The 21st century CIO is a multifaceted professional adept in a full spectrum of skills, including business and finance, technology, human relations, and organizational change. In order to be truly effective, a CIO seeking to make lasting change within an organization must possess a vast and deep toolkit of skills and experience that can be leveraged, depending on the maturity level of an organization, specific technology issues, or evolving scenarios.
"The cloud computing initiative is without a doubt the most complex IT initiative ever undertaken by the Office of Secretary of State"
When faced with the overwhelming challenge of complete IT modernization of the Oregon Office of Secretary of State, it was clear the effort required everything in that vast toolkit of skills. Borrowing from Federal CIO Guidelines for IT Modernization, the Secretary of State Information Systems Division began transforming information systems across the entire spectrum of IT services and support. The approach was to follow industry best practices using four basic steps:
Step 1 - Conduct a Benchmark Assessment: IT managers conducted an honest self-assessment across the entire spectrum of IT services, including software development, infrastructure operations, project management, software quality assurance, and cybersecurity. They leveraged an international best practices framework known as Control Objectives for Information and Related Technologies (COBIT) to identify gaps and shortfalls and provide IT managers a baseline from which to proceed.
Step 2 – Define a Strategy: IT managers took great pains to ensure the evolving IT strategy could easily trace back to business goals and plans. The resulting IT strategic plan outlined the current IT and business environment as well as the strategy for a future state. This future state section not only listed the goals and strategies to be pursued, it documented a series of specific objectives to be accomplished over a two-year period. Each specific objective was further expanded to provide a short description, the implementation approach, the associated budget, and the projected timeline. The plan was evaluated against four IT domains: infrastructure, security, data, and applications. The completed strategy was then presented to all IT staff, business leaders, and the Secretary of State himself. It became a living document by serving as a basis for discussions with the chief financial officer and business leaders for prioritization of IT investments.
Step 3 – Build a Roadmap: The next step began by compiling a list of all IT projects across the entire organization. IT managers discovered there was no comprehensive view of IT projects across all business areas, and many IT infrastructure projects were not visible to business leaders, resulting in continual delays and postponement of critical infrastructure upgrades. The CIO also created a centralized Project Management Office (PMO) assigning the four project managers to the centralized function. This allowed implementation of standardized project management best practices as defined by the Project Management Institute.
The PMO documented all projects in a project portfolio software tool that facilitated analysis of workload and resource allocations. Once these steps were complete, the PMO assisted in the formation of an IT governance group, the Portfolio Review Board (PRB), consisting of seven business directors and the Deputy Secretary of State. Over the course of several weeks, the PRB was briefed on 77 portfolio projects followed by a facilitated project prioritization session. The result of the prioritization was a decision to place 55 projects on hold. The final step in this evolution was to implement a stage gate process for each of the 22 projects remaining on the active list. This required each project to follow specific best practices including approval to proceed at various stages of each project.
Step 4 – Implement Structured Initiatives: With the foundation set, the fourth step effectively became the defining set of activities. IT managers began to upgrade operations from a people, process, and technology standpoint. A new position was created, and a Service Desk Manager was recruited. IT staff were trained and certified on the IT Infrastructure Library (ITIL), another international standard for IT service and support. Software tools were procured to facilitate monitoring of all IT systems. The Service Desk was created and the ITIL processes of Incident Management and Request Fulfillment were implemented. These operational efforts ultimately led to the creation of the Network Operations Security Center (NOSC), a fusion of the Network Operations Center and Security Operations Center. Next, cybersecurity initiatives were undertaken leveraging federal grants that funded new cybersecurity systems and additional staff. These initiatives, along with the foundation set in the previous steps, all led to the current defining initiative: migration to cloud computing.
The cloud computing initiative is without a doubt the most complex IT initiative ever undertaken by the Office of Secretary of State. It could not have been undertaken without having the foundational elements of the PMO, the PRB, the NOSC, and the Service Desk in place. The IT transformation is still ongoing; however, the progress made over the course of 16 months has garnered a state-wide attention. Success in IT modernization efforts can easily be attributed to the use of best practices and state-of-the-art tools. However, deeper analysis indicates success was enhanced through an overarching vision and the ability to navigate business, financial, HR, and technical hurdles. These elements allowed IT managers to leverage all available resources in an ambitious effort to transform the Office of Secretary of State, securing a path to become an IT center of excellence rivaling many high-tech firms.