POLICY ON INFORMATION TECHNOLOGY SERVICES
AUTHORIZATION/MAYOR'S DIRECTIVE 06-02, formerly 99-1
Originated May 1996
Revised August 1999
Revised August 2004
Revised September 2006
1.1 Purpose of Directive
This directive establishes the general policy on Information Technology (IT) services for the City and County of Honolulu. It is effective immediately and supersedes Mayor's Directive 99-1.
To enable the City and County of Honolulu to best manage all of its IT resources, the Department of Information Technology (DIT), under the guidance of the IT Steering Committee (ITSC), shall develop and direct an integrated network of computer resources that will provide data processing and telecommunications services to all City agencies and authorized users. Through centralized management of IT services, all users of the City's network will be able to more effectively share data, information, technology, resources, and technical expertise in a cost-effective and efficient manner.
In conjunction with IT management, the Department of Information Technology will promote "user self-sufficiency"by establishing a working environment whereby agencies will be encouraged to perform simple data processing tasks at their own sites. DIT will make available the necessary data and provide the tools, training, and any necessary assistance to enable users to attain greater self-sufficiency.
The City also recognizes the continuing need to work in concert with the entire community -- federal, state and county agencies as well as the private sector and the public. DIT will continuously promote an environment of automated information exchange using various technologies to improve the delivery of City services to:
· improve the underlying information technology infrastructure;
· bring legacy systems to current state-of-the-art levels;
· expand e-government (more online/less inline);
· improve agency workflow with a move to a less paper-oriented operations;
· improve interoperability of a common radio system to enhance communications between and among agencies;
· expand wireless technologies throughout Oahu through public-private partnerships; and
· improve opportunities for local tech startups.
1.3 Assignment of Data Processing Responsibility
This directive assigns to the Director of Information Technology the primary responsibility of managing all IT resources and services in the City. The director is also given the title of Chief Information Officer (CIO) of the City and County of Honolulu, with the responsibility for developing the City's long-range IT-related plans, goals, and objectives, as well as measures for their achievement. The CIO will ensure that all IT plans are consistent with, and supportive of, the stated needs of the various City departments.
City Ordinance No. 3479, approved by the Mayor on October 1969, established the Department of Information Systems. The department was renamed the Department of Data Systems in the Revised Charter of the City and County of Honolulu of 1973. On January 1, 1999, the department was renamed the Department of Information Technology to reflect the reorganization of the City government and to be more consistent with the IT industry. Chapter 13, Section 6, of the Revised Charter delineates the powers, duties, and functions of the Director of Information Technology, as follows:
1. Operate information systems excluding those systems maintained by the Board of Water Supply and any other semi-autonomous agencies created by ordinance.
2. Provide technical expertise in information systems/technology to the City government.
3. Assist the Managing Director in management information analysis and evaluation.
4. Advise the Mayor on information technology matters, as they relate to government operations and the development of a technology industry in Honolulu.
5. Provide objective third-party guidance in the selection of technologies for all City departments.
6. Chair the Public Safety Oversight Committee and facilitate an integrated approach to technology deployment in the area of public safety.
7. Perform other duties as may be required by law.
More specifically, the Director of Information Technology is given the following responsibilities to effectuate the IT strategy of the City:
1. Establish standards, procedures, guidelines, rules and regulations to effectively manage the City's computer information and telecommunications resources.
2. Develop a strategic information systems plan for the City with input from the IT Steering Committee and review the plan on a regular basis to ensure proper product prioritization, control, and viability in the face of rapid technological changes in the industry.
3. Provide technical approval for the acquisition of all IT-related hardware, firmware, software, personnel, and contractual services, by all City agencies.
4. Provide sufficient security policies and procedures to maintain data integrity; protect data from loss, misuse, and unauthorized access; and ensure compliance with copyright and privacy laws.
5. Maintain information technology and telecommunications facilities for the City and all operational computerized systems.
6. Optimize the use of shared data through efficient data base management systems.
7. Serve as the "custodian" of data owned by City departments and stored on City information systems.
8. Provide other government agencies and organizations with information they may request, subject to legal and security constraints.
9. Develop and implement an end-user support plan to enable agencies to attain "user self-sufficiency" in obtaining timely management information from stored databases.
10. Evaluate technological advancements, product lines, and alternate solutions to data processing requirements as applied to City operations.
11. Develop, implement, and maintain a viable telecommunications plan to continually improve reliability and response time for users of the integrated telecommunications network. DIT shall provide City agencies with all telecommunication hardware, software, and carrier services.
12. Develop a program to ensure that all desktop workstations utilized by the City work force are replaced or upgraded on a prudent basis (usually 4-5 years).
13. Assist the Mayor, Managing Director, and City agencies in assessing IT requirements and in developing viable plans of action.
14. Establish an ongoing comprehensive training program for DIT staff and users of the City's IT resources.
15. Act as technical advisor to state and county agencies using statewide systems operated by the City's central computing facility.
16. Develop charge back methodologies and cost-sharing agreements with non-City agencies.
17. Advise and assist departments in the preparation of long-range and short-range plans for using information technology within their departments, as well as for the procurement and implementation of computer applications that support the needs of the departments.
18. Evaluate each City agency's IT plans and service requests for technical feasibility and impact on DIT's resources. Recommend a work priority and implementation schedule and advise the Managing Director.
19. Monitor and act on legislative proposals at all levels of government that may directly or indirectly affect IT plans, policies and procedures of the City.
20. Develop and implement guidelines and procedures that ensure compliance with the policies and intent of this directive.
21. Monitor the use of grant funds earmarked for technology computers, security, access control, cameras) to ensure integration with City standards.
22. Manage the microwave and 800 MHz radio systems to ensure maintenance and upgrades fall within documented standards.
23. Monitor and approve allocation and spending grants for the acquisition of technology for the City.
24. Ensure that all backups to disaster recovery procedures are established and tested quarterly.
25. Manage the City's various telephone systems to ensure that City voice communications are available in the most cost-effective manner.
26. Manage the City's telecommunication revenue opportunities, ensuring that optimal revenues and services are obtained.
27. Ensure that data, security, hardware, software, communications, client server, mainframe, risk management, and related technology strategies are updated and deployed on an annual basis.
1.4 Assignment of DIT Responsibilities to Department Heads
While the Department of Information Technology has the primary responsibility to ensure that the City's data and telecommunications needs are adequately met, and computer resources are effectively managed, the director of each City agency will be responsible for the following:
1. Develop, with the assistance of DIT, long-range and short-range plans for utilizing information technology within his or her department. These plans shall be specific as to departmental priorities. Planned projects should include anticipated benefits to be gained, such as increases in staff productivity and efficiency, lower operating costs, and/or anticipated increases in services to the public. Departmental plans shall be updated, as necessary, to reflect additions and changes.
2. Together with DIT, determine the priority and level of internal coordination necessary to adequately support all departmental IT activities, and delegate these responsibilities to appropriate departmental personnel.
3. Include in the department's annual budget request, for those projects that have been given technical approval from DIT.
4. Present written requests to DIT for all IT services desired, using the appropriate designated forms.
5. Request assistance from DIT to train designated staff members on the use of standard IT hardware and software utilized within the City.
6. As the "owner agency"of electronic data files, provide the Director of Information Technology with written approval authorizing its release to other government agencies, private organizations, and the public.
7. As an agency requesting the use of electronic data, obtain the consent for the use of data from the appropriate "owner agency." DIT, as custodian of all electronic data files, will require approval for access from the "owner agency" prior to its release.
8. Develop and implement adequate departmental security procedures consistent with the security policies established by DIT.
9. As a member of the IT Steering Committee, help to identify and prioritize all DIT project requests.
10. Develop a department Technology Risk Assessment with the help of DIT for and disaster preparedness.
1.5 DIT Responsibilities For All Non-City Users
The head of each non-City organization receiving data processing services from the City's computer resources shall be responsible for the following:
1. Ensure compliance with all standards, security policies, and procedures provided by the Director of Information Technology, including all copyright and privacy laws.
2. Obtain consent for the use of data from the appropriate "owner agency.'' The Director of Information Technology, as custodian of all data residing in the central computing facility, will still require approval for access from the agency charged with maintaining the accuracy and timeliness of the data.
3. Inform the Director of Information Technology of any changes or deviations in the intent of the IT services provided.
4. Provide training to staff members by obtaining assistance for training from the Director of Information Technology to ensure that they are qualified to utilize and work with appropriate hardware, software, and firmware in a shared IT
5. Assume all costs for requested data processing services, including personnel, data communication, hardware, software, and related machine processing costs.
2.1 Computer Equipment
The City's computing facility consists of mainframe computers, peripheral devices, network file servers, and specialized communications equipment, linked together to form a centralized computer system. Equipment shall be upgraded periodically to preclude technological obsolescence and costs prohibitive support.
2.2 Computer Applications
The Director of Information Technology and the agency requesting the application shall determine application requirements jointly through the ITSC. Applications refer to all facets of information processing, including data, word, image, and voice processing and any technological changes that bring information directly to those who need it to effectively accomplish their goals. The agency heads will maintain primary responsibility for ensuring that application requirements are accurately met.
2.3 Security Policy
The Department of Information Technology is responsible for implementing a security system that ensures the accuracy and integrity of electronic data and prohibits unauthorized access to City-owned computer resources. The director shall designate a central security administrator to develop security policies, guidelines, and procedures. The user agencies will enforce the policies at the local site. The security system procedures will address the responsibilities of the owners of resources, the custodian of resources, the functions of departmental security administrators and the central security administrator, and individual accountability. The DIT Director will act as head of the Public Safety Oversight Committee.
2.4 Procuring and Augmenting the City's IT Staff
The Department of Information Technology shall periodically review staffing requirements and qualifications of applicants for vacant staff positions. The Department of Human Resources shall work jointly with the Department of Information Technology to ensure that qualified candidates are recruited and that the qualifications are unbiased and competitive with the industry. Contractors, student help, and volunteers can supplement the permanent staff with approval of the Managing Director. Supplemental staff will be subject to the same security requirements as permanent staff members and will be held accountable for their activities.
2.5 Procuring Contract Services
The Director of Information Technology shall determine if contract services are necessary to accomplish priority tasks. When contract services are required, the Department of Information Technology will be responsible for integrating the resulting system into its existing workload, ensuring that adequate resources have been provided for subsequent system maintenance and ensuring that the staff works closely with the contractor to be able to maintain the product or provide the same level of technical expertise upon termination of the contract.
All contracts for IT projects for the City require the approval of the DIT Director.
3.1 Definition of Terms
The following definitions are provided for terms used in this directive:
CITY -The City and County of Honolulu.
CITY AGENCY -Any department, commission, board, bureau, office, or other establishment that is part of the government of the City and County of Honolulu, excluding semi-autonomous agencies such as the Board of Water Supply.
COMPUTER RESOURCES -All hardware, firmware, software, personnel, and procedures that are part of data processing solutions.
DATA COMMUNICATION -The transportation or transmission of data from one location to another in a network of terminals linked together to a computer.
DEPARTMENT -The agencies directly under the Mayor of the City and County of Honolulu that are part of the executive branch of government as provided in the Revised City Charter of 1973.
FIRMWARE - Computer devices such as ROM (Read-Only Memory) that have physical characteristics but perform specific functions usually through software. A programmer cannot alter the predetermined instructions, as they are part of the hardware circuitry.
FUNCTIONAL CONTROL -The authority to establish and enforce rules and regulations governing a specific function, the data processing function, such as acquiring equipment, determining information needs, staffing, etc.
HARDWARE - Computers and computer-related equipment and devices such as controllers, terminals, scanners, workstations, printers, and file servers.
OPERATIONAL CONTROL -The authority to establish and enforce rules, regulations, and procedures to ensure the smooth operations of the central computing facility and all equipment linked to the citywide network.
SOFTWARE - Computer programs and procedures that enable the computer to perform predetermined functions and can usually be altered by a "programmer."
TELECOMMUNICATION - A form of information handling in which a data processing system utilizes communication facilities.
USER - Any person, group of persons, or organization using City computer resources or benefiting from the data processing services provided. City users would be City agencies such as the Department of Planning and Permitting and the Department of Customer Services. Non-City government users would be county, state, and federal agencies such as the County of Kauai, the State Department of Budget and Finance, or the Federal Bureau of Investigation. Non-government users would be persons or organizations in the private sector such as students involved in special projects and the Hawaiian Humane Society.
Department of Information Technology