Presentation is loading. Please wait.

Presentation is loading. Please wait.

Navy Medicine IM/IT Governance Gary F Stevens And Craig Palmer.

Similar presentations


Presentation on theme: "Navy Medicine IM/IT Governance Gary F Stevens And Craig Palmer."— Presentation transcript:

1 Navy Medicine IM/IT Governance Gary F Stevens And Craig Palmer

2 Learning Objectives Understanding the Governance Process –Incorporating Policy and Compliance –Information Assurance –Overview of Roles and Responsibilities at all levels 2“Uniting Technology and Healthcare”

3 Policy and Support 3“Uniting Technology and Healthcare” 3 Governance Department of Defense DoDI (Defense Acquisition) DoDI (Defense Acquisition Regulation System) DoD (Privacy Program) DoD (Portfolio Management) DoDI (Portfolio Management) DoD (DIACAP) DoD M (IA Implementation) DoD (Information Reporting) CJCS Instruction G CJCS Instruction E DODAF 6.0 DODD (Capability Portfolio Management) DoDI (Defense Acquisition) DoDI (Defense Acquisition Regulation System) DoD (Privacy Program) DoD (Portfolio Management) DoDI (Portfolio Management) DoD (DIACAP) DoD M (IA Implementation) DoD (Information Reporting) CJCS Instruction G CJCS Instruction E DODAF 6.0 DODD (Capability Portfolio Management) Department of Navy Office of the Secretary Department of Navy Office of the Secretary SECNAVINST A (IT Application) SECNAVINST (Incident Response and Reporting ) SECNAVINST E (Privacy Program) SECNAVINST A (IT Application) SECNAVINST (Incident Response and Reporting ) SECNAVINST E (Privacy Program) Military Health System Defense Business Transformation (DBT) Defense Health Program Systems Inventory Reporting Tool (DHP-SIRT) Defense Business Transformation (DBT) Defense Health Program Systems Inventory Reporting Tool (DHP-SIRT) Clinger-Cohen Act

4 Defense Acquisition Framework 4“Uniting Technology and Healthcare”

5 Governing Boards 5“Uniting Technology and Healthcare” 5 The IM/IT governance process is not a single pass-through for decision making… it is made up of several “policy compliance processes”, which gives Navy Medicine the ability to review, manage and oversee capabilities, systems, and projects Corporate Executive Board (CEB) Capability Management Working Group (CMWG) Management Control Board (MCB) Capability Review Boards

6 Board Members 6“Uniting Technology and Healthcare” M1 M3/5 M4 M6 M8 M00WII NME NMW NMSC NCA USMC U.S. Fleet Forces Command Pacific Fleet N931 NAVMISSA

7 IM/IT Governance Overview 7“Uniting Technology and Healthcare”

8 Initiate and Validate Request 8“Uniting Technology and Healthcare” A request can be initiated at any level within the Medical Enterprise The Governance Team will verify that all necessary approvals have been received as well as log the request for tracking and metrics

9 2-Pager 9“Uniting Technology and Healthcare” 9

10 First Check 10“Uniting Technology and Healthcare” Request currently exists in DADMS (DON Application and Database Management System): –Correct version is in DADMS Complete the Unique Identifying code (UIC) Association Questionnaire and send to NAVMED- NAVMED- –Need an updated version from what is in DADMS Complete the Version Upgrade Questionnaire and send to Request is not in DADMS: –Complete 2-pager and when complete with all necessary signatures send to All templates are available on SharePoint: –https://esportal.med.navy.mil/bumed/m6/governance/default.as pxhttps://esportal.med.navy.mil/bumed/m6/governance/default.as px –You will need to register to have access to this site

11 Initial Approval 11“Uniting Technology and Healthcare” Functional Manager must approve the request to move forward in the process If request is approved it will move to Step 5 where the M6/OCIO may request a Business Case Analysis (BCA) and/or Concept of Operations (CONOPS) Once all necessary documents are collected the M6/OCIO will assist in creating the CMWG Slides as well as prep the briefer on potential issues

12 Navy Medicine Functional Areas 12“Uniting Technology and Healthcare” 12 Functional OwnerDescriptionSub - Grouping M1Human Resources M3/5Access to CareBlood Business Clinical Dental Lab Occupational Health Optometry Pharmacy Population Health Radiology TBI/PH Veterinary Research M4Occupational Health Logistics M6IM/IT Services Infrastructure M8Financial Management N931Force Health Protection

13 Review and Decision 13“Uniting Technology and Healthcare” 13 The CMWG reviews and votes on if this request should be sent to NAVMISSA for further development In some instances the board may request additional information or recommended the decision be made at the MCB level The board can also vote to disapprove the request

14 Cost Estimate and IA Review 14“Uniting Technology and Healthcare” 14 At Step 7, NAVMISSA has the task to develop a cost estimate, establish what IA path will be taken, and what documentation will be needed To provide transparency to the enterprise the System Life-Cycle Documentation Checklist was created (see next slide) We anticipate that Step 7 will be a quick turnaround

15 System Life-cycle Document Checklist The SLDC will provide: –Well defined expectations, deliverables, timelines, and metrics –Properly capture Total Cost of Ownership and Return on Investment (ROI) –Ensure new capability request are enterprise focused Incorporates Department of Defense (DoD), DON, TRICARE Management Activity (TMA), and Bureau of Medicine and Surgery (BUMED) policy and compliance into one checklist to include: –Enterprise Architecture (EA) –Information Assurance (IA) –Defense Business Transformation (DBT) –Federal Information Security Management Act of 2002 (FISMA) –Acquisition 5000 –Joint Capabilities Integration and Development System (JCIDS) –DADMS New Adds 15“Uniting Technology and Healthcare”

16 Information Assurance Review Within Navy Medicine there are three different IA paths by which IT systems can obtain approval to operate on NAVMED networks 1.DIACAP 2.Platform IT (PIT) Designation/Approval 3.NAVMED Client Workstation Software IA Approval Once approved by the CMWG, NAVMISSA will determine which of the paths above is necessary Each of these paths has varying requirements that need to be fulfilled in order to successfully receive approval, with varying timelines to execute A way forward for Outsourced IT based processes is still being developed 16“Uniting Technology and Healthcare”

17 Information Assurance Checklist 17“Uniting Technology and Healthcare” The documents listed in the IA Checklist are used to gather information for review by the NAVMISSA IA Team. The IA Team evaluates this documentation to determine which IA path the system requires. Turnaround time for determining the path to IA depends on the accuracy and completeness of documentation. The IA Checklist includes: Mission Description Concept of Operations Summary Operating and Computing Environment User Description and Clearances Hardware List Software List System Architecture Diagram External Interfaces and Data Flow Life Cycle Management Plan Navy Medicine Program Manager Note: additional information may be needed

18 Capability Approval and Management 18“Uniting Technology and Healthcare” Once NAVMISSA has completed the cost estimate and workload Rough Order of Magnitude (ROM) that information is then briefed again to the CMWG and/or MCB for final decision on termination or execution of this request If the decision is to execute, the capability will be managed as a project, prioritized, and/or funded.

19 Life-cycle Management 19“Uniting Technology and Healthcare” 19 The following slides go into further detail on how we are dealing with Portfolio and Lifecycle Management

20 IM/IT Portfolio 20“Uniting Technology and Healthcare” The IM/IT Portfolio is more then a list of approved applications. Navy Medicine will be using the Portfolio as a management tool for: -Oversight and Compliance -Dependencies -Risk -Recurring Data Calls -Approved but Unfunded Capabilities -Lifecycle Management Base Operations Enterprise Service Costs Navy Systems TMA Systems Approved Capabilities Unknowns Funded TMA Funded Capabilities Unfunded Portfolio Components 20

21 BUMED – Governance Team Gary Stevens – M61 Director –(202) Paul Lindsey – M61, Deputy Director –(202) Rebecca Kirsh – MCB POC/Governance and Portfolio Support –(703) Michele Luberecki – Governance Lead/CMWG POC –(202) “Uniting Technology and Healthcare”

22 NAVMISSA – Governance Team Craig Palmer –(210) “Uniting Technology and Healthcare”

23 BUMED – Information Assurance 23“Uniting Technology and Healthcare” CDR Rich "Ski" Makarski, MSC, USN, MS ITM, MBA BUMED-M62, Dir IT Security & Privacy bldg 1, 2nd deck, room 1212 Navy Medicine CIO Office 2300 E Street NW, Washington, DC Navy Office: or Navy Cell (Blackberry): Naval Postgraduate School 2002 Alumni

24 Questions 24“Uniting Technology and Healthcare”

25 Back Up 25“Uniting Technology and Healthcare”

26 2011 Governance Schedule 26“Uniting Technology and Healthcare” CMWGMCBCMWGMCB January4 18*28**July5* 1928 February1 1524August March1 1524September6* 2029** April5 1928October May3 1726November1 1517** June7 2130**December6 20* 29**

27 Definitions Application – The term application is a shorter form of application program. An application program is a program designed to perform a specific function directly for the user or, in some cases, for another application program. Examples of applications include word processors, database programs, Web browsers, development tools, drawing, paint, image editing programs, and communication programs. Applications use the services of the computer's operating system and other supporting applications. Capability – The ability to achieve a desired effect under specified standards and conditions through a combination of means and ways across doctrine, organization, training, materiel, leadership and education, personnel, and facilities (DOTMLPF) to perform a set of tasks to execute a specified course of action. (per the DoDD ) Portfolio – The collection of capabilities, resources, and related investments that are required to accomplish a mission-related or administrative outcome. A portfolio includes outcome performance measures (mission, functional, or administrative measures) and an expected return on investment. “Resources” include people, money, facilities, weapons, IT, other equipment, logistics support, services, and information. Management activities for the portfolio include strategic planning, capital planning, governance, process improvements, performance metrics/measures, requirements generation, acquisition/development, and operations. (per the DoDI ) System - A system is a collection of elements or components that are organized for a common purpose. The word sometimes describes the organization or plan itself (and is similar in meaning to method, as in "I have my own little system") and sometimes describes the parts in the system (as in "computer system"). 27“Uniting Technology and Healthcare”

28 Additional Resources Defense Acquisition University –http://www.dau.mil/default.aspxhttp://www.dau.mil/default.aspx SharePoint –https://esportal.med.navy.mil/bumed/m6/governance/default.aspxhttps://esportal.med.navy.mil/bumed/m6/governance/default.aspx DADMS Governance 28“Uniting Technology and Healthcare”

29 Interim Program Reviews 29“Uniting Technology and Healthcare” Summary SlideCurrent Year Information Cost (DHP) & Schedule Summary Risk Assessment - Navy Medicine has chosen to adopt the DoD Risk Assessment process - Provides a way to make decisions on acceptable vs. non-acceptable risk - Represents the schedule of the project in relation to cost across the Future Year Defense Plan (FYDP). - Provides the baseline for POM building - Provides all the assumptions that have been made in relation to making this a successful project - Collects the milestones planned for the next 12 months - Provides the status of the Project’s overall burn rate for the Current Year - Provides a description of the Project that includes the business need that is being met as well as the benefits to fulfilling this need - All Point of Contacts (POC) - Shows the cumulative/overview of what is presented in the remaining slides 29

30 Information Assurance - Applicability Whether a single instance of an application, stand-alone information system, networked medical device, or a widely distributed program, all DoN-owned or -controlled information technology (IT) systems that receive, process, store, display or transmit DoD information are subject to IA requirements –CJCSI E, Information Assurance –DoDD , Information Assurance –DoDI , Information Assurance Implementation –DoDI , Information Assurance in the Defense Acquisition System –SECNAVINST B, DON Information Assurance Policy –DON DIACAP Handbook 30“Uniting Technology and Healthcare”

31 IA – Assumptions and Contraints In order for any system to be allowed on the network, an IA Analysis must be conducted. In order for the NAVMISSA IA Team to be engaged to do that Analysis, the system must be put through the Governance Process. The IA Team should not be engaged for IA Analysis outside of this Process. A number of documents and a knowledgeable point of contact are required for any IA Analysis effort to be successful. The appropriate IA Path will be scheduled once a system has received final approval by the CMWG/MCB, the IA Team will then work directly with the assigned Program Manager/System Owner. Any new system will need to be prioritized by the CMWG in relation to other ongoing Navy Medicine/TMA/DON/DoD IA activities 31“Uniting Technology and Healthcare”


Download ppt "Navy Medicine IM/IT Governance Gary F Stevens And Craig Palmer."

Similar presentations


Ads by Google