IRDR & IR-CAP Briefing April 25 th,2016 1:30-2:30

Grab Tab Audio Pane Use Settings to configure and test audio and other preferences. Click arrow to expand and collapse control panel Click hand icon to raise/lower hand Control Panel Question Pane Enter questions here. Control panel options may vary slightly depending on webinar configuration. Attendee List See attendees on one tab, staff on another. GoToWebinar ® Attendee Controls

DIR Staff Deborah Hujar MODERATOR Matt Kelly PRESENTER

Welcome 53 registrants CPE Credit We will post slides and recording Find updates and more information on the IRDR page of dir.texas.gov Ask questions anytime using the question pane IHE Reminder

Background The IRDR is a standardized survey that: ​​​​​​ Measures an agency’s progress against the State Strategic Plan (SSP) Confirms that the agency is in compliance with the state's IR-related statutes, rules, and standards Examines how each IR deployment has supported the agency's mission, goals, and objectives

IR-Corrective Action Plans The IR-CAP process is designed to elevate agency awareness of IR compliance issues and to demonstrate to DIR that you are making progress toward correcting them. While full compliance remains a challenge for some agencies, DIR stands ready to assist IRMs in their efforts.

Agenda Introduction and Background IRDR Findings Q&A IR-CAP Process Overview IR-CAP Demo Q&A Wrap-up

Agency Environment

Software Currency

Security 98  156 Security Professionals (59% Increase) 23% of agencies have increased security budgets over the biennium Top Five Security Initiatives for the biennium: 1.Data protection 2.Security training and awareness 3.Business continuity 4.Security risk assessment 5.Application security

Accessibility Participation in free website accessibility scanning program has doubled over the last biennium.

Computing Inventory Type Change Desktops108,666112,31994, % Laptops29,46639,94544,920 52% Tablets7,5909,85312,943 71% Smartphones10,04622,36827, % Not-so-Smartphones17,1279,6726, % Printers32,74944,28346,387 42%

Computing Inventory

Cloud

Desktop Virtualization

Training

Legacy Based on the assumption that security is always a factor, what are the main legacy applications issues facing the agency? Software maintenance upgrades - limited or unavailable29 Extensibility, adaptability, agility - inability to enhance or revise26 Technical support - unavailable or difficult to obtain24 None20 Documentation - non-existent or out-of-date18 Application development tools - limited expertise (dead languages)17 Accessibility - remediation cost, time, feasibility11 Other6 Software - no longer available or difficult to obtain6 Hardware - no longer available, limited or no support4 Hardware maintenance - limited or unavailable3 Recoverability - uncertain how or where to recover3

E-Gov

Domain Names

Data Management

Data Utility

Compliance Each agency must perform and document an annual assessment of High Risk information resources, and a biennial assessment of Medium/Low Risk information resources. Each agency must comply with all EIR Accessibility Policy and Coordinators provisions 1 TAC (b) through 1 TAC (f) or 1 TAC (b) through1 TAC (f). The agency shall institute, approve, and publish an operating procedure that communicates an agency-wide approach for information technology project management practices, meeting listed standards.

Compliance SecurityState WebsitesAccessibilityGISElectronic Record MgmtIRMProject Mgmt Procuremen t Privac y

2014 SSP Progress SSP PriorityNo progress Minor progress Moderate progress Significant progress Business Continuity1%22%28%49% Cloud8%22%29%33% Data Management7%32%37%21% Enterprise Planning & Collaboration8%28%24%32% IT Workforce8%33%27%21% Legacy Modernization3%13%32%45% Mobility8%32% 22% Network3%12%33%49% Security0%20%41%38% Virtualization8%9%26%50%

SSP

2016 SSP Alignment Focus AreaNot applicableNo plans to alignPlan to alignMinor alignment Moderate alignment Significant alignment Cloud5% 3%21%34%32% Connectivity4%0%3%11%20%63% COOP0% 3%11%33%53% Analytics13%0%8%28%29%22% Data Mgmt1%0%13%24%36%26% Digital Services5%1%7%16%32%39% IoT30%13%8%24%17%8% IT Funding3%1%7%16%32%41% IT Planning and Gov3%0%4%16%33%45% IT Workforce8%1%4%25%33%29% Legacy9%1%3%11%25%51% Mobile Apps12%7%19%20%24%19% Open Data14%3%8%20%29%26% Security0% 12%36%52% Shared Services7%4%7%32%24%28%

Data Evaluation Data Statement Strongly Disagree DisagreeNeutralAgree Strongly Agree Our data are accessible to those who need it. 0% 7%60%33% Our data are collected for a purpose. 0% 2%31%67% Our data are of the right quality/are clean. 0%2%24%57%17% Our data are standardized to support comparisons across agencies. 0%10%55%26%10% Our data are standardized to support comparisons across areas within the agency 0%7%20%56%17% Our data are “siloed”; we have pockets of individuals who protect their data. 10%30%28%23%10% Our data, reports, and processes are repeatable. 0%2%7%59%32% Reports are in the right format and show the right data to inform decisions. 0% 20%61%20% The data used for reporting and making decisions are current/reviewed periodically for accuracy. 0% 7%68%24% We eliminate data that are beyond the scheduled retention period, and no longer has value to the organization. 2%24%12%51%10% We have policies that specify rights and privileges regarding access to organizational and individual data. 0%7%5%54%34% We have sufficient capacity to store, manage, and analyze increasingly large volumes of data. 0%10% 63%18% We have the right kinds of data. 0% 20%61%20% We have the right tools or software for analytics. 0%24%27%41%7%

Mobility Evaluation Mobility Statement Strongly Disagree DisagreeNeutralAgree Strongly Agree Our current developers have existing knowledge of mobile development tools and programming languages.16%34%21%26%3% Our mobile strategy was developed in conjunction with IT and business leaders.11% 34%32%13% Our website has responsive design.5%18%13%44%21% There is a significant demand for a mobile application from our end users.8%34%29%21%8% There is a thorough understanding of the intended end-users' needs.5% 29%55%5% We follow a standard methodology for mobile app development (SDLC, agile, etc…).8%24%41%24%3% We have an enterprise mobile strategy and roadmap.11%32%34%18%5% We have governance structures made up of key stakeholders to guide the business, technology, and investment decisions around mobile engagement.13%16%50%16%5% We have metrics that communicate progress and success regarding mobile engagement.11%34%42%11%3% We have successfully deployed one or more mobile applications in the past.16%42%11%16% We monitor the number of mobile devices accessing our network.11%29%21%26%13% We take mobility into account in our security program.11%3%14%65%8%

Q&A Takeaways Focus on Cybersecurity Troublesome Accessibility Compliance Poised for Data Utility Continued Mobile Deployment Questions?

Process

IR-CAP Process Overview

Key Dates IR-CAP Webinar 4/25 Archer Portal Release week of 4/25 Data collection 4/25 – 6/10 IR-CAP Review 6/10 – 6/17 Plan approval/revision notification 6/20 IR-CAP Submission Deadline: Friday, June 10 th

Data Collection Logging in/refreshing accounts Navigating to remediation plans Required fields Changes from 2014 Delegating Submitting Tips and assistance

Login URL: Instance: 20224

Dashboard

Remediation Plan

Edit Mode

Q&A

Thank you For additional information contact: or visit our IRDR page on DIR’s website: