Pennsylvania Code & Bulletin

• No statutes or acts will be found at this website.

The Pennsylvania Bulletin website includes the following: Rulemakings by State agencies; Proposed Rulemakings by State agencies; State agency notices; the Governor’s Proclamations and Executive Orders; Actions by the General Assembly; and Statewide and local court rules.

PA Bulletin, Doc. No. 16-777



[46 Pa.B. 2268]
[Saturday, May 7, 2016]


[ 4 PA. CODE CH. 7a ]


Enterprise Information Technology Governance

April 18, 2016

Whereas, Commonwealth agencies under the Governor's jurisdiction (the ''Enterprise'') invest significant financial resources in obtaining, creating, securing, and supporting the Commonwealth's information technology (''IT'') infrastructure and information systems; and

Whereas, it is essential that the Commonwealth utilize a central IT organization to govern, evaluate, coordinate and improve Enterprise and agency IT planning, research, security, policy, IT procurement, governance, project prioritization, investment, and effectiveness; and

Whereas, The Administrative Code of 1929 requires administrative departments and the several independent and departmental administrative boards and commissions to coordinate their work and activities with other departments, boards, and commissions; and

Whereas, IT investments and development efforts should be prioritized and coordinated across Enterprise agencies to maximize efficiency and cost effectiveness, by enhancing information sharing and system compatibility through standardization, reducing expenditures for research and development, and enabling volume hardware, software and service purchases; and

Whereas, on July 1, 2011, the Department of General Services formally delegated IT procurement responsibilities and duties to the Governor's Office of Administration (''OA'') in accordance with Section 321(1) of the Commonwealth Procurement Code (62 Pa.C.S. § 321(1)); and

Whereas, OA has confirmed that an integrated IT strategy will improve organizational and operational efficiency, streamline data collection and data sharing, and enhance the security posture of the Commonwealth.

Now, Therefore, I, Tom Wolf, Governor of the Commonwealth of Pennsylvania, by virtue of the authority vested in me by the Constitution of the Commonwealth of Pennsylvania and other laws do hereby establish an Enterprise IT governance structure within OA, and order and direct as follows.



Fiscal Note: GOV-16-06. No fiscal impact; (8) recommends adoption.

Annex A




Subchapter F. (Reserved)

§§ 7a.71—7a.75. (Reserved).



7a.141.Powers and duties.
7a.143.Agency Chief Information Officer reporting and performance.
7a.145.Effective date.
7a.146.Termination date.

§ 7a.141. Powers and duties.

 (a) The Governor's Office of Administration, Office for Information Technology (OA/OIT) led by the Commonwealth Chief Information Officer has overall responsibility for the management and operation of information technology (IT) services for executive agencies under the Governor's jurisdiction, including, but not limited to:

 (1) Developing and recommending to the Secretary of Administration priorities and strategic plans.

 (2) Consolidating infrastructure and support services.

 (3) Directing IT investments, procurement and policy.

 (4) Working to ensure that agencies comply with direction from OA/OIT regarding the provisions in this subsection.

 (b) OA/OIT shall make recommendations to the Secretary of Administration regarding major changes to staffing and Commonwealth agencies under the Governor's jurisdiction (Enterprise) IT operational matters, and otherwise has the authority to make Enterprise decisions regarding restructuring and operational matters regarding consolidation, delivery of shared services, monitoring of project performance and other responsibilities within the scope of this subchapter.

§ 7a.142. Responsibilities.

 The Governor's Office of Administration, Office for Information Technology (OA/OIT) shall be responsible for the following:

 (1) Governance and strategic planning. OA/OIT shall:

 (i) Develop annual information technology (IT) strategic plans for Commonwealth agencies under the Governor's jurisdiction (Enterprise) that include IT priorities, coordination and monitoring of resource use and expenditures, performance review measures, and procurement and other governance and planning measures.

 (ii) Review and approve individual agency IT strategic plans.

 (iii) Consult with the Governor's Office of the Budget on budgetary matters regarding IT planning and procurement.

 (iv) Create an advisory structure, which may include agency Chief Information Officers, to advise OA/OIT regarding overall technology governance.

 (2) Portfolio and project management, business process review. OA/OIT shall:

 (i) Establish and maintain an IT portfolio management process for overall monitoring of IT program objectives, alignment with Enterprise IT priorities, budgets and expenditures.

 (ii) Identify common IT business functions within agencies, make recommendations for consolidation, integration and investment, and facilitate the use of common technology, as appropriate.

 (iii) Expand Enterprise and agency use of project management methodologies and principles on IT projects, including measures to review project delivery and quality.

 (iv) Ensure agency compliance with required business process reviews for agency or Enterprise IT projects.

 (3) IT procurement and contract management. OA/OIT shall:

 (i) Maintain a central procurement organization within OA/OIT.

 (ii) Procure or supervise the procurement of all IT hardware, software and services for the Enterprise and the agencies.

 (iii) Oversee Enterprise IT contract issues, monitoring and compliance.

 (iv) Serve as a liaison between agencies and contracted IT vendors.

 (v) Align the appropriate technology and procurement methods with the OA/OIT service strategy.

 (4) IT enterprise architecture, standards and policy. OA/OIT shall:

 (i) Establish an Enterprise IT architecture framework that governs IT investments. The IT architecture framework should include:

 (A) The development of standards, policies, processes and strategic technology roadmaps.

 (B) The performance of technical reviews and capability assessments of services, technologies and agency systems.

 (C) The evaluation of requests for IT policy exceptions.

 (ii) Develop and implement Enterprise-wide efforts to standardize data elements and determine data ownership assignments.

 (iii) Develop and maintain a comprehensive Enterprise IT inventory.

 (iv) Monitor agencies' compliance with IT policy and standards through an architectural review process.

 (5) IT Security Management. OA/OIT shall:

 (i) Maintain and strengthen the Commonwealth's cyber security posture through security governance.

 (ii) Develop Enterprise security solutions, services and programs to protect data and infrastructure.

 (iii) Identify and remediate security risks, and maintain citizen trust in securing their personal information.

 (iv) Implement Enterprise programs, processes and solutions to maintain cyber security situational awareness, and effectively respond to cyber security attacks and IT security incidents.

 (v) Foster an Enterprise culture of situational and risk awareness.

 (vi) Conduct evaluations and compliance audits of Enterprise and agency security infrastructure.

 (6) IT consolidation and shared services. OA/OIT shall:

 (i) Recommend and conduct the consolidation of agency IT services including infrastructure, personnel, investments, operations and support services.

 (ii) Establish and facilitate a process for the identification, evaluation and optimization of IT shared services.

 (iii) Establish, maintain and communicate service level agreements for shared services.

 (7) Telecommunications governance. OA/OIT shall:

 (i) Establish a process for the development and implementation of Enterprise telecommunications policy, services and infrastructure, and for reviewing and authorizing agency requests for enhanced services.

 (ii) Identify opportunities for convergence and for leveraging existing assets to reduce or eliminate duplicative telecommunication networks.

 (8) IT service management. OA/OIT shall:

 (i) Establish and maintain an IT service management process library within OA/OIT to govern the services provided to agencies.

 (ii) Establish a formal governance body to evaluate the introduction of new IT services as well as retiring of existing IT services.

 (iii) Establish metrics to monitor the health of the services OA/OIT provides to customer agencies and make appropriate corrections as necessary.

§ 7a.143. Agency Chief Information Officer reporting and performance.

 (a) Each executive agency Chief Information Officer (CIO) shall have a direct reporting relationship to the Commonwealth Chief Information Officer (Commonwealth CIO).

 (b) The Commonwealth CIO is responsible for final approval of all agency information technology senior management appointments.

 (c) The performance reviews of all agency CIOs shall be conducted by the Commonwealth CIO in consultation with the head of each CIO's agency. The Commonwealth CIO will establish a framework that identifies performance objectives for agency CIOs that includes metrics which measure alignment with the Governor's Office of Administration, Office for Information Technology policies, priorities, service management processes, investments and agency service portfolio health.

§ 7a.144. Implementation.

 All Commonwealth agencies under the Governor's jurisdiction shall take all steps necessary to implement this subchapter. Independent agencies are also strongly encouraged to implement this subchapter.

§ 7a.145. Effective date.

 This subchapter takes effect immediately.

§ 7a.146. Termination date.

 This subchapter remains in effect unless revised or rescinded by the Governor.

§ 7a.147. Rescission.

 Effective immediately, Executive Order 2011-05, Enterprise Information Technology Governance, is rescinded.

[Pa.B. Doc. No. 16-777. Filed for public inspection May 6, 2016, 9:00 a.m.]

No part of the information on this site may be reproduced for profit or sold for profit.

This material has been drawn directly from the official Pennsylvania Bulletin full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.