|
Group 1 Agencies -- FY 2009
Technology Infrastructure Standards
Assessment (TISA)
Background
Submission of an annual IT Standards Assessment is required of each
Group 1 agency per statewide IT Planning Policy, P136. An online self
assessment tool, Technology Infrastructure Standards Assessment (TISA),
addressing IT quality assurance and enterprise architecture, as well as
IT security and privacy compliance is available at
www.azgita.gov/planning/.
Purpose
The purpose of the standards self-assessment is threefold:
1) to assess current overall standards compliance among Group 1
agencies;
2) to remind agencies of current security and enterprise architecture
standards;
3) to aid agencies in identification of their IT security and privacy
vulnerabilities as well as deviations in complying with other statewide
standards.
4) Prepare for upcoming technical compliance reviews
Any vulnerabilities and compliance deviations should then be addressed
in the agency’s annual IT plan.
Requirements
Each major executive branch agency must assess its IT environment, using
the TISA application, on or before September 2nd of this year. If there
has been significant change to an agency’s risk posture (either an
increase or decrease), mid-year updates to TISA are encouraged. Proposed
changes are expected to be justified on agency letterhead in advance and
submitted to the State CIO.
For FY 2009, 31 categories are being assessed. These categories deal
with quality assurance, software architecture, network architecture,
platform architecture, data/ information architecture, IT security and
privacy. Privacy, the primary responsibility of business rather than
IT, will eventually become a separate compliance application. The
remaining categories correspond with the statewide policies and
standards found on the GITA web site at
www.azgita.gov/policies_standards/. Compliance questions are
extracted from each referenced standard with the specific paragraph
number indicated in parentheses at the end of each question. Only a
handful of questions have changed from the FY2008 TISA, while many
questions have been deleted this year due to reduction in risk or higher
vulnerability priorities.
As part of standards adherence, agencies are requested to estimate their
approximate percentage of compliance for the current and next three
fiscal years. The intent is to use weighted and aggregated data to
identify potential statewide trends across multiple agencies. For FY
2009, a threshold of 80% compliance has been set for responses to all
standards. Security especially back-ups, privacy and data exchanges are
the focus for FY 2009. It is expected that agencies will support not
only the letter of the standards, but the spirit of them as well. Indeed
some agencies will surpass the standards by applying ‘best-in-class’
solutions. Standards compliance should always strive toward a 100%
compliance level.
Guidelines
Use of “Not applicable” is strongly discouraged and must be Justified
formally in advance with the State CIO. In addition, zero percent compliance
will also require a written justification to State CIO as statewide standards
were adopted to apply to all agencies.
Again, resolution of gaps or compliance not reaching 80% should be
addressed in the agency's IT plan (with
reference in the TISA comment section, where appropriate) as either an IT
goal or objective including annual targeted performance measures.
All agencies are requested to submit a Data Exchange Matrix by uploading
it to the DOCUMENT section of TISA. Requirements for the Data Exchange
Matrix can be reviewed at the P740-S741 R1.0, Statewide Standard for
Classification and Categorization of Data. Failure to submit an
updated Data Exchange Matrix will prevent approval of an agency’s
submission this year.
Questions
For access to the TISA application or general questions, contact the IT
Planning Manager at 364-4784 or
ITPlanning@azgita.gov.
For specific questions regarding compliance to a particular standard,
contact Homeland Security Technology Manager at 364-4771 or
jryan@azgita.gov.
Page last edited:
07/02/2008
Top
|
