Digital Governance Plan

CNCS has implemented a Digital Governance plan that established a structure and process to ensure the effective and efficient use of IT resources (including public web sites and digital services) to enable mission success. The IT governance process, which is rooted in IT management best practices, ultimately strengthens decision making by ensuring stakeholder interests; compliance with Federal legislative and policy requirements; alignment with strategic goals and objectives; and ensure, performance and risk are considered as part of the IT decision making process. Summarized below are the key elements of CNCS’s IT governance plan including key IT governance bodies; guiding IT policies and plans; and execution approach. Together, these key elements enable CNCS to:

  1. Align IT investments(*) with business strategy, initiatives, and priorities.
  2. Coordinate and maximize benefits.
  3. Manage risk effectively to deliver responsible, reliable, cost-effective IT services.
  4. Comply with all Federal requirements.

IT Governing Boards

The CNCS Chief Executive Officer (CEO) is accountable for all information resources and has delegated day to day management responsibility to the Chief Information Officer (CIO) including development and maintenance of a secure IT architecture as well as overseeing the design, implementation, and operations of all major information resources and management processes. Under this delegated authority the CIO has chartered three primary IT governing boards that directly support the Agency’s overall governing structure and Enterprise Risk Management program. The boards include:

  • IT Steering Committee (ITSC): Comprised of the Chief of Staff, Chief Operating Officer, Chief of Program Operations, Chief Council, and chaired by the CIO this senior decisional governance body is the primary means through which the Agency business and IT leadership deliberate to: 1) set IT priorities and make IT resource allocation decisions; 2) review and monitor IT portfolio performance and risk; and 3) set Agency IT policy and plans.
  • Executive Review Board (ERB): Comprised of CNCS Program Directors and chaired by the CIO, this executive level IT Advisory Board is responsible for: 1) informing the development of IT strategy, policy, and plans; 2) collaborating on common business needs with new IT services; 3) reviewing the performance of existing “enterprise” IT initiatives, and 4) discussing IT operational risks and issues that may impact IT service delivery.  The ERB advises the ITSC on the IT investment portfolio.
  • Technical Review Board (TRB): Chaired by the Deputy CIO, the TRB is comprised of the Office of IT (OIT) subject matter experts from a number of IT disciplines.  The body is responsible for providing technical assistance and consultation to IT project managers. Voting members are responsible for executing IT investment/project stage gate (milestone) reviews per OIT’s project management/system development lifecycle governance process.
  • Production Change Control Board (PCCB): Chaired by OIT Governance and Oversight Manager, the PCCB is comprised of key IT stakeholders and is the technical body responsible for reviewing and approving changes to CNCS production IT environment per CNCS IT service asset and configuration management policy and procedure. Board approval is necessary for a system/project to become operational.

IT Governance Policy and Plans

CNCS’s IT Governance requirements are established in official Agency policy, processes, and procedures and process execution are guided by foundational IT planning documents including:

  • IT Capital Planning and Investment Control Policy: Establishes IT governance framework and processes for selecting, controlling, and evaluating IT investments to ensure they are aligned with business strategy; coordinated across the Agency; and effectively planned and executed to the maximize value, minimal risk, and deliver expected results. IT governance processes are integrated with other Agency processes including budget and procurement.
  • Systems Development Lifecycle Policy: Sets the policy and procedure that CNCS employees and contractors must follow when procuring, developing, implementing, operating, and disposing of IT systems including websites and applications. This includes process and requirements for IT project milestone reviews at key points in project execution.
  • Cybersecurity Policy: Establishes policy and processes designed to protect CNCS information systems from unauthorized access, use, disclosure, disruption, modification, and destruction.
  • Enterprise Architecture Plan: Is the blue print of Agency operations and supporting IT services. The plan defines the Agency’s “Target” business and IT state and establishes the roadmap for getting there including IT long term capital investments.
  • IT Strategic Plan: Driven by the Agency’s Strategic plan (2001-2015), informed by the Enterprise Architecture Plan, and approved by the IT Steering Committee, the IT Strategic Plan defines key goals, objectives, IT investment priorities for a five year period. The plan includes identification of a project portfolio that will result in execution of the IT Strategy.

IT Governance Execution

CNCS’s Office of Information Technology (OIT) under the direction of the CIO is responsible for executing CNCS IT functions, delivering IT services, and administering the IT Governance Program. This includes maintaining policies, procedures, and plans; staffing IT governance bodies and enforcing compliance; and facilitating processes while ensuring CNCS Program staff/business participation.

All three IT governance elements tie together as follows: The IT Strategic Plan and Enterprise Architecture Plan which are approved by the IT Steering Committee document the strategic and tactical direction for the IT Program. IT policies, processes, and procedures define how the IT organization and its program partners operate and execute the IT plans with pre-established IT management control points. IT governing boards are positioned at multiple levels in the organization and engage at the established management control points which occur throughout the IT service lifecycle to provide oversight, strategic/tactical direction, and ensure effective change as well as risk management.

*IT investment refers to the expenditure of resource on IT to address mission delivery and management support.  An IT investment may include a project or projects for the development, modernization, enhancement, or maintenance of a single IT asset or group of IT assets with related functionality and subsequent operation of those assets in a production environment.

Back to Top