GITA Home

Government Information Technology Agency

Arizona at Your Service    
 

About GITA     Statutes and Rules     Contact GITA

IT Coordination and Planning
  Statewide Plan and Applications
  Enterprise Architecture
  Service Oriented Architecture
  Policies, Standards, Procedures

IT Project Review and Monitoring
  Project Investment Justification
  Project Oversight
  Project Management Certification

E-Government

Information Security and Privacy

Strategic Initiatives 
  AZ 211

  E-Health
  Public Safety Communications
  Telecommunications

Councils and Committees

 

Technology Infrastructure and Security Assessment (TISA)

Web Applications

Group 1 Agencies -- FY 2009
Technology Infrastructure Standards Assessment (TISA)

Background

Submission of an annual IT Standards Assessment is required of each Group 1 agency per statewide IT Planning Policy, P136. An online self assessment tool, Technology Infrastructure Standards Assessment (TISA), addressing IT quality assurance and enterprise architecture, as well as IT security and privacy compliance is available at www.azgita.gov/planning/.

Purpose

The purpose of the standards self-assessment is threefold:

1) to assess current overall standards compliance among Group 1 agencies;

2) to remind agencies of current security and enterprise architecture standards;

3) to aid agencies in identification of their IT security and privacy vulnerabilities as well as deviations in complying with other statewide standards.

4) Prepare for upcoming technical compliance reviews

Any vulnerabilities and compliance deviations should then be addressed in the agency’s annual IT plan.

Requirements

Each major executive branch agency must assess its IT environment, using the TISA application, on or before September 2nd of this year. If there has been significant change to an agency’s risk posture (either an increase or decrease), mid-year updates to TISA are encouraged. Proposed changes are expected to be justified on agency letterhead in advance and submitted to the State CIO.

For FY 2009, 31 categories are being assessed. These categories deal with quality assurance, software architecture, network architecture, platform architecture, data/ information architecture, IT security and privacy. Privacy, the primary responsibility of business rather than IT, will eventually become a separate compliance application. The remaining categories correspond with the statewide policies and standards found on the GITA web site at www.azgita.gov/policies_standards/. Compliance questions are extracted from each referenced standard with the specific paragraph number indicated in parentheses at the end of each question. Only a handful of questions have changed from the FY2008 TISA, while many questions have been deleted this year due to reduction in risk or higher vulnerability priorities.

As part of standards adherence, agencies are requested to estimate their approximate percentage of compliance for the current and next three fiscal years. The intent is to use weighted and aggregated data to identify potential statewide trends across multiple agencies. For FY 2009, a threshold of 80% compliance has been set for responses to all standards. Security especially back-ups, privacy and data exchanges are the focus for FY 2009. It is expected that agencies will support not only the letter of the standards, but the spirit of them as well. Indeed some agencies will surpass the standards by applying ‘best-in-class’ solutions. Standards compliance should always strive toward a 100% compliance level.

Guidelines

Use of “Not applicable” is strongly discouraged and must be Justified formally in advance with the State CIO. In addition, zero percent compliance will also require a written justification to State CIO as statewide standards were adopted to apply to all agencies.

Again, resolution of gaps or compliance not reaching 80% should be addressed in the agency's IT plan (with reference in the TISA comment section, where appropriate) as either an IT goal or objective including annual targeted performance measures.

All agencies are requested to submit a Data Exchange Matrix by uploading it to the DOCUMENT section of TISA. Requirements for the Data Exchange Matrix can be reviewed at the P740-S741 R1.0, Statewide Standard for Classification and Categorization of Data. Failure to submit an updated Data Exchange Matrix will prevent approval of an agency’s submission this year.

Questions

For access to the TISA application or general questions, contact the IT Planning Manager at 364-4784 or ITPlanning@azgita.gov. For specific questions regarding compliance to a particular standard, contact Homeland Security Technology Manager at 364-4771 or jryan@azgita.gov.

Page last edited: 07/02/2008

Top

 


Chris Cummiskey - GITA Director and State CIOCIO - Agency CIO ResourcesArizona 2-1-1 Online / Health and Human Services and Emergency Resources Statewide

Governor Napolitano's WebsiteVendor Resources - Doing Business with the StateGITA e-Health
   

Privacy Statement | Accessibility

Copyright 2003 Government Information Technology Agency, All Rights Reserved.