1. Deloitte Consulting LLP Commonwealth of Massachusetts IT Consolidation Program Statewide Working Group Discussion Document January 25, 2010 DRAFT FOR DISCUSSION PURPOSES ONLY

2. - 1 - DRAFT FOR DISCUSSION PURPOSES ONLY Agenda 1 Check-in for IT Consolidation Town Hall ‘Readiness’ (20 mins.) 2 IT Finance Checklist and Mission Critical Issues (25 mins.) 3 Benefits Tracking (15 mins.)

3. - 2 - DRAFT FOR DISCUSSION PURPOSES ONLY IT Consolidation Town Hall ‘Readiness’ Check-in

4. - 3 - DRAFT FOR DISCUSSION PURPOSES ONLY  Wave 1 (EOHHS) Town Halls February 8-12 Refresher on Plan for Secretariat Town Halls HR and Communications Sub-committees are working together to provide:  Town Hall meeting agenda  Presentation template including updated project information and HR content regarding staff transition process  SCIO talking points  All Remaining Secretariat and ITD Town Halls February 15-28 What support can Secretariats expect? February  Schedule meetings for mid-to-late February  Identify components of Secretariat Consolidation Plans (services, infrastructure and admin.) you wish to communicate with staff  Contact HR and Communications Sub-committees for support in drafting Secretariat-specific content Next Steps for Secretariats: Timing:

5. - 4 - DRAFT FOR DISCUSSION PURPOSES ONLY Wave 1 – Communication to Staff Recognizing that IT staff will have many questions about ‘Wave 1’ and how it will impact their careers, the following communications are under development and will be provided to all IT staff: Town Hall Meetings 1.General IT Consolidation project update 2.Change Impact Assessment Findings (HR update) 3.Secretariat-specific consolidation changes 4.Wave 1 plans a.Data center job functions moving to ITD b.Job posting and selection process Jobs Packet 1.Job descriptions 2.Job posting and selection process 3.Explanation of salary ramifications 4.Timelines for posting, selection, and transition 5.Application template with self-assessment * 6.MOU with NAGE (draft if not yet signed) * Self-assessment allows applicants to indicate their priority groups from their perspective Timing: Posting dates in early February or Prior to Wave 1 so that staff have detailed information to make informed decisions about applying

6. - 5 - DRAFT FOR DISCUSSION PURPOSES ONLY Planning Progress Check-In SecretariatTown Hall Date(s) and LocationsAdditional Support Required ANF EOE EOEEA EOHED EOHHS Week of February 8 th EOLWD EOPSS MassDOT

7. - 6 - DRAFT FOR DISCUSSION PURPOSES ONLY IT Finance Checklist and Mission Critical Issues

8. - 7 - DRAFT FOR DISCUSSION PURPOSES ONLY Delays with IT Finance have become mission-critical See Master IT Finance Checklist for SCIOs (separate handout). Key Issues: 50% of Secretariat IT Administration Operating Models are overdue by > 5 weeks 75% of Secretariat Implementation Workplans are overdue by > 4 weeks Indirect rate development and cost allocation planning is on hold for at least 1 out of 8 Secretariats due to delays in required documentation, and additional delays for 3/31 completion are possible Next Steps: Program management and Sub-committee leadership will be contacting SCIOs over the next business day to take action on troubleshooting and resolving these issues as needed

9. - 8 - DRAFT FOR DISCUSSION PURPOSES ONLY Benefits Tracking

10. - 9 - DRAFT FOR DISCUSSION PURPOSES ONLY Proposed Rollout Timeline Weeks of 1/18- 1/25 Weeks of 1/25 and 2/1 Month of February Month of March Month of April Weeks of 1/25 and 2/1

11. - 10 - DRAFT FOR DISCUSSION PURPOSES ONLY Recommended Skills for Benefits Tracking Program Manager 1.Strong project manager/management skills 2.Ability to understand program concepts, and communicate and analyze KPIs 3.Time and availability to lead the effort with sustained focus 4.Experience engaging stakeholders and executive sponsors

12. - 11 - DRAFT FOR DISCUSSION PURPOSES ONLY Planning Progress Check-In SecretariatChampion IdentifiedAdditional Support Required ANF EOE EOEEA Tom Skinner EOHED Dana Racine EOHHS Sheika Babin EOLWD EOPSS MassDOT Diane Nawrocki (TBD)

13. - 12 - DRAFT FOR DISCUSSION PURPOSES ONLY Measures, Definitions, and Measurement Methods # MeasureDefinition Guidance on Calculation Suggested Data Source M1 # of helpdesks Physical count of total IT helpdesk, service or contact center that provides ≥50% of its services internally. As defined here, a helpdesk Includes the associated tools, processes, and staff responsible for providing internal IT services at agreed upon service levels. Number: CountBaseline Data Source: Secretariat Phase 1 Consolidation Plans located on CommonWikiSecretariat Phase 1 Consolidation Plans Ongoing Data Source: Helpdesk Manager M2 # of desktop & LAN teams Teams who are responsible for: Physical install / move / add / change / support of PCs, state-issued handheld devices, printers (incl. workgroup and multi-function), faxes, network peripherals, phones, and file / print services etc. Number: CountBaseline Data Source: Secretariat Phase 1 Consolidation Plans located on CommonWikiSecretariat Phase 1 Consolidation Plans Ongoing Data Source: Desktop and LAN Team Manager M3 # of non-compliant websites The number of websites: 1) hosted on a non-Mass.Gov platform and / or 2) those containing static content that does not match the common look, feel, and IA of Mass.Gov. Include websites with waivers for exception in this count. Number: CountBaseline Data Source: Secretariat Phase 1 Consolidation Plans located on CommonWikiSecretariat Phase 1 Consolidation Plans Ongoing Data Source: Mass.Gov’s Master Inventory of Non-compliant WebsitesNon-compliant Websites M4 # of IT applications consolidated The number of SCIO designated IT applications that have been consolidated. Do not include applications in process of consolidation, only include those for which consolidation is complete. Number: CountBaseline Data Source: Secretariat Phase 1 Consolidation Plans located on CommonWikiSecretariat Phase 1 Consolidation Plans Ongoing Data Source: SCIO, or Secretariat Application Manager M5 # of data centers Commonwealth enterprise computing resources physically located at the Secretariat/agencies/field. All of the following types should be included in the count: Raised Floor and/or Cooled Data Centers; Server Rooms; Server/Telecom Closets; and SUD’s (‘Servers Under Desks’) locations. Do not include file and print servers. Number: CountBaseline Data Source: Infrastructure Consolidation Plans located on CommonWikiInfrastructure Consolidation Plans Ongoing Data Source: Data Center Manager

14. - 13 - DRAFT FOR DISCUSSION PURPOSES ONLY Measures, Definitions, and Measurement Methods (cont.) # MeasureDefinitionGuidance on CalculationSuggested Data Source M6# of networks (WANs) Physical count of total WANs. If you are a Secretariat on MagNET, count zero. Number: CountBaseline Data Source: Network Architecture Inventory Ongoing Data Source: Secretariat Network Manager/Administrator M7% of agency sites hosted on Mass.Gov Proportion of websites standardized on Mass.Gov hosting platform, serviced with common tools for web publishing and content managed at agreed upon service levels Number: Percent Number of portalized sites divided by total websites. Baseline Data Source: Secretariat Phase 1 Consolidation Plans located on CommonWikiSecretariat Phase 1 Consolidation Plans Ongoing Data Source: Secretariat Web Manager M8% of email users on MassMail Proportion of Secretariat email users using MassMail. Number: Percent Number of MassMail users divided by email users. Baseline Data Source: Infrastructure Consolidation Plan located on CommonWiki Infrastructure Consolidation Plan Ongoing Data Source: Secretariat Applications Manager M9Service availability (Helpdesk) The amount of time service is unavailable due to unplanned (non- scheduled) outages compared to the planned (scheduled) up-time during the reporting period (quarter). Number: Percent 1-[ Unplanned downtime ÷ scheduled uptime] Ex. During each quarter (12 weeks) a Helpdesk with service hours of 40 (9-5, M-F) will have a planned up –time of 40x12=480 hours. If it experiences 10 hours of unplanned outages during the quarter, its availability is: 1-[10 ÷ 480]. Baseline Data Source: Use 1 st quarter reporting as baseline. Ongoing Data Source: Helpdesk Manager ** The 6 ITIL processes being targeted for implementation across the Commonwealth are: incident, change, problem, asset, capacity, and service level management

15. - 14 - DRAFT FOR DISCUSSION PURPOSES ONLY Measures, Definitions, and Measurement Methods (cont.) # MeasureDefinition Guidance on Calculation Suggested Data Source M10% of IT services based on ITIL frameworks The degree to which the 6 target ITIL processes** have been implemented with in the 4 IT services Number: Percent Count of processes implemented within each service ÷ 24 (full implementation of 6 ITIL processes in each of the 4 IT services) Baseline Data Source: Secretariat Service Managers and Members of ISBMembers of ISB Ongoing Data Source: Secretariat Service Managers and Members of ISBMembers of ISB M11 Average time to resolve security incident An security incident is defined as an event that impacts the entire organization (Agency, Secretariat or Commonwealth). Difference (in hours) between when an incident is reported and when it is resolved. Number: Difference (in hours)Baseline Data Source: Helpdesk or if integrated with CommonHelp, the SAS system/ Level. Use 1 st quarter reporting as baseline. Ongoing Data Source: CCSO or Secretariat ISO M12 % of Desktop and LAN devices using a consistent set of security standards and technologies Desktop: Desktops using Anti-Virus, Anti Spy Ware Security Suites, all patches are up to date LAN: No standard currently published at the Commonwealth Level, Secretariat LAN Teams should define security devices Number: Percent Number of devices (sum of desktop and LAN devices) using a consistent set of security standards and technologies divided by total devices (sum of desktop and LAN devices). Baseline Date Source: Symantec or security software queries to evaluate standards on devices. Use 1 st quarter reporting as baseline. Ongoing Date Source: Symantec or security software queries to evaluate standards on devices. M13 % of physical servers that are secure A secure server is a physical server (those containing PII and those that do not) that employs industry standard security protocols and technologies to keep data secure. Prescribed security requirements include confidentiality, integrity, availability. Include all physical servers secured since 7/1/2009. Number: Percent Number of secured physical servers divided by total number of physical servers. Baseline Data Source: Infrastructure Consolidation Plan located on CommonWiki Infrastructure Consolidation Plan Ongoing Data Source: Secretariat Data Center Manager ** The 6 ITIL processes being targeted for implementation across the Commonwealth are: incident, change, problem, asset, capacity, and service level management

16. - 15 - DRAFT FOR DISCUSSION PURPOSES ONLY Commonwealth-specific Measures, Definitions, and Measurement Methods # MeasureDefinition Guidance on Calculation Suggested Data Source CMW1 # of SCIOs in placeLevel of accountability and oversight through an SCIO Number: CountBaseline Data Source: # of SCIOs at issuance of EO510 February, 2009 Ongoing Data Source: CIO Cabinet leadershipCIO Cabinet CMW2 # of plans that align with Commonwealth IT Strategic Plans Strategic alignmentNumber: CountBaseline Data Source: Secretariat Phase 1 Consolidation Plans located on CommonWikiSecretariat Phase 1 Consolidation Plans Ongoing Data Source: Updated plans loaded to the CommonWikiCommonWiki CMW3 # of formal IT career paths Total # of new formal IT career paths that flow within the 8 common functional families developed during Phase II of IT Consolidation. Maximum is 44. Number: CountBaseline Data Source: Number of IT titles in existence at issuance of EO510 February, 2009 Ongoing Data Source Industry Standard Job Families and Functions located on CommonWikiIndustry Standard Job Families and Functions CMW4 # of participants that have completed ITIL training courses Total # of individuals who registered and fully participated in ITIL training offered as part of IT Consolidation Number: CountBaseline Data Source: Number of ITIL trained individuals in IT workforce at issuance of EO510 February 20, 2009 Ongoing Data Source Participation lists located on CommonWikiParticipation lists CMW5 % compliance with EO504 administrative requirements Submission and acceptance of 3 documents: 1) Information Security Programs, 2) Electronic Security Plans, and 3) Self Assessment Questionnaire. Number: Percent # of agencies initiating EO504 administrative requirements divided by total # of agencies within the Executive Department (n/86) Baseline Data Source: # of compliant agencies at issuance of EO504 February, 2009 Ongoing Data Source: CCSO