One Government. Transformation Initiatives. Transformation Management Office (TMO) Presentation to IM Aware December 7, 2017.

Transcription

1 One Government Transformation Initiatives Transformation Management Office (TMO) Presentation to IM Aware December 7, 2017 December

2 Agenda Transformation Management Office Services and Support Our Current State One Government Vision Transformation Initiatives Questions and feedback 2

3 TMO Services and Support Change Management Communications Project Management Process Review & Renewal 3

4 One Government Results Based Budgeting Recommendations (2013) Information Management and Technology 5-year strategic plan (2016) Office of the Auditor General recommendations (ongoing) Current economic landscape IMAGIS Our current state 4

5 One Government DRAFT Vision Embracing innovation and excellence in corporate service to enable the Government of Alberta to best serve Albertans. 5

6 Our Future State Guiding Principles Consistency Outcomes Continual Innovation Optimizing Business Processes Integration Strategic Deployment of Resources APS is a leader Value-Added Services Effective Collaboration & Engagement Efficient Outcome-Focused 6

7 Transformation Initiatives Transformation Management Office (TMO) IMT transformation HR transformation CPE transformation Finance transformation ADM Lead (SA) ADM Lead (PSC) Lead (CPE) ADM Lead (TBF) Sector CIO Enterprise IT Environment ECM Learnings from integrated HR Comms., marketing, design consolidation Modernization Common approach and processes New ERP Implementation ADM Lead (SA) Common ways of working; modern/integrated technology; analytics and reporting 7

8 TMO.alberta.ca 8

9 Service Alberta Enterprise IM Update ECM Solution Planning Project December 2017 At our September session, we provided our first update on the ECM Solution Planning Project. The project s objectives are to: o o o Describe the current state of ECM implementation in the Government of Alberta; Identify current ECM trends and best practices; and Deliver a comprehensive business case with options for a potential government-wide ECM solution. To date, we have held nine current state and nine target state stakeholder engagement sessions. These sessions have yielded very valuable information and insight that will be used for the gap analysis stakeholder engagement sessions, to be held in January The current state report and the environmental scan of ECM trends and best practices are expected before the end of December. The gap analysis report is expected at the beginning of January and the business case is expected to be completed by the end of January. Schedule Reengineering Work continues on building out the centralized approach to the records retention and disposition schedule development process. A project charter for the next phase of the project is currently under development to test the methodology endorsed by the Schedule Reengineering Project Steering Committee. This phase of the project is a pilot to test the schedule approval submission report, develop procedures, and develop enterprise schedules for one of the IMT sectors. The Transitory Records Schedule will also be reviewed in this phase.

10 Records Management Regulation The IM Policy Instrument team continues to building out the Cabinet Report in collaboration with the department strategic policy services team. A meeting was held with our Minister, Stephanie McLean, a couple of weeks ago and she is very supportive of the revisions to the RMR. PCI-DSS Compliance for Legacy Card Holder Information The Payment Card Industry Data Security Standard (PCI-DSS) sets out requirements for securing credit card data that is stored, processed and/or transmitted by merchants and other organizations. The GoA s current environment for processing credit card information is PCI-DSS compliant. However, legacy cardholder data from past credit card processing practices across the GoA continues to exist. Treasury Board and Finance (TBF), the ministry responsible for merchant services and PCI Compliance within the GoA, has completed assessments of all participating merchants within impacted ministries to locate and identify all legacy cardholder data. TBF has identified the Alberta Records Centre as a potential PCI-DSS compliant storage facility for records that may contain legacy cardholder data until final disposition. We are currently working with their PCI Internal Security Assessor (TBF Information Security Officers) on a PCI Physical Records Compliance Assessment. We are targeting to meet the PCI-DSS criteria for a secure legacy cardholder data storage facility by end of June Standards Update As part of the annual review of enterprise IMT standards, an updated Core Content Metadata Standard was ratified last week. This standard describes the metadata elements applied to all electronic data and information resources within the GoA. Each metadata element has a corresponding obligation level, indicating whether it must, should or may be used. The standard identifies the mandatory elements of title, creator, date created, date modified, and now includes security classification (its obligation level was previously mandatory if applicable ). The standard defines security classification as an information security designation that identifies the minimum level of protection assigned to an information resource. The significance of this element is that:

11 o o o It enables resources to be appropriately identified, managed, and disclosed as per the GoA s Data and Information Security Classification Standard; It supports privacy protection, as well as the broad distribution of non-sensitive resources; and It helps prevent unauthorized access and disclosure.