1、2013 Information Resources Deployment ReviewInstructionsGuidance for Texas State Agencies andInstitutions of Higher EducationUpdated October 15, 2013Texas Department of Information ResourcesContentsWhats New.2Introduction 3General Instructions5Part 1 - Agency Environment.7Section 1.01 - Information
2、Resources Management 7Section 1.02 - Information Security 8Section 1.03 - Accessibility13Section 1.04 - Continuity of Operations15Section 1.05 - Electronic Records Management .15Section 1.06 - Contracting.16Section 1.07 - Hardware/Software Environment17Section 1.08 - E-Learning 21Section 1.09 - Geog
3、raphic Information Systems.22Section 1.10 - Legacy Applications23Section 1.11 - Project Delivery23Section 1.12 - Shared Applications .25Section 1.13 - Shared Networks25Section 1.14 - Social Media.27Part 2 Compliance with State Standards29Section 2.01 - Security 29Section 2.02 - State Websites .31Sec
4、tion 2.03 - Electronic and Information Resources Accessibility 33Section 2.04 - Geographic Information Systems.35Section 2.05 - Electronic Records Management .35Section 2.06 - Additional Standards37Section 2.07 - Optional Comments on Compliance 38Part 3 - Alignment with State Technology Priorities .
5、39Section 3.01 - Alignment with State Technology Priorities.39Section 3.02 - Progress Toward Continuing Priorities.40Part 4 - Major Databases Inventory 41Section 4.01 - Major Databases Inventory41Glossary.432013 IR DEPLOYMENT REVIEW INSTRUCTIONS 2Whats NewHigher Education ExemptionAs of September 1,
6、 2013 Senate Bill 5 (82R), Section 6.03, exempts institutions of higher education from the requirements of Government Code Section 2054.097, which means they are no longer required to:1. send the results of their IRDR to the Quality Assurance Team, or 2. develop IR Corrective Action Plans to address
7、 non-compliance with state IR requirements. Note that Government Code Section 2054.0965 still applies to institutions of higher education, which means they are still required to conduct a biennial internal review of their information resources based on instructions developed by DIR. Institutions wil
8、l continue to have the option to submit IRDR results through DIRs data collection tool; see General Instructions for details. For institutions that choose not to submit IRDR results, DIR recommends using this Instructions document, published in Microsoft Word format, as a template for internally rec
9、ording the results of their review.New Part Three: Alignment with State PrioritiesA small part has been added to the IRDR to identify current or planned agency activities that are aligned with, or related to, the states current top ten information technology priorities. DIR will use this information
10、 in aggregate to address statewide progress in the upcoming Biennial Performance Report.2013 IR DEPLOYMENT REVIEW INSTRUCTIONS 3IntroductionBackgroundThe Information Resources Manager (IRM) of each Texas state agency and institution of higher education (IHE) is required by law (Gov. Code, Sec. 2054.
11、0965,) to conduct an Information Resources Deployment Review (IRDR) every two years. Those agencies that are not IHEs are required to send the results of their review to the Quality Assurance Team (QAT) for review. The QAT comprises representatives from DIR, the Legislative Budget Board (LBB), and t
12、he State Auditors Office (SAO).DIR is responsible for developing instructions for the content of the IRDR. This document constitutes those instructions. DIR has developed a web-based IRDR collection tool to assist agencies in collecting and submitting their responses. DIR will compile and distribute
13、 the submissions to the other QAT members; therefore, the online submission to DIR constitutes a complete submission by the participating agency.PurposeThe IRDR provides a review of the operational aspects of each agencys information resources (IR) deployment in support of the agencys mission, goals
14、, and objectives. In addition it illustrates how the agencys IR deployment supports the states IR direction as described in the State Strategic Plan for Information Resources Management (SSP). Finally, the review provides confirmation by the agency of compliance with the states IR-related statutes,
15、rules, and standards.DIR will review responses in the compliance section of the IRDR to determine which agencies (excluding IHEs) are not in full compliance. Those agencies determined to be out of compliance are required to submit an IR Corrective Action Plan (IR-CAP) for approval by DIR. Agencies t
16、hat are required to submit an IR-CAP will be notified in the spring of 2014.StreamliningAs part of an ongoing effort to streamline statewide IR management and reporting, DIR has taken several steps to ensure that the IRDR reporting process is as simple and straightforward as possible while improving
17、 the quality of the data in support of statewide technology management planning and decision-making. Some of the steps taken to streamline the 2013 IRDR are: Remove questions that are no longer essential. DIR reviewed previous IRDR content and removed those questions that were of limited value to th
18、e state or agencies. Even though some new content was added in 2013, the total question count was reduced by 28 percent. Defer supplemental questions in Part 2: Compliance. These supplemental questions apply only to instances of agency non-compliance. They will be deferred to the agencys IR-CAP, if
19、required. Re-use questions from the 2011 IRDR, whenever possible. In some cases, wording of the questions has been slightly modified to improve clarity. Pre-populate questions with previous responses, whenever possible. The 2013 IRDR collection tool comes pre-populated with many of your agencys 2011
20、 responses. Agencies should review previous responses and update as appropriate.2013 IR DEPLOYMENT REVIEW INSTRUCTIONS 4OrganizationThe 2013 IRDR is organized in four parts: Part 1: Agency Environment provides general information about the agencys information resources environment. Part 2: Complianc
21、e with State Standards describes the status of the agencys compliance with key IR-related statutes, rules, and standards. Part 3: Alignment with State Technology Priorities lays out the states top ten technology priorities and asks agencies if they have current or planned activities related to these
22、 priorities. Some priorities may not be applicable to all agencies. Note that the priorities are taken from the upcoming State Strategic Plan for Information Resources Management, to be published November 1, 2013. Part 4: Major Databases Inventory provides a high-level description of the agencys mis
23、sion-critical databases and the business applications they support.New ContentThroughout the instructions, bold question numbers indicate items added since the 2011 IRDR.2013 IR DEPLOYMENT REVIEW INSTRUCTIONS 5General InstructionsDefinitionsThroughout this document, all references to agencies apply
24、to both state agencies and state-supported institutions of higher education (IHEs), unless otherwise indicated. Definitions of technical terms used in this document are provided in the glossary.Sensitive InformationThe questions included in this survey are intended to serve as both an internal revie
25、w of an agencys IT environment and an overview to state leadership of the states aggregate IT environment. The IRDR is not intended to collect information that is sensitive in nature or that could be helpful to discover vulnerabilities in the states networks or online systems. Agencies should take c
26、are not to include any sensitive information in their responses as previous IRDR submissions have been subject to public information request.Collection ToolFor Parts 1-3, DIR has enhanced the web-based collection tool for the IRDR. Each agency IRM will receive an e-mail from DIR with a unique link a
27、nd specific instructions to access the tool. The tool will work within any standard web browser.Where possible, the agencys 2011 IRDR response to a question will appear in the tool; these responses may be retained or modified as appropriate.Data can be entered in multiple sessions from multiple comp
28、uters, but not simultaneously. All data entered is saved in a central database and may be viewed and updated in future sessions during the reporting period.For Part 4, because the number of databases reported can differ greatly from one agency to another, a spreadsheet is used instead of the online
29、collection tool. DIR will provide agency-specific spreadsheet templates pre-populated with responses from 2011. The updated spreadsheet must be returned to DIR via email to irdrdir.texas.gov. DIR recommends that the agency IRM and any additional staff delegated to develop and enter IRDR responses ke
30、ep this instruction document open while performing their review. This document contains guidance, links, and definitions that do not appear in the collection tool or inventory spreadsheet.SubmissionThe IRDR is submitted by clicking the Submit button on the final page of the IRDR data collection tool
31、.No signature or hardcopy submission is required. Each IRM is responsible for coordinating the IRDR development and approval process within the agency using established agency practices.Unless otherwise indicated, a response is required to each question. In many cases, an appropriate response to a q
32、uestion may be “None” or “Not applicable.”By statute, the submission deadline for the IRDR is December 1, 2013. Because this falls on a Sunday, submissions will be accepted on Monday, December 2, 2013.Agencies should take care not to include any sensitive information in their responses as previous I
33、RDR submissions have been subject to public information request2013 IR DEPLOYMENT REVIEW INSTRUCTIONS 6Instructions for Particular AgenciesInstitutions of Higher Education. Although they are still required to conduct an internal review of IR deployments every two years, institutions of higher educat
34、ion are no longer required to send the results of their review to the QAT. If an institution chooses to submit their results, the IRM should email a request for login credentials to irdrdir.texas.gov. Otherwise, DIR suggests that the institution edit this instructions document to include their respo
35、nse data.Agencies Participating in the Legacy Systems Study (LSS). Most agencies that are not institutions of higher education are currently participating in the states Legacy Systems Study (LSS), which requires extensive reporting of their information systems including databases and applications. I
36、n anticipation of receiving their LSS data by the May 31, 2014 LSS reporting deadline, DIR will not require these agencies to submit Part 4 of the 2013 IRDR.Health and Human Services Agencies. In addition to state-level review of the IRDRs, Government Code Section 531.0273(3) requires that IRDRs pre
37、pared by the Health and Human Services (HHS) agencies be reviewed and approved by the Health and Human Services Commission (HHSC). HHS agencies will receive additional instructions from HHSC concerning the timing of their submissions and the review process.SupportDIR staff is committed to providing
38、support to agencies during the IRDR reporting period. DIR staff will strive to answer all inquiries within two business days. IRMs are encouraged to submit inquiries whenever they do not understand a question or are uncertain how to respond to it. Please submit inquiries via e-mail to irdrdir.texas.
39、gov.Additional InformationThroughout the instructions there are guidance statements providing background information, definitions of terms, and links to related information on the Internet. These guidance statements appear in italics. An extensive glossary is also provided at the end of this instruc
40、tion document.Please visit DIRs IRDR Page periodically to check for any new announcements, updates, or frequently asked questions (FAQs). DIR may also post information and reminders about the IRDR on the tx-irm mailing list.2013 IR DEPLOYMENT REVIEW INSTRUCTIONS 7Part 1 - Agency EnvironmentSection 1
41、.01 - Information Resources Management1.01.01 What role does the Information Resources Manager play in development of the Agency Strategic Plan? Involved in development of agency strategies and how IT can best support those strategies Role limited to IT section of the plan No significant role1.01.02
42、 What role does the Information Resources Manager play in development of the Information Technology Detail and the Legislative Appropriations Request? No significant role Moderate role Strategic partner in the preparation of these documents1.01.03 Who has primary responsibility to ensure the privacy
43、 of personal information collected by the agency? General Counsel Human Resources Information Security Officer Executive Director Other: _1.01.04 Has the agency implemented remote working solutions to support alternative workplace arrangements? Implemented Planning to implement (skip 1.01.04a) Consi
44、dering (skip 1.01.04a) No (skip 1.01.04a)1.01.04a Briefly describe the agencys remote working solutions policy, including extent of use and an assessment of its effectiveness.1.01.05 Describe current technology collaborations with other agencies, institutions of higher education, or local government
45、s.1.01.06 Describe the agencys approach to technology asset management. Indicate if automated tools are used to discover, track, or manage asset usage and status information. Technology assets include hardware, software, licenses, and service contracts.1.01.07 How many high-value datasets has your a
46、gency identified? Government Code Sec. 2054.1265 defines high value data sets as: “information that can be used to increase state agency accountability and responsiveness, improve public knowledge of the agency and its operations, further the core mission of the agency, create economic opportunity,
47、or respond to need and demand as identified through public consultation. The term does not include information that is confidential or protected from disclosure under state or federal law.“2013 IR DEPLOYMENT REVIEW INSTRUCTIONS 81.01.08 Does the agency record audio or video of board meetings? Yes, a
48、udio only Yes, video No, but plan to record board meetings in the future The agency does not have a board1.01.09 Does the agency stream audio or video of board meetings on the internet? Yes, audio only Yes, video No, but plan to stream board meetings in the future The agency does not have a board1.0
49、1.10 Does your agency use digital video media to communicate information to employees or constituents? No Yes - produced in-house Yes - produced by a contractor Other: _1.01.11 Does your agency provide veterans-related services or benefits? Yes No (skip 1.01.11a)1.01.11a Are your agencys veterans-related services or benefits referenced or described on the Texas Veterans Portal? Yes Some, but not all No1.01.12 OPTIONAL. Enter any additional comments related to Information Resources Management.Section 1.02 - Informatio
