................................30 Progressive Change ..........................................................................................................31 Including Stakeholders .....................................................................................................32 Service Provider for Infrastructure......................................................................................32 Service Provider for Network .............................................................................................35 Portal .................................................................................................................................38
Stakeholder Value ...................................................................................................................41 Educated ............................................................................................................................42 Longitudinal Data System Tunnel .......................................................................................42 Race to the Top Data Warehouse Build aka (GAAWARDs) ......................................................42 University System of Georgia GeorgiaVIEW Brightspace Implementation .................................43
5

Mobile ................................................................................................................................44 Drive Sober, Georgia ........................................................................................................45 Team Georgia Directory ....................................................................................................45
Growing .............................................................................................................................46 Georgia Outdoor Map........................................................................................................46 GWCC Network Upgrade ...................................................................................................48 National Directory of New Hires Project Phase II ..................................................................48 Quick Wage System (QWS) for Unemployment Insurance (UI) Tax.........................................50 Treasury Offset Program (TOP) ..........................................................................................51 Unemployment Insurance (UI) Benefits Debit Card...............................................................52
Healthy ..............................................................................................................................52 Georgia Integrated Eligibility System Phase I ....................................................................52 State Health Benefit Plan (SHBP) Enrollment Portal - Phase I .................................................53
Safe ...................................................................................................................................54 Online Driver's License Reinstatement Integration and Modernization (RIM) ............................54 Sex Offender Registry Tool (SORT) .....................................................................................55 Skip a Trip ......................................................................................................................56 Training Records Information System (TRIS) .......................................................................57 Commercial Driver's License (CDL) eTablets ........................................................................58 Digital Motor Vehicle Network (MVN) Center Displays ...........................................................58
Responsible ........................................................................................................................59 Audit Findings Collection System ........................................................................................59 Space and Transaction Management Tracking System (SATMT) .............................................60 State Court Clerk/Marshal's Office Civil Paper Tracking System ..............................................61 Surplus Information System (AssetWorks) Implementation ...................................................62 Talent Management System ..............................................................................................63 TCSG Virtualization Project ................................................................................................63
IT Governance ....................................................................................................................65 Technology and Business Trends ...........................................................................................65
Mobility ...........................................................................................................................66 Citizen Access to Service ...................................................................................................66 Innovation.......................................................................................................................66 Technology as a Service ....................................................................................................67 Managing Data as an Asset................................................................................................67 Evaluate Funding/Business Model .......................................................................................68 Other States ....................................................................................................................68 Strategic Planning................................................................................................................71
6

Strategic Planning for Georgia............................................................................................72 The Georgia Enterprise Information Technology Strategic Plan 2020 .......................................72 The Georgia IT Strategy Cycle ...........................................................................................72 Georgia's Strategic Planning Principles and Process ..............................................................76 Policies, Standards and Guidelines .........................................................................................76 Collaboration ......................................................................................................................77 Broadband ......................................................................................................................78 Spectrum Management .....................................................................................................79 Geographical Information Systems .....................................................................................80 Data Lifecycle Management ...............................................................................................81 Data Sharing ...................................................................................................................82 Enterprise Portfolio Management ...........................................................................................85 Project Management Development Program ............................................................................87 Georgia's Information Security Program .................................................................................89 Georgia's Risk Management Strategy ..................................................................................90 Security Program Effectiveness ..........................................................................................91 Georgia's Security Program Workshops ...............................................................................92 Incident Preparedness ......................................................................................................93 GETS-HE Security ............................................................................................................94 Federal Oversight and Audits .............................................................................................95 Beyond Compliance ..........................................................................................................95 The National Infrastructure Protection Program ....................................................................97 Georgia's Information Technology Security Future ................................................................97 Business Continuity .............................................................................................................99 Georgia Privacy Program ....................................................................................................100 IT Financial Management .......................................................................................................102 Overview....................................................................................................................... 102 Transparency of IT Spend ............................................................................................... 102 Financial Benefits and Value ............................................................................................103 Financial and Agency Challenges ......................................................................................103 Consumption Management .............................................................................................. 104 Procurement ..................................................................................................................... 105 Information Technology Statewide Contracts ..................................................................... 105 Appendix ............................................................................................................................. 109 Appendix A Participation by Agencies ................................................................................ 111 Appendix B Spending by Agencies.....................................................................................115 Appendix C STARR Application Categories ..........................................................................119
7

8

State Chief Information Officer Statement

Statement by Calvin Rhodes, Chief Information Officer, State of Georgia

Georgia's IT enterprise changed significantly in recent years. State agencies worked hard to strengthen technology supporting business operations. Taking advantage of newer technologies and using technologies in innovative ways, efficiencies were acheived. Services were delivered in new ways to meet the needs of tech-savvy constituents.
Hard work is paying off; Georgia is getting national recognition. Georgia achieved a grade of A- in the Center for Digital Government's 2014 biennial Digital States Survey. Only three states received a higher grade. The kinds of technology efforts that led to Georgia's outstanding grade are highlighted.
However technology doesn't stand still; neither does the state's IT enterprise. While the newly released Georgia Enterprise IT Strategic Plan 2020 established focus areas and goals for the state's IT enterprise over the next six years, this report looks at the actions that occurred in FY2014. Actions guided by the strategic plan. Stabilizing, consolidating and modernizing technology was the primary focus. Several initiatives, especially ones associated with the Georgia Enterprise Technology Services (GETS) program, furthered our progress in these three areas.
An advantage of the GETS program is the data gathered on how the state as a whole and individual agencies consumes technology. A careful analysis of the data ensures we consume the services needed and minimizes technology's impact on state budgets. Progress in consumption management is highlighted in this report.
In FY 2014, GTA began the Services Integration Initiative to continue improvement of the state's IT service delivery model, innovate service offerings, and ensure cost competitiveness and transparency. GTA is reprocuring Managed Network Services (MNS) through a competitive procurement and expects to award contracts to multiple service providers. A procurement is also in progress for a Multisourcing Service Integrator (MSI) to coordinate and oversee the delivery of technology services to GETS agencies by multiple service providers. While progressing, GTA will adhere to the original goals of the IT shared services model:
Contracting at statewide level taking advantage of economies of scale Leveraging the expertise of the private sector Maintaining consistent reliability and security standards Ensuring both agency and enterprise business needs are met
Georgia's information security program has made great strides during the last year, as many state agencies have stepped up their efforts. GTA is empowered to establish security standards, however progress is only made when agencies implement those standards.
Actions outlined in this report are steps to ensure a modern, reliable and secure IT enterprise for state government. GTA is committed to continued collaboration with state agencies to achieve our shared vision.

Calvin Rhodes

9

10

Purpose

The State IT Annual Report conveys the current state of technology in Georgia state government as assessed by the State Chief Information Officer (State CIO). The report is also a requirement listed within the enabling legislation of the Georgia Technology Authority (GTA). The Annual Report is intended to provide information to state leaders to help them make informed decisions about investments in technology.
The report represents IT for the state's executive branch agencies only. The report does not include information regarding IT matters in the legislative branch, judicial branch or the University System of Georgia. The data used to create the report is provided by executive branch agencies and data feeds from enterprise systems of record. The data is compiled by GTA and reflects the efforts of the State CIO to improve technology use in support of the operation of state government. The Annual Report contains the following major sections:
State CIO Statement Executive Summary Current State Stakeholder Value IT Governance IT Financial Management Appendix

11

12

Executive Summary

This report describes the state's $616 million investment in information technology in FY 2014.

Current State of IT. Georgia is continuing to mature its enterprise datacollection capability and has identified $616 million in IT spending for the executive branch of government during FY14; see Enterprise IT Spend, p. 22. The state's technology portfolio is becoming more transparent, thereby providing a more comprehensive understanding of the true investment cost of infrastructure and network services; see IT Investment Management, p. 24. Additionally the move to a consumption-based financial model from a capital-based spending model is continuing to provide significant benefits to the state.
During FY14, significant numbers of planned IT transformation projects were completed; see Georgia Enterprise Technology Services, p. 30. Meanwhile, changes to the service delivery model are under way to continue and mature the model through the Services Integration Initiative (SII) in order to provide more timely and efficient services to state agencies and, ultimately, the citizens we serve. A key component of the SII involves separating the function of coordinating service delivery from the function of delivering services. The goal of the SII is to promote greater accountability and control, and improve service delivery; see GETS Program Status, p. 30. In support of the Enterprise IT Strategic Plan 2020, work has begun to re-procure Managed Network Services and Hosted Contact Center Services; see GETS Progressive Change, p. 31.
Great strides have been made to ensure our inventory of applications across the state enterprise is comprehensive and up-to-date. Though more work is needed, these efforts are enhancing Georgia's ability to optimize our application inventory; see IT Application Portfolio, p. 25. Additional emphasis on new IT investments and projects is paying off, with no failed critical enterprise IT projects recorded during FY14. Though complexity is causing more projects to be challenged, the state continues to exceed industry averages for successful project delivery; see Project Delivery Effectiveness, p. 28.
Stakeholder Value. State agencies are aligning their business units supported by the use of technology with Governor Deal's strategic policy goals and objectives; see Alignment of Business and Technology Goals, p. 17. Agencies are continually enhancing their online presence to offer innovative new ways for constituents to access government information and services; see Stakeholder Value, p. 41.
A strong governance program is critical to achieving a more mature IT enterprise and better managing the state's portfolio of technology projects; see IT Governance, p. 65.
CyberSecurity. This continues to be a focus area, especially for risk management and continuous monitoring see Georgia's Information Security Program, p. 89. Georgia state agencies are strengthening their security risk profile and ability to handle threats and emergencies see Georgia's Information Technology Security Future, p. 97 . Related to these activities are the ongoing emphasis on business continuity see Business Continuity, p. 99 and protect citizen privacy see Georgia Privacy Program, p. 100.
IT Financial Management. Tools to help state agencies better manage their consumption of technology services are leading to increased transparency. With that transparency, comes a number of benefits. Agencies can track their

13

actual cost of technology services and forecast future spending more accurately; see IT Financial Management, p. 102. While the state's financial health is improving, the needs and demands of our citizens have never been greater. Consumption management provides agencies with the data they need to make more informed business decisions. In turn, service delivery to constituents is improving and the impact of technology spending on agency budgets is being leveraged to meet these changing needs; see Financial Benefits and Value, p. 103. A collaborative approach to developing IT strategy is leading to positive change in these key areas: business processes, workforce mobility, citizen access, cloud services and data management; see Technology and Business Trends, p. 65. The work of the broader team, including our technology vendor partners, continues to make great gains throughout the state enterprise; see Service Provider for Infrastructure, p. 32 and Service Provider for Network, p. 3. Because Georgia views IT as a strategic asset, we are able to make significant progress toward building a modern, reliable and secure technology enterprise that supports the effective and efficient delivery of government services.
14

Governor's Goals

Technology supports state agency alignment to Governor Deal's strategic goals for the state.

Governor Nathan Deal's vision for the State of Georgia is "A lean and responsive state government that allows communities, individuals and businesses to prosper".
Georgia government supports economic prosperity through a structure of government goals intended to ensure Georgia's success through education, health, safety, business growth, transportation and sound government.

Goals:

Educated Mobile Growing Healthy Safe Responsible and Efficient Government

Educated

Because strong schools are the only proven route to tomorrow's good jobs, Georgia government is focusing on producing well-prepared students who are life, college and work-ready. The Educated Goal focuses on requirements to prepare students to compete nationally and internationally.

Governor's Strategic Goals for Educated:

Increase the number of students reading at grade level by the completion of 3rd grade a strategic benchmark for lifelong learning.
Increase the percentage of students who hold a postsecondary credential.
Improve and expand science, technology, engineering and mathematics (STEM) education.
Identify and implement innovative strategies that increase teacher effectiveness and student achievement.
Increase the percentage of high school graduates who are college and career-ready.
Empower citizens with public school options and local flexibility for the purpose of improving student achievement.

Mobile

Economic development requires the continued ability to move people and goods efficiently. A transportation infrastructure is key to economic competitiveness, and Georgia's transportation network including airports, highways, rail lines and ports has always been a selling point. The Mobile Goal strives to prioritize transportation investments to ease congestion and improve population mobility.

Governor's Strategic Goals for Mobile:

Improve the movement of people and goods across and within the state.
Expand Georgia's role as a major logistics hub for global commerce. Leverage public-private partnerships and improve intergovernmental
cooperation for successful infrastructure development.

15

Growing
The Growing Goal supports the creation of jobs and growing businesses. The state of Georgia believes that its economic development requires dependable water supplies as well as a competitive business environment with access to capital for start-ups and growing businesses.
Governor's Strategic Goals for Growing:
Implement strategic tax and regulatory reforms that make Georgia more competitive.
Promote small business growth and entrepreneurship. Maximize access to capital for startups and growing businesses. Conserve and enhance natural resources, with an emphasis on
increasing state water supplies and security.
Healthy
Improving the health and wellness of Georgians is essential to promoting our state as a great place to live, work and play. Economic development requires a well-managed healthcare delivery system providing positive outcomes and contained costs. While Georgia is home to excellent healthcare institutions and practitioners who are pioneering new advances in medical research and clinical care, the Healthy Goal recognizes that it needs to address growing demand on the healthcare system, finding innovative ways to attract and retain highly qualified providers to our state.
Governor's Strategic Goals for Healthy:
Reduce childhood obesity in Georgia. Increase access to health services throughout the state. Increase consumer choice and personal responsibility in health care. Improve access to treatment and community options for those with
disabilities.
Safe
Georgia government is striving to identify and implement innovative strategies and solutions to better execute on the core mission of government to protect its citizens. In addition, Georgia's economic development requires healthy, safe communities. The Safe Goal drives toward common-sense laws, well-trained and well-equipped law enforcement agencies and an efficient judicial system. Georgia government is also concerned with delivering a comprehensive, statewide solution that addresses illegal immigration and the burden it is creating on our correctional, educational and healthcare assets.
Governor's Strategic Goals for Safe:
Implement alternative sentencing options to improve offender rehabilitation.
Promote successful offender re-entry and compliance. Reduce injury and loss of life on Georgia's roads. Promote safe communities and stable families where children thrive.
Responsible and Efficient Government
16

The Responsible and Efficient Goal recognizes that many state agencies do not have a direct role in providing state services, but rather have a support role for other agencies. The Responsible and Efficient Goal encompasses functions such as human resources, fiscal services and information technology.
Governor's Strategic Goals for Responsible and Efficient Government:
Maintain Georgia's AAA bond rating. Increase the availability of state services through innovative
technology solutions. Build and maintain a quality state government workforce. Focus state resources on essential services and employ enterprise
solutions. Enlist community support and public-private partnerships to leverage
available resources.
Alignment of Business and Technology Goals

Governor Nathan Deal has established policy goals to guide state agencies in their business planning. In addition, the General Assembly provided for the Georgia Technology Authority to publish a plan to guide state agencies in selecting technology to support their business operations (O.C.G.A. 50-254.13). To that end this year, the Georgia Enterprise IT Strategic Plan 2020 was published in May.
The Georgia Enterprise IT Strategic Plan 2020 is intended to assist state government's technology and business leaders in making informed technology decisions for their agencies. It establishes focus areas and goals for the state's IT enterprise over the next six years.
The plan does not replace the business-oriented plans of individual state agencies. The plan assists agencies in aligning their use of technology with the direction established for the state's enterprise. Technologies highlighted in the plan can be used by all state agencies regardless of their mission or complexity.
The Georgia Enterprise IT Strategic Plan 2020 identifies specific outcomes for each of the following strategic goals, which are aligned with the Governor's goals. The multiple budget and planning cycles occurring between now and 2020 will enable state agencies to set priorities and obtain funding for their projects. Although the Georgia Enterprise IT Strategic Plan 2020 is published by GTA, it is actioned and executed primarily in state agencies. As the state's technology authority, GTA will continue to develop the state's strategic approach to technology in collaboration with agencies and the state's technology partners. A complete copy of the plan is available online. The URL is http://gta.georgia.gov/egap/sites/gta.georgia.gov.egap/files/related_files/sit e_page/High%20Ressolution%20Single%2005022014%20Final.pdf.
Goal 1: Enable all state employees who need to work remotely, when appropriate.

Making Georgia's workforce more

Mobility technologies are continuing to evolve and challenge us to incorporate new capabilities and functionality into our workforce business processes.
17

mobile

Smart devices are becoming more prevalent and merit consideration as part of the state's long-term strategy.
Objectives:
1. Execute enterprise-wide contracts for appropriate mobile services by June 20, 2015.
2. Integrate mobile services, infrastructure and policies by March 31, 2017.
3. Establish repeatable processes to allow appropriate state employee workflow to adapt to an increasingly mobile business model by December 31, 2017.
Examples of Agency Actions:
Pardons and Paroles (PAP)
Create a "virtual office" environment for parole officers, in which job tasks can be completed in the community rather than in a physical office. More time in the community will allow parole officers to focus more attention on high risk cases, increase relationships with law enforcement agencies and community stakeholders, and increase public safety.
Georgia Forestry Commission (GFC)
Implement a tracking system into GFC's online permit and wildfire tracking system to ensure the dispatch of closest wildfire suppression equipment and personnel. Fully synchronize resource tracking by installing Automated Vehicle Location (AVL) on each department Fire Suppression Units. This will also improve safety for Rangers working alone by permitting their location in the event of an accident.

Goal 2: Improve Georgia citizen access to state services.

Meeting demand from citizens

More than at any other time in our state's history, citizens today are demanding more effective and efficient ways to interact with their state government. Social media, smart phones, tablets and other devices are opening up additional communication channels for engaging citizens. Our charge as state business and technology leaders is to make citizen access to government easier.
The population of Georgia is becoming increasingly mobile. Citizens already want to interact with the state on a variety of devices and contact channels. Broadband development will allow for better access to government services across the state. Moving to online services has proven instrumental in reducing the cost of service delivery.
Objectives:
1. Begin systematically shifting agency service delivery to an online selfservice model by June 30, 2015.
2. Begin shifting appropriate services to a fully enabled mobile model by June 30, 2016.
Examples of Agency Actions:
18

Department of Driver Services (DDS)
Enable customers to make reservations for service, specifically a skills test, through the DDS Website. Road skill test reservations are about 20% of DDS' current call volume.
Georgia Public Telecommunications Commission (GPB)
Expand the reach of GPB content by creating mobile apps, utilizing social media, GPB's digital magazine and providing forums for community discussion on the web.
Goal 3: Innovate state government with effective, enterprise-wide integration of technology.

Using technology to bring innovation to agency processes

Technology is changing at a fast pace, and organizations around the world are adjusting their business models and processes to take advantage of these changes. In Georgia, we seek to identify new but proven uses of technology to better achieve the Governor's policy goals.

To do this, we will have to collaborate closely with agency decision makers and technology experts to bring the right knowledge to the decision-making table. We will look across agencies to identify opportunities for innovation that benefit multiple agencies and help launch agency-led initiatives that benefit the enterprise.

Objectives: 1. Establish a process for identifying, prioritizing and funding innovation opportunities by June 30, 2015. 2. Begin fielding agency-spanning business models by June 30, 2016.
Examples of Agency Actions:
Department of Behavioral Health and Developmental Disabilities (DBHDD)
Plan a Community Provider data warehouse. Capture requirements with Community Providers in DeKalb County, Pineland, Ridgeview.
Office of Student Achievement (GOSA)
Operate an application process for an Innovation Fund to open in Fall 2014 with award announcements expected in December 2014.
Goal 4: Create an enterprise portfolio of shared, technology-enabled services.

Innovative ways to deploy IT services

State agency business leaders are making decisions regarding the best way to provide services to citizens. As they focus on their core business, technology is rapidly changing around them, enabling better solutions. To leverage these opportunities, the state is exploring the ability to deploy innovative business solutions to meet agency needs and better serve citizens.

19

The information technology marketplace is rapidly moving towards a service model. These business practices allow the state to purchase components of a service without having to fund and build the entire service. The state will pay for the service on an "as needed" basis. The best practice being established allows customers to pay for the service by the month rather than signing a multi-year contract.
Georgia has already made critical strategic investments in moving to a service model. An example of this type of service currently in use in Georgia is call center services. 1-800-Georgia pays for call center services on a monthly basis according to the number of users of the system. In the past, Georgia purchased its own equipment, which was often underutilized, to support state call centers. Modernizing services and the way they are delivered and paid for will enable agencies to maximize value.
These new services can be adopted while still maintaining our longer-term agreements. Once a critical mass is achieved in the adoption of services, older services can then be retired.
Objectives:
1. Baseline the use of shared services in the state by June 30, 2015. 2. Facilitate the expansion of the portfolio of market-based enterprise
shared services for state agencies by June 30, 2017. 3. Offer a mature enterprise portfolio of shared services by June 30, 2019.
Examples of Agency Actions:
Georgia Technology Authority (GTA)
Manage the implementation and integration of Asset and Configuration systems and establish a comprehensive configuration management database by December 15, 2013. Implementation and integration of Asset and Configuration systems, process and associated resources by December 31, 2013
Board of Regents (BOR)
Develop online options to provide degrees in three years. Options include Massive Open Online Courses (MOOCs) and Prior Learning Assessment (PLA)

Goal 5: Improve the use of state data for decision making and information sharing.

Managing data as an asset

Business data is one of the state's most critical assets. The state must find ways to maximize the use of data to enhance citizen access and operational efficiency, while protecting sensitive and confidential data through implementation of robust security and privacy programs.

The sharing of data is a process that takes time and must be led by sound governance. Agencies always have concerns about how their data is used, and agreements could be put in place between agencies to address those cocerns and speed data sharing.

Objectives:

1. Improve the ability to secure and protect state data by June 30, 2015.

20

2. Promote the utilization of the Enterprise Service Bus (ESB) within state agency data management operations by June 30, 2016.
3. Ensure the privacy and authorized use of citizen data by June 30, 2017.
Examples of Agency Actions:
Office of State Administrative Hearings (OSAH)
Implement a system that receives case information from numerous agencies, attorneys and citizen.
Georgia Forestry Commission (GFC)
Increase content and knowledge of Georgia Forestry Commission (GFC) online information and services. Provide technical forestry information such as pine timber growth and yield models, glossary of forestry terms, native trees of Georgia, recognizing and treating common tree pests and diseases. Create and conduct a webinar to assist landowners with Timber Sales. Include web address on all correspondence to landowners.

Goal 6: Develop an agile approach to funding agency adoption of technology solutions.

New ways for agencies to acquire services

Continuing budget constraints heighten the need for agencies to have a clear understanding of their technology expenditures. GTA is working with the Office of Planning and Budget (OPB) and agencies to look at new ways for agencies to consume and pay for services.
Objectives:
1. Develop governance processes that allow for the adoption of enterprise technology solutions by June 30, 2016.
2. Analyze and revise the state technology acquisition business model for improvement opportunities by June 30, 2016.
3. Develop a more diverse portfolio of technology product and service offerings for our customers by June 30, 2017.

21

Current State

The current state of Georgia's Information Technology (IT) is one that is in transformation. The state for many years had a non-integrated environment. The state is making improvements to IT while controlling costs and continuing to support the various functions performed by the state; in Georgia, almost all of the state functions performed use IT.
IT Investment Tracking

New tools provide the ability to do better capacity management of IT resources; costs are more transparent.

The state of Georgia spends a large sum of money every year on information technology, including services, equipment, application, personnel, development and maintenance. However, determining exactly how much is spent, where the money goes, and what taxpayers are getting in return can be difficult to report on in the aggregate. Coupled with this challenge is the need to better understand whether Georgia is receiving value for the dollars invested in information technology.

The General Assembly has charged the Georgia Technology Authority (GTA) with compiling information from state agencies about their IT expenditures and presenting a report to state leaders every year (O.C.G.A. 50-25-7.10). With comprehensive and accurate information, state leaders can make factsbased decisions about the allocation of limited state resources to support technology.

The GETS program ensures a clear understanding of infrastructure and network costs.

In FY 2013, GTA implemented a new tool called the State Annual Report Register (STARR) to collect data about IT expenditures from the agencies. STARR changed the way information is requested. In the past, data on IT expenditures was based on high-level accounts from the state's financial system. With STARR, information is requested by application, infrastructure and network. In FY 2014, we added other IT costs to our collection process to capture shared costs that were not being allocated to application, infrastructure and network. These new expenditure categories included IT management and project management offices. As a result, the state's IT financial picture is clearer this year than in past years.

The state has a more comprehensive understanding of the cost of infrastructure and network services than it does for applications. Infrastructure and network services are provided through the Georgia Enterprise Technology Services (GETS) program. Under GETS, Georgia is able to measure consumption and value through detailed reporting for all agency users of infrastructure and network services (see IT Financial Management).

Enterprise IT Spend

The following graph depicts the most comprehensive summary available of IT expenditures by infrastructure, network, application and other IT costs in FY 2013 and FY 2014.

22

Agency Participation in IT Expenditure Reporting
The rate of agency compliance increased from FY 2013 to FY 2014. A total of 49 out of 51 agencies submitted a report, or 96%, which compares to 90% in FY 2013.
Not all state agencies are required to report their IT expenditures, and the number of reporting agencies actually declined from 74 in FY 2012 to 50 in FY 2013. Agencies required to report increased slightly from 50 in FY 2013 to 51 in FY 2014.
What led to the decline from FY2012 to FY2013?
The agencies in Appendix A with N/A in the "Reported 2013" column did not submit reports because:
They no longer exist Their expenditures were included in the report from an agency to which
they are administratively attached They are attached to one of the state's constitutional agencies, which
are exempt from filing expenditure reports
Other state entities that are exempt from reporting requirements include some with large IT expenditures, such as the University System of Georgia.

Agency Participation Year to Year

Agencies Required to Report
Agencies that Reported Percentage Agencies Not Required to Report Agencies that Reported Voluntarily Percentage

FY2012 74 59
80% 15 5
33%

FY2013 50 45
90% 14 5
36%

Did IT expenditures actually increase in FY 2014?

FY2014 51 49
96% 14 6
43%

23

Participating agencies spent almost $620 million on technology in FY 2014, significantly more than the $540 million reported in FY 2013. The difference is attributable to:
More applications captured in the application inventory Additional costs captured for each application More accurate reporting due to a change in requirements and use of the
STARR tool
GTA continues working with the agencies to increase both the quantity and quality of data received.

IT Snap Shot
Georgia is making steady progress from a fragmented IT service model to an integrated yet federated, sharedservice model based on consumption.

The current state of Georgia's Information Technology (IT) is well along in transformation to support the state's business functions. The state for many years had a non-integrated environment that is difficult to understand in the aggregate, difficult to maintane or leverage functionality from new technologies in a safe and secure way. The state is making steady improvements to IT while controlling costs and continuing to support the various functions performed by the state; in Georgia, almost all state functions performed use IT.
The agencies have a better grasp of what their IT infrastructure costs. New tools introduced as part of the transformation allow the agencies to drill down and better understand where they may have costs that are growing more rapidly than expected. Data consumption discussed later in the Financial Management section of the document is an area were the state has made progess. Agencies are moving towards a capacity management model, monitored on a monthly basis and away from the traditional annual cost true up model.

However, there are still challenges ahead. The state operates many independent applications to support various agencies. If a citizen is receiving services from more than one agency, updating information like change of address requires an update for each system and requires communication with each agency. He or she has to maintain two different user accounts with unique credentials. This is neither cost effective for the state nor convenient for the citizen.

IT Investment Management

The state is making progress in moving towards an Investment Governance model to make technology decisions.

Investment Governance processes are maturing and expanding
Over the past few years, Georgia has piloted an Investment Governance model designed to increase the quality and sustainability of technology investments. The governance encompasses activities and strategies for initiation, planning and procurement support. Our initial focus was the support of individual agency investments through:
Reviewing business cases, Conducting risk assessments, and Providing feedback on procurement documents.
This year the state has made strides to expand and standardize the Investment Governance approach at the enterprise level through awareness and cross-agency collaboration. In this rollout, the enterprise process

24

introduced a number of new activities.
Annual Investment Strategy Sessions were initiated. GTA meets with technology and business leaders of the agencies to discuss their IT strategic plan and STARR reporting data. These discussions have helped identify opportunities for cross-agency collaboration and potential candidates for the Innovation Program, and they have greatly enhanced the accuracy of data in the state's technology inventory.
The Procurement Review was formalized through the introduction of a new state standard and guideline. The standard introduced a streamlined review process under the guidance of the state Chief Technology Officer. GTA works with agency IT and procurement staff as well as the State Purchasing Office to assist in identifying possible opportunities to leverage existing technology before making new investments. The procurements are also reviewed for consistent and appropriate language to protect the state's investments and citizens' data.
Enhanced collaboration with State Purchasing is providing guidance for agencies pursuing alternative strategies for technology services. As agencies are pursuing creative and cost-effective technology solutions, they are looking more and more to cloud services. This is an evolving industry with unique challenges. In response to the agencies, enhanced policies, standards and guidelines were developed to support business decisions around these services. The Investment Governance team works closely with agencies to increase awareness of the standards and assist with interpretation in a variety of investment scenarios.

IT Application Portfolio

GTA collects information about the applications that agencies use to support their business operations.

In FY 2013, GTA started collecting more detail about the agencies' applications. The FY 2014 inventory includes 644 applications, an increase of 74 over FY 2013. The following graph shows the number and percentage of applications by type.

COTS Commerical Off the Shelf (Software) SAAS Software as a Service (Online service)
Note: There are 77 Drupal websites that could be categorized as SAAS as well as Web Sites. Drupal websites are only reported under
25

Web Sites above.
Applications by Category (644 Applications) The following graph shows the number by category.

Note: These applications were self typed and categorized by the reporting agency based on definitions provided by the GTA. Complete list of the STARR application categories definitions is listed in Appendix C at the end of this document. Many of the applications have mobile access but are not categorized as a mobile only application.

IT Project Portfolio

The state's IT Project GTA's Enterprise Portfolio Management Office monitors IT projects to ensure

Portfolio shows

that the state gains the greatest value on the dollars invested. Enterprise

26

expenditures by agency; the health sector has the largest spend.

Portfolio Management provides a framework for the governance process and allows decision-makers to view the range of projects to ensure that the right projects are executed at the right time with the minimum amount of risk.
The Enterprise IT Project Portfolio includes agency projects that are in the planning phase as well as projects that are in the build phase. Tracking for the portfolio projects is by fiscal year, which begins on July 1 and ends on June 30.

The FY 2014 total project portfolio of $425 million shows an increase of $90 million, primarily due to the increased number of IT projects undertaken in the healthcare sector. As indicated in the following graph, the FY 2014 portfolio is tracking over 39 active projects, totaling over $372 million and spanning multiple years and 16 agencies. In addition to the active projects, there were seven projects in the planning phase, which total $53 million.

Percentage of IT Project Spend by Agency

Agency Spend

DCH GTA SAO DOE DIS DOR DHS DOT DOAS GDC SBWC DPH GSFD DBHDD DOL DNR

54.57% 25.77% 3.40% 2.40% 1.99% 1.96% 1.86% 1.66% 1.46% 1.43% 1.13% 1.10% 0.61% 0.35% 0.17% 0.13%

GTA 26%

DCH 55%

27

Planned New Investments by Agency

The graph at right identifies agencies with significant new IT investments.

$40,000,000 $35,000,000

$30,000,000

$25,000,000

$20,000,000

$15,000,000

$10,000,000

$5,000,000

$-

DCH

DHS

DNR

DPH

GDC

Project Delivery Effectiveness

Fact-based decisions help agencies better manage their projects.

Critical Project Review Panel
For more than 10 years, GTA has facilitated the Critical Project Review Panel, which provides a business context for large, critical technology investments. The panel also evaluates and addresses risks before they become issues, makes fact-based decisions rather than relying on speculation, escalates to appropriate state business leaders, leverages enterprise influence to support agency outcomes and encourages learning across agency domains on best practices.

The executive level of state government is able to see the performance of critical state technology projects and better understand the issues and risks that need management action before serious problems occur. If a serious problem does occur, the right people are getting correct information to make informed decisions, rather than speculating on the situation and making uninformed decisions.

The review panel mitigates risk for large projects.

The panel limits its reviews to the most critical projects in the portfolio. For FY 2014, the Critical Project Portfolio was valued at $324 million and covered 16 projects for 11 agencies. Over the past six years, the panel's reviews, coupled with project assurance using industry standards for calculation, have saved taxpayers an estimated $574 million (through cost avoidance) that would have been lost to failed or challenged technology projects. The table below puts into perspective the value and benefits of portfolio management and oversight:

28

Portfolio management yields results.

Disciplined portfolio / project management coupled with Critical Project Panel Review and project assurance will save (through cost avoidance) the state up to $150 million in FY 2014 on a portfolio of $324 million.
Applying industry statistical information* to our current active and approved portfolio of critical projects yields the following projected results:
30% of projects would be cancelled = $97.2 million 52% would cost 189% of the original estimate = $318.4 million 18% would be successful with no cost increase = $58.3 million

Without disciplined project, program and portfolio management, the current portfolio of $324 million would deliver only 70% of the functionality originally planned.
*Based on Standish Group CHAOS Report
The chart below displays how the state of Georgia compares to government and industry metrics compiled for the Standish Group's 2012 Chaos Report.

The graph at right is based on the Standish Group CHAOS Report for government projects.
It measures only critical projects that were completed in each fiscal year.

Project Delivery Effectiveness (by % of $) FY14

Standards

State of Georgia

The data from the chart above also indicates a decrease in failed projects and an increase in challenged projects in FY 2014. Of the 16 projects in the Critical Project Portfolio, five were completed during FY 2014.

29

Georgia Enterprise Technology Services (GETS)
Program Overview
The Georgia Enterprise Technology Services (GETS) program a groundbreaking initiative for state government and one of the largest public-sector technology transformations in the world was created in 2008. It is valued at $1.2 billion over 10 years and is on target to save $181 million. The program affects 70,000 state employees and 1,400 state and local government offices throughout Georgia. The state privatized IT infrastructure services with IBM beginning April 1, 2009, and managed network services with AT&T beginning May 1, 2009. At the same time, GTA shifted its focus from providing technology services to managing service delivery
GTA established the GETS program to modernize the state's technology and reduce the risk created by an aging IT infrastructure. The GETS program (which resulted in an eight-year managed IT infrastructure service contract with IBM and a five-year managed network services contract with AT&T), created an "as a service" model for the state, reduced risk through improved security and disaster recovery, simplified budgeting, and improved cost tracking and transparency.
Though the process to modernize has been slow, the benefits are measureable for this transformed environment. Uptime is notabley improved and these measurement continue to trend in a positive direction.
Program Status
The GETS agreements are now in their fifth year, and GTA has begun an initiative to improve the service delivery model through a program entitled the Services Integration Initiative (SII). The SII is about evolving the way Georgia works with our service providers, and improving the coordination among service providers, GTA, and the agencies. It will enable the use of niche service providers that can offer exceptional value in specialized areas. It will also provide flexibility to remove service components as technology changes allowing agencies to leverage innovation. Additionally, it allows the state to remove any underperforming service components without disrupting services that are performing well.
A key component of the program is to separate delivery functions between coordination and execution, and to promote accountability and control. The coordination functions will be provided by a new service provider called a Multisourcing Service Integrator (MSI). Under this model, we would not procure additional services; rather, the MSI will be responsible for certain functions currently within the infrastructure and network contracts. The MSI will help to drive standards, document inventory, and write process documents and operating level agreements between providers.
Working with the GETS Enterprise Customers, GTA has established three key objectives for the program:
30

Improve service delivery: Ensure that the quality and reliability of the services being provided meet the requirements of the state enterprise and individual agencies;
Innovate and evolve the service offerings: Provide for the evolution of the service offerings and allow for the capability to flexibly introduce services more nimbly; and
Ensure cost competitiveness and transparency: Structure the service offerings so they can be more easily compared to market services and provide for enterprise and agency visibility of consumption, cost and the activities of service providers to deliver quality services in a timely manner.
This change will help meet these goals. The MSI will bring enterprise process maturity that will help improve service delivery and allow service providers to focus on the operational componets for the services they provide.
This model is being considered and adopted more frequently to address the need for service delivery consistency, flexibility, and adaptability. The most relevant example to the state of Georgia is the state of Texas. Several years ago, Texas re-sourced its large infrastructure services contract by splitting it between an MSI and separate service delivery providers. Their ongoing transformation program and service delivery are improving with the new model.
For Georgia, this new operating model will establish a platform of standards across the environment: both in IT service delivery and in the way we contract for services. These standards will improve the consistency and reliability of service delivery to our customers, while giving us more flexibility to add or change niche service providers in response to new market offerings (such as cloud services) or changing customer requirements.
Progressive Change
Over the next two years, we will introduce a progressive series of changes. We want to keep the environment functioning while engaging in a careful walk of refining and re-contracting services. This will mean extracting some services from current service provider agreements and re-sourcing components of other agreements.
The GETS program is a shared endeavor amongst GTA and the agencies. We have work closely to define scope and metrics, draft Request for Proposal (RFP) documents, and review and evaluate service provider solutions.
We started this effort with a linked series of procurements for MSI and the Managed Network Services (MNS). MNS is separated into potentially multiple awards (e.g., wide area network, voice, local area network). We anticipate transitioning new providers for these services by July 2015.
This program's procurement process itself is unique in its focus on collaboration with the marketplace. Public sector procurement requires that we run an objective and consistent process, and in many procurements, this means requirements and proposals are blindly passed "over the wall", with little opportunity to incorporate market feedback or clarify requirements and proposals. We have been able to establish steps in our process that maintain fairness while improving collaboration and outcomes. We conducted numerous training sessions and conferences with the prospective service providers, established a hosted data library for prompt responses to questions and data
31

requests, and met with the providers to understand their initial responses prior to any downselect decision. Additionally in the MNS workstream, we used a "Draft RFP" process to gather feedback from qualified MNS bidders regarding services demarcation and requirements.
As we introduce these model changes in careful stages over the next two years, we will maintain the original goals of the program and the benefits of the enterprise shared services model: contracting at a statewide level to benefit from economies of scale, leveraging the expertise of the private sector, maintaining consistent reliability and security standards, and ensuring both agency and enterprise needs are empowered and protected.
Including Stakeholders
Program stakeholders are active participants in the process including customer agencies and the incumbent service providers.
At the beginning of the year, we established a Services Integration Working Committee (SIWC), comprised mostly of agency IT leadership, to help define initial goals and scope for the program. As we began building the requirements for the procurement, we established a Solution Team and Finance Team to draft the RFP, evaluate proposals, and negotiate the solution. The GETS program was established in collaboration with our agency customers, and their input was key as we considered any significant changes to the program.
Additionally, existing service providers are sitting at the table with us. As key partners in delivering services over the last few years, they have a perspective on how we might together be more efficient and effective. We are working closely with them to identify the best way to realign scope between the MSI and service providers. In addition to providing reports and other data regarding their delivery model, they participated in "integration sessions" joint meetings with GTA, agencies, prospective service providers, and incumbent service providers to clarify the existing environment and better define the future state.
Service Provider for Infrastructure
Transformation Program
The transformation program for IT infrastructure services involves large-scale upgrades ranging from email transformation to file server and application server consolidation.
A significant part of the IT transformation program is agency application consolidation, also known as server consolidation (SCON). When Georgia's enterprise SCON project is complete, approximately 1,300 application servers will have been replaced by about 824 servers. In addition, the transformation program will deliver financial savings and reduced risks to the state. Just as important, the SCON project is a catalyst for other technology optimization initiatives across the enterprise, such as application remediation.
The SCON project employs a robust implementation methodology, including
32

defining the specific requirements for each agency to ensure agency business applications will be able to function properly in the consolidated Hosting Environment (HE). Agency teams are directly involved to remediate affected applications and implement a full-test methodology, including user acceptance testing.
The transformation plan was revamped in early 2014, with the majority of the changes to the SCON project divided into two phases. SCON Phase 1 included the four agencies closest to their server migration date DCH, DNR, DBHDD, and GBI. SCON Phase 2 includes the remainder of the GETS fullservice agencies still to complete DPH, SAO, DOAS, DOR, GTA, GDC, and DHS.
The following summary highlights the achievements in the transformation program as of August 31, 2014:
SCON migrations have been successfully completed for the four Phase 1 agencies. This means 45% of the SCON servers are now migrated 373 of 824 servers. In all, SCON is now complete for seven GETS fullservice agencies: the four listed above as well as DJJ, DDS and OPB.
SCON Phase 2 is under way and executing against a baselined end-toend project plan.
Completed and gained agreement to close the PKI (Public Key Infrastructure) transformation project.
Completed and gained agreement to close the email transformation project managed by IBM.
Completed the rollout of the Windows 7 operating system to 26,846 personal computers. This project is in the closed.
Accelerated the execution of the File Services project that upgrades servers at close to 500 state locations and is 99.5% complete.
Agencies Acronyms
The GETS full-service agencies include:
Department of Behavioral Health and Developmental Disabilities (DBHDD) Department of Administrative Services (DOAS) Department of Community Health (DCH) Department of Corrections (GDC) Department of Driver Services (DDS) Department of Human Services (DHS) Department of Juvenile Justice (DJJ) Department of Natural Resources (DNR) Department of Public Health (DPH) Department of Revenue (DOR) Georgia Bureau of Investigation (GBI) Georgia Technology Authority (GTA) Office of Planning and Budget (OPB) State Accounting Office (SAO)
End User Computing Refresh
The EUC refresh program has the state's IT infrastructure service provider, refreshing laptop computers every three years and desktop computers every five years. These refresh cycles match IT industry best practices. The total
33

number of state EUC devices in the refresh program is approximately 36,900.
The first 5-year refresh cycle for desktops was successfully completed last year. All GETS full-service agencies are in their second refresh cycle for both laptop and desktop computers. Several enhancements have been made to the EUC refresh program, including formalizing steady-state processes and scheduling refreshes directly with end users through automatic, user-friendly pop-up messages prior to their computer's end-of-life. Overall, the steadystate improvements and direct scheduling with end users have been met with positive feedback.
Disaster Recovery
Offsite disaster recovery is key to ensuring the state can continue to operate in the event of a wide-reaching and catastrophic event. In August 2014, seven agencies participated in the most recent off-site disaster recovery test. This test, like successful tests in previous years, saw GETS recovery capabilities mature.
Service Provider Program Management Office
When state agencies want to set up a new IT infrastructure service or expand an existing service, the Program Management Office evaluates the service request. It also provides project management services while the new or expanded service is being planned and implemented. The state receives and processes about 100 service requests per month, a subset of which are approved and managed as a complex or simple project. Over the past fiscal year, the state has provided IT infrastructure for major applications, including DPH Vital Events Registration System (GAVERS), SAO PeopleSoft Human Resources, and DCH/DHS Medicaid Integrated Eligibility System. The Program Management Office is continually working to improve project management and reporting, agency satisfaction with its processes, and the delivery of IT infrastructure services.
Cloud Computing and Virtualization
Cloud computing seeks to provide services and technologies in secure and predictable ways without additional capital expenses and infrastructure support costs for customers. In this way, services can be ramped up or turned down quickly to meet changing requirements. The state's IT infrastructure service provider is positioned to help GTA and state agencies benefit from cloud computing by providing a broad range of secure and reliable capabilities, such as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) across a broad range of technologies.
As requirements for regulated data continue to be clarified by Federal and state authorities, there is an ongoing need to use secure environments so state agencies can realize the full benefits of cloud computing. Public clouds may provide the necessary controls, in many cases, to enable full regulatory compliance. In addition, at the state's primary data center, our computing infrastructure is highly virtualized and supports some of the state's most critical applications. Leveraging the existing data center infrastructure will make it much easier for the state to establish cloud services that can be leveraged by all state agencies to facilitate the delivery of servers, storage
34

and other services within a fully compliant and secure environment.
Public cloud offerings give agencies flexibility in defining their own workloads and driving a higher level of flexible consumption capabilities. By providing infrastructure and services from GETS Cloud Managed Service, GTA will be able to support state agencies much more quickly and cost effectively as new requirements surface. By sharing infrastructure and support costs to the maximum extent possible within GETS clouds, GTA will be able to offer more predictable pricing and faster service deployment. State agencies will be able to "fine tune" their use of required resources and services, making their overall costs lower and more predictable.
Mobile Device Management
New-generation handheld computing devices such as iPhones, Androidbased phones, iPads and tablets are rapidly replacing or augmenting more established PC, laptop and BlackBerry devices. These personal devices are capturing the market by providing portability and application capabilities that have not been available with the more established infrastructures. To ensure state agencies are able to benefit from these newer technologies, GTA implemented a new Mobile Device Management (MDM) solution that will allow agencies to track and secure their devices. This technology is essential to securing the state's data assets on mobile devices.
This offering enables agencies to benefit from enhanced management capabilities as they move from BlackBerry devices to non-BlackBerry devices (iOS, Andriod, Windows Mobile). The deployed solution for MDM is a combination of support from an established delivery team dedicated to providing mobility services with over 15 years of experience supporting BlackBerry, iOS, Android and other handheld devices for customers, employees, and the management platforms provided via a partnership with AirWatch.
The MDM deployment provides a managed services solution for transformed agencies by incorporating design, implementation and ongoing management of a hybrid MDM service (on-premise in the GETS-hosting environment and AirWatch cloud). These services include:
MDM support for non-BlackBerry devices including iOS, Android, Windows Mobile devices
Sync and collaboration via email/calendar/contacts with Exchange (Microsoft Outlook)
AirWatch MDM offering and end user self-service portal Integration into the GETS contract and services:
Email/Active Directory support Service desk Incident/problem/change management License management Governance Chargeback services
Service Provider for Network
. Managed Network Service Projects 2014 Annual Report Highlights
35

Our MNS service provider is ramping down its transformation projects in support of the GETS program. In 2014, it closed out the voice refresh and security projects and is now focused on the remaining local and wide area network transformation projects. There are dependencies between service providers as these migrations need to occur before transformation projects can be complete. This work is optimizing and simplifying network services that have been migrated, and proceeding with network software upgrades and refresh activities that are supported in the contract.
Local and Wide Area Network Transformation Program
Agency headquarters and the state's primary data center were the focus of the LAN/WAN transformation program throughout 2014 with completion of projects at the departments of Revenue, Driver Services and Natural Resources; GTA; Governor's Office; State Accounting Office; and a new core network at the Department of Human Services. In addition, the migration of the Capitol Hill network to a new, redundant core network with MPLS connectivity was started and the first phase of traffic migration begun. The remaining agencies will be migrated to the new Capitol Hill network through April 2015 as additional headquarter transformations occur. The new Capitol Hill connectivity provides increased bandwidth, improved quality of service for multimedia applications, and increased fault tolerance to eliminate single points of failure.
Voice Refresh Program Closeout
Commitments were met for the voice refresh program, which brought standardization to state agencies and replaced end-of-life voice equipment at agency locations. Voice transformation work was completed in June 2014. During the last four years, we have successfully refreshed 600 Key systems and 34 PBX sites. Additionally, over 52,420 Centrex handsets were replaced with new sets. This resulted in significant billing and service enhancements for agencies throughout Georgia.
Network-based Firewall, Intrusion Prevention, and URF Filtering Upgrades
Security services between the Internet and the state of Georgia network to prohibit unauthorized access to agency environments, block intrusions, and prevent employees from accessing objectionable websites. These security services underwent a major hardware and software upgrade in 2014 to keep pace with the need for enhanced security and higher throughput. Dynamic, cloud-based techniques categorize websites to keep up with the constant increase in objectionable websites that agency employees should not be able to access. These techniques also help protect agency end users from malware that may infect their computers.
Domain Name Service and IP Address Management Optimization
The MNS team inherited a very complex domain name service (DNS) and IP addressing schema from state agencies. Since technology solutions and services have been consolidated into the state's primary data center and Boulder, Colorado, disaster recovery facilities, AT&T is simplifying and
36

optimizing those services. Over the course of 2014, AT&T teams worked closely with agencies to remove complex traffic routing and clean up large databases. Additionally, new monitoring tools now allow us to more proactively manage the server environment. SSL VPN Remote User Access Program Being able to access agency networks from remote locations in a secure way is a critical need for state employees who telework, travel or work in the field. Over the past year, AT&T continued to transition users to the new SSL VPN platforms. This work continues to track closely to the Active Directory migration and is on schedule. The program is nearing completion and preparing for the final migration of the departments of Public Health, Human Services, and Behavioral Health and Developmental Disabilities through March 2015, as users migrate into Active Directory from the previous Novell GroupWise environment. MPLS Site Non-enterprise Agency Router and Network Refresh Agencies that procure only wide area routers and/or network services routers are also being refreshed with new equipment and targeted circuit upgrades. These agencies will also be moved to AT&T's new MPLS service, which offers more bandwidth options and capabilities.
Department of Natural Resources Managed Broadband Internet Project Our MNS service provider completed a Managed Broadband Internet project at Department of Natural Resources locations in very remote geographic areas of Georgia. These sites rely on the most economical Internet service available but previously had no proactive management of their sites. This project replaced old network equipment and added proactive monitoring of the new equipment to promote faster repair times when the sites lose Internet access.
37

Portal

The GeorgiaGov platform traffic is trending toward more mobile traffic.

The GeorgiaGov Interactive team provides value and leadership in its website offerings to the state. In FY 2014, the GeorgiaGov Interactive team focused on providing additional value and service to customers on the Drupal enterprise content management system, referred to as the GeorgiaGov platform. The team was able to provide this value and leadership through a number of endeavors.
The GeorgiaGov Platform
Web traffic across the platform continues to trend toward mobile devices, with the platform average for mobile traffic reaching 34% of total traffic in FY 2014. In response to the trend toward mobile, the GeorgiaGov team completed design and testing of mobile-friendly layouts for the platform's 12 website themes, using a website design and layout method known as Responsive Design
Platform-wide Mobile Traffic Growth

As part of the effort, GeorgiaGov Interactive created training materials for agencies on how to optimize their website content for migration to the responsive layouts. The team also performed mobile-friendly content audits on each site to further guide agencies on steps to tune their agency content. Prior to the end of the fiscal year, 18 agency websites had switched to the new layouts, with the other 48 sites set to convert by the end of Q2 of FY 2015.
Governance
In the interest of guiding state agencies to provide common user elements on their state websites, and ensure those websites are accessible to the widest number of contituents, GTA approved two web design and development standards in FY 2014: Website Accessibility standard (SA-14-001) and Website Branding standard (SA-14002). Both are aimed at allowing agencies the flexibility to design and manage their websites to their desired specifications, while laying out a framework of common elements that each state website needs to contain so that site visitors can have some simple expectations met when they visit any state website.
38

GovTalks Workshops
The GeorgiaGov Interactive team started a new workshop series for agencies highlighting important trends in web design and interaction. The FY 2014 series included three half-day sessions covering the topics of Mobile, Usability, and Social Media. The workshops have garnered increased interest and participation from agencies. Post-event surveys showed that 100% of respondents would attend a future GOVTalk, and 100% would recommend the workshops to another co-workers or agency. For more information on GOVTalks, visit www.portal.georgia.gov/GOVTalks.
Platform Enhancements
In response to agency needs, the team implemented additional enhancements to the GeorgiaGov platform, including adding Secure Webform functionality. In addition, the support and maintenance team continues to analyze and maintain the health of the platform, rolling out regular performance and maintenance upgrades.
Training
GeorgiaGov Interactive continues to provide quarterly basic and advanced training courses on its web platform, accommodating content managers who want to learn more about what the platform has to offer, new web managers for agency sites, and new customers. In FY 2014, 52 students across 18 agencies attended training classes.
Georgia.gov Website Redesign and Enhancements
The web is always changing, and website analytics provide a constant stream of data regarding what works and what doesn't. With the agility and flexibility of the new GeorgiaGov web platform, the team was able to respond quickly to analytics data showing what worked and what didn't on the georgia.gov portal website, launching a design refresh and information architecture overhaul just 16 months after the site first launched.
The team also implemented an enhancement to sort search results, ensuring that the most relevant results appear at the top of search results.
GeorgiaGov's blog, "This Week in GeorgiaGov," highlights different government services, informs the public of events and trends that may affect them, and offers solutions to common problems that Georgians may face. These posts are published three times a week, and are also distributed through GeorgiaGov's Facebook and Twitter accounts.
This year, the GeorgiaGov Interactive team also debuted a new section of the website called "About Georgia," which aims to educate students and non-Georgians about the state. On "About Georgia," users can read about the history of Georgia, learn about facts and symbols for the state, become familiar with Georgia government and find links to more resources.
GeorgiaGov Interactive's innovation produces results
New Customers
In FY 2014, the GeorgiaGov team added eight new agency websites to the state platform, and is poised to add four more by mid FY 2015.
39

Industry Recognition The Georgia.gov website platform was:
Named a finalist for Best Government Website by Blue Drop Awards Featured in Government Technology magazine, Georgia Saving Millions with
Open Source Technology Roadmap for FY 2015: Data and Accessibility The main trend to watch in FY 2015 and 2016 is an increase in agency requests for support in visualizing and mapping their data for online consumption. Agencies currently make a lot of their data available in the form of raw spreadsheet or tabular data. As the industry trends toward making this content more consumable and visual, agencies in turn want to provide their important data in a way that enables their constituents to see its value and impact quickly, through visualization techniques.
40

Stakeholder Value

Georgia's agencies are using IT to improve business operations.

Overview
Technology in the state exists to enable government to serve its citizens. Georgia's focus since the implementation of the IT transformation effort in 2008 is to enhance service delivery by improving how citizens connect to their government. Getting the right foundation in place to build upon will be essential to connecting Georgians with their government. The focus continues to be on improving the customer experience and value to stakeholders. In addition to the citizens of the state, the term "stakeholders", in its broadest definition, includes the state workforce, which needs to have increased quality of service from service providers to provide a higher level of service to their customers.

Throughout FY 2014, the state worked to strengthen the governance of the state's IT enterprise. Through greater transparency in IT project management, operations and costs, state leaders are able to make better fact-based decisions about investments in technology. Our commitment is to continue to work with our private-sector partners to transform the state's use of technology through consolidation, virtualization, and integration.

With dependable, modern, and secure technology systems and a strategic partnership between technology and business, we will be able to provide innovative business services and ensure a robust, transparent IT enterprise where decisions are made with the citizen in mind.

The Stakeholder Value section of the report is organized according to Governor Deal's goals. Each of the seven goal areas has IT projects that highlight support of those goals. This is not a complete accounting of state projects that support the goals but a sample of the projects.

41

Educated

Because strong schools are the only proven route to tomorrow's good jobs, Georgia government is focusing on producing well-prepared students who are life, college and work-ready. The Educated Goal focuses on requirements to prepare students to compete nationally and internationally.

Longitudinal Data System Tunnel
Agency: Georgia Department of Education (DOE)
Problem:
DOE needed more accurate and a broader base of data to track student information and the drivers to better outcomes. Additionally, DOE found that its educational longitudinal student data system was not easily used because users had yet another ID and password to remember.
Solution:
DOE received a grant from the U.S. Department of Education to build a longitudinal student data system to track student information over multiple years and through multiple schools. Several previous attempts had been made to develop a longitudinal data system, but these efforts were not as successful as possible due to low usage. As DOE embarked on this new initiative, project staff asked school districts to identify the major issue that kept them from using the system. Overwhelmingly it was the need to remember yet one more ID and password. To address this issue, DOE developed the data system tunnel, which allows a district user to access DOE's longitudinal data system through a local application without the need for a separate ID and password. DOE's solution relies on creating a trust relationship between endpoints in two separate applications. Once established, the trust relationship can be used to transmit information between the two applications in a secure manner.
Benefits:
More than 90,000 teachers and administrators in Georgia's K-12 public education system now use the system along with staff in the Department of Juvenile Justice and the Division of Family and Children Services. The data tunnel makes it easier to use the longitudinal data system since a separate ID and password are no longer necessary. Increased usage helps to avoid lost productivity, which means millions of dollars in savings and cost avoidance.

Race to the Top Data Warehouse Build aka (GAAWARDs)
Agency: Governor's Office of Student Achievement (GOSA)
Problem:
GOSA was charged with performing research to improve educational performance and student outcomes, but it lacked a method to easily solicit answers to 80 research questions. It also lacked an IT staff and the equipment necessary to facilitate research.
42

Solution:
In 2007, GOSA began developing the Georgia's Academic and Workforce Analysis and Research Data System (GAAWARDS), a Statewide Longitudinal Data System funded by Race to the Top that tracks students from Pre-K through workforce entry. The system has data from 2007 through 2012 from participating organizations, including the Georgia Department of Education, University System of Georgia, Technical College System of Georgia, Department of Early Care and Learning, Professional Standards Commission, Georgia Student Finance Commission, Governor's Office of Student Achievement, Department of Labor, College Board and the National Student Clearinghouse.
GAAWARDS data is made available to approved researchers employed by one of the participating state agencies with the high-level analytical skills and research training needed to mine the data and answer critical policy and evaluation questions. No other researcher is given access to the data from this system at this time. The analyses performed by these agency researchers will help identify and improve post-secondary enrollment barriers and promote patterns that produce consistent post-secondary persistence to degree.
How:
GOSA does not have an IT department nor did it have any servers prior to this project. To address the need for hardware, network and security support, GOSA contracted for these services with the University System of Georgia (USG). In addition, USG provides administration/physical database support for Oracle.
GOSA's data warehouse/business intelligence stack is: RedHat OS, Oracle 11g database, Informatica PowerCenter ETL, Informatica Master Data Manager, Informatica Metadata Manager, and Oracle Business Intelligence Enterprise Environment BI.
Benefits:
Three key benefits GAAWARDS brings to the education research space for the state of Georgia are consistent data, standard data, and data available over time. Prior to GAAWARDS, when similar reports and data review in line with the researcher questions were attempted, student matching was done by hand and could not be replicated, only one or two years of data could be processed at a time, and there were few standards applied.
University System of Georgia GeorgiaVIEW Brightspace Implementation
Agency: Board of Regents of the University System of Georgia (USG)
Problem:
The Board of Regents of the University System of Georgia (USG) faced a daunting business problem: transforming higher education through an innovative, integrated learning platform to lower costs, maintain quality and provide greater access to under-represented segments of society. The USG wanted a single system so all students, regardless of which educational institution they attended, could benefit from the same platform. The system should:
Take advantage of new technologies to realize economies of scale
43

Mobile

Provide the lowest possible price and support affordability so that cost was not a barrier to participation by the USG's educational institutions
Meet the needs of current students and support the Governor's goal to add 100,000 students by 2020
Increase college completion rates dramatically by providing modern tools for student engagement and accessibility from mobile platforms so students could learn anywhere and anytime
Solution:
The solution is GeorgiaVIEW Brightspace, innovative Software as a Service (SaaS). It provides a central location for students at 28 of the USG's public, higher-education institutions to access all of their courses and associated educational materials. It uses the USG's PeachNet private cloud and offers more than 160,000 courses to more than 310,000 students, making it the largest private-cloud deployment of the Brightspace platform in the world. GeorgiaVIEW Brightspace includes user and technical support, a community of practice for institutional administrators, extensive training opportunities for faculty and administrators, integration with the USG's student information system, external authentication, and more than 50 third-party software integrations. Each educational institution maintains its own branding and has extensive capabilities to optimize its student and faculty interface and experience. The ability to realize substantially lower and predictable costs through private-cloud services while maintaining institutional control is a key component of the USG's technology solution.
In addition, the USG's INGRESS middleware integrates GeorgiaVIEW Brightspace with the USG'S Banner student information system, thereby enabling multi-institutional registration. The combination of GeorgiaVIEW Brightspace and the award-winning INGRESS system is unique to higher education.
Benefits:
GeorgiaVIEW Brightspace is used heavily by students and faculty both inside and outside the classroom. It experiences more than 250,000 user logins and 50.67 million hits daily, and utilization continues growing. Faculty have created more than 42 terabytes of educational content that can be accessed with mobile devices using Android, iOS and Windows operating systems.
By hosting GeorgiaVIEW Brightspace in its private cloud, the USG is saving more than $7.5 million compared to public clouding hosting. In addition, the USG has achieved a cost savings of $11 million for each add-on service that's purchased for the system. System-wide analytics, content portability, systems that predict student success on a course level, state MOOCs (Massive Open Online Courses) and multi-agency support initiatives are being built upon the strategically implemented GeorgiaVIEW Brightspace.
Economic development requires the continued ability to move people and goods efficiently. A transportation infrastructure is key to economic competitiveness and Georgia's transportation network, including airports, highways, rail lines and ports, has always been a selling point. The Mobile Goal strives to prioritize transportation investments to ease congestion and improve population mobility.
44

Drive Sober, Georgia
Agency: Governor's Office of Highway Safety (GOHS)
Problem:
Although the overall number of fatal highway crashes in the state continues to decline, the GOHS sees an increasing trend in alcohol-related crashes. From 2010 to 2011, there was a 4.5 percent increase in alcohol-related crashes, a 9.4 percent hike from 2011 to 2012 and a 3 percent increase from 2012 to 2013.
Solution:
"Drive Sober, Georgia" is a phone app that provides users with a list of sober ride services and cab companies in their region of the state. If a user is visiting a bar or is out with friends and needs a sober ride home, they can use the app to find a service in their area to drive them home safely. The application is free and works on both Apple and Android devices.
How:
GOHS implemented a simple, database-driven application that features an easy-to-use interface and allows users to select from a list of Georgia's 11 most populous metro areas. The app can guide the user to a list of transportation services. The listings are straightforward with just the company name and phone number. Each service is also designated as either a paid or free service, and once the user chooses the service they want, the app automatically queues up the phone number to the user's dial keypad. On the back end, all of the content is accessible by GOHS staff for any necessary changes that need to be made to keep the contacts and information up to date.
Benefits:
With just a few taps of a smartphone screen, GOHS equips partygoers with a list of safe choices to get home. This is especially important on "drinking holidays" like St. Patrick's Day, New Year's Eve, Cinco de Mayo, Super Bowl weekend and many others, when there are large numbers of alcohol-related driving incidents.
Over the 2013-2014 New Year's holiday period alone, there were more than 400 downloads of the Drive Sober, Georgia app. That's potentially well over 400 drivers who were kept off Georgia's roads during one of the most dangerous holiday periods of the year. During the 2014 St. Patrick's Day festivities in Savannah, the app was downloaded more than 200 times.
Team Georgia Directory
Agency: Department of Administrative Services (DOAS)
Problem:
The State Agency Directory, which provided the names and contact information for key leaders in all state agencies, was published annually in
45

January by DOAS, and a downloadable version in PDF format was updated throughout the year on www.team.georgia.gov. Because the printed version quickly became obsolete due to normal changes in personnel assignments, DOAS saw a need to provide the directory online so it could be updated regularly and made easily accessible on mobile devices.
Solution:
The new Team Georgia Directory is a web application available at www.team.georgia.gov/directory. It is also available as a free mobile app accessible on most smartphones. Self-administration is one of the app's noteworthy features. It gives agencies direct access to their contact information so they can make updates themselves as needed. Updates are in real-time, which means the directory is as current as possible.
How:
The application was developed in HTML5 for both the mobile and web-based Team Georgia Directory. It is available as a free download in the app stores for Android, iPhone, Windows Phone, and BlackBerry. The online version has an option to print the directory for those committed to the traditional paper version.
The application was developed internally and represents DOAS's first-ever application deployed to mobile platforms. This required the team to learn new technologies, establish a new test environment, and create new deployment procedures.
Benefits: The Team Georgia Directory is an index of more than 100 state agencies and executive offices for executive, legislative and judicial branches, facility locations, website addresses, phone numbers and email addresses. Both the web and mobile apps have a searchable database to find contact information, either by agency or employee name. The mobile app allows users to save employees and agencies to their phone contacts, add them to a favorites list, or call and email them directly from search and detail features.

Growing

The Growing Goal supports creation of jobs and growing businesses. The State of Georgia believes that its economic development requires a competitive business environment with access to capital for start-ups and growing businesses.

Georgia Outdoor Map
Agency: Georgia Department of Natural Resources (DNR)
Problem:
DNR faced a big challenge: take mountains of geographical data and combine and present it to citizens in a meaningful way. For over 20 years, the state had invested millions of dollars to collect geospatial data, but the data was spread across more than 40 websites and stored in ArcGIS files, Oracle and SQL databases, Excel spreadsheets and PDF documents. As a result, the
46

ability to correlate data according to multiple needs did not exist. For instance, if someone wanted to find a location that offers fishing and camping and is wheelchair accessible, it was practically impossible. In addition, none of the data was in a format that allowed access from a mobile device, and like most state agencies, DHR had very limited funds to address the challenge of somehow making the data useful to Georgians and even its own staff.
Solution:
DNR found its solution in a public-private-academic partnership. With the assistance of interns provided by Georgia State University, DNR collected data from all five of its divisions. It then worked with an architecture team at Google to organize the data and load it into the Google MapsTM mapping service, which provides a single platform for presenting data in Google Maps. The resulting Georgia Outdoor Map, www.GeorgiaOutdoorMap.com, is a single online site where anyone can find locations for outdoor and recreational activities meeting individual wants and needs. Georgia Outdoor Map is accessible from any device with a web browser, including desktop computers, smartphones and tablets. Users can tailor searches to their specific needs, including accessibility for people with disabilities, and easily access turn-by-turn directions, telephone numbers and website links for more details.
DNR operates more than 400 properties covering more than one million acres, and Georgia Outdoor Map encompasses all properties open to the public, from the smallest historic site to the largest wildlife management area. It offers a "Near Me" feature to help users determine which recreational opportunities are close by. Users can even find the locations of artificial reefs, some of which were created with old transit cars, and sunken boats; both types of sites are often great spots for fishing.
Benefits:
Georgia Outdoor Map makes information about the state's natural, recreational, cultural and historic resources more readily available to the public, and it's receiving up to 500 visits per day. It also:
Enables DNR to layer existing business data on a single map so users can see information in a more insightful, actionable way
Provides users with a no-cost, "one-stop shop" for their recreational needs
Promotes tourism and increased use of DNR-managed sites, resulting in higher revenues
Enhances DNR's operational efficiency by reducing calls to DNR headquarters and its five divisions; prior to the launch of Georgia Outdoor Map, each division was receiving up to 25 calls every week about locations for various outdoor activities and their availability
Serves as an ongoing platform for sharing information across DNR's five divisions and program areas within each division
Enhances public safety; if someone is lost or needs assistance while visiting a DNR-managed property, rescue teams can couple real-time views of the property's boundaries with the GPS function that's available on most mobile phones to find the person
47

GWCC Network Upgrade
Agency: Georgia World Congress Center (GWCC)
Problem:
For events such as Microsoft MGX in June 2013, the GWCC had to provide Internet service to several thousand attendees who needed speeds in excess of the 500 Mbps that was then available at the facility. For this network to be upgraded, the GWCC's in-house IT provider, CCLD Networks, needed to increase capacity to 1 Gigabytes per second (Gbps).
Solution:
For the GWCC to remain competitive in attracting highly technical events, event network infrastructure has to transverse data at a very high rate. To provide enough bandwidth for events such as Microsoft MGX, the entire event network had to be revamped with new fiber, copper, electronics, etc.
How:
Over the 9-month period between events, CCLD Networks installed 8,500 feet of 12-strand single mode fiber optic cable, 35,000 feet of 24-strand single mode fiber optic cable, 200,000 feet of cat-6 Ethernet cable, 8 Cisco core switches and 53 Cisco catalyst edge switches. This upgrade provided 1 Gbps Internet connections to the end users and a 10 Gbps back haul for data traversing the network.
Benefits:
The new network peaked at 840 Mbps of bandwidth, and the average bandwidth was 400 Mbps for its first event. This network upgrade allows the GWCC to provide quality, reliable Internet service to any of the high technology events that may want to come to Atlanta. The bandwidth available at the GWCC can be used by any event. It can be utilized via hardwired or wireless connectivity.
National Directory of New Hires Project Phase II
Agency: Georgia Department of Labor (GDOL)
Problem:
GDOL wanted to strengthen its fraud-detection efforts related to Unemployment Insurance (UI) overpayments and more rigorously monitor the effectiveness of re-employment services.
Solution:
The Federal Office of Child Support Enforcement's (OCSE's) National Directory of New Hires (NDNH) is a valuable resource to help states meet the performance criterion for detecting UI overpayments and collect information about state performance in facilitating re-employment of UI claimants.
NDNH is a compilation of new hire and related information that is contained in three databases: a W-4 database, UI claims database and UI wage database. These databases can be used to identify possible unemployment insurance benefit fraud. Additionally, these databases can provide information on the effectiveness of re-employment services offered by the
48

GDOL.
How:
OCSE provided detailed instructions and record layouts regarding NDNH to the state workforce agencies. GDOL had three major components to implement, each with instructions, record layouts and reporting requirements.
W-4 Weekly Data Match cross matches the past seven weeks of UI payment files against the NDNH W-4 new hire information.
Quarterly Wage cross matches all SSN's of those claimants who received UI benefit payments from Georgia in specified quarters against NDNH.
UI Re-employment Measure/ ETA9047 is a federal report providing data on the re-employment of UI benefit recipients.
These items are being added into GDOL's existing reporting and claims processes.
Benefits:
Provides weekly cross match of individuals receiving unemployment benefits
Reduces and prevents the improper payment of unemployment benefits to employed individuals because benefits are suspended upon receipt of new hire report
Increases the number of detected and established overpayments Preserves the state trust fund by preventing overpayments Identifies fraud and potential fraud faster because employers are
required to report Provides the specific employer information to assist in contacting the
employers to verify reported new hire information Provides updated claimant address information to assist in locating
individuals when conducting investigations Increases GDOL ability to become aware of individuals returning to
work even in states other than Georgia Increases the probability of verifying employment information for job
referrals made by GDOL and allows us to take credit for job placements Improves the integrity of the UI program Aids in the establishment of working relationship with Office of Child Support Enforcement Helps to identify job separations
49

Quick Wage System (QWS) for Unemployment Insurance (UI) Tax
Agency: Georgia Department of Labor (GDOL)
Problem:
GDOL requires more than 209,000 Georgia employers to report wages that are paid to employees, GDOL is responsible for retaining wage information, primarily for establishing benefit claims.
Solution:
The Quick Wage System (QWS) is a technology solution that allows for the semi-automated input of wage data from both structured and re-created forms.
GDOL's Employer's Quarterly Tax and Wage Report is a form often re-created by employers and submitted as a replica for the official document. Data on these unstructured, multiple-page reports previously required 100 percent manual keying into the GDOL unemployment insurance (UI) tax system. GDOL implemented a solution based on the quick wage system from Fairfax Imaging, Inc., which was modified to meet the requirements of the GDOL UI Tax Division. The QWS performs intuitive character recognition using optical scanning technology and enables semi-automatic data input. Prior to the QWS, GDOL scanned only single-page wage reports and manually entered all data from multiple-page and unstructured reports. The QWS has allowed GDOL to obtain scanned images of all wage documents, regardless of the structure or number of pages.
Benefits:
The project has resulted in numerous operational efficiencies: The manual entry of data from replicated forms has been reduced from 100 percent to less than 20 percent. During peak periods, an average of 3,000 single- and multiple-page wage reports can be processed every day. Scanned images of all reports are easily maintained for documentation purposes. The quarterly processing cycle can be completed in about 20 days instead of 45 days as was often required prior to implementing the QWS. The QWS allows GDOL to process tax reports and wage reports at the same time; the reports previously had to be processed at different times. The number of personnel required to handle employer wage reports has been reduced from 131 to 52.
50

Treasury Offset Program (TOP)
Agency: Georgia Department of Labor (GDOL)
Problem:
Past-due unemployment insurance (UI) tax debts and certain unemployment compensation (UC) benefit payments were almost impossible to recover. The persons responsible for payment were difficult to find and often there were no assets to attach for recovery.
Solution:
GDOL saw the opportunity to recover unemployment compensation (UC) and unemployment insurance (UI) employer tax debts from federal income tax refunds under the Treasury Offset Program (TOP) operated by the U. S. Treasury's Financial Management Services (FMS).
The UC Debt Program includes recovery of the following debts: Past-due debts for erroneous UC payments due to fraud or to working while claiming benefits UI employer tax debts include any delinquent contributions to the unemployment fund attributable to one person (including Limited Liability Corporations) along with any penalty and interest accruals
How:
GDOL sweeps its payments system for overpayments that are over 30 days old, those whose collection notices have been ignored by claimants and those that meet the TOPS requirements as fraud overpayments. These overpayments are added to a file sent to TOP on a weekly basis. The TOP intercepts any federal income tax refunds payable to identified claimants.
Benefits:
Overall benefits:
Alternate means to pursue debt recovery of overpaid unemployment benefits, penalties and interest and to overpayments due to fraud or unreported earnings. GDOL has recovered over $10 million in its first two years of operation.
Recovered monies contribute to the solvency of the UI Trust Fund, which positively impacts employer tax rates.
Reduction in future UI fraud as claimants are aware that funds can be recovered directly from the IRS.
Improvement in operations:
Automated processing of data to IRS and electronic funds transfer to GDOL involves little staff intervention, saving time and reducing errors.
Application of recovered monies is automated, reducing banking costs, errors and staff time.
Based on programmatic system updates from GDOL, TOP automatically adjusts the amount requested for recovery if GDOL recovers funds from other sources. This feature reduces errors and subsequent processing time to make corrections.
51

Unemployment Insurance (UI) Benefits Debit Card

Agency: Georgia Department of Labor (GDOL)

Problem:

GDOL needed a way to provide unemployment insurance (UI) benefits to claimants in a secure way while reducing the administrative overhead of printing and processing of paper checks.

Solution:

GDOL now provides weekly benefits via debit cards to individuals receiving Unemployment Insurance.

How: Account information and payment files are transmitted between the payment processor, GDOL and the issuing bank to fulfill Claimant Unemployment Benefits via debit card. The issuing bank then posts funds to an aggregate account and transmits an ACH file to the payment processor to update cardholder accounts. The payment processor then deposits funds into cardholder accounts. ACH deposit files are sent daily during the Federal Reserve Bank processing windows.

Benefits:


Faster and safer delivery of UI benefits to Claimants at a cost savings to GDOL by using a MasterCard debit card secured with a personal identification number. Reduces average monthly bank analysis fees by approximately 52%, saves $780,000 in postage annually. Claimants can access their account information online 24/7, 365 days per year, via the vendor's website that is also secured by username and password, or by calling the debit card customer service.

Healthy

Improving the health and wellness of Georgians is essential to promoting our state as a great place to live, work and play Economic development requires a well-managed healthcare delivery system providing positive outcomes and contained costs. While Georgia is home to world-class healthcare institutions and practitioners who are pioneering new advances in medical research and clinical care, the Healthy Goal recognizes that it needs to address growing demand on the healthcare system, finding innovative ways to attract and retain highly qualified providers to our state.

Georgia Integrated Eligibility System Phase I
Agency: Georgia Department of Community Health (DCH)
Problem:
DCH needed to implement a new federal law for Medicaid. The Patient Protection and Affordable Care Act (ACA), passed by Congress and signed into law in March 2010, required a new method of calculating eligibility for
52

Medicaid and an integrated system allowing seamless eligibility processing for Georgians requesting healthcare assistance.
Solution:
To accomplish these mandates, the state needed to incorporate changes into its existing systems. The solution was accomplished with a project under the coordinated leadership of DCH and the Georgia Department of Human Services (DHS), with coordinated participation from the Georgia Technology Authority (GTA), federal agencies, and Maximus, the PeachCare for Kids vendor
How:
To comply federally mandated deadlines, it was necessary for the state to utilize in-house resources to meet the most urgent requirements:
Current Medicaid and PeachCare for Kids eligibility systems were updated to accommodate the new eligibility rules.
Eligibility systems, the web-based application portal and webMethods (Enterprise Application Integration) were updated.
Current systems were updated to utilize one web portal for acceptance applications for Medicaid and PeachCare for Kids.
Current systems were updated to provide eligibility determination and the new renewal process.
Client notices were updated.
Benefits:
Creates a self-service, client-centric model that provides additional options to customers, who can: o Submit applications for services or benefits through the online application and renewal process o Report changes o Obtain status updates o Manage their benefit accounts
Connects programs that were previously unable to be linked without extensive manual intervention
State Health Benefit Plan (SHBP) Enrollment Portal - Phase I
Agency: Department of Community Health (DCH)
Problem:
The state needed a portal to host the processing of employee enrollment for the State Health Benefits Plan. The specific goals were:
Decrease the administrative burden for staff, employees, and employers
Integrate management and oversight tools for SHBP and agency/school system partners
Increase employee engagement and responsibility Increase employee, employer, staff, and vendor accountability
Solution:
SHBP implemented a web-based portal, maintaining existing mainframe
53

interfaces and processing with its Membership Enrollment Management System (MEMS) to accept and perform health care enrollments and lifestyle changes for eligible state of Georgia employees (i.e., active, COBRA, retirees). The purpose of the project was to offer employees, employers, and SHBP ease of entry and administration through the availability and use of a web- and rules-based system for maintaining healthcare eligibility and enrollment data. The portal eliminated significant manual effort and forms that the SHBP business unit and employers used to update MEMS. The portal continues to be tweaked for improved processing but is certainly considered a successful and stable environment.
How:
The portal, hosted by ADP, provides a 24/7 self-service event processing environment for all eligible state of Georgia employees, their dependents, and employers. With Phase 2, SHBP will gain a single, ADP-hosted platform for inbound/outbound agency interfacing, benefit accounting, COBRA, direct bill, and dependent verification services.
Benefits: The project has resulted in more efficient and less costly operations:
100% uptime and threshold page response time Open Enrollment had 388,340 confirmed enrollments for 2014 Elimination of paper enrollments for new hires and life events Saving over 2,000 pounds of paper annually, related printing and
processing costs Elimination of enrollment delays/change delays due to an inability to
read paper forms or missing data Elimination of manually introduced errors made by reading and
processing paper forms Tighter controls around timing of when changes are allowed

Safe

Georgia government is striving to identify and implement innovative strategies and solutions to better execute on the core mission of government to protect its citizens. Also, Georgia's economic development requires healthy, safe communities. The Safe Goal drives toward common-sense laws, well-trained and well-equipped law enforcement agencies and an efficient judicial system. Georgia government is also concerned with delivering a comprehensive, statewide solution that addresses illegal immigration and the burden it is creating on our correctional, educational and healthcare assets.

Online Driver's License Reinstatement Integration and Modernization (RIM)
Agency: Department of Drivers Services (DDS)
Problem:
DDS handles over 200,000 license reinstatements at its customer service centers and more than 600,000 calls about license reinstatements at its

54

contact center every year. DDS officials wanted a technology solution that improved the license reinstatement process for both Georgians and DDS staff.
Solution:
To improve the license reinstatement process, DDS launched Driver's License Reinstatement Integration and Modernization (RIM). It enables a customer to check his or her eligibility for driver's license reinstatement; view, print or email a list of specific reinstatement requirements; pay fees; and reinstate driving privileges online all without a visit or telephone call to DDS. Through RIM (www.dds.ga.gov > Online Services > Suspension Information), a customer can also access his or her personalized conviction information, citation number and court information associated with a suspension. Reinstatement of the driver's privileges occurs automatically when all requirements are met.
Benefits:
RIM enables customers to complete the following steps online without a visit or telephone call to DDS:
Check driving reinstatement eligibility View, print or email a list of specific reinstatement and/or permit
requirements Validate a Course Completion Certificate for a Defensive Driving
and/or a Risk Reduction Course as complete Pay fees and reinstate driving privileges for many more types of
suspensions. Before this enhancement, reinstatement fees were only collected online for Failure to Appear and Super Speeder reinstatements. Replace a reinstated license online after all reinstatement requirements are met.
Sex Offender Registry Tool (SORT)
Agency: Georgia Bureau of Investigation (GBI)
Problem:
Legislation was passed by the Georgia General Assembly in 2006 related to sexual offender registration that required collecting and sharing additional offender information. To implement these legislative changes, the GBI needed to make changes to the sex offender database and registry and incorporate modern web technologies.
Solution:
The GBI replaced the original sex offender registry application with the Sex Offender Registry Tool (SORT), a web-based sex offender management application provided by the U.S. Department of Justice.
How:
SORT has the ability to capture all required federal information and validate data upon entry. It also allows for report creation and provides greater flexibility for future enhancements as dictated by state and federal legislation, operational needs and public demand. Georgia sheriff offices can
55

Skip a Trip

directly access SORT to update information about a sex offender, such as address verification; submission of scars, marks and tattoos; and a historical list of offender photos.
Benefits:
By modernizing and replacing the state's sex offender registry, SORT provides noticeable improvements, such as:
Tools to enhance data accuracy Increased notification and offender management reports for sheriffs Search capabilities for sheriffs Audit logs of changes to an offender's record. Ability to interface with other systems, including the National Crime
Information Center (NCIC), Computerized Criminal History (CCH), Nlets, the state's Message Switch, National Sex Offender Registry, the Sex Offender Registration and Notification Act (SORNA) Exchange Portal, and the Sex Offender Registration and Review Board (SORRB) Data improvements including multiple photos of offenders; offense descriptions and link to statutory references; visual map of where offenders live; SORRB offender level and description; definitions (i.e. absconder, incarcerated); a variety of offender searches are available (by name, location, offender type, incarcerated, absconded) A Submit-A-Tip and/or question feature Community notification
Agency: Department of Drivers Services (DDS)
Problem:
DDS began experiencing a significant increase in wait times at its customer service centers when Real ID documentation requirements from the U.S. Department of Homeland Security became effective in July 2012. About 20,000 customers per month were returning to a customer service center at least once to present required information and complete the process for issuing a driver's license. DDS leadership set out to deploy technology in strategic ways to improve service and send the message that government can indeed work in an efficient, customer-focused way.
Solution:
Skip A Trip (www.dds.ga.gov > Online Services > Skip A Trip), was developed as an alternative method for customers to submit residency and Social Security documents in compliance with Real ID documentation requirements. It offers options for customers to fax residency and Social Security documents to a secure fax server, mail them to DDS or upload them through their DDS online account. During an initial visit to a DDS customer service center, a customer is provided with a printout that serves as a fax cover sheet. The customer also receives a list of documents that he or she still needs to provide. The printout includes a bar code that indexes the customer's documents to the correct customer record when it is faxed to DDS or scanned by a DDS team member. A customer who submits documents through his or her online account is able to view outstanding requirements online, attach scanned documents and submit them electronically to DDS.
56

Through account authentication, documents are indexed to the correct customer record.
Benefits:
Since DDS launched Skip a Trip, 71% of customer submissions by fax, online, and mail led to successful completion of the license issuance process.
Training Records Information System (TRIS)
Agency: Georgia Department of Juvenile Justice (DJJ)
Problem:
Employee training records were stored in hard copy files, supplemented by limited online records with access to only specific administrative personnel. Registration and record keeping became more of a challenge to coordinate, and instructors were often surprised by unregistered students.
Solution:
DJJ implemented a web-based Training Resource Information System (TRIS) accessible to employees, managers, training coordinators and training administrators. Through TRIS, DJJ staff can:
Complete online registration for training events, Receive quick email confirmation of enrollment, Have automatic updates to the employee training record upon
completion of an online training program, and Access individual or multiple training records of staff.
How:
TRIS is based on a SharePoint 2010 / SQL Server 2008 solution running on Windows 2008 Servers and utilizes SSL for website data protection. TRIS uses .NET technology to enhance the data access and reporting tools as well as tying into Legacy Active Server Page (ASP) applications for online testing. TRIS ties directly into Active Directory (SOG) for access control as well as user workflow determinations.
Benefits:
Since creating TRIS the benefits have been overwhelming: Facilitates centralized management of course seats in shared course sections. Provides employee self-serve access. Automatically updates training records upon completion showing passing or failing of online test. Provides online, in-service training for Juvenile Parole Probation Specialist, Mental Health and Health Service Professional with automatic updates to their training records upon pass/fail. Captures non-DJJ training, such as accounting course work, technology certificates, staff policy training such as HIPAA, etc. Centralized and shared records on staff's professional licenses and certifications with automated alerts of expirations and need for renewal (i.e. teachers, clinicians, psychiatrists, doctors, nurses,
57

behavioral health counselors, transportation officers, etc.). Management reports for local office/facility, District Office, Regional
Office, DJJ statewide, and Training Academy.

Commercial Driver's License (CDL) eTablets
Agency: Department of Drivers Services (DDS)

Problem:

DDS needed a technical solution to improve efficiency and reduce fraud in the commercial driver licensing (CDL) road test process.

Solution:

DDS implemented an electronic road skill system that provides the state and future third-party examiners a safer and more efficient way to submit and record CDL skills test information.

How:

Using a hardware and software solution from MorphoTrust, Inc., DDS now provides automated, paperless driver skills testing. Using electronic forms on lightweight, portable tablet PCs, the RoadTest application automates most modern administrative processes.

Examiners use a pen-based data-capture engine with intelligent form elements such as check boxes and dropdown lists. Test scores are calculated automatically, and GPS capability tracks the road test route and calculates vehicle speed.

At the completion of the skills test, the examiner uploads the saved test data and results to the central server, thereby allowing supervisors to review historical tests and see reports based on road test data. The results of the test are also uploaded to customer systems through a web services interface.

Furthermore, the CDL road skills testing application utilizes an import feature that allows examiners to pull an applicant's information from the driver license system to populate fields in the Information section of the test, further reducing the possibility of information being keyed incorrectly.

Benefits:


Reduction in the chance of errors Enhanced fraud prevention efforts Automation of tasks that were previously performed manually Elimination of human intervention in calculating and recording test results to a customer's record Increased efficiency and accuracy

Digital Motor Vehicle Network (MVN) Center Displays
Agency: Department of Drivers Services (DDS)

Problem:

DDS continually seeks ways to provide information about licensing requirements to customers and potential customers when they visit customer service centers in person.

58

Solution:
DDS established a partnership with the Motor Vehicle Network (MVN), an established company that uses high definition (HD) televisions to broadcast individual messages and advertisements targeted towards DDS' customers. MVN provided the equipment and performed the installation at no cost while DDS provides content for the monitors that focuses on highway safety initiatives. Customized messages about DDS policies and procedures, public service announcements and advertisements reach about 3.57 million customers annually at DDS customer service centers across the state.
How:
DDS approves any sponsor, sponsorship messages/advertisements and/or program content before it is displayed. Initial DDS messages were created by a workgroup consisting of DDS team members. Messages are subsequently created by various DDS departments. DDS generally creates a mock-up in PowerPoint and sends it to MVN, whose skilled in-house production staff produces the final content for DDS's approval.
Benefits: The entire service is free. Through sponsorship underwriting, MVN is able to offer free services to motor vehicle entities. Providing this service reduces customer anxiety levels, resulting in a friendlier customer-to-staff experience and potentially increasing the speed of service while reducing transaction time. The displays leave a positive perception of the customer's overall experience and of DDS.

Responsible

The Responsible goal recognizes that many state agencies do not have a direct role in providing state services, but rather have a support role for other agencies. The Responsible goals encompass functions such as human resources, procurement, risk management, fiscal services and information technology.

Audit Findings Collection System
Agency: Georgia Department of Audits and Accounts (GDOAA)
Problem:
A workflow system was needed to enable state entities audited by GDOAA to develop Corrective Action Plans (CAPs) in a timely manner, provide information to the State Accounting Office (SAO) for approval and return it to GDOAA for inclusion in the Single Audit Report for the State of Georgia.
Solution:
A web-based application with workflow was developed that allows state entities, SAO and GDOAA to collaborate.
How:

59

A web-based application was developed and built by GDOAA to show audit findings. Each state entity covered by GDOAA can log into the system and see findings they have for current and prior years. The entity then develops a CAP, which is sent through a workflow to SAO for approval. GDOAA then evaluates all the findings for statewide significance. Those that have significance are published in the Single Audit Report.
Benefits:
Coordinates efforts between state entities, SAO and GDOAA. Ensures the Single Audit Report is produced by the prescribed
deadline.
Space and Transaction Management Tracking System (SATMT)
Agency: State Properties Commission (SPC)
Problem:
Managing office space requirements for Georgia state government is no easy task. With more than 100 state agencies, many of which operate a large number of field offices throughout the state, it takes a dedicated team using innovative technology tools to make sure space is efficiently utilized. SPC is responsible for the acquisition and disposition of all state-owned and leased real property. It also assists state agencies in finding office space in either state-owned or commercially owned buildings. SPC turned to technology to help track every step in the space planning and leasing process.
Solution:
The Space and Transaction Management Tracking System answers the question, "Where are we with this project?" It provides detailed and dated information during the space planning and leasing process, and automatically generates emails to specific stakeholders at every milestone and thereby facilitates collaboration between the SPC and other state agencies.
How:
The system was implemented in four phases. Phase I tracks workflow processes for the SPC's Space Management division and all requests from state agencies for commercially leased office space. The system helps enforce a space standard developed by the division and based on industry and publicsector criteria. Phase II added workflow processes for the SPC's Transaction Management division, which is responsible for locating office space in commercial buildings or other third parties and negotiating leases on behalf of state agencies. Phase III added the Georgia Building Authority (GBA) to the system to capture all requests from state agencies for space in stateowned buildings in the Capitol Hill Complex in Atlanta. And Phase IV added a lease tracking module to automate processes such as publicly advertising leases online, a subscription service for prospective landlords and notifications to various stakeholders at every step.
The system was designed and developed in-house by the SPC's Shared Services IT Development Team using QuickBasic. In-house development said the state an estimated $340,000.
60

Benefits:
SATMT offers numerous benefits. The system:
Provides detailed and dated information on each step of the space planning and leasing process by sending out email notifications to the agency leasing coordinator at every major milestone.
Generates ad hoc reports, canned reports and graphs of project details on a wide range of fields for inquiry.
Facilities collaboration by bring stakeholders together, such as the SPC, the Georgia Building Authority, agency coordinators, authorized brokers and landlords.
Ensures greater accountability on the part of the SPC to provide timely and cost-effective space planning and leasing transactions, and it allows the SPC to routinely measure its performance along several indicators.
Enables the SPC to accurately report on its continuous improvement in real estate portfolio management.
State Court Clerk/Marshal's Office Civil Paper Tracking System
Agency: DeKalb County Government
Problem:
The DeKalb County Marshal's Office serves over 75,000 documents each year; meanwhile, the Clerk of Courts Office is responsible for maintaining an equal number of case files. Deputies and court officials lacked an efficient and reliable way to track the documents. As a result, plaintiffs and others directly connected to a court case did not always receive current, accurate information about the delivery of important documents in civil court proceedings, and court officials ran the risk of losing critical case files.
Solution:
The State Court in DeKalb County partnered with the Magistrate Court of DeKalb County, the DeKalb County Clerk of Courts Office and the DeKalb County Marshal's Office to automate the process of tracking warrants, other service papers and case files through barcoding and radio frequency identification (RFID). The project is the first of its kind in the nation.
How:
The Marshal's Office receives multi-part paper warrants from the Clerk of Courts Office, which serves both the State Court and the Magistrate's Court. DeKalb County uses Banner, a case management system, to print a barcode for each warrant. Personnel in the Marshal's Office sort the warrants by zip code and place them in bins. Deputies take stacks of warrants from the bins and deliver them. As deputies deliver warrants and other service papers, they use a Motorola MC55A handheld, barcode scanning device to scan the documents. The device transmits data to the case management database. Deputies then return the remainder of the multi-part form to the Clerk of Courts Office, where it's filed and ready for circulation to officials in either the State Court or the Magistrate Court.
Meanwhile, an RFID tag is also affixed to every case file in the State Court
61

and the Magistrate Court. The tags are automatically read by RFID antennas, and the location of the case file is fed into a document tracking application. Court officials use the search function on a handheld device to locate particular case files. The device emits an audible alarm when it finds a case file, and it can read data programmed into barcodes. The systems are intentionally engineered for information from the case management system to be shared with the document tracking system. The use of RFID technology makes it possible for court officials to determine the location of critical case files as they are moved from courtrooms to judges' chambers to staff and the Clerk of Courts Office.
Benefits:
The use of barcodes by the Marshal's Office and RFID tags by the courts was planned and implemented as a single project to improve operational efficiencies through seamless, complementary processes that help ensure the timely resolution of court cases. The new technology and business processes also enable court officials to provide the general public with greater transparency into judicial processes by ultimately linking the data gathered by the barcode and RFID tags to a public-facing website where anyone can search for information about the status of court cases.
Surplus Information System (AssetWorks) Implementation
Agency: Department of Administrative Services (DOAS)
Problem:
DOAS operated a paper process to track surplus property transfers of equipment and furniture requiring at least three instances of manual keying.
Solution:
DOAS deployed AssetWorks, a third-party hosted application, for property managers in Georgia's state agencies to transfer property to DOAS for redistribution, reuse or disposal. The system also interfaces with the enterprise asset system for faster and easier processing of surplus financial transactions.
How:
The web-based AssetWorks uses role-based access to enable workflows to facilitate the surplus property process: Site users enter property transfer information Site managers to approve transfers. Surplus division staff can access a list of approved transfers and "receive"
property into inventory. Other agencies can view property (inventory) available for their use. AssetWorks generates a bill of sale or invoice, Surplus division staff can create export files for individual payments, such
as a check or purchase order, or for batch payments, such as a PayPal deposit. Export files, created according to State Accounting Office (SAO) specifications, are exported nightly to DOAS and moved to SAO servers for the upload process to record financial transactions.
Benefits:
62

The AssetWorks solution eliminates the need for the paper transfer form. Data entry of transfer information by Surplus staff is also reduced or eliminated. The system workflow helps to reduce the time necessary to complete the surplus process cycle. This includes a faster turnaround of revenue to the disposing agencies. The system also gives DOAS customer agencies direct access to their surplus property information through system reports
Talent Management System
Agency: Georgia Department of Community Affairs (DCA)
Problem:
DCA's employee performance management system lacked certain required content and review requirements to ensure rating consistency and confirm that all evaluations contain pertinent and detailed information. Solution:
DCA implemented Talent Management System (TMS) as a part of DCA's overall strategy to increase employee development, high performers, and ensure consistency among all program areas. Many managers have commented that using TMS is extremely simple and allows them to focus on the actual planning and evaluation process. In fact, 95 percent of the respondents to a recent survey reported that they had a good experience using the TMS during the 2014 Mid-Term Feedback process.
How:
TMS covers the full employee evaluation cycle including performance plans, a performance journal, midterm reports, annual evaluations. TMS is a fully web-based application using ASP.NET interface and SQL Server database. It incorporates Windows login single sign-on, which makes the system more secure while reducing work for users.
Benefits:
Simplifies work needed for the evaluation cycle and allows managers to focus on employee performance rather than the system.
Mets deadlines more quickly because the Human Resources team can monitor real-time evaluation status by group and follow up with the individual areas that are behind schedule.
Increases collaboration between managers, directors, or the HR team without going through a cumbersome print or email process.
Frees human resources from the need to do extensive technical support on using the evaluation system, since TMS is simple to use and consistent across all modules
TCSG Virtualization Project
Agency: Technical College System of Georgia (TCSG)
Problem:
Available datacenter space for the Technical College System of Georgia (TCSG) was dwindling and demand for servers and applications was
63

increasing. At the same time many of the applications used in support of TCSG's colleges and students are not accessible on mobile platforms. Solution: The TCSG IT team deployed a comprehensive virtualization solution that transforms the way IT operates and serves the employees of TCSG. How: TCSG deployed a Cisco/NetApp Flexpod infrastructure to facilitate the virtualization of servers and applications. Using VMWare as the Hypervisor and Citrix XenDesktop/XenApp as the VDI (virtual desktop infrastructure) platform, TCSG leverages the power and performance of the Flexpod infrastructure to deliver virtual desktops or even virtualized applications securely to almost any device. Cisco Servers provide processor and memory resources to the virtual desktops while a NetApp SAN provides disk I/O and fault tolerant storage. A robust Cisco network infrastructure facilitates access to the hardware. Benefits: When connected to a virtual desktop, employees are presented with their Windows desktop with their full profile as if they were sitting in their physical office. With the VMWare Hypervisor, the IT team can replicate server templates in minutes instead of hours. Upgrades to platforms and applications can be done to all virtual desktops at once, saving many hours by IT staff and downtime for end users. The financial return on a virtualization solution is difficult to gauge since many of the benefits are intangibles (employee productivity and mobility, etc.) and the true benefits come in time savings and performance enhancements.
64

IT Governance
During FY2014, the state made significant progress in the governance of its technology enterprise. However, progress can still be made in how the state makes decisions about technology investments. Many decisions are reached without adequate information to understand the potential costs, risks, and impacts of new technology solutions. We have worked to ensure that investments are implemented efficiently, but we now need to focus on whether those investments deliver the services and benefits needed by the state.
GTA is working with business and technology leaders in state agencies to improve their collaboration. Our goal is to make sure leaders are at the table together when making decisions about strategic directions for service delivery and new investments. We are eliminating barriers to collaboration. We are shifting the thinking and focus from "how to keep the lights on" to enabling business services with technology. One recent example is where individual agencies invested in time-tracking software. After seeing the patterns emerge, agencies working together were able to find a collaborative, enterprise approach that will save all agencies dollars in future support costs, while providing an easier and less-costly path for other agencies that want to take advantage of the enterprise solution.
Going forward, the state needs to improve its management of the business applications supporting critical agency services. Agencies invest more on the development and support of their business applications than any other category of technology expenditures. However, the evidence points to a lack of adequate lifecycle management. We need to do a better job of system lifecycle planning upfront for new systems, upgrades to existing business applications, and even their eventual retirement or replacement.
A strong governance program for the state's IT enterprise will ensure the best decisions possible are being made about investments in both technology infrastructure and services in support of the business and Georgia's citizens.
Technology and Business Trends
Rapidly changing technology is transforming our world. It's disrupted the way major industries do business, and there's no doubt that it's also changing the way government does business. Citizens and private-sector companies alike expect greater online access to services and information. Mobile technologies are bringing state employees closer to the constituents they serve and making them more productive. Other technologies allow government agencies at all levels to share data more easily and empower them to approach old problems with new solutions.
State agencies must work as one to face the challenges of adapting our business and workforce processes processes often developed a generation ago by technology standards to the new world that's emerging around us.
65

Mobility

Mobility is becoming increasingly more important.

More agency personnel will no longer be bound to their offices. They will be empowered to work closer to the customers with whom they conduct business. The case worker will spend more time in the field. The auditor will perform an audit at a remote location. The customer service representative will take calls at their home office.
Work groups will conduct video conferences from their home offices, thereby reducing expenditures for state office space, shortening commute times and helping relieve traffic congestion.
By using technology, the state can break away from traditional work practices, and work groups can be brought together from geographically diverse locations to solve problems. State agencies will need to adopt new tools for their mobile employees' use and for managing a more mobile workforce.

Citizen Access to Service

Citizen access to Georgia government will increasingly be online.

Citizens and companies will conduct a larger percentage of business online. Citizens will experience greater access to government services during extended hours while using a more diverse mix of devices. A fisherman heading to his favorite fishing spot will be able to use his mobile device to renew his fishing license. The skier headed for the lake can renew his boat registration.
The driver headed out on vacation who notices that her vehicle tag has expired can renew her tag online and have the receipt on her phone in case she is stopped by a traffic authority. Schools and universities will continue to accelerate the amount of educational content available to students online.

Innovation
66

Georgia will move to be more innovative.

Agencies will use proven technologies in new ways to address business needs. Multiple agencies with similar needs will work together in a collaborative environment to identify, analyze and apply tactics other states or similar organizations are using to solve problems.
GTA will provide technology expertise, working closely with groups of agencies to adopt solutions. Agencies will better leverage existing technology in changing their business models and processes. The end result will be more effective agency business practices and sharing of appropriate technology to solve issues at an enterprise level.

Technology as a Service

Technology will be inceasingly acquired and managed as a service.

Increasinlgy most of the technologies the state uses will be provisioned as a service on an "as needed" basis and used only as long as they are viable. The cost of services will be reasonable, and payments will be timed to consumption. The state will be able to quickly pivot from one service to another.

The state will also be able to practice "try before buying" since a large capital investment up front will no longer be needed. As these services are vetted and deployed, more agencies can take advantage of Georgia's knowledge base of tried and true IT solutions. By using a shared services model, the state identifies where agencies are successful in the use of a technology solution. That "tried and true" solution can then be propagated throughout the state enterprise. The state can also ask other states about successful services they have implemented and then leverage the same solutions, thereby reducing both cost and risk. Solutions adopted by state agencies may also be extended for use by city and county government agencies. Cities and counties may leverage service contracts established by the state to solve their business problems.

Managing Data as an Asset

67

Data will increasingly be managed as a strategic asset of state government.

The state's technology model calls for collecting data once and using it many times while ensuring a high level of security for citizens' private data. The state will ensure that a citizen's data will not be abused. Agencies will have data sharing and privacy agreements allowing for better utilization of common data that's needed by multiple agencies. By 2020 data will only be shared among agencies by secure electronic means in accordance with the state's Enterprise Bus Standard.
Because data is entered only once, errors are reduced. Since redundant data is eliminated, storage needs and associated costs are also reduced along with the risk of a data breach.
Strong governance is needed to effectively manage data as an asset, and a diverse group of stakeholders must be involved in decision-making processes.

Evaluate Funding/Business Model

The state's business model will undergo continuous refinement to meet changing needs.

The state continuously refines the funding/business model for procuring technology solutions to support its business needs. Where enterprise solutions prove most efficient, they will be developed for use by all agencies with similar business needs. Improvements will drive much waste and duplication out of the state enterprise.
A rich portfolio of economically efficient solutions is available to state agencies. As new technology solutions come to market, they are quickly evaluated and added to the portfolio if they prove pertinent to the business needs of the state.
Moving forward the state will continue to refine its investment management practices. Agencies will be able to take advantage of enterprise-level solutions to meet their business needs. No longer will they have to develop solutions on their own and fully fund an entire system. The state will look at all systems as investments in a single enterprise portfolio of solutions.

Other States

68

Following is an excerpt from the Digital States Survey, which is conducted by the Center for Digital Government and tracks the use of technology throughout the 50 states.

Digital States Survey
Every two years the Center for Digital Government (CDG) (http://www.govtech.com/cdg/) conducts the Digital States Survey, which grades states on how they improve internal processes and utilize technology in support of those processes to serve their citizens. The states are awarded a letter grade based on their responses to the survey. Georgia's responses to the 2014 earned it an A-. Only three states received a higher grade, and Georgia was rated among the top five states in the nation for its technology in support of health and human services. The survey can be found at http://www.govtech.com/cdg/dspi/.

Georgia was commended for clearly showing the alignment of technology with Governor Deal's overall state business goals. The state was found to tie information technology investment and management to the top priorities of state government. Georgia's approach to security was also complimented in the survey, and it was noted that Georgia had a sound approach to mitigating ever-increasing cybersecurity threats.

Three states received a survey grade of A: Utah, Michigan and Missouri. Information from the survey about acitivities in those states and others is summarized below.

Utah

Utah's IT organization was consolidated in 2005 by the state legislature, pooling all cabinet-level IT functions into one central agency. Consolidating IT functions has given the state an advantage that has translated into more online services and a higher rate of civic technology adoption than many other states.

In 2009, Utah became the first state to have an open data portal. Utah offers full visibility into its financial matters and all meetings where the public's business is discussed. The next portal update will include a statewide public records request system and an online portal of legislative emails. The citizens of Utah now have access to air quality data archives, and the state's Department of Environmental Quality hopes to tap into citizen innovation with a "big data" contest aimed at improving air quality.

Nearly 1,100 online services await citizens at Utah.gov, which saves $13.20 for every online transaction completed. That added up to more than $831 million in 2012-13. Adoption rates are at 100 percent for online educator license renewal and storage tank certification, while other licensure services are well over 90 percent.

Utah's mobile strategy, published in 2013, aims to make state services available regardless of user platform. Since 2013, the number of state sites using responsive design, which automatically adjusts a website's display to accommodate the device with which the user is viewing the site, has grown by 500 percent. Utah added a wearable app to its portfolio earlier this year with a public transit app for Google Glass.

The state also boasts significant social media engagement, using a searchable master data index to integrate social content with the rest of its online presence. An extensive analytics program helps the state measure how well social media campaigns are influencing metrics like page views and service adoption. One impressive statistic, according

69

to the state, is the addition of more than 200,000 Google Plus followers in the past two years.
Michigan
Michigan launched several large projects over the past two years, including a Medicaid compliance program and a children's' well-being management system. Cybersecurity and mobile technology also remained strong focus areas for the state. Michigan launched an enterprise "big data" project last year. Michigan's IT department was recognized for its success in financial management. The state's project and resource management has been streamlined in the past two years.
Missouri
Missouri highlighted an interesting project in the survey called the 100 Missouri Miles Challenge, a website designed to encourage citizens to exercise and share their progress through social media. The project demonstrated a successful marriage of civic engagement, data, and modern technologies. Missourians have reported more than 2.3 million miles traveled on state trails since the project's launch.
Other State Efforts
Connecticut made a series of moves to close a large state budget deficit and shore up neglected IT infrastructure. The Connecticut Office of Policy and Management launched a statewide program to improve agency business processes using LEAN management principles. Business process changes are being supported by new technology, like an enterprise identity and access management platform launched in conjunction with the quasi-public Access Health CT. As of late 2013, these efforts had reduced operating costs by more than $4 billion, the state reported. Connecticut also created a $50 million Enterprise IT Investment Fund that provides money for shared services projects that align with state business objectives. Twenty-four projects had received funding at the time of the 2014 survey. A committee of seven agency commissioners governs the fund.
Washington created a new open data portal. The benefits include better transparency for citizens and improvements in how the state reports on the performance of state projects. For instance, recovery of salmon populations is a policy priority for the state. A 150-page salmon recovery report is released every two years, typically costing $50,000 to produce, not including staff time. Using information from the state open data portal, the report now updates automatically. In addition, more than a dozen projects are under way to support a 2013 procurement reform law intended to promote competition, centralize oversight, encourage small business participation and increase accountability. Last year, Washington's Department of Revenue upgraded its e-filing system to give users the option to file amended tax returns electronically. The department also launched several initiatives to improve tax collection using location technology. A new mobile app uses the GPS function in smartphones and other mobile devices to look up tax rates. This allows the app to find the tax rate and code for the exact spot where a delivery person is standing. In addition, the department uses GIS to automate and validate the collection of property data from utility companies, which is used to assess property taxes.
Indiana public safety agencies underwent a digitization effort, making
70

more than one million records searchable online, including gun permits, criminal history records and fingerprint cards. The effort eliminated 20,000 square feet of physical footprint, freeing up that space for other agencies. Other manual systems have been streamlined electronically as well, including tax warrant processing and the vehicle citation system.
The state has made strides in public safety information-sharing. The Judicial Technology and Automation committee has made state courts interoperable with one another and the executive branch. A new electronic system also grants access to better data on mental health concerns that could influence firearm permitting decisions, data that is also shared with the FBI to ensure that permits are denied when an individual crosses state lines. A new Indiana Protection Order Registry coordinates communication between law enforcement agencies and victims, while a web-based eGrant system, preconfigured for many federal public safety grants, serves as a single source for grant-related information.
Kentucky was able to successfully implement a Health Benefit Exchange, a task with which other state struggled. The multi-agency collaboration involved a phased rollout of its eligibility and enrollment, and plan maintenance and billing systems, in accordance with Affordable Care Act (ACA) deadlines. Analysts credit the state's head start -- they began work after the law was passed in 2010 rather than waiting for the Supreme Court decision in 2012 -- and no-frills usability as key reasons for Kentucky's success. Kentucky also built an integrated case management portal on top of its exchange and incorporated fraud detection capabilities. The state now boasts the highest number of insured citizens per capita in the U.S., according to state officials.
Kentucky also developed the statewide KARES portal, a background check program that integrates with FBI data to make sure employees of longterm care facilities aren't concealing crimes committed out of state.
The Virginia Department of Motor Vehicles is now helping the state guard against fraud and abuse with a new customer service system that compares information supplied by social service applicants with their DMV record. The state reports that the Commonwealth Authentication System gets 4,000 logins per day. The DMV's MySelect app replaces a legacy Unix-based application with a modern interface for customers. Service improvements include 162 new transaction options, automated service alerts and integration with the DMV queueing system. Transitioning from the old servers saves nearly $1 million annually. The upgrade also allows real-time verification of birth certificate data, permitting the agency to issue birth certificates at all locations as well as fulfill certain testing needs of other state agencies.
Virginia's Department of Transportation is implementing a cloud-based traffic management system, which helps track highway safety patrol vehicles and personnel, while continuing to upgrade its 511 system with more coordinated communications. An extranet now improves collaboration with external transportation partners, like contractors, business partners and local governments.
Strategic Planning
71

Georgia has a strategic planning process where IT investments are aligned with the state's strategic goals.

The goal of IT strategic planning in Georgia is to identify opportunities and needs, and to provide a path for change in the way agencies provide services to citizens. The state does this by facilitating a better understanding of the role of IT in supporting change, and assuring that decision makers at all levels have the information necessary to make strategic decisions.
Knowledge of agency business is critical to understanding how IT investments link to business results, such as productivity gains, reduced costs, job performance and citizen services. IT strategic planning is essential for responsible and efficient government in Georgia, and it is even more important to sustain the gains achieved through previous investments.

Strategic Planning for Georgia

How strategic planning works in Georgia.

In Georgia, agencies are guided by the policy imperatives formally captured in the Governor's Strategic Plan for Georgia. The Governor's plan describes specific goals to help make Georgia a better educated, healthier, safer, more mobile, and growing state with a responsible and efficient government. The Governor's goals outlined in the Governor's strategic plan can be found beginning on page 15 of this report.

GTA recognizes that agency business objectives drive IT needs. While GTA is responsible for providing policies, standards and guidelines that address the needs of individual agencies, it is also charged with overseeing the state's entire executive branch IT enterprise to ensure the maximum benefit possible accrues to the state as a whole. We strive to understand the business needs of agencies so that our guidance helps leverage state IT resources effectively.

The Georgia Enterprise Information Technology Strategic Plan 2020

Georgia develops a plan to guide the state's business and technology leaders through the year 2020.

The Georgia Enterprise IT Strategic Plan 2020, published in May of 2014, is intended to assist state government's technology and business leaders in making informed technology decisions for their agencies. It establishes focus areas and goals for the state's IT enterprise over the next six years.
The plan does not replace the business-oriented plans of individual state agencies. As a secondary planning document, it assists agencies in aligning their use of technology with the direction established for the state's IT enterprise. Technologies highlighted in the plan can be used by all state agencies regardless of their mission or complexity.
As mentioned previously in the report, Governor Nathan Deal has established policy goals to guide state agencies in their business planning. In addition, the General Assembly provided for the Georgia Technology Authority to publish the Georgia Enterprise IT Strategic Plan 2020 to guide state agencies in selecting technology to support their business operations (O.C.G.A. 50-254.13). To ensure agency involvement in the plan's development, GTA established the IT Strategy Cycle. The cycle includes environmental scanning, active planning, agency review and review by industry experts.

The Georgia IT Strategy Cycle
The IT Strategy Cycle is a framework for ensuring that Georgia agencies use available technology in the most effective and efficient way possible to achieve the Governor's vision for Georgia. A key to success of the IT

72

1. Agency Technology Scanning (Q1)

Strategy Cycle is a collaborative environment where agencies recognize shared objectives and work together to achieve greater benefits for the enterprise. GTA serves as facilitator in identifying common needs, as technology guide in identifying winning strategies that have been proven in other organizations, and as advocate for agency solutions that show promise for the enterprise.
The Strategy Cycle has five key components: Agency technology scanning, an annual Strategy Summit, the Georgia Enterprise IT Strategic Plan 2020, innovation review and an annual Technology Summit. Each component is linked to the others, and they are executed in series with significant overlap. The key components of the Georgia IT Strategy Cycle are outlined below. All have been created or substantially revised over the last three years. GTA plans for these activities to evolve over time to best meet agency business needs.

2. Fall Strategy Summit (Q2)

3. Georgia IT 2020 Plan
Published (Q3)

4. Innovation Review (Q3)

5. Spring Technology Summit (Q4)

Key components of the Georgia IT Strategy Cycle
This process works because it brings together agencies with similar problems, identifies proven technologies appropriate for those problems, and facilitates agency collaboration in planning for financially sustainable solutions. Three driving factors are critical to having an executable IT Strategy Cycle that provides value to agencies and improves Georgia's ability to select appropriate technology across the enterprise:
Clear understanding of agency business objectives Knowledge of how technology is successfully used to achieve similar
objectives in other organizations Ability of agencies and Georgia as an enterprise to use existing and
emerging technology to achieve specific objectives
1. Agency Technology Scanning Agency technology scanning is environmental scanning that gathers information about how technology is helping businesses achieve their objectives, identifes what is relevant for Georgia agencies, and shares what is appropriate. Gathering this information is a continuous process. Selected information is shared in periodic reports and presentations structured and timed to provide benefit to Georgia decision makers. When targeted to business need, the information shared through this process will help agencies make more effective use of proven technology to achieve their objectives.
GTA uses a variety of sources to monitor new business uses of technology that could be pertinent to Georgia agencies in achieving their strategic objectives. The sources are periodically evaluated for efficacy and updated as needed. Currently we receive valuable information about how technologies are enabling a range of government and private businesses from Gartner, a leading knowledge broker. We fully participate with the National Association of State Chief Information Officers (NASCIO) and gain useful insight into how other states are using technology. We review a large range of publications, including Government Technology, CIO Magazine, Public CIO and many others.
On even years Georgia participates in the Digital States Survey, which is
73

managed by e-Republic and the Center for Digital Government. This survey provides a wealth of information on other states' successes in using technology to achive business objectives.
In addition to the sources GTA maintains and provides to agencies, many agencies access other information sources that help them stay current on technology. This information is included in the environmental scan through facilitated sessions, meetings and other information exchanges.

2. Strategy Summit

GTA sponsors a Georgia Strategy Summit each fall. The summit provides agency decision makers with a current view of the state's business environment and brings agencies together to promote an understanding of their shared objectives.

The summit features a compelling keynote speaker or speakers who provide insight about the business issues facing agencies and how technology can be used to address business issues. Typical topics include demographics, changing technology, uses of emerging technology to solve real-world problems, financial forecasts, and specific uses of technology to solve problems faced by Georgia agencies.

The strategy summit also includes facilitated sessions that are attended by smaller groups of agency representatives and focused on common business issues. Topics for the facilitated sessions are based on agency strategic plans, recommendations from an advisory committee comprised of a wide range of agencies, and surveys and discussions with agency leaders who are invited to the summit. The facilitated sessions identify business needs that agencies share. We will soon begin to facilitate promising opportunities for innovation based on these facilitated sessions.

The FY2014 fall summit took place on November 4, 2013. The keynote address, entitled Economic Factors and Agency Technology Decisions, was delivered by Ken Heaghney, the state's fiscal economist. There were other presentations with breakout sessions. More information can be found on the fall summit at http://gta.georgia.gov/egap/georgia-2020-strategy-technologysummit.

74

3. Georgia Enterprise Information Technology Strategic Plan 2020 The Georgia Enterprise IT Strategic Plan 2020, published in May 2014, is a key deliverable of the Georgia IT Strategy Cycle. It relies on an understanding of agency needs, a view of successfully adopted technologies and an understanding of how agencies use technology. This six-year plan will be refreshed annually.
4. Innovation Review Beginning in May 2014, GTA formed a multi-agency Innovation Planning team that is currently developing a formal innovation process aimed at helping agencies work together to solve common problems. This will be complete by November 2014.
Once established, the Innovation Program will solicit, select and facilitate innovation projects to field new solutions to shared agency issues. Innovation projects will be staffed primarily by representatives of agencies that stand to gain from the innovation. Innovation decisions will be guided by a crossagency innovation committee, and all innovation funding will be under the scrutiny of GTA and OPB. The Innovation Program will use proven technology to help agencies work together to create new approaches to shared business opportunities.
The GTA-sponsored Strategy Summit that was held October 27, 2014, focused on identifying innovation opportunities supported by a wide range of agency business leaders. When it becomes aviailable, information about innovation opportunities from the 2014 Strategy Summit will be available on the GTA website at http://gta.georgia.gov/egap/strategy-summit-2014.
5. Technology Summit 2014 Digital Remodeling for Better Citizen Success In 2011, GTA began sponsoring an annual spring Technology Summit where industry-leading experts from a specific technology area are invited to present detailed information to Georgia agency business and technology leaders. The topics for the Technology Summit are based on the needs of Georgia agencies. GTA works closely with business and technology leaders to identify strategies from agency strategic plans that will benefit from novel applications of technology and can be shared by many agencies.
The most recent Technology Summit was held on May 5, 2014, and titled Digital Remodeling for Better Citizen Success. This was the third annual technology summit, and the focus was on enabling better online access to services by re-designing agency business processes to take advantage of technology.
The 2014 Technology Summit took place at the Georgia Tech Global Learning Center in Midtown Atlanta and had approximately 200 attendees. The summit's keynote address was Using the Learning Loop for Better Customer Service in Government by Jerry Mechling of Gartner, Inc. There were 15 other presentations on such topics as cloud computing, big data, the state's web portal, and innovation in state government. Complete information about the summit can be found at http://gta.georgia.gov/egap/technologysummit-2014.
75

Georgia's Strategic Planning Principles and Process

LEAN -Leaverage -Enable -Align -iNnovate

The development of the Georgia Enterprise IT Strategic Plan 2020 was guided by the LEAN Planning Principles and the IT Strategy Cycle. Taken together, they ensure the plan is up-to-date and in constant alignment with the state's business goals and the technology used to support those goals.

GTA's LEAN Planning for IT Strategies Leverage existing technology and solutions toward shared services to enable the greatest value for the investments in technology:
1. Utilize common state portal for citizen access. 2. Utilize enterprise data bus for data sharing.
Enable business processes with technology solutions, resources, skills and staffing to support business needs:
1. Match need and skills to job and pay. 2. Identify and mitigate risks to the business. 3. Enable business through technology.
Align business needs with technology solutions:
1. Coordinate business strategies and integrated technology solutions and services.
2. Create sourcing strategies to provide timely acquisition and provisioning of solutions.
Innovate emerging capabilities with long-term business needs:
1. Create responsive and flexible approaches to working with agencies and citizens in order to foster collaboration and facilitate new approaches to solving business problems.
2. Use industry best practices.

Policies, Standards and Guidelines

State develops new capability to organize policy, standards and guidelines (PSG).

GTA has a legislative responsibility to provide information technology policies and standards for state agencies. As our sources for policies and standards, GTA generally uses industry and federal government best practices, such as the Federal Information Security and Management Act (FISMA) for security, the Information Technology Infrastructure Library (ITIL) for technology infrastructure and the Project Management Book of Knowledge (PMBOK) for project management. In some cases, materials are used as guidelines, with attribution, where more detailed explanations may facilitate agency understanding.

Agency IT departments are expected to be knowledgeable and compliant with all state policies and standards as a means for providing good stewardship of their IT assets. Guidelines are provided when greater detail in guidance may

76

be warranted. Agency compliance is not required for guidelines. GTA's statutory authority to establish policies and standards can be found in the Official Code of Georgia Annotated:
The authority to establish technology policies and standards is in O.C.G.A. 50-25-4(a)(10) and is explained in GTA policy "Information Technology Policies, Standards and Guidelines" PM-04-001.
The authority to establish security policies and standards is in O.C.G.A. 50-25-4(a)(21) and is explained in GTA policy "Enterprise Information Security Charter" PS-08-005.
During FY 2014 a new capability to organize the state's policies, standards and guidelines was developed. Using the Drupal technology that supports the state's websites the PSGs are now organized and searchable based on the various frameworks mentioned above. The PSG website can be found at http://gta.georgia.gov/psg/ .
Collaboration

State agencies continue to collaborate on IT.

The private sector continues to offer an increasing number of innovative, online services to its customers. These services benefit customers by providing greater convenience and speed of service delivery, and it's less expensive for businesses when customers take advantage of these self-service options. Citizens increasingly expect this same level of customer service from state government. Meanwhile, the historic pressures on agency budgets are leading to greater pressures on technology to support more cost-effective ways of doing business. Unfortunately, barriers in the state's IT enterprise must be overcome before these expectations can be met.
One of the first barriers an out-of-date, insecure and unreliable IT infrastructure is being addressed by the Georgia Enterprise Technology Services program.
Consolidation is leading to "IT as a utility" in state government. Freeing agency IT staffs from "keeping the lights on" is enabling them to focus on greater integration and data sharing among state agencies a second barrier to innovative service delivery.
Examples already exist, but far more remains to be done. Getting agency heads and agency IT staffs to work together as strategic partners is a third barrier to innovative service delivery.
GTA launched an initiative in 2010 to improve the integration of agency business planning with agency technology planning. Two councils were formed one for agency chief information officers and another for agency business leaders. GTA worked with the councils to identify gaps in how technology and business work together within their respective agencies. Business and technology leaders are following a set of activities to improve their collaboration while GTA is monitoring their progress and providing assistance as needed.
Our goal is to make sure business and technology leaders are at the table together when making decisions about strategic directions for service delivery. This level of integration and collaboration will go a long way toward providing Georgians with the fast, reliable and convenient services they expect and deserve while constraining the cost of delivering those services.

77

Broadband

GTA's broadband program is supporting a number of important initiatives.

GTA received a $5.2 million grant from the U. S. Department of Commerce in 2009 to fund broadband infrastructure analysis, regional planning, and capacity development projects statewide through 2014. The grant enables GTA to collect detailed broadband deployment information by private- and public-sector entities throughout Georgia every six months and to assist private and public entities with broadband-related technology planning and utilization. Information on the program is available at http://digital.georgia.gov/map/.

GTA's broadband program has used the funding and technology resources to support Georgia initiatives by:

Providing funding and technical support for the development of regional digital economic strategies in partnership with Georgia's 12 regional commissions and the Department of Community Affairs to increase technology-based economic development

Providing funding and technical resources for the Department of Community Health (DCH) to develop the requirements and a business case to support deployment of telemedicine to all 159 counties in Georgia

Providing funding for the development of broadband management tools for 12 regional commissions through a partnership with Georgia Tech and Georgia K-12 districts

Identifying healthcare entities without access to broadband for remediation as DCH moves services online

Providing advisory services to the Department of Public Safety and the Georgia Emergency Management Agency as the state begins to plan for FirstNet, the upcoming national public safety broadband network

In addition, GTA has worked with broadband service providers, residents and small businesses throughout the state to identify and address coverage gaps. GTA is currently analyzing the FCC's Universal Service Reform program and meeting with industry representatives to understand what the state can do to help the primarily private telecommunications industry thrive throughout rural Georgia and deliver services that provide Georgia with a competitive economic development advantage.

Broadband service availability continues to increase primarily through investment in wireless expansion, with the largest change consisting of wireless 4G rollouts. Georgia's unserved population for broadband service availability has decreased more than 50% since 2011.

Going forward, GTA's broadband program plan will focus funds and resources to:

1. Integrate projects and outcomes with priorities, goals and strategies of the state
2. Develop information and capabilities to use project outcomes for economic development
3. Collaborate with, leverage and enhance existing public- and privatesector investments in programs for increasing broadband supply and

78

demand 4. Identify and promote Georgia's innovative use of broadband services
and applications
Spectrum Management

Public safety radio spectrum is a critical asset of the state.

Spectrum management involves planning, coordinating and managing the joint use of the public safety radio frequency spectrum through operational, engineering and administrative procedures. The objective of spectrum management is to enable mission-critical radio communication systems to perform their functions in the intended environment without causing or suffering unacceptable interference.
Value to the State

The 9/11 and Hurricane Katrina commission reports unanimously agreed that additional spectrum and better management of the public safety spectrum would go a long way in solving the interoperability issues faced during these or any future disasters. The recent passage of the "Middle Class Tax Relief and Job Creation Act of 2012" addresses some of the additional spectrum needs, but there continues to be a need for more spectrum and for state-level management of new and existing spectrum to ensure maximum efficiency and utilization, and to avoid any interference issues.
Georgia's Spectrum Management Office

GTA oversees, manages and processes over 12,000 Federal Communications Commission (FCC) licenses, applications and queries annually. GTA's spectrum management group focuses on supporting the radio frequency needs of both state and local public safety agencies, ensuring compliance with state plans and federal regulations, and processing and validating FCC license applications prior to their submittal to the FCC. GTA is an active member of and works closely with the Association of Public Safety Officers (APCO) and the Region 10 (Georgia), 700 and 800MHz Regional Planning Committees (RPC) to ensure adherence to their plans and requirements.

The following is a list of state and local agencies that utilize GTA's spectrum management services.

Department of Agriculture Department of Corrections Department of Human Services Department of Juvenile Justice Department of Natural Resources Department of Public Safety Department of Transportation Georgia Bureau of Investigation Georgia Forestry Commission County and city public safety agencies throughout Georgia Public safety agencies at university and technical schools
Federal Regulations

FCC licenses authorize public safety agencies to operate their mission-critical radio communication systems on designated public safety frequencies. These radio communication systems are used by 911 and emergency dispatch centers to dispatch public safety, fire and emergency medical personnel to life-

79

threatening incidents or assist public safety officers in car chases that involve multiple jurisdictions. Without a FCC license, public safety agencies cannot operate their mission-critical systems and face heavy fines and/or penalties if they operate them without a license. The great danger occurs when an unlicensed public safety agency tries to operate a radio communication system that interferes with an adjacent or co-channel public safety user, which could make the adjacent or co-channel system completely inoperable.
2014 Activities
The following projects and actives were completed during FY 2014:
Led and assisted state and local public safety agencies in meeting federal narrowband and re-banding requirements; the mandates impacted all public safety agencies in Georgia
Processed over 9,000 FCC applications and inquiries from both state and local public safety agencies throughout Georgia
Consulted with over 100 state and local public safety entities in the planning and licensing of new or expanded radio systems
Approved over $3.5 million in fixed and mobile public safety equipment purchases
Projects still in progress include:
Redesigning, implementation and relicensing of the Georgia Forestry Commission's statewide radio repeater system
Reconfiguring and redesigning of Corrections' radio systems to compensate for coverage loses incurred as a result of the federal narrowband mandate
Coordinating and working with adjacent states (Florida, Alabama, South Carolina, Tennessee and North Carolina) to identify public safety interoperable frequencies that can be used by the adjacent states during an emergency or disaster
Revamping and redesigning of the public safety frequency plans for the Board of Regents and the Technical College System of Georgia
Redesigning of the statewide frequency plan for the departments of Public Safety and Natural Resources
Designing and licensing of the new Georgia Law Enforcement Mobile Network (GLEMN)
Geographical Information Systems
Geographical Information Systems (GIS) operations across the state are currently decentralized with limited enterprise oversight and/or assistance. In 2015, GTA plans to support agency GIS program leaders through the creation of enterprise data management policies, standards and guidelines as needed to encourage cross-program data and resource sharing.
Here is an example of state agency GIS programs:
Georgia Department of Transportation (GDOT)
GDOT is a large user of GIS. The agency supports 360 internal desktop users and over 65,000 annual unique visitors accessing GIS applications. Internally, GIS is used to collect, process and distribute geographic data to other
80

agencies, business partners, local governments and researchers. Additionally, GDOT staff use GIS for mapping and data analysis for project planning, environmental reviews, emergency management, construction materials, traffic operations, safety analysis and asset management.
GDOT uses GIS to provide information on the state's transportation system through the online application GeoTRAQS (http://www.dot.ga.gov/informationcenter/maps/geotraqs/Pages/default.asp x ). This award-winning application enables visitors to search for construction projects, permits, crashes and bridge information in their community. Records link to documents, photos and plans associated with GDOT activity. GeoTRAQS improves agency transparency and customer service with everyone accessing the same information. Implementing the application eliminated duplication and reproduction costs (about $400,000 per year) previously expended in providing information to the public and project contractors. On average the site receives 4,000 unique visits per month.
GeoTRAQS is linked to a GIS data clearinghouse portal. The GDOT Geoportal (http://geoportal.dot.ga.gov/geoportal) allows users and the public to clip (select an area of interest), zip (create an archive), and ship data directly from the portal to themselves via email in multiple CAD, GIS, PDF, and image formats. This allows `on-demand' data access for customers without the direct involvement of GDOT employees, which saves the department, state, and constituents time and money through increased operational efficiency. This is a dynamic data portal whose catalog grows as GDOT's public data holdings grow. It also facilitates the publishing of metadata to state and national portals, such as Data.gov, for access by a larger audience, and it eliminates agency dependence on the legacy Georgia GIS Clearinghouse (https://data.georgiaspatial.org/login.asp).
GeoTRAQS provides extended Adobe GeoPDF capabilities with the free TerraGo Toolbar to navigate, markup and export geographic data (http://www.terragotech.com/products/field-data-collection/terrago-toolbar).
GDOT used Verizon Field Force Manager (FFM) to locate and track the GPS movements of maintenance staff in the field during the February 2014 snow and ice severe weather event (i.e. "Snow Jan 2"). GDOT worked with Verizon to rapidly deploy the system to over 300 cell phones provided to maintenance workers responding to the event. During the event, at the GDOT Traffic Management Center, FFM displayed worker locations on a GIS map. The tracking enabled GDOT to move workers to key areas faster, validate roads treated, and enhance information awareness. Multiple screens were used to display news feeds, traffic camera feeds, and weather data. GDOT plans to use FFM services on-demand as events occur to rapidly track personnel or vehicle movements.
GDOT is currently participating on the committee charged with developing additional statewide GIS solutions to improve agency responses during severe weather or emergency events. The solutions are expected to support the roll-up of multiple agency data feeds to the GEMA State Operations Center (SOC) and GODAWGS application (https://godawgs.gema.ga.gov/GEMA2/Auth/Login.aspx).
Data Lifecycle Management
81

GTA will collaborate with agencies to implement a Data Lifecycle Management Framework.

Constituent data is the most valuable asset of a service-provisioning agency. Not only must the data be protected from unauthorized external access, it must be safeguarded and managed in a manner that ensures the data artifacts are used only for state business purposes.
According to Gartner, Data Lifecycle Management is the process of managing business information throughout its lifecycle, from requirements through retirement. The lifecycle for data crosses different application systems, databases and storage media. The cycle is made up of phases of activity including Create, Use, Share, Update, Archive, Store and Dispose. Management best practices indicate a need for each phase to be governed by a framework that provides for the most effective enterprise business decisions.

GTA intends to collaborate with agencies that provide services directly to constituents to implement a Data Lifecycle Management Framework that is appropriate for the state government enterprise.

As a first step in formalizing the DLM process, GTA issued a DLM policy, PM14-009. The purpose of this policy is to provide for baseline standardized practices for agency data management and to ensure best practices for agencies' electronic record keeping.

Data Sharing

Georgia is unique among states in having an enterprise process and technology for seamlessly exchanging data among agencies.

In 2002, GTA created a "web portal" environment for use by many state agencies. The environment includes an integration function that supports data feeds from one application to another, no matter which agency or platforms are hosting the applications. Using webMethods, this function was implemented with middleware to provide what is called the Enterprise Service Bus (ESB). The intention is gradually to replace direct application-toapplication connections with connections through the ESB, which allows "any to any" connectivity regardless of the age, format or complexity of the systems or applications involved. Gartner, one of the leading information technology research and advisory companies that provides technologyrelated insight, voted webMethods the best of breed. This award was in the data orchestration and business process management category and was for the time frame of 2012-2014.
Information technology benefits offered by ESB include:
Less agency development effort Information published in any format Decreased number of interfaces needed by each exchange partner Rapid response times to meet changes

Business benefits include:
Increased automation of manual business processes Shared business processes across the enterprise Faster access to data

82

Reduced staff costs
Organizational benefits include:
Reduced FTE resources Visibility into data being produced or consumed Compliance with government and industry regulations Single point of contact when multiple exchange partners are involved Easier access to new opportunities
Benefits to constituents include:
Faster processing of claims, requests, reports and status Faster retrieval and assembly of data sources from multiple agencies
to serve a single business function for a single agency Faster online experiences
GTA Data Sharing as a Service provides:
Operational infrastructure Standards Architectures Policies Operational processes Licensing Publish and subscribe access to data Technical consultation
GTA manages directly the integrity of the operational environment and connection points. More than 900,000 transactions are handled daily by ESB, involving more than 30 state, local, Federal government and third-party business partners, and spanning law enforcement, judicial, health and human services, educational and financial business towers.
The main benefits of the Data Sharing Service include:
Providing a non-complex means to connect agencies, which leads to increased data sharing opportunities and improved efficiency of data exchange between agencies
Decreasing statewide system complexity by offering a central integration infrastructure rather than many separate systems connected independently
Improving system security by layering standards-based tools according to prevailing security needs and requirements
Costs are contained by allowing the ESB middleware to absorb common development tasks and provide the tools and software needed to accomplish common agency business processes that are tied to data processing and data exchanges.
Below are three examples of ESB usage:
83

Enlisted to be the primary data transfer conduit between U.S. Centers for Medicaid/Medicare Services (CMS) and Georgia's entitlement systems. Work is now in progress to use ESB for the main conduit to connect Georgia systems to the U.S. Social Security Administration for data exchanges as well.
Used to update, in real-time, state systems that subscribe to the official declaration of a live birth occurring in Georgia by linking to the Georgia Department of Public Health's new Vital Events system. There were previously various stages of lag time to get the information disseminated.
Selected to be the primary data exchange vehicle and business process automation tool for Georgia's new Integrated Eligibility System (IES) administered by the Georgia Department of Community Health and the Georgia Department of Human Services.
84

Enterprise Portfolio Management

Reducing Risk
GTA's Enterprise Governance and Planning (EGAP) organization provides a staff of highly skilled and experienced professionals in various technology management areas. The primary objective of EGAP has been to promote industry-leading best practices in the form of policies, standards and guidelines and then to support compliance within the agencies. This is done in conjunction with pursuing the GTA objectives of improved maturity and practices in technology and portfolio management across the state enterprise. In this federated model, the challenge has been in collecting enough information and knowledge about the agencies' businesses in order to provide meaningful solutions and improvements. When there are opportunities for enterprise IT decisions, those decisions typically come from some combination of the Governor's Office, the State CIO, the Office of Planning Budget, the legislature and/or participating agencies.
In the absence of central IT decision-making, EGAP is changing its engagement model and "value proposition" with agencies. EGAP is utilizing its experienced personnel to engage with agencies to solve problems while building its knowledge of the environment. This knowledge base will provide a common foundation for joint decision-making and will drive more analytical decisions within the state. The following services are currently offered.

The state is building project management expertise.

Assessments (Project, Program, Application)
GTA reviews agency projects, programs or applications and assesses their ability to meet business needs.
Governance Support (Project, Program, Application)
GTA provides guidance for agencies in developing governance structures for projects, programs and applications.
Investment Management Support
GTA assists agencies through the Initiate and Planning phases of a project to help identify any potential problems before the project moves to the Build phase. We work with the agency business owners to understand their requirements, and identify and engage the appropriate GTA and/or infrastructure and network service provider resources to work with the agency throughout the procurement process.
Professional Development
GTA helps agencies build expertise in project management through the Professional Development Program. Courses are offered at no charge to state of Georgia employees through GTA's Enterprise Portfolio Management Office. Participants earn Professional Development Units (PDU) or Educational Contact Hours to satisfy PMP certification requirements on all courses taken. Course descriptions and schedules can be found on the GTA web site at www.gta.georgia.gov.
Project Assurance
GTA conducts an impartial assessment of a project to identify activities that

85

are critical to the successful delivery of the project. Most project assurance is provided through the Information Technology Project Assurance (ITPAS) contract. In FY 2014, a pilot for agency self-assurance was launched. The self-assurance program is designed for projects that are under $5 million and for agencies that have demonstrated mature project management practices. In addition, an agency's assurance resource must have successfully completed the Georgia Project Management Certification Program.

Project Management Support

We assist agencies with the creation of project and program management offices. We guide agencies in managing projects or programs using tools, methodologies and other resources, and in establishing and managing their project portfolios.

Project Assurance provides independent verification.

Information Technology Project Assurance Services (ITPAS)
Project assurance provides guidance and counsel on the planning, execution and delivery of large, complex technology initiatives. With the introduction of the Enterprise Performance Lifecycle (EPLC) model and the need to broaden project assurance services, GTA established the Information Technology Project Assurance Services (ITPAS) contract with eight pre-qualified contractors to provide Independent Verification and Validation (IV&V) for technology projects costing more than $1 million.

In addition to IV&V, the ITPAS contract provides other services such as Planning, Business Process Re-engineering and Management, and Business Continuity/Disaster Recovery. The contract helps agencies to more quickly meet needs that may require a Request For Proposal, which may take months to complete. Using the ITPAS contract can significantly reduce the time to procure a qualified contractor to deliver these services. During FY 2014, $4.2 million in services were procured through the ITPAS contract, including $2 million in IV&V services.

Portfolio management software tracks projects throughout their lifecycle and applies best practices.

Georgia Enterprise Management Suite (GEMS)
GTA implemented a new Enterprise Project Portfolio Management (EPPM) tool in FY 2012. Called the Georgia Enterprise Management Suite (GEMS), it tracks projects throughout their lifecycle and applies best practices and industry standards to aid in decisions about moving forward at various stages of a project. GEMS uses dashboard dials to depict various indicators of a project's health, including schedule, budget, risk, issues, communication and quality. Data is gathered from questionnaires completed regularly by stakeholders, such as project team members, business owners and agency executives. The result is greater insight into the performance of projects, programs and portfolios within the state of Georgia. In FY 2014, all projects reporting to the Critical Project Review Panel were using GEMS for their monthly reporting.

EPPM is the practice of taking a more integrated and top-down approach to managing all project work across an enterprise. It involves a combination of tools, business practices and processes that enable organizations to manage projects as a strategic portfolio, thereby ensuring the alignment of programs and projects with organizational objectives.

The state continues to improve the compilation and

State Annual Report Register (STARR)

86

disimination of information technology data

In FY 2013, GTA implemented a new tool to collect information from the agencies for the State Annual Information Technology Report. The new application, called State Annual Report Register (STARR), is web-based and uses questionnaires to collect IT-related data such as application inventory, business continuity, IT expenditures and security compliance. The STARR application aggregates questionnaire responses for each agency and provides more reporting information to the agency than in the past. The information can also be aggregated by policy group, selected agencies or at the state enterprise level. STARR promotes consistency in the reporting of agency information.

Project Management Development Program

GTA's Project Management Development Program allows the state to increase the competency of state project managers while holding down costs and reducing risks on state IT projects.

The Project Management Professional Development Program, sponsored by the Georgia Technology Authority, continues to be enthusiastically accepted by state agencies and their personnel participating in program activities.
The program tracks two levels of project management competency: project management performance and personal attributes. When participants enter the program, they complete a self-assessment in these two competency categories. These assessments are used to capture a baseline for the participant to gauge improvement over time in the competency categories and are only seen by the participant and the program director.
The program uses the Project Management Competency Framework developed by the Project Management Institute (PMI) as the basis of its assessment. The scores of the current participants are combined to determine the overall assessment averages for each category.

The first graduating class of the project management certification program received their certifications this year. The program bestowed 15 individuals with either the Georgia Certified Project Manager certificate or the Associate Project Manager certificate. The PMP Exam Preparation course has produced six new Project Management Professional (PMP) credential holders for the state of Georgia that did not exist last year.

Participation levels in the certification programs and the professional development courses remain high, and interest continues to rise. Participation increased from 66 individuals across 19 agencies to 90 individuals across 28 agencies, while participation in the professional development courses increased from 322 individuals across 17 agencies to 544 individuals across 28 agencies. The large response is primarily attributable to word-of-mouth by individuals telling their colleagues about the courses. Agency participation from business and management-level staff continues to be high. These participants demonstrate a desire to understand project and portfolio management in a way that will enhance their ability to execute and deliver on their agencies' strategic goals through project management.

GTA continues to deliver a robust set of courses to develop the skills of the state's project managers.

Professional Development Courses
The purpose of the Project Management Professional Development Program is to enhance and increase the competencies of project managers within Georgia state government. This is being accomplished by concentrating on development initiatives that are based on industry best practices, standards and processes. The program supports 15 courses designed to build the

87

project manager and personal attribute competencies described in the Competency Framework. Participants are tested in each course on their understanding and knowledge of course objectives.
This year marked the first year that all of the course offerings have been available. Managing Project Requirements led the way with the largest number of participants followed closely by Leadership for Project Managers and PM Foundations. The following graph shows the number of participants by course.

Future Directions

Fiscal 2014

The future looks bright for the program. The exciting part for the near-term is converting many of our existing classroom courses into e-learning modules that can be taken at any time by our customers. This will be made possible with the implementation of the learning management system that is coming this year. With this enhancement to the program, we will be able to reach more people, more efficiently, and provide easy access to courses for our customers. Through the use of technology, the program will take a giant step forward in reaching more customers across state government.

88

Georgia's Information Security Program
Georgia's information security (hereafter shortened to security) program has made great strides during the last year, as many state agencies have stepped up their efforts in this area. While GTA is empowered to establish executive branch security standards, progress is only truly made by agencies implementing those standards, and some agencies made improvements beyond the basic security requirements.
Security is a very misunderstood topic. There is no such thing as an absolutely secure computing system. No matter how many resources are used and various security technologies deployed, some people will still attempt to devise attacks and some may be successful. The threat level is ever changing and stretches beyond the student hacker for the thrill of it to nation state sponsored cyber threats. What this means is that modern security practices are really information risk management practices. These practices much be broad reaching and entities can no long treat all information the same. More sensitive data must be scured with multiple layers of protection. This has created a complex issues for state agencies as there are often competing priorities for the same resources.
Our focus is made clearer with the federal government's new Cybersecurity Framework. Presidential Order 13636 directed the National Institute of Standards and Technologies (NIST) to develop a voluntary Cybersecurity Framework for the nation's critical infrastructure. This framework describes five core security functions:
Identify includes identification of assets, risks, etc. Protect deploy defenses or controls Detect identify security events Respond take action based on what is detected. Recover return to normal operations after an event
If perfect security was easily achieved, the last three functions would be unnecessary as no events would be detected, no response would be required, and the organization would always be in normal operations.
Another misunderstood issue when it comes to security is that most people think compliance means secure. While compliance with various security laws and regulations is a significant part of any security practice, it is simply a foundational step. There are always areas of concern that are not covered by the existing documents, which is why frameworks are so important.
A good framework, such as NIST's Cybersecurity Framework and its Risk Management Framework (RMF) that was created under the Federal Information Security Management Act (FISMA), should include higher level processes of security risk identification and risk governance. These functions support an organization's ability to identify new types of threats and to respond appropriately.
As an example, in the newer version of the FISMA RMF, NIST introduced 16 controls for security program management. These range from having a system security plan, to appropriate resources, to a threat identification program. At its core, it also requires a risk management strategy that is implemented consistently across the organization.
89

Georgia's Risk Management Strategy
Georgia's state government is a complex organization with many agencies. Each supports a function deemed necessary by our state leaders, and many use very sensitive information in the performance of their duties. Georgia's security program has to be flexible to support all the various needs of the agencies, and it needs to focus on appropriate security measures as the sensitivity of the information varies.
Georgia's information security program is based on a federal model created in 1995 and is federated in nature. GTA functions as the central security office for the state and establishes the state's security policies and standards in consultation with the agencies. Each agency has the responsibility to implement and comply with the policies and standards.
One requirement is that each agency must have its own security program that is headed by a Senior Agency Information Security Officer (SAISO or Agency ISO). That ISO is the agency's primary contact for exchanging security information with outside entities such as the State Chief Information Security Officer (CISO) and federal oversight organizations. They are responsible for ensuring that the program fulfills the security needs of the agency and has the appropriate components.
The goal of having a central program with individual agency programs is to support the consistent implementation of security across our state. This is despite the fact that the agencies have such varied missions and functions. To help with that consistency yet allow for flexibility to adapt to missions, functions and the various types of information used by the state, GTA has adopted the FISMA RMF for use on all state information systems.
The FISMA RMF is designed with a system-level focus. Many agencies have many different IT systems, such as an informational website for the public, transactional websites that require personal information from users and confidential websites used by only authorized state workers. As each system may have different security requirements, applying FISMA at the system level allows for the required flexibility.
FISMA requires that each system be assigned an impact categorization based on the worst potential impact of a security incident. The controls for lowimpact systems are less rigorous while those for a high-impact system are very rigorous. The impact categorization of a system is assigned by the system's business owner in consultation with the Agency ISO and becomes a key driving factor in all future security decisions.
NIST publishes a set of required controls for all three impact categorizations: high, medium and low. These are hierarchal in that the moderate-impact set includes all of the low-impact set, and the high-impact set contains all of the moderate-impact set. This is important as it allows for better sharing of controls across multiple systems, and it creates standard terminology and operating metrics.
A final benefit of selecting the FISMA RMF is that many other federal security laws and regulations are now using or have a mapping to the same controls. Some of these have become commonly known, such as the Health Insurance Portability and Accountability Act (HIPAA) or the Family Education Rights and Privacy Act (FERPA). There are other less commonly known laws and regulations, such as the Social Security Administration's Data Security
90

Standard and IRS Publication 1075. Each state agency is responsible for knowing which of these various standards apply to each of its systems and for following their requirements.
Georgia agencies reported operating over 330 major IT systems during FY 2014, with about half being categorized as moderate impact. An easy way to think of what would be categorized as moderate impact is that most systems where a breach could lead to identify fraud are in this category. There were also nearly 50 high-impact systems, meaning a security event could lead to bodily harm or catastrophic financial damage. These two groups of systems are the focus area of the state's security program.
Here are some of the security program's highlights for FY 2014:
State agencies continued to show improvement in their security programs' effectiveness at preventing security events.
Agencies also prepared to manage security events as they occur and the aftereffects of such events.
GTA's service providers conducted security assessments of the Georgia Enterprise Technology Services (GETS) Hosting Environment (GETSHE), which documented the progress made under this program.
Several state systems operated within the GETS program successfully completed audits conducted by or on behalf of federal oversight agencies.
The cybersecurity component of the state's Fusion Center has developed strong working relationships with its federal, state and local partners. This function targets the development of cyber threat intelligence and support for law enforcement.
The state's cybersecurity threat detection capability and emergency preparedness have been greatly enhanced through a new partnership between the Georgia National Guard and GTA.
Security Program Effectiveness

When evaluating the effectiveness of Georgia's security program, it is important to remember that for many agencies, participation is voluntary. GTA's security policies and standards are not mandatory for the judicial or legislative branches of our government, nor do they apply to the University System of Georgia or to agencies headed by statewide elected officials other than the Governor. As such, any participation by these organizations and the information they report regarding security is all voluntary.

GTA has been tracking since 2006 one

Fiscal

Notifications

lagging indicator of the effectiveness of its

Year

security program. Whenever it is reasonably 2006

900,000

believed that confidential information was exposed to unauthorized persons either by mistake or by some form of attack, the state notifies those impacted constituents.

2007 2008 2009 2010

2,900,000 81,742 151,085 99,339

It is also important to note the underlying causes for the security incidents. For example, most of the notifications in 2006 were as a result of two major attacks where

2011 2012 2013 2014

1,133 78 151 4,596

the information stolen was the actual target. This caused the state to

reconsider its approach to security and how it protects against hackers.

91

In 2014, the vast majority of notifications occurred because of human error or the physical theft of an IT asset. These issues have led to increased security awareness training, further deployment of encryption technologies, and layers of protection within our network, as these measures have shown elsewhere to protect against a recurrence.
Another major step taken to reduce the state's IT risk was the launching of the GETS program. This program consolidated the IT infrastructure operations of several high-risk agencies and retained two world-class IT organizations to take over operational responsibilities on a day-to-day basis.
The GETS program's two initial goals were to provide stable and reliable IT operations and reduce operational risks. The GETS program uses two layers of security systems to protect the state's primary data center from the Internet. These layers are operated by our service provider's Information Security organization. Both service providers are considered at the top of their field in the security area.

Georgia's Security Program Workshops

GTA conducts workshops to help agency categorize their system's security levels and develop agency security plans.

The 2014 workshops focused on proper categorization of the system and creating a system plan. The number of systems being operated dropped from 233 in FY 2013 to 208 FY 2014. The number of security plans went from 82 in FY 2013 to 124 in FY 2014. The percentage of major systems with authorized security plans went from 35% in FY 2013 to 60% in FY 2014. Below are graphs representing the numbers described above.

As the workshops have continued, and GTA is continuing to assist with the development of security plans, the numbers across the board are expected to continue to rise during FY 2015.
92

Incident Preparedness
Incident preparedness begins with planning and training, which were areas of major focus in FY 2014. The first step is to ensure state workers are made aware of their responsibilities for security so as to start a culture change through education and awareness. The more people become aware of security and the role they have, the more they look for issues while conducting the state's business and the more secure our information will become.
Each agency is required by state security standards to provide education and awareness training to every member of its work force on an annual basis. Some agencies also have a federal requirement to meet as well. In the security survey of the agencies, each was asked for the percentage of its workers who completed the training during the fiscal year. The best score was the category of achieving 80 to 100 percent. Twenty-five of the 49 reporting agencies hit that mark, including 10 of the 14 GETS infrastructure customers. Four more agencies reported between 60 percent and 80 percent.
For those agencies below 80 percent, a common reason was that a large percentage of their staff does not have access to any sensitive information or they participate in a security awareness program at the federal level that has a biennial requirement instead of the state's annual requirement. Another issue was finding quality training material. GTA is offering to help agencies with this issue by managing a group purchase of online training that is very inexpensive.
Another key component of preparedness is advanced planning. It is best to plan for how to handle the various types of security events before they occur rather than to approach them in an ad hoc manner. During some events, unforeseen issues may arise that call for immediate decisions to be made, but that is best to avoid so that properly informed decisions are made. This includes establishing priorities. A common issue during the investigation of an ongoing security event is whether it is more important to break off an attack and protect the state's information (our priority) or to allow the attack to continue so more evidence may be collected about the attacker (a secondary priority). Making such decisions ahead of time often avoids mistakes while managing the response to an event.
In 2008, GTA worked with the Attorney General's Office (AG) and the Georgia Bureau of Investigation (GBI) to develop criteria for when to involve their respective organizations in a security incident. To be clear, a security incident may be as simple as a virus infection or a failed login attempt to dealing with a criminal organization or foreign government attempting to steal state information or disrupt state operations. The vast majority of these incidents do not and should not require involvement from these organizations, but it is important that proper escalation does occur when required.
GTA created a template for agencies to use in creating an incident response plan, and it calls for proper escalation to GTA, the AG and the GBI, when appropriate. These plans allow agencies to properly plan for and execute during and immediately after an attack. This planning is critical because during an attack, time is of the essence and prior planning avoids unnecessary delays. The template is based on the FISMA document for incident response planning, NIST Special Publication 800-61r2, Computer Security Incident Handling Guide.
93

In FY 2014, GTA held workshops with the agencies to focus on security planning, and one topic was the creation of agency incident response plans. A second set of workshops was held that targeted the agencies that obtain their IT services from the GETS program. Agencies were asked to use the template, but some agencies with federal oversight are required to use a federal template. The focus was to use whatever template is appropriate and to complete the plans in preparation for their use. All but two of the GETS infrastructure customer agencies reported that they completed the planning process by the end of the fiscal year, and those two were near completion.
In the meantime, GTA has been working with the Georgia National Guard to leverage its experience with cyber preparedness drills. The Guard regularly participates in the planning and execution of cyber preparedness drills with other Guard units across the country and other Defense Department organizations. They are working with GTA and other stakeholders to develop a cyber preparedness drill to be conducted later in FY 2015. This is especially critical when multiple vendors are used to supply IT services, as the coordination of who is responsible for what and clear lines of communications become even more important.
GETS-HE Security
The GETS program has been a huge undertaking, and the consolidation of IT operations is nearing completion. As much as possible, key state IT systems have been moved into what is called the GETS Hosting Environment (or GETS-HE). These systems will share many security controls, and so it is important to assess the effectiveness of those controls. For that reason, the GETS program has an ongoing internal assessment program.
During FY 2014, the GETS program had two security assessment reports produced by an independent third-party assessment company, CompliancePoint. The first assessment report used the SOC 2 methodology established by the American Institute of Certified Public Accountants (the AICPA) and the AICPA's criteria for security. The second report augmented the SOC 2 criteria with the moderate-impact control set from NIST Special Publication 800-53 (the FISMA controls document). This is the control set required by most federal agencies for state-operated systems.
The SOC 2 report identified some issues for resolution, all of which have been or are being addressed through risk reduction projects (sometimes called plans of action and milestones or POA&M). Most of the issues that are the responsibility of the GETS program itself are related to documentation and training, and can be easily corrected. Some require the agency partners to correct documentation deficiencies, and those will take longer to correct. GTA used the previously mentioned security workshops to address the agencyrelated findings.
The second report (the FISMA report) focused on Georgia's stated intent to transition to the FISMA RMF. Before that stated intent, Georgia's agencies were free to choose whatever security framework they wanted, and often a single agency was attempting to follow several different frameworks. This caused confusion and created an inability to share security controls and information in a meaningful way. FISMA was chosen as the state's standard because so many of the state's major systems are required to follow it by
94

federal law.
The actual implementation of FISMA has taken a backseat to the GETS program's other risk and cost reduction activities. The FISMA assessment report established a baseline and priorities for the implementation project. The underlying cause for most of the findings was the lack of the FISMArequired security documentation.
GTA and its service providers have begun work on the required FISMA control documentation, and it is nearly ready for a follow-up assessment. However, further work in this area will probably be postponed due to changes being made in the GETS program and the underlying companies who provide the services. This does not mean that security is being delayed as will be explained next.
Federal Oversight and Audits
When a state agency uses federally regulated information, such as federal tax information or HIPAA-protected personal health information (PHI), it must follow those laws and regulations. Often they call for the agency to have these systems assessed against the appropriate security requirements. During FY 2014, several state agencies met these requirements with several federal agencies. Most of these state systems operate within the GETS-HE, and the standard controls for that environment were part of the assessment.
As with all such assessments, there were some minor findings. However, all state systems were allowed to operate while POA&M activities were conducted in parallel to remediate the findings. For a few systems that are not yet in the GETS-HE, the findings will be corrected when that transition is completed in the near future.
The point is that while the state's FISMA program is fairly young and agencies are still transitioning, several federal agencies have examined the GETS-HE security controls and approved them for use with their information. In doing so, these federal agencies tested the state's controls against those required by FISMA in Special Publication 800-53r4, Security and Privacy Controls for Federal Information Systems and Organizations. The impact level assessed against was moderate impact.
Beyond Compliance
As was stated earlier, compliance is part of the foundation for a strong security program, but there is more to security than compliance. Compliance with laws, regulations, policies and standards are all important, but most of these suffer from three fatal flaws:
The first is that they can become a series of check-the-box exercises. The culture can become focused on passing the assessment and not providing the appropriate security intended by the check boxes.
The second is that many of these requirements are old and do not keep up with the current needs and risks managed by the program.
95

The last issue is complacency.
To avoid the check-the-box culture, there needs to be an acceptance that finding issues in an assessment or audit is a good thing. It allows the organization to analyze the finding and possible solutions. Sometimes the solutions to the audit finding are worse than the finding. At other times, scarce resources are diverted to solving a minor issue rather than focusing on the larger picture.
A good example of the check-the-box issue was recently reported by Government Information Security, an online website. The IRS recently received two audit reports from its Inspector General's Office on successive days. In one they passed and in the other they failed on the same control. The explanation is that in the report where they passed, the audit checkbox was checked because a particular control existed. In the second report, the auditor noted that while the control existed, it wasn't being executed properly. Correcting the execution of the control is probably easy, but if the second report had not been provided, management would not have known about the control's failure to execute.
The second issue is much larger, and it is due to the ever changing types of threats that occur and the new ways that computers are being deployed and used. One example is the explosion of the use of mobile technology on the job. Often this technology allows state workers to be more efficient and effective in their work, and they are comfortable with the technology because they use it in their personal lives. However, the standards for using this technology in a government setting are just now emerging.
State agencies have tried to increase their effectiveness by enabling their workers with mobile technology, but sensitive information often cannot be on or accessed by these mobile devices as the compliance frameworks do not allow it. This is when the security governance function of an agency must assess the risks and make decisions. During that process, security compliance is often considered a risk itself as the governance team is not sure how auditors will handle the issues of mobile devices.
GTA can assist agencies with these issues, but it is often in the same position as the agency. If a federal law or regulation applies to the system, no one but that federal agency can be authoritative on this issue.
The last issue listed is complacency. Strong security programs are built around people, the deployment of appropriate technology and mature processes. Of these three, people are by and large the most important component. When people believe security is 100 percent achieved, as often happens, they only focus on compliance, and they fail to adapt to the new vulnerabilities and threats that occur every day.
There is a tendency in security to think that deploying the newest technology or purchasing the right software will solve all of an organization's security woes. It is important to remember that the real key is the right people selecting and operating the right technology within a strong architecture for security. It is the role of the people to select the technologies, deploy them, operate them and evaluate them. It is the role of the people to question the effectiveness of the controls and develop ways to measure their effectiveness. Compliance-driven complacency can cause these people to let their guard down.
96

The National Infrastructure Protection Program
GTA is charged with leading the state's security program, and sometimes that means working beyond the state's IT footprint and instead considering the state as a whole and as part of the nation.
The National Infrastructure Protection Plan (NIPP) recognizes that much of our nation's critical infrastructure and key resources (CIKR) are owned by the private sector, and it is critical that the public and private sectors cooperate for their protection. The NIPP calls for the CIOs and CISOs of states to establish relationships with the operators of their state's CIKR for the better protection of those assets.
In Georgia, the organizations in the lead for CIKR protection and counter terrorism are the State Office of Homeland Security/GEMA and the GBI. They jointly operate the state's Fusion Center, which is more appropriately called the Georgia Information Sharing and Analysis Center (GISAC). The staff of the GISAC is comprised of staff members from various parts of federal, state and local government agencies who come together to create a central clearinghouse for information pertaining to potential terrorism and criminal activity. While most of the staff is provided by the GBI and GEMA, other agencies also participate. For a list of participants, please see the GISAC pages at the GBI and GEMA websites.
Georgia's GISAC was one of the first in the nation to add a cyber analyst to the full-time staff. This analyst aids investigations with cyber expertise and also examines various information feeds, including some classified feeds, for clues regarding future cyber-based threats. Often the investigation crosses back and forth between the real and cyber worlds as the Internet is used for communications by bad actors.
GTA has expanded beyond this to create a stronger cyber threat detection capability. It has retained two more analysts and has them working with the information feeds from state and federal partners to obtain threat information, alerts, advisories and bulletins. By combining information and analysis, this team strives to identify threats against the state and our nation before they occur and to notify the appropriate parties. They also develop suggested counter measures that they share.
The threat prediction and detection capabilities of the threat intelligence group are still developing, but they have already paid dividends to the state through timely alerts to head off cyber-attacks, situation awareness reports and production of actionable information products to assist the state in being better prepared to defend against attacks. Many of these products are shared with state, federal and private-sector cyber partners through the state's Fusion Center as a means to better enhance the nation's security posture.
Georgia's Information Technology Security Future
Security programs must strive for continuous improvement or they become
97

stale and fail. This is because a good security program creates a culture of thinking about security no matter what a worker is doing. This focus on security needs to be continuously emphasized, or it falls away and security breaks down.
In FY 2015, important security activities will take place, some of which were noted above:
1. The state will update its IT security strategy and begin the process of of continued improvement by taking the required actions to meet the new/improved strategies of the plan.
2. The cyber component of the GISAC is examining methods to better predict, analyze and communicate about cyber threats.
3. The Georgia National Guard will coordinate with GTA on a state cyber security preparedness drill.
4. Agency security workshops will continue in an attempt to address the assessment findings.
5. Workshops will be expanded to include training for information system business owners and agency authorizing officials.
6. While maintaining its focus on IT infrastructure security, the state will also spend more resources to properly secure its applications, both existing and new.
7. The state's security policies and standards are under revision to better support state use of cloud services, including infrastructure, platform, and application as a service offerings.
8. Security activities will focus on the highest potential impact risks in order to best protect our citizens, our state and our nation.
In referring back to the five security functions of the cybersecurity framework, it is important to better detect cyber events and prepare for response and recovery. By working with our federal and state partners, GTA plans to continue to improve in these areas. In the meantime, it is important that we continue to improve our preparation for cyber-attacks.
One key item that needs more effort is to have each agency decide the appropriate level of risk it is willing to assume. The state workers who lead in this governance process are the system business owners and the agency's authorizing official, neither of whom is normally in the IT department. GTA's workshops will be expanded to educate these workers about their role in security and how to carry it out.
GTA's existing policies and standards call for security requirements to be treated as business requirements in all future systems. This is important, but much of the state's application portfolio was created without consideration for appropriate security. In FY 2015, GTA will emphasize application security and explore ways to better protect our entire application portfolio.
Georgia's agencies are always seeking to be more efficient and effective in their use of IT in support of agency functions. Two areas where this is changing the state's approach are cloud-based services and prioritization of security efforts.
Cloud services have been around for a while, and many state agencies have expressed a need to better leverage these offerings. Cloud services often offer better performance at less cost than traditional self-hosted systems, but this modern-day form of outsourcing is not without its issues. Many cloud vendors do not support the state's security needs, and they often use security standards and frameworks other than FISMA. GTA is proposing new security policies and standards to support the use of cloud services in a
98

responsible, efficient and effective manner.
A final focus area for information security is risk prioritization. Agency leadership is often bombarded with all kinds of funding requests to address a multitude of issues. The security programs will work in FY 2015 to create system-level risk registers with assigned priorities so management may better make its risk reduction and acceptance decisions.

Business Continuity

Georgia has critical business functions that must continue to operate, even during an emergency.

So What is Business Continuity Management?
Business Continuity Management (BCM) is a framework for identifying an agency's risk of exposure to internal and external threats.
BCM's goal is to provide the agency with the ability to effectively respond to threats such as natural disasters, data breaches and cyber attacks, and to protect the business interests of the agency. BCM includes business recovery, disaster recovery, crisis management, incident management, emergency management and contingency/resiliency planning.

"Expect the best, plan for the worst, and prepare to be surprised."

Disruptions such as tornadoes, ice and snow storms and other natural disasters, violence in the workplace, pandemic, terrorist acts, cyber attacks and many other threats to "business as usual" are becoming more commonplace. If not anticipated prudently, these disruptions can and will be much more costly than necessary. Planning for the continuity and recovery of agency business operations is critically necessary and requires the involvement of all staff at all levels.

There is a general misunderstanding in state government today about the difference between Business Continuity and Disaster Recovery. We have a tendency to lump both of these disciplines into the same bucket. Doing so leads to the assumption that Disaster Recovery planning satisfies the need for Business Continuity planning; however, this not the case.

Business Continuity focuses on the business side: people, processes, property, vital records, public perception, etc.

Disaster Recovery focuses on the IT piece: networks, systems and business applications.

The key to successful adoption and execution in these two areas are executive sponsorship and buy-in. These two executive practices should permeate throughout the entire agency from the top down. Otherwise, employees fail to see the value in providing information and working in these two areas once called upon. If the top-down approach is not used, often the employee mindset becomes, "This is another initiative that management doesn't support; it will eventually go away and be forgotten."

The critical and essential functions of an agency are at the core of why it exists. It's great to be able to stand up systems and applications, but if those systems and applications aren't aligned with the critical and essential

99

functions and processes they support, standing up those systems and applications accomplishes very little. A paradigm shift in state government needs to occur where the business drives IT and both business and IT are at the table together planning the agency's future.
It's human nature to believe that a natural or man-made disaster will never occur: "Oh that won't ever happen here or to us." This mindset often undermines the clear-headed work needed to create the necessary Business Continuity and Disaster Recovery plans. Here are a few challenges that keep agencies from completing the necessary planning:
1. Lack of executive sponsorship and buy-in 2. Lack of funding 3. Lack of full-time dedicated planning resources at the agency 4. Lack of understanding about the two disciplines of disaster recovery
and business continuity
We have made progress over the years, but we must continue to put forth the effort within the agencies to get better. As a state, we have a way to go and must decrease our exposure to risk.

Georgia Privacy Program

GTA working to establish an Enterprise Privacy Program.

As in every other state in the nation, there exists in Georgia's government the ongoing and continuing possibility of abuse of personal information that is collected to conduct government business. Most of the current efforts in Georgia and other states have to do with the protection of personal health information, but there are also many other privacy concerns outside of healthcare.
As used in IT, privacy is a "concern for the proper handling of personal information and for respecting the dignity of the individual to whom the information refers. The core issue with privacy is not how to protect the secrecy of personal information; it is to ensure that those to whom the information is disclosed handle it properly." ("Privacy", Glazer and Blakely, The Burton Group, 2009)
Inadequate privacy protection is costly to organizations and individuals. Gartner reports that U.S. healthcare fraud, much of which is attributable to abuse of personal health information, is a continuing and costly problem that affects every patient and taxpayer. Although the exact amounts of fraud are unknown, various reports indicate that the annual cost of U.S. healthcare fraud ranges from $100 billion to $234 billion. (Gartner analysts Christina Lucero and Robert H. Booz)
GTA has initiated planning of an Enterprise Privacy Program to assist agency leadership in improving the processes involved in collecting, using and maintaining constituents' identifying information. The specific goals of our program are to:
Highlight privacy management to prevent fraud and abuse in state programs based on client personal information
Encourage state agencies to implement privacy programs consistent with industry best practices and the specific laws and regulations governing their
100

services 101

IT Financial Management
Overview

The state is using consumption management tools to better track IT costs.

Traditionally it has been difficult to proactively track IT costs throughout the state. There was not enough visibility into those costs. The state did not have in place financial systems and processes that captured detailed IT costs on a timely basis. Costs were only measured at a high level and on an annual basis after the fact. Many costs went unidentified, rolled into summary-level General Ledger accounting codes.
Over the last six years, GTA, through the Georgia Enterprise Technology Services (GETS) program, has continued to lead and transform how the state receives IT services. GTA pioneered new reporting mechanisms to provide transparency into agency customer IT usage and associated cost information that was previously not available to state government entities. The GETS program introduced a more consolidated and transparent view of IT service consumption, asset inventory and agency spend detail. Agency customers have a usage-based (consumption) cost structure for IT services and pay only for the services they consume. This new model incorporates many of the state's IT policies and standards. For example, security and disaster recovery services are embedded in the resource unit cost. The costing mechanisms allow for economies of scale and leverage private-industry standards for chargeback of IT services. These new consumption-based capabilities allow the state to better track over one billion dollars in IT expenditures annually.

Transparency of IT Spend
The state's ability to track IT costs continues to mature through the GETS program's consumption-based model. The state now has online invoice access with drill-down capabilities that provide customers with cost and usage detail that was previously not available. This capability enables customers to review and validate line item charges with ease, which assists state agencies with their fiduciary responsibility of being good stewards of taxpayer dollars. Agencies continue to request even greater levels of detail, and focus groups continue to work with the state's service providers in accessing even greater levels of consumption detail.
GTA has created a sustainable service delivery model for the future use of IT, and the enhanced reporting allows GTA to track actual consumption and costs for all services against original business case assumptions to measure the financial benefits of privatization. GTA can see usage and spend detail for each type of contracted service, such as End User Computing, Storage, Mainframe and Voice Services. As more state entities purchase IT services, GTA will be able to provide more enterprise and statewide IT financial data than ever before. This type of analysis was previously not possible. There is increased awareness and collaboration among IT and financial leadership within state agencies. There is now the ability to influence IT spend by keeping a constant watch on consumption.

102

Financial Benefits and Value

The state begins to see value in a consumption-based cost model.

Improving IT financial management resulted in a consolidated enterprise view of IT, allowing the identification of duplicative spending across agencies. The benefits of these improvements include more effective IT spending and, ultimately, more efficient government for Georgia. These aren't the only benefits of improved financial management.
Agencies now have a clear view of their costs for IT infrastructure and network services and can make more informed decisions about how much IT service they actually consume. In addition, they have:
o A better understanding of the factors driving IT consumption o A greater ability to map expenses to budgets o More informed and effective decision making o Less duplication in IT spending o The ability to view IT resource consumption in a standardized,
enterprise approach
GTA can provide market-based delivery of managed network and infrastructure services.
The Office of Planning and Budget (OPB) also has increased visibility into IT services, allowing for the validation of expenses, greater oversight and a clearer understanding of agency IT usage.

Financial and Agency Challenges

Agencies still see challenges in the area of asset management and consumption of resources.

As the state continues the large-scale transformation of the state's IT service model the challenges are different as the state moves to a more mature service delivery model. This maturation creates the need to develop, implement and maintain a solid asset management process of significant importance as compared to a model that was more capital expenditure focused. As the transformation and consolidation project progresses towards completion, the need for strong communication and maintaining agency partnerships continues to be an ongoing priority. Greater agency involvement in decision making and a focus on communicating with key business leaders within agencies are important as GTA seeks ways to provide even greater transparency through information sharing.

A greater reliance on information technology is being driven by the need for agencies to find greater efficiencies. The increasing need for IT is resulting in greater consumption and increased spending, which is referred to as "organic growth". This organic growth is a focus area for GTA, and agencies are working to find ways to reduce their consumption.

The asset management process continues to improve but it is a focus area.
Changing the culture from a capital expenditure model to more of an service delivery model has been challenging.

103

Growing reliance on technology leads agencies to consume more IT services, which leads to higher overall spending on technology.
Consumption Management

The state is working to achieve greater understanding and reporting on the use of IT resources.

While the state has gained significant advantages from a service-oriented approach to financial management, opportunities exist for further improvement. GTA will pursue additional benefits as follows:
With more uniform use of enterprise-wide financial systems by all agencies, regardless of agencies' use of the GETS program or other IT providers, state decision-makers would have a better understanding of IT spending across state government.
Better reporting of all IT usage (in addition to the detailed information collected from agencies) will allow for better statewide decisionmaking.
Expanded agency compliance with requirements of the IT Governance Report is increasing the accuracy and dependability of this report.
Better processes for associating planned budgets and actual expenses are needed.
Better understanding of application spending across agencies will enable better decision-making at the state level. GTA is assisting state entities with "best practices" and "record retention" requirements. Industry standards as well as an expansion of services and solution offerings have been introduced to allow state agencies more options to better manage the use of IT in alignment with their business needs. As technology evolves, how to best consume IT is also evolving into a common set of principles to manage the costs of IT.

104

Procurement

State agencies need to acquire numerous technical assets and services. This section of the report addresses ways that agencies can procure technical products and services.
Information Technology Statewide Contracts

The State Purchasing Division of the Department of Administrative Services has numerous statewide contracts that are beneficial in meeting the technology needs of state and local agencies.

IT Statewide Contracts (SWCs) are established by the State Purchasing Division (SPD) of the Department of Administrative Services for the benefit of government entities throughout Georgia. By leveraging state purchasing power and marketplace competition, IT SWCs offer a variety of hardware, software and related services at excellent discounts and with improved warranties.
There are four major categories of SWCs: PC hardware and services, network equipment, software and audio visual products and services, and closed circuit TV. There are also other contracts that cover multifunction devices and printers, computer peripherals, servers and storage, and mail equipment.
The PC hardware and services contract is a convenience contract, meaning agencies can buy off the contract but may purchase these products from other sources. The four categories under the PC hardware and services contract are shown below:

Category A
Category B Category C Category D

Desktops, laptops, netbooks, tablet PCs Ruggedized computing devices Tablet devices Thin clients

A competitive bidding process has established the following vendors for this category:

Ace Computers Hewlett Packard Lenovo M&A Technologies

Dell Howard Panasonic Transource

105

A separate contract covers Apple products.
The network equipment convenience contract, which covers network equipment and IT infrastructure products, has five categories:

Category 1 Category 2
Category 3 Category 4 Category 5

Wired LAN/WAN products Network management and optimization Wireless networking products Security products Unified communications products (Including VoIP)

The contract has been established with 18 vendors:

Aerohive Networks Aruba Networks Brocade Communications Dell Marketing Extreme Networks Hewlett-Packard Juniper Polycom ShoreTel

Allied Telesis Avaya Cisco Systems Enterasys F5 Networks IBM Meru Networks Radware Wildpackets

If an agency needs software, there is a software contract with four categories. The software contract is a mandatory contract, which means agencies must buy software off of this contract.

Category 1 Category 2 Category 3 Category 4

End user software Enterprise software Microsoft reseller software Oracle (Including PeopleSoft) software and databases

These vendors provide for some, but not all, of the software contracts:

IBM Corporation

Category 2

Presidio Network Solutions

Categories 1, 2 and 4

SHI International

Categories 1, 2 and 3

CDWG Government

Categories 1, 2 and 3

PC Specialist, Inc. d/b/a Technology Integration Group (TIG)

Categories 1 and 2

Dell Marketing, LP

Categories 1, 2, 3 and 4

A mandatory contract for audio visual products and services includes closed

106

circuit television (CCTV) systems. The services available include installation, programming, and maintenance. The core brands for the audio visual contract are:

AMX BiAmp Creston LifeSize Polyvision Smart

Accordent BSS Sound Web Extron Polycom Promethian Tanberg

There are 17 turnkey suppliers for CCTV from which to choose, including:

Covergint Technologies Johnson Controls Technology Integration Group

GC&E Systems Group Presidio Networked Solutions

Other statewide contracts available:

A convenience contract for multifunction devices and printers includes equipment with copy/print/scan/fax capabilities. The printer SWC provides desktop printers and small workgroup printers.
A convenience contract for computer peripherals covers accessories and auxiliary electronic devices such as hard drives, monitors and speakers.
A mandatory server and storage contract provides server and storage equipment and related software to support configurations. Services include installation/de-installation, warranty upgrades, support, maintenance and training.
A mandatory mail equipment contract provides mailing machines, openers/inserters/bursters/sealers software, scales and postage meters.

107

108

Appendix
109

110

Appendix A Participation by Agencies
Exhibit 1 Agencies Reporting IT Expenditures
111

Appendix A - Exhibit 1 Agencies Reporting IT Expenditures

Agency Name

Reported 2012

Reported 2013

Reported 2014

1 Administrative Office of Georgia Courts

N/A

N/A

2 Brain & Spinal Injury Trust Fund Authority







3 Composite State Board of Medical Examiners

N/A

N/A

4 Criminal Justice Coordinating Council







5 Department of Administrative Services







6 Department of Banking and Finance







7 Department of Behavioral Health and Developmental Disabilities
8 Department of Community Affairs













9 Department of Community Health







10 Department of Corrections







11 Department of Defense







12 Department of Driver Services







13 Department of Early Care and Learning







14 Department of Economic Development







15 Department of Human Services







16 Department of Juvenile Justice







17 Department of Natural Resources







18 Department of Public Health







19 Department of Public Safety







20 Department of Revenue







21 Department of Transportation







22 Department of Veterans Services

N/A

N/A

23 Employees' Retirement System







24 Georgia Agricultural Exposition Authority

N/A

N/A

25 Georgia Agrirama Development Authority

N/A

N/A

26 Georgia Board for Physician Workforce

N/A

N/A

27 Georgia Building Authority







28 Georgia Bureau of Investigation







29 Georgia Commission on Equal Opportunity

N/A

N/A

30 Georgia Commission on the Holocaust

N/A

N/A

31 Georgia Council for the Arts



32 Georgia Development Authority

N/A

N/A

33 Georgia Drugs and Narcotics Agency



N/A

N/A

34 Georgia Emergency Management Agency







35 Georgia Environmental Facilities Authority

N/A

N/A

36 Georgia Firefighter Standards and Training Council







112

Agency Name
37 Georgia Forestry Commission 38 Georgia Housing and Finance Authority 39 Georgia Ports Authority 40 Georgia Professional Standards Commission 41 Georgia Public Safety Training Center 42 Georgia Public Broadcasting 43 Georgia Public Telecommunications
Commission 44 Georgia Real Estate Commission & Appraisers
Board 45 Georgia Regional Transportation Authority 46 Georgia Seed Development Commission 47 Georgia State Financing and Investment
Commission 48 Georgia Student Finance Commission 49 Georgia Technology Authority 50 Georgia Vocational Rehabilitation Agency 51 Georgia World Congress Center Authority 52 Governor's Office of the Child Advocate 53 Governor's Office for Children and Families 54 Governor's Office of Consumer Protection 55 Governor's Office of Student Achievement 56 Lake Lanier Islands Development Authority 57 Nonpublic Postsecondary Education
Commission 58 Office of Highway Safety 59 Office of Inspector General 60 Office of Planning and Budget 61 Office of State Administrative Hearings 62 Office of State Treasurer 63 OneGeorgia Authority 64 State Accounting Office 65 State Board of Pardons and Paroles 66 State Board of Workers' Compensation 67 State Housing Trust Fund for the Homeless
Commission 68 State Properties Commission 69 State Road and Tollway Authority 70 State Soil and Water Conservation Commission 71 Subsequent Injury Trust Fund 72 Teachers' Retirement System 73 Technical College System of Georgia

Reported 2012












Reported 2013
N/A
N/A
N/A
N/A
N/A
N/A N/A
N/A
N/A
N/A
N/A N/A

Reported 2014
N/A
N/A
N/A

N/A
N/A

N/A N/A N/A
N/A
N/A N/A


113

Agency Name

Reported 2012

Reported 2013

Reported 2014

Agencies NOT required to report Agency Name
1 Board of Regents of the University System of Georgia
2 Council of Juvenile Court Judges 3 Court of Appeals 4 Department of Agriculture 5 Department of Audits and Accounts 6 Department of Education 7 Department of Insurance 8 Department of Labor 9 Department of Law 10 Georgia Military College 11 Public Service Commission 12 Secretary of State 13 State Ethics Commission 14 Superior Court

Reported Reported Reported

2012

2013

2014































* Note: N/A means not applicable; agency attached to and reporting under another entity or no longer exis

114

Appendix B Spending by Agencies
Exhibit 1 Agency IT Expenditures
115

Appendix B - Exhibit 1 Agency IT Expenditures
Agency Name

* Agencies Required to report by Law

1 Brain & Spinal Injury Trust Fund Authority

2 Criminal Justice Coordinating Council

3 Department of Administrative Services

4 Department of Banking and Finance

5

Department of Behavioral Health and Developmental Disabilities

6 Department of Community Affairs

7 Department of Community Health

8 Department of Corrections

9 Department of Defense

10 Department of Driver Services

11 Department of Early Care and Learning

12 Department of Economic Development

13 Department of Human Services

14 Department of Juvenile Justice

15 Department of Natural Resources

16 Department of Public Health

17 Department of Public Safety

18 Department of Revenue

19 Department of Transportation

20 Employees' Retirement System

21 Georgia Building Authority

22 Georgia Bureau of Investigation

23 Georgia Emergency Management Agency

24

Georgia Firefighter Standards and Training Council

25 Georgia Forestry Commission

26 Georgia Ports Authority

27 Georgia Public Safety Training Center

28 Georgia Public Telecommunications Commission

29 Georgia Regional Transportation Authority

30

Georgia State Financing and Investment Commission

31 Georgia Student Finance Commission

32 Georgia Technology Authority

33 Georgia World Congress Center Authority

34 Governor's Office for Children and Families

35 Governor's Office of Consumer Protection

36 Office of Highway Safety 37 Office of Inspector General

116

IT Total Spend FY 2014
$15,087 $34,346 $9,861,452 $1,096,138
$27,816,257
$2,748,802 $135,600,168
$29,057,696 $1,139,822
$21,130,046 $3,076,347 $414,362
$97,699,686 $15,477,104 $13,124,197 $15,645,169
$8,113,988 $44,337,134 $29,684,457
$2,842,782 $1,577,919 $9,074,182 $1,698,322
$2,000
$803,666 $259,682 $973,440 $1,325,446 $523,375
$1,625,896
$3,699,211 $28,727,006
$1,552,281 $81,579 $95,085 $35,536 $10,416

Agency Name
38 Office of Planning and Budget 39 Office of State Administrative Hearings 40 Office of State Treasurer 41 State Accounting Office 42 State Board of Pardons and Paroles 43 State Board of Workers' Compensation 44 State Properties Commission 45 State Road and Tollway Authority 46 State Soil and Water Conservation Commission 47 Subsequent Injury Trust Fund 48 Teachers' Retirement System 49 Technical College System of Georgia
Agencies Voluntarily Reporting 50 Department of Agriculture 51 Department of Education 52 Department of Insurance 53 Department of Labor 54 Department of Law 55 Secretary of State
Total Spend

IT Total Spend FY 2014
$1,924,157 $484,904 $505,290
$20,674,843 $5,446,905 $2,589,588 $39,312 $933,365 $152,269 $94,677 $4,325,309
$28,233,264
$2,264,948 $8,149,707 $1,590,129 $20,385,599
$180,214 $7,191,214
$616,145,775

117

118

Appendix C STARR Application Categories
Exhibit 1 Application Categories Definitions
119

Appendix C - Exhibit 1 Application Categories Definitions

Application Categories Definitions

Function

Definition

Asset Management Business Intelligence
Case Management

Used by agency to keep track of state property that are physcial assets Used to mine and format data to be used as information by agency's leadership to make decisions. Information usually delivered in report or dashboard. Used to keep information on constituents where the agency is rendering a service to the constituent. Also covers what would be known in the private

sector as customer relationship management. Records contain detailed

Data Exchange

information on constituents and the constituents interaction with the agency. Used to exchange or verify data held by another agency. Could be a data transfer or lookup. The partner agency can be at the local, state, or federal

Data Management

Used to manage the agency data. Most of these systems are single applications

managing data for a single application. Simple lookup/search and reporting

Data Repository

A repository can be a place where multiple databases or files are located for

distribution over a network, or a repository can be a location that is directly

accessible to the user without having to travel across a network.

Data Warehouse

Used to manage all of the agency's data or the data of a major program of the

agency. Data may be fed from multiple applications and aggregated at the ware

house. Business intelligenence tool used to mine the data

Development Tools

Used by agency to manage software development to produce solutions for

agency's business

Document Management

Used to process and archive documents at the agency. Can be a workflow tool

for the agency. Also include Digital Imaging which is moving a paper system to

a digital image/file.

Enterprise Resource Planning (ERP) All encompassing system that runs all major programs for an agency.

Facilities Management

Used to manage facilities that are used by the agencies or used to manage

facilites that are part of the agency's mission.

Financial Management

Used to track financial information for the agency

Grant Management

Used to manage grants either given by the agency or grants accepted by the

agency.

Learning Management

Used to provide and track training for employees or constituents

Mobile Application

Application software designed to run on smartphones, tablet computers and

other mobile devices.

Other

Any Software that is not defined by the above categories

Procurement/Contract Management Used to manage agency's procurements. May also be extended to manage

contracts resulting from procurements.

Productivity Tools

System put in place to enhance the productivity, opeartional or project

management within the agency

Regulatory Oversight System

Used to fulfill a regulatory function of the agency such as Licensing \ Permitting

\ Citations \ Registrations. Information held is not as detailed as a case

management system. Information is used to issue some type of regulatory

document.

Reservation System

Used to manage events. Allows agency to have attendees sign in a register for

an event.

Risk Management

Any type of system that would mitigate risk to the agency or state. This type of

system can span from a system to assist with managing insurance to a security

system

Time Accounting

Used to track employees time. Could be a sub category of human resources.

Trouble Tracking

System used to track troubles/problems/incidents that agency is tasked with

solving. Little customer information is retained. System specifically use to

solve problems

Web Services

Systems that provides services throught the Internet. This includes websites,

customer portals, and authenticaiton systems for these portals. This includes

both informational and transactions based websites.

Workforce Management

Used to help manage the human resources of the agency. Could also be called

workforce management

120

121

122