Audit of the Department’s Efforts in
Identifying IRM KSAs
FINAL AUDIT REPORT
ED-OIG/A07-E0002
August 2004
Our mission is to promote the efficiency, U.S. Department of Education
effectiveness, and integrity of the Office of Inspector General
Department’s programs and operations. Kansas City, Missouri Office
NOTICE
Statements that managerial practices need improvements, as well as other
conclusions and recommendations in this report
represent the opinions of the Office of Inspector General. Determinations of
corrective action to be taken will be made by the appropriate Department of Education officials.
In accordance with Freedom of Information Act (5 U.S. C. § 552) reports
issued by the Office of Inspector General are available to
members of the press and general public to the extent information contained therein is not
subject to exemptions in the Act.
UNITED STATES DEPARTMENT OF EDUCATION
OFFICE OF INSPECTOR GENERAL
AUG 2 02004
MEMORANDUM
TO: William J. Leidinger,
Assistant SecretarY for Management and Chief Information Officer
FROM: Helen Lew Itt /-tt- ~
Ass istant Inspector General for Audit
SUBJECT: Final Audit Report - Audit ofthe Department's Efforts in Identifying IRM KSA s
COl/trol No. ED-O/G/A07-E0002
Attached is the subject final audit report that covers the results of our review of the Department ' s efforts
in identifying Information Resource Management (JRM) knowledge, skills, and abilities (KSAs) in
accordance with the Clinger-Cohen Act. An electronic copy has been provided to your Audit Liaison
Officer. We received your comments concurring with the finding and recommendations in our draft
report.
Corrective actions proposed (resolution phase) and implemented (closure phase) by your office will be
monitored and tracked through the Department' s Audit Accountability and Resolution Tracking System
(AARTS). ED policy requires that you develop a final corrective action plan (CAP) for our review in the
automated system within 30 days of the issuance of this report. The CAP should set forth the specific
action items, and targeted completion dates, necessary to implement final corrective actions on the findin g
and recommendations contained in this final audit report.
In accordance with the Inspector General Act of 1978, as amended, the Office of Inspector General is
required to report to Congress twi ce a year on the audits that remain unresolved after six months from the
date of issuance.
In accordance with the Freedom of Information Act (5 U.S.C. §552), reports issued by the Office of
Inspector General are available to members of the press and general public to the extent information
contained therein is not subj ect to exemptions in the Act.
We appreciate the cooperation given us during this review. If you have any questions, please call Richard
J. Dowd, Regional Inspector General for Audit, at 312-886-6503.
Enclosure
600 INDEPENDENCE AVE .. S.W. WASH INGTON. D.C. 20202-1510
Our mission Is 10 ensure equal access to education and to promoLe edltCalional excellence throughout the Nation.
Audit of the Department’s Efforts in Identifying IRM KSAs
Table of Contents
Executive Summary ………………………………………………………………………………1
Audit Results ……………………………………………………………………………...…..…..2
Finding - The Department May not be in Full Compliance With the Clinger-Cohen Act
Requirements for Developing IRM KSAs .……………...……………………….….…....2
Background …………………………………………………………………………………….…5
Objectives, Scope, and Methodology……………………………………………………………..6
Statement on Management Controls ……………………………………………………………...7
Appendix I – Clinger-Cohen Core Competencies
Appendix II – Auditee Comments
ED-OIG/AO7-E0002
Audit of the Department’s Efforts in Identifying IRM KSAs
Executive Summary
The Department of Education (Department) has made progress in complying with the Clinger-
Cohen Act1 requirements for obtaining KSAs necessary to effectively perform IRM functions
through limited workforce planning efforts. However, it did not use a systematic process in
evaluating knowledge, skills, and abilities (KSAs); nor did it address the KSA requirements for all
IRM staff. Without having identified the needed KSAs for all IRM staff, the Department was not
able to develop a comprehensive strategy to eliminate deficiencies between needed and actual
KSAs. As such, the Department’s information resources management (IRM) may lack the basic
KSAs needed to effectively manage information technology (IT) resources and investments; and to
accomplish its goals. We recommend that the Department 1) use a systematic process such as the
established core competencies in addressing the Clinger-Cohen requirements related to KSAs for
IRM; and 2) ensure that skill assessments for the Office of the Chief Information Officer (OCIO) are
tied to the IRM goals included in the Department’s overall strategic plan.
We reviewed the Department’s efforts to comply with the Clinger-Cohen Act requirements for
obtaining KSAs necessary to effectively perform IRM functions. The objectives of our review were
to determine the Department’s progress in 1) identifying the KSAs needed for IRM; 2) developing a
strategy to eliminate deficiencies between needed and actual KSAs; and 3) reporting progress made
in improving IRM capability.
The Act requires federal agencies to determine the KSAs required for agency personnel in IRM and
identify the current IRM staff qualifications; develop a strategy for narrowing the gap between the
required KSAs and those of the current IRM staff; and report progress made in improving IRM
capability. The Act also requires the Chief Information Officer (CIO) to assess the KSA requirements
established for IRM personnel and ensure that those requirements link to IRM performance goals.
To assist federal agencies in complying with the requirements for assessing the IRM KSAs, the CIO
Council developed the Clinger-Cohen Core Competencies to serve as a baseline for assessing KSAs.
The established core competencies provide a systematic process and are endorsed by federal
agencies. The Department did not use them in its KSA assessments for the OCIO workforce; nor
has it used them in assessing whether the current requirements for its IRM workforce will enable it
to meet its IRM performance goals. The Department also has not provided evidence that it used any
specific guidance, criteria, or systematic process in its workforce planning efforts or that the future
requirements for the IRM area have been coordinated with the Department’s overall strategic plan.
OCIO concurred with our finding and recommendations. In addition, based on the Department’s
response that it is no longer considering a merger of OCIO with the Office of Management (OM), we
eliminated the discussion of our concern about the Department’s ability to maintain compliance with
the Act given its plans to merge those two offices.
1
Previously referred to as the Information Technology Management Reform Act of 1996, Division E of Public Law
104-106, 110 Stat. 679 (1996).
ED-OIG A07-E0002 Page 1
Audit of the Department’s Efforts in Identifying IRM KSAs
Finding – The Department may not be Effectively Managing its IT Resources and
Accomplishing Department Goals in Compliance With the Clinger-Cohen Act
The Department’s workforce planning efforts have been limited – directed at identifying a strategy
for replacing staff expected to retire in the next five years. However, the Department’s planning
efforts did not address the KSAs required for the remaining IRM staff. Further, the Department has
not provided evidence that it used any specific guidance, criteria, or systematic process in its limited
workforce planning efforts or that the future requirements for the IRM area are consistent with the
Department’s overall strategic plan. Without having identified the needed KSAs for all IRM staff,
the Department was not able to develop a comprehensive strategy to eliminate deficiencies between
needed and actual KSAs. Consequently, the Department may not be effectively managing its IT
resources and accomplishing Department goals and, as a result, may not be in full compliance with
Clinger-Cohen Act requirements.
The Clinger-Cohen Act requires federal agencies to determine the KSAs required for agency
personnel in IRM and identify the current IRM staff qualifications; develop a gap analysis and
strategy for eliminating differences between the required KSAs and those of the current IRM staff;
and report progress made in improving IRM capability. The Act also requires the CIO to assess the
KSA requirements established for agency personnel in IRM and the adequacy of these requirements
for meeting IRM performance goals.
Specifically, the Clinger-Cohen Act (§ 5125(c)(3)) states that the CIO of an agency shall
annually, as part of the strategic planning and performance evaluation process…
(A) assess the requirements established for agency personnel regarding
knowledge and skill in information resources management and the adequacy of
such requirements for facilitating the achievement of the performance goals
established for information resources management;
(B) assess the extent to which the positions and personnel at the executive level
of the agency and the positions and personnel at management level of the agency
below the executive level meet those requirements;
(C) in order to rectify any deficiency in meeting those requirements, develop
strategies and specific plans for hiring, training, and professional development; and
(D) report to the head of the agency on the progress made in improving
information resources management capability.
To assist federal agencies in complying with the requirements for assessing the IRM KSAs, the CIO
Council developed the Clinger-Cohen Core Competencies to serve as a baseline for assessing KSAs.
Although the core competencies give agencies a great deal of latitude in KSA assessments, they
ED-OIG A07-E0002 Page 2
provide a systematic process for deliberations in developing a set of KSAs needed in the IRM area.
According to the CIO Council, using the core competencies allows CIOs to assess KSA
requirements in compliance with the Clinger-Cohen Act. These core competencies have been
endorsed by government agencies as members of the CIO Council, including the Office of
Management and Budget (OMB), the U.S. General Accounting Office (GAO), and the Office of
Personnel Management (OPM); and are used at the CIO University for training IRM personnel in
federal agencies.
In addition to the Clinger-Cohen requirements, the President’s Management Agenda includes
requirements, under the Human Capital initiative, to assess knowledge and skills for staff. It
requires agencies to assess the KSA requirements for personnel and determine their adequacy in
achieving the performance goals established for agencies. According to GAO, the most important
consideration in identifying skills and competencies is clearly linking them to an agency’s mission
and long-term goals. GAO stated that if an agency identifies staff needs without linking those needs
to strategic goals, the needs assessment might be incomplete and premature.
The Department completed limited workforce-planning efforts, including planning for the IT
workforce, and reported the results of its efforts in a Recruitment Plan. The Department’s efforts
focused on positions where possible retirements in the next five years could leave vacancies. The
specific analyses performed included retirement eligibility, succession planning with a focus on
supervisory and managerial positions, and an inventory of the skills and competencies needed by the
workforce to successfully accomplish the Department’s mission. Although the Department’s plan
identified a strategy for replacing staff expected to retire in the next five years, it did not evaluate the
KSA needs for all IRM staff. Consequently, the Department’s recruitment plan may not accurately
reflect its needs and any actions taken by the Principal Offices may not meet the needs of both
current and future workforce.
The Recruitment Plan stated that each Principal Office within the Department completed both a
skills assessment and a skills gap analysis. However, without identifying the KSA needs for all
IRM staff, the Department could not develop a comprehensive strategy to eliminate deficiencies
between needed and actual KSAs. In addition, although the Department’s Recruitment Plan
identified the most critical positions within OCIO, OCIO provided no evidence that it performed
any kind of assessment of the actual position requirements, including an assessment of whether
those requirements assisted in meeting the IRM goals within the Department's Strategic Plan.
OCIO’s assessment focused on how it would fill positions that might become vacant over the next
five years due to employees retiring. OCIO developed a plan for closing the gap in KSAs created
through expected, future retirements. The plan provided possible approaches for backfilling
positions, including 1) whether qualified individuals exist in OCIO who could step into vacated
positions; and 2) recruitment strategies for filling vacated positions through identifying employees
elsewhere in the Department or through recruitment actions. Because the Recruitment Plan focused
only on retirement planning, it did not address the KSAs required for the remaining IRM staff. As
such, the Department’s workforce planning efforts, to date, have been limited and do not fully
comply with the Clinger-Cohen requirements for assessing IRM KSAs.
The Department’s E-Government report to OMB provided information from the Department’s
Recruitment Plan. The Department also reported that it had developed specific training curriculum
ED-OIG A07-E0002 Page 3
to address identified deficiencies in the information security area; it would ensure that IT Project
Managers have the skills necessary; and it would be tracking certifications of all IT Project
Managers in the future. In addition, the report stated that the Department has developed a
competency self-assessment tool that will assist in identifying individual competency development
needs in the current workforce. This tool, known as the Employee Skills Inventory System (ESIS),
is a voluntary, web-based electronic self-assessment tool that employees can use to identify
competencies related to their jobs and assess their skills based on the competencies. Its E-
Government report indicates the Department’s willingness to address identified deficiencies. The
Department’s reported actions are in various stages of implementation, however, the effective
implementation of all or any combination of the reported actions would not change our report
findings.
According to the CIO Council, performing effectively in the established competency areas and
possessing the knowledge, skills, and abilities under each competency area assists agencies in
complying with KSA requirements in the Clinger-Cohen Act. Failure to use a systematic approach
such as the established core competencies could result in the Department’s failure to comply with
the Act’s requirements. More specifically, because it did not assess its entire IRM workforce
against established competencies, the Department may not have effectively determined where
important skill gaps are and how to efficiently and effectively address those gaps. As a result, the
Department’s information resource management may not have the basic core competencies or KSAs
needed to effectively manage IT resources and investments. In addition, without a workforce plan
that delineates the relationship between KSA requirements and the Department’s IRM goals, the
Department could have difficulty identifying current and future KSAs needed to accomplish its
goals.
Recommendations
We recommend that the Assistant Secretary, Office of Management and Chief Information Officer
1. Use a systematic process such as the established core competencies in addressing the Clinger-
Cohen Act requirements related to KSAs for all IRM staff;
2. Develop a comprehensive strategy to eliminate deficiencies between needed and actual KSAs;
and
3. Ensure that skill assessments for OCIO are tied to the IRM performance goals included in the
Department’s overall strategic plan.
The Department’s Comments and OIG Response
OCIO concurred with our finding and recommendations and provided a corrective action plan.
Based on the Department’s response that it is no longer considering a merger of OCIO with the
Office of Management (OM), we eliminated the discussion of our concern about the Department’s
ability to maintain compliance with the Act given its plans to merge those two offices.
ED-OIG A07-E0002 Page 4
Audit of the Department’s Efforts in Identifying IRM KSAs
Background
The Clinger-Cohen Act was enacted to address longstanding problems related to federal IT
management. Among other things, it requires federal agencies to
• Determine the KSAs required for agency personnel in IRM;
• Determine the extent positions and personnel at executive and management level meet those
requirements;
• Develop strategies for narrowing the gap between the required KSAs and those of the current
IRM staff, including specific plans for hiring, training, and professional development for any
identified deficiency; and
• Report progress made in improving IRM capability.
OMB, GAO, and OPM provide guidance for implementing the Clinger-Cohen Act, including
requirements for obtaining and retaining the necessary KSA’s for IRM. This guidance defines what
an agency would need to accomplish in order to comply with the Act. In addition, the CIO Council
developed a set of core competencies to assist agencies in complying with the Clinger-Cohen Act’s
requirements for assessing KSAs in the IRM area. The established core competencies are organized
into12 areas with detailed core competencies or KSAs under each area. These areas include
Leadership/Managerial, Project/Program Management, Information Resources Strategy and
Planning, Enterprise Architecture, Capital Planning and Investment Assessment, and IT
security/information assurance. For a complete list of the 12 areas and the core competencies
associated with each see the Appendix.
ED-OIG A07-E0002 Page 5
Audit of the Department’s Efforts in Identifying IRM KSAs
Objectives, Scope, and Methodology
The objectives of our audit were to determine the Department’s progress in 1) identifying the KSAs
needed for IRM; 2) developing a strategy to eliminate deficiencies between needed and actual
KSAs; and 3) reporting progress made in improving IRM capability. We did not assess the KSAs
for OCIO organizationally nor did we assess KSAs of individuals within the Department’s IRM
area.
To accomplish our objective, we reviewed applicable policies and procedures, as well as laws,
regulations, and agency guidelines. We interviewed officials in the CIO’s office, including the CIO,
to obtain information on the Department’s goals, strategies, and staffing plans. We obtained and
reviewed the Department’s strategic plan, including the IRM section on strategic planning and
workforce analyses; and strategic program planning documents, including the plan that guided
staffing and the annual staffing plan. To meet our objectives, we did not use electronic data from
the Department.
To assist in assessing the Department’s efforts, we reviewed GAO reports on human capital and
workforce planning at other federal agencies. We also reviewed human capital literature-including
OPM’s Human Capital Assessment and Accountability Framework as well as workforce planning
models at OPM, OMB, and GAO.
We conducted work at the Department’s CIO offices in Washington, D.C. and our OIG office in
Kansas City, MO, during the period October 2003 to April 2004. We held an exit conference with
Department officials on June 15, 2004. Our audit was performed in accordance with generally
accepted government auditing standards appropriate to the scope of the review.
ED-OIG A07-E0002 Page 6
Audit of the Department’s Efforts in Identifying IRM KSAs
Statement on Management Controls
As part of our review, we gained an understanding of the Department’s management control
structure applicable to the scope of the review. For purposes of this review, we assessed and
classified the significant management controls related to the Department’s IT efforts into the
planning and assessment activities over the Department’s IRM capabilities. The assessment also
included a determination of whether the processes used by the Department provided a reasonable
level of assurance of compliance with the Clinger-Cohen Act.
Because of inherent limitations, and the limited nature of our review, a study and evaluation made
for the limited purpose described above would not necessarily disclose material weaknesses in the
management control structure. However, our assessment identified a weakness in the Department’s
efforts to identify the KSAs needed for its IRM as set out in the Findings section of this report.
ED-OIG A07-E0002 Page 7
Audit of the Department’s Efforts in Identifying IRM KSAs
Appendix I -- Clinger-Cohen Core Competencies (Revised June 2003)
The Clinger-Cohen Core Competencies, developed by the CIO Council, have been endorsed to
serve as a baseline to assist government agencies in complying with Section 5125(C)(3) of the
Clinger-Cohen Act. To perform effectively in each competency area below, an organization should
possess the knowledge, skills, and abilities in each competency.
1.0 Policy and Organizational
1.1 Department/Agency missions, organization, functions, policies, procedures
1.2 Governing laws and regulations (e.g., the Clinger-Cohen Act, E-Government Act, GPRA,
PRA, GPEA, OMB Circulars A-11 and A-130, PDD 63)
1.3 Federal government decision-making, policy making process and budget formulation and
execution process
1.4 Linkages and interrelationships among Agency Heads, COO, CIO, and CFO functions
1.5 Intergovernmental programs, policies, and processes
1.6 Privacy and security
1.7 Information management
2.0 Leadership/Managerial
2.1 Defining roles, skill sets, and responsibilities of Senior Officials, CIO staff and stakeholders
2.2 Methods for building federal IT management and technical staff expertise
2.3 Competency testing - standards, certification, and performance assessment
2.4 Partnership/team-building techniques
2.5 Personnel performance management techniques
2.6 Principles and practices of knowledge management
2.7 Practices which attract and retain qualified IT personnel
3.0 Process/Change Management
3.1 Techniques/models of organizational development and change
3.2 Techniques and models of process management and control
3.3 Modeling and simulation tools and methods
3.4 Quality improvement models and methods
3.5 Business process redesign/reengineering models and methods
4.0 Information Resources Strategy and Planning
4.1 IT baseline assessment analysis
4.2 Interdepartmental, inter-agency IT functional analysis
4.3 IT planning methodologies
4.4 Contingency planning
4.5 Monitoring and evaluation methods and techniques
ED-OIG A07-E0002 Page 1
5.0 IT Performance Assessment: Models and Methods
5.1 GPRA and IT: Measuring the business value of IT, and customer satisfaction
5.2 Monitoring and measuring new system development: When and how to "pull the plug" on
systems
5.3 Measuring IT success: practical and impractical approaches
5.4 Processes and tools for creating, administering, and analyzing survey questionnaires
5.5 Techniques for defining and selecting effective performance measures
5.6 Examples of, and criteria for, performance evaluation
5.7 Managing IT reviews and oversight processes
6.0 Project/Program Management
6.1 Project scope/requirements management
6.2 Project integration management
6.3 Project time/cost/performance management
6.4 Project quality management
6.5 Project risk management
6.6 Project procurement management
6.7 System life cycle management
6.8 Software development
7.0 Capital Planning and Investment Assessment
7.1 Best practices
7.2 Cost benefit, economic, and risk analysis
7.3 Risk management-models and methods
7.4 Weighing benefits of alternative IT investments
7.5 Capital investment analysis-models and methods
7.6 Business case analysis
7.7 Integrating performance with mission and budget process
7.8 Investment review process
7.9 Intergovernmental, Federal, State, and Local Projects
8.0 Acquisition
8.1 Alternative functional approaches (necessity, government, IT) analysis
8.2 Alternative acquisition models
8.3 Streamlined acquisition methodologies
8.4 Post-award IT contract management models and methods, including past performance
evaluation
8.5 IT acquisition best practices
9.0 E-Government/Electronic Business/Electronic Commerce
9.1 Strategic business issues & changes w/advent of E-Gov/EB/EC
9.2 Web development strategies
9.3 Industry standards and practices for communications
9.4 Channel issues (supply chains)
9.5 Dynamic pricing
9.6 Consumer/citizen information services
9.7 Social issues
ED-OIG A07-E0002 Page 2
10.0 IT security/information assurance
10.1 Fundamental principles and best practices in IA
10.2 Threats and vulnerabilities to IT systems
10.3 Legal and policy issues for management and end users
10.4 Sources for IT security assistance
10.5 Standard operating procedures for reacting to intrusions/misuse of federal IT systems
11.0 Enterprise Architecture
11.1 Enterprise architecture functions and governance
11.2 Key enterprise architecture concepts
11.3 Enterprise architecture development and maintenance
11.4 Use of enterprise architecture in IT investment decision making
11.5 Interpretation of enterprise architecture models and artifacts
11.6 Data management
11.7 Performance measurement for enterprise architecture
12.0 Technical
12.1 Emerging/developing technologies
12.2 Information delivery technology (internet, intranet, kiosks, etc.)
12.3 Desk Top Technology Tools
Source: Chief Information Officers Council
ED-OIG A07-E0002 Page 3
Appendix II – Auditee Comments on the Draft Report
ED-OIG A07-E0002
UNITED STATES DEPARTMENT OF EDUCATION
OFFICE OF MANAGEMENT
ASSISTANT SECRETARY
July 16, 2004
TO: Richard J. Dowd
Action Regional Inspector General for Audit
Office of Inspector Gene{'X ./
FROM: William J. LeidingerW\r'-'
Assistant Secretary for Management and Chief Information Officer
SUBJECT: DRAFT AUDIT REPORT - Audit ofthe Department's Efforts in Identifying IRM
KSAs Control No. ED-OIG/A07-E0002
Thank you for your draft audit report, Audit ofthe Department's Efforts in Identifying IRM
KSAs, Control No. ED-OIG/A07-E0002 sent June 4,2004. The Office of the ChiefInformation
Officer (OCIO) concurs with the single finding, "The Department may not be effectively
managing its IT resources and accomplishing Department goals in compliance with the Clinger
Cohen Act." The following is our proposed corrective action to address the three
recommendations your office has provided related to this finding.
Recommendation 1: Use a systematic process such as the established core competencies in
addressing the Clinger Cohen Act requirements related to KSAs for all IRM staff.
Proposed Corrective Action: OCIO will work with the Office of Management Human
Resources Services (HRS) to use the Clinger-Cohen core competencies developed by the CIO
Council, and included as an Appendix in your draft audit report, to expand the core competencies
for the IT Critical Occupation in Employee Skill Inventory System (ESIS). OCIO and HRS will
develop and implement a strategy using ESIS to evaluate the actual and needed IT Knowledge,
Skills and Abilities (KSAs) of Department staff based on these competencies.
Recommendation 2: Develop a comprehensive strategy to eliminate deficiencies between
needed and actual KSAs.
Proposed Corrective Action: OCIO will work with HRS to develop a comprehensive strategy
that addresses IT KSAs for new hires and existing staff. HRS staff have begun meeting with all
hiring managers prior to the posting of vacancies to strengthen the recruitment process. OCIO
and HRS will review existing EdHlRES IT questions to ensure that the full range of desired
competencies are included to further strengthen IT recruitments. The IT KSAs will continue to
be reviewed and emphasized when posting for IT positions. OCIO and HRS will develop
learning tracks associated with the core competencies for the IT Critical Occupation to address
the needed KSAs for existing staff.
400 MARYLAND AVE., S.W., WASHINGTON, D.C. 20202-4500
www.ed.gov
Our mission is to ensure equal access to education and to promote educational excellence throughout the Nation.
Response to Draft Audit a/the Department's Efforts in IdentifYing IRM KSAs Control No. ED-OIG/A07-E0002
Recommendation 3: Ensure that skill assessments for OCIO are tied to the IRM performance
goals included in the Department's overall strategic plan.
Proposed Corrective Action: OCIO will work with the Strategic Accountability Service to add
IRM performance goals to the Department's overall strategic plan.
Your draft audit report also included an "Other Matters" section that addressed a proposed
reorganization ofOCIO that would merge it with the Office of Management. This proposed
merger is no longer being considered. Attached is the OCIO reorganization package that has
received Department approval and is now being reviewed by the Union. The final proposal only
includes internal restructuring.
Please contact Nina Aten on my staff if you have any questions. Ms. Aten can be reached on
202-401-5846.
Attachment
Page 2 of2
UNITED STATES DEPARTMENT OF EDUCATION
OFFICE OF MANAGEMENT
JUL - 9 2004
MEMORANDUM
TO: James Keenan, Director
FROM: ::~::::::5":t~
C.CJ
Executive Office
SUBJECT: Reorganization of OCIO
The OM Executive Officer has approved the attached request to reorganize the Office of the
Chief Information Officer.
Please arrange to notify the Union of this action if you believe that they should be notified. Your
contact is Michell Clark who can be reached on (202) 260-7337.
Please let me know when and ifthe Union consultative meetings are scheduled.
Attachments
cc: Michell Clark
400 MARYLAND AVE., s.w., WASHINGTON, D.C. 20202-4500
www.ed.gov
Our mission is to ensure equal access to education and to promote educational excellence throughout the Nation.
J
UNITED STATES DEPARTMENT OF EDUCATION
OFFICE OF THE CHIEF INFORMATION OFFICER
THE CHIEF INFORMATION OFFICER
June 16,2004
MEMORANDUM
To: Keith Berger, Executive Officer
From: William J. Leidinger W~
Subject: Necessary Organizational Changes for the Office of the Chief
Information Officer
This memorandum requests approval of a reorganization of the Office of Chief
Information Officer (OCIO). This reorganization is intended to enhance OCIO's ability
to serve the Department while better aligning the structure of the OCIO with the busihess
needs of the Department. In addition, the reorganization establishes direct responsibility
for those areas that require coordination on IT assets, policies and functions across the
Department. The resulting OCIO organization will achieve these purposes:
.,,; Better enables the accomplishment of the CIO responsibilities as outlined in the
Government Information Security Reform Act (GISRA) and the Federal
Information Sec'urity Management Act (FISMA) .
.,,; Aligns and prioritizes the information technology security policies, procedures
and control functions under the CIO that are vested in the ChiefInformation
Security Officer (CISO) .
.,,; Aligns the CISO directly under the CIO as required under GISRA and FISMA.
.,,; Provides a central focus for training and overseeing personnel with significant
information technology security responsibilities .
.,,; Enhances the coordination and execution of the critical infrastructure protection
responsibilities vested in the Department's Critical Infrastructure Officer (CIAO)
as required in Presidential Decision Directive (PDD) 63. PDD 63 provides a
framework for protecting critical infrastructure, which is generally referred to as
those physical and cyber based systems essential to the minimum operations of
the economy and government. The directive requires every department and
agency to appoint a CIO who shall be responsible for the protection of its critical
infrastructure.
400 MARYLAND AVE., S.W., WASHINGTON, D.C. 20202-4580
www.ed.gov
Our mission is to ensure equal access to education and to promote educational excellence throughou.t the Nation.
Keith Berger - Page 2
The specific changes proposed are as follows:
• Move the Development Services Group from Information Management to
Information Technology Operations and Maintenance Services. This will enable
the Development Services Group, which develops, maintains and updates the
department's web sites, to be part of, and integrated with, the group that it works
most closely with and which supports and operates the Department's web sites.
• Move the information collection, FOIA, the Government Paperwork Elimination
Act and records management functions from Information Management to the new
Regulatory and Information Management Services. The performance
improvement of these functions is a high Department priority. These functions
will receive more focus and attention, and closer supervision and direction than
was possible when these functions were in Information Management.
• Move the enterprise architecture, data architecture, system development life cycle
development process, and the business-technology interface functions from
Information Management to an Enterprise Architecture Team in the new Business
and Enterprise Integration Services.
• Move the Investment Management Group from Information Management to the
new Business and Enterprise Integration Services.
• The co-locating of Enterprise Architecture and Investment and Acquisition
Management as the components of Business and Enterprise Integration Services
will effectively link the knowledge of the Department's business with the
development and upgrading of the Department's enterprise architecture and its'
ongoing IT investment planning and decision process.
• Eliminate the Information Management Group.
• Move the Information Assurance Group directly under the CIO. This will
strengthen the Department's adherence to the requirements outlined in Clinger
Cohen as well as full integration and coordination of all security and critical
infrastructure protection functions.
The OM Executive Office will formally service the Office of the ChiefInformation
Officer. It has been doing so by agreement with the Chief Information Officer for the
past year. The staffing of the Executive Office is unchanged and is not included in
the staffing patterns.
Keith Berger - Page 3
Although there will be necessary personnel moves because of movement of functions, we
are committed to assuring that there will be no adverse personnel impact on any OM or
OCIO employees as a result of this reorganization.
We will work with The Department's Delegations Control Officer to develop any
necessary changes to existing delegations of authority that will be affected the
reorganization.
Attachments:
Tab A: Current Organization Chart
Tab B: Proposed Organization Chart
Tab C: Current Functional Statements
Tab D: Proposed Functional Statements
Tab E: Current Staffing Pattern for Affected Units
Tab F: Proposed Staffing Pattern for Affected Units
TABB
Proposed Organization Chart
OFFICE OF
THE CHIEF
INFORMATION OFFICER
PRINCIPAL DEPUTY
CHIEF INFORMATION
OFFICER
DEPUTY CHIEF
INFORMATION OFFICER!
-
CHIEF TECHNOLOGY
OFFICER
I T 1
INFORMATION TECHNOLOGY
BUSINESS AND
REGULATORY
OPERATIONS
INFORMATION ASSURANCE
ENTERPRISE INTEGRATION
INFORMATION MANAGEMENT
AND MAINTENANCE
SERVICES
SERVICES
SERVICES
SERVICES
INVESTMENT
AND ACQUISITION
PRODUCTION SECURITY AND INFORMATION POLICY
MANAGEMENT TEAM
MANAGEMENT f- RELIABILITY ASSURANCE AND STANDARDS I-
TEAM TEAM TEAM
ENTERPRISE
ARCHITECTURE
DEVELOPMENT INFORMATION MGMT
NETWORK SERVICES
TEAM TEAM
f- SERVICES CASE SERVICES f-
TEAM TEAM
END USER ASSISTIVE
SUPPORT SERVICES TECHNOLOGY
TEAM TEAM
PROJECT
MANAGEMENT
TEAM
TABD
Proposed Functional Statements
OFFICE OF THE CHIEF INFORMATION OFFICER
SECTIONS
I. MISSION AND RESPONSIBILITIES
II. ORGANIZATION
III. ORDER OF SUCCESSION
IV. FUNCTIONS AND RESPONSIBILITIES OF THE OFFICE OF THE CHIEF
INFORMATION OFFICER (OCIO) COMPONENTS
A. IMMEDIATE OFFICE OF THE CHIEF INFORMATION OFFICER
B. INFORMATION MANAGEMENT
C. INFORMATION TECHNOLOGY
D. ENTERPRISE STRATEGY AND INFORMATION ASSURANCE
IV. PRIMARY DELEGATIONS OF AUTHORITY
I. MISSION AND RESPONSIBILITIES
The mission of the Office of the ChiefInformation Officer (OCIO) is to provide advice
and assistance to the Secretary and other senior officers to ensure that information
technology is acquired and information resources are managed for the Department in a
manner that is consistent with the requirements of the Clinger-Cohen Act (40 U.S.C.
11315), the Paperwork Reduction Act of 1995 (44 U.S.C. chap. 35) and industry best
practices. The agency's Chief Information Officer is charged with implementing the
operative principles identified in the Act requiring the establishment of a management
framework to improve the planning and control of information technology investments
and leading change to improve the efficiency and effectiveness of agency operations.
The CIO reports directly to the Secretary and UnderSecretary and provides leadership
and direction to:
• Develop, maintain, and facilitate the implementation of a sound and integrated
information technology enterprise architecture;
• Promote the effective and efficient design and operation of major Departmental
information resource management processes and recommend, as appropriate,
improvements to agency business processes;
• Manage agency information resources to improve the productivity, efficiency,
and effectiveness of Federal programs inclusive of information dissemination
initiatives and efforts to reduce information collection burdens;
OCIOIIO - Page 1 P,ROPOSED: 07114/04
OFFICE OF THE CHIEF INFORMATION OFFICER
• Develop Information Technology (IT), Information Management (IM), and
Information Assurance (IA) requirements, completing costlbenefit analysis of
proposed solutions, managing projects in accordance with sound systems life
cycle management procedures and establishing performance standards and
measures to assess success of short and long term solutions;
• Define and manage IT, 1M, and IA capital planning and investment management
processes to ensure that they are successfully implemented and integrated with the
Department's budget, acquisition and planning processes;
• Develop and submit recommendations to the Investment Review Board (IRB)
regarding IT, 1M, IA capital investments to assure that investment decisions are
mission aligned, cost justified and approved only after careful and systematic
reVIew;
• Monitor the performance of the agency's IT, 1M, and IA programs and
investments, evaluating them against performance and other applicable measures,
and advising the Secretary regarding their continuation, modification or
termination;
• Assess IT, 1M, and IA competencies defined for agency personnel to ensure that
Departmental employees are technologically prepared to achieve the
Department's strategic goals;
• Develop IT and 1M requirements, analyze the projected cost and benefits of
alternative IT and 1M solutions, and establish performance standards and
measures to assess short and long range solutions;
• Administer the Department's information resource management program,
including records management, automated data processing activities, the
Paperwork Reduction Act, Government Paperwork Elimination Act, Freedom of
Information Act, Privacy Act, and the Information Quality Guidelines;
• Manage the agency's IT Security Program for automated information systems,
developing agency-wide policy for the protection and control of information
resources directly or indirectly related to the activities of the Department;
• Implement a Department-wide communications Internet/Intranet strategy;
• Deploy and maintain all enterprise-wide information technology;
• Develop recommendations and implement information technology solutions
designed to enhance and enable agency business processes;
• Develop and provide technology standards to assure business alignment and
promote a viable enterprise technology framework;
oelOIIO - Page 2 PROPOSED: 07/14/04
OFFICE OF THE CHIEF INFORMATION OFFICER
• Provide administrative and technical support to the agency's Data Integrity Board and
monitor the Department's compliance with the Computer Matching and Privacy
Protection Act.
II. ORGANIZATION
The Office of the Chief Information Officer (OCIO) is under the immediate supervision
of the Chief Information Officer (CIO). In carrying out the responsibilities of the
Department described in 44 U.S.C. 3506,40 U.S.C. 11315(b) and (c), and Executive
Order 13011, the ChiefInformation Officer reports directly to the Secretary and Under
Secretary.
III. ORDER OF SUCCESSION
The Order of Succession for the Office of the Chief Information Officer is as follows:
Principal Deputy Chief Information Officer
Deputy Chief Information Officer/Chief Technology Officer
Director, Information Technology
Director, Information Management.
OCIOIIO - Page 3 PROPOSED: 07/14/04
OFFICE OF THE CHIEF INFORMATION OFFICER
IV. FUNCTIONS AND RESPONSIBILITIES OF OCIO COMPONENTS
A. THE CHIEF INFORMATION OFFICER
The Chief Information Officer (CIO) provides advice and other assistance to the Secretary and
Under Secretary in information technology (IT) matters and other IT activities and functions
as directed. The CIO is responsible for developing and maintaining a sound and integrated IT
architecture for the Department while also promoting the efficient design and operation of all
major information resources processes for the agency. The CIO provides strategic leadership
and executive direction to the office's organizational components to ensure successful
accomplishment of the office's mission. The CIO manages the agency's relationship to Federal
CIO Council Initiatives and coordinates Council activities throughout the Department.
The Principal Deputy Chief Information Officer ( PD CIO) serves as the alter ego for and
supports the CIO in IT matters and other activities and functions as directed. The PD CIO
assists the CIO by providing day-to-day operational priorities, strategic leadership and
executive direction to the Office's organizational components to ensure successful
accomplishment of the Office's mission. The PD CIO performs administrative duties such as
performance evaluations for the Deputy CIO/CTO and other senior leadership within the
Office. The PD CIO provides advice to the Secretary, other Senior Officers and the CIO, and
promotes the effective and efficient design and operation of all major information resources
processes for the Department.
The Deputy Chief Information Officer/Chief Technology Officer (CTO) assists the CIO in the
development of standards, guidelines, and policies to transform current ED data collection and
information management processes. The CTO advises the ASM/CIO and PD CIO on new and
emerging technologies in the areas of communication, information technology, and IT system
development that may benefit the Department. The CTO supervises the operation of Business
and Enterprise Integration Services.
B. INFORMATION TECHNOLOGY OPERATIONS AND MAINTENANCE SERVICES
Information Technology Operations and Maintenance Services supports the CIO's efforts in all
activities related to network information enterprise, to include network security, network and
telecommunications design and operations, end user services, production server hosting services,
and ED's intranet and Internet services as well as maintains and operates ED's disaster recovery
facility.
The Office is headed by a Director who reports to the Chief Information Officer. Information
Technology Operations and Maintenance Services is divided into the following seven teams:
• Production Management Team;
• Network Services Team;
• End User Support Services Team;
• Security and Reliability Assurance Team;
OCIO - Page 1 PROPOSED: 7/07/04
OFFICE OF THE CHIEF INFORMATION OFFICER
• Development Services Team.
• Assistive Technology Team; and
• Project Management Team
Production Management Team
The Production Management Team administers all servers that comprise EDNET which process
all shared applications used throughout the Department.
In performing its responsibilities, the Team:
• Manages the daily operation and maintenance of all departmental servers that are hosted
within EDNet.
• Provides scheduled backups, upgrades, and maintenance of EDNet hosted servers.
• Coordinates the overall operation of the Department's IT infrastructure.
• Reccomends the Server Technology component of the enterprise architecture.
• Manages all mainframe, timesharing and related server services that offer cent~alized support
to users Department-wide, including the Department's network.
• Designs and maintains the Department messaging services that allows it to quickly
communicate with its employees, contractors, the citizenry, schools, municipalities, states,
and researchers.
Network Services Team
The Network Services Team provides amd maintains the infrastructure that allows individual
Departmental end users to access shared applications that are hosted throughout the world from
their local personal computers. Also, this Team maintains the telephone and video conferencing
systems.
In performing its responsibilities, the Team:
• Orders and implements telecommunications services including local, long distance and
dedicated services.
• Operates and maintains video telecommunications services for the Department.
• Administers the Network Control Center for the Department.
OCIO - Page 2 PROPOSED: 7/07/04
OFFICE OF THE CHIEF INFORMATION OFFICER
• Champions emerging collaborative technologies to make Department-wide users more
effective in dealing with their peers and customers.
• Provides an access path for all End Users to be able to use IT infrastructure down to
individual workstations, telephone handsets, IPTV displays, and video conferencing rooms.
• Manages the IT cabling plan.
End User Support Services Team
The End User Support Services Team ensures that all departmental employees regardless of their
locations have appropriate access to the Department's services and that their personal computers
work properly.
In performing its responsibilities, the Team:
• Manages the Help Desk, which is the entry point for virtually all requests for IT services.
• Provides work station on-site support.
• Manages and provides operational support for all office automation activities throughout the
Department.
• Provides project management support for ED technology customers that are relocating
offices.
• Oversees installation and disposal of workstation equipment.
• Provides operations support and serves as a liaison in the field for the Secretary's Regional
Representatives (SRRs).
• Supports SRR implementation of agency-wide technology and applications solutions in the
regional offices and provides ongoing customer and technical support.
Security and Reliability Assurance Team
The Security and Reliability Assurance Team protects the overall network from hostile attacks as
well as manages a disaster recovery facility for all of the Department's critical applications.
Also, the team ensures that all additions to hardware and sofware are adequately tested prior to
their inclusion into EDNET.
In performing its responsibilities, the Team:
• Performs multi-tiered indepth defense against cyberterrorist attacks from viruses, worms, and
hackers.
OCIO - Page 3 PROPOSED: 7/07/04
OFFICE OF THE CHIEF INFORMATION OFFICER
• Ensures reliable execution of all hosted servers through executing a production promotion
process that test all updates to the production environment prior to implementation.
• Directs all activities related to the agency's alternate site for redundant systems as prescribed
by the Department's system Disaster Recover Plans and Continuity of Operations Plan.
• Provides facility management support to the agency's alternate data processing center.
• Maintains portal security.
• Tests and evaluates all EDNet equipment.
• Provides administrative support to the Change Control Review Board.
• Develops and enforces processes and procedures to ensure sound configuration control and
change management of EDNet and its tenant systems.
Development Services Team
The Development Services Team manages the web-based applications that support and enhance
the agency's on-line business processes and provide additional application development support
across the enterprise.
In performing its responsibilities, the Team:
• Develops and manages internet and intranet applications and coordinates the delivery of
appropriate training for Departmental users.
• Enhances education information dissemination, develop new information resources and
improve on-line business processes.
• Defines and explores opportunities for Government-to-Customer, Government-to-Business
and Government-to-School e-business initiatives and measures effectiveness of new
endeavors
• Maintains and operates ED's internet Web site, ed.gov.
• Maintains and operates ED's intranet Web site, connectED.
• Takes responsibility for putting content on the Web sites, including providing tools for
adding Web site content.
• Works with Principal Offices on developing new content and updating existing content on
the ed.gov and connectED Web sites.
OCIO - Page 4 PROPOSED: 7/07/04
OFFICE OF THE CHIEF INFORMATION OFFICER
Assistive Technology Team
The Assistive Technology Team evaluates and tests software applications and hardware to
ensure compatibility with the legislative requirements of Section 508 of the Rehabilitation Act of
1973 (29 USC 794d) and the agency's operating environment.
In performing its responsibilities, the Team:
• Assists program offices with the evaluation, testing and implementation of assistive
technology solutions for individuals with disabilities.
• Serves as liaison to schools and other federal agencies to facilitate the evaluation and
implementation of assistive technology solutions in the classroom and the workplace.
• Provides advice to program offices regarding section 508 requirements for grant
competitions.
Project Management Team
The Project Management Team ensures that all IT operation's projects are professionally
managed and that IT delivers on its commitments.
In performing its responsibilities, the Team:
• Provides a core of qualified project managers that executes the OCIO's formal project
management process in support of EDNET customers who require new solutions to be
developed.
• Performs technology assessment and analysis.
• Provides administrative support to the Technology Review Board.
• Defines IT design elements and develops and tests solutions for emerging customer
requirements.
C. BUSINESS AND ENTERPRISE INTEGRATION SERVICES
Business and Enterprise Integration Services (BEIS) provides leadership, oversight, and
coordination of the Department's effort to ensure that its Information Technology (IT)
investments support ED's strategic plan and are business driven. In particular, this relates to the
following activities within the Department of Education:
• Capital Planning and Investment Control (CPIC);
• Enterprise Architecture development, usage and change management;
• Enterprise Architecture product quality and compliance measurement;
• Business Technology Interface;
OCIO - Page 5 PROPOSED: 7/07/04
-,
OFFICE OF THE CHIEF INFORMATION OFFICER
• Systems Development Life Cycle; and
• IT Acquisition support.
BEIS is responsible for providing policies, standards, and procedures that ensure ED offices
comply with the Department's investment review process and enterprise architecture. In addition,
BEIS provides instruction to customers to help educate and support them in their investment
review and enterprise architecture efforts.
The Deputy CIO/CTO is responsible for leadership, policy guidance, quality control, and
coordination for Business & Enterprise Integration Services. The Deputy CIO/CTO also ensures
that the operations of BEIS are consistent with federal laws and directives as well as Department
standards, policies, and procedures. Furthermore, BEIS ensures that its operations are carried out
in an effective and efficient manner, and are customer-oriented.
BIES is comprised of two Teams:
• Investment and Acquisition Management Team; and
• Enterprise Architecture Team.
Investment and Acquisition Management Team
The Investment and Acquisition Management Team is responsible for developing and
implementing strategies and programs designed to enhance the Department's business case
preparation ahd capital investment management and planning. The Team is also responsible for
providing IT acquisition support to OCIO and the Department
In performing its responsibilities, the IT Investment Management Team:
• Develops and submits recommendations to the Investment Review Board (IRB)
regarding IT investments (including projects, systems, IT workforce and initiatives)
to assure that investment decisions are mission aligned, cost justified and approved
only after careful and systematic review.
• Defines and manages IT investment management processes through a long-range
planning and a disciplined budget decision making process to achieve performance
goals and objectives with minimal risk, lowest life-cycle costs and greatest benefits
for the agency. Ensures that the processes are successfully implemented and
integrated with the Department's budget, performance-based acquisition and planning
processes
• Oversees business case preparation for IT activities and services.
• Defines capital planning and investment policies and procedures so that the Department
can best manage its resources and can measure and evaluate the benefits of investment
decisions.
OCIO - Page 6 PROPOSED: 7/07/04
OFFICE OF THE CHIEF INFORMATION OFFICER
• Coordinates and supports investment decision processes across the agency that are
prescibed by the Clinger-Cohen Act of 1996.
• Coordinates activities with the OCIO and across offices that link mission needs and
capital assets in an effective and efficient manner.
• Develops and promotes Department-wide IT investment performance measures to assess
agency progress in meeting requirements under the Government Performance and Results
Act, the Information Technology Reform Act, and other relevant legislation.
• Administers and provides oversight for procurement and contract management of IT
activities, and provides acquisition support to IT staff.
• Facilitates Department IT acquisition activities and manages the office's relationships
with vendors and other OCIO contractors.
• Manages Department-wide software and system licenses, including procurement, test,
and implementation phases.
Enterprise Architecture Team
The Enterprise Architeture Team is responsible for capturing the description of how the
Department does its business, and what information, data, and technology are required to
support the business. Furthermore, the Enterprise Architeture Team is responsible for the
Department's system development life cycle and the business technology interface. The
Team also includes Business Technology Advisors who provide direct coordination services
between OCIO and the Principal Offices.
In performing its responsibilities, the Enterprise Architecture Team:
• Develops, maintains, and facilitates the implementation of a sound and integrated IT
enterprise architecture.
• Provides written organizational policy, for approval by the Executive Management Team
and the Investment Review Board, regarding the governance of the enterprise
architecture.
• Uses the enterprise architecture to analyze IT solutions and ensure that they support the
business of the Department.
• Leverages methodologies to eliminate redundancies, reduce cost, and manage change.
• Provides Business Technology Interface support to document requirements for, analyze,
and justify each business case presented to the Investment Review Board.
OCIO - Page 7 PROPOSED: 7/07/04
OFFICE OF THE CHIEF INFORMATION OFFICER
• Uses the enterprise architecture to analyze deliverables proposed by Principal Offices
to ensure the statements of work are complete, as outlined in the Systems
Development Life Cycle (SDLC).
• Monitors and provides reviews for enterprise (information, data, systems, and
technology) within the SDLC, CPIC, and acquisition processes.
• Ensures enterprise architecture products are identified, tracked, monitored, documented,
reported, and audited.
• Manages and provides enterprise architecture repository maintenance, oversight, training,
and version control.
• Ensures enterprise architecture products and supporting processes are prepared to undergo
an independent verification and validation.
• Applies metrics for measuring enterprise architecture progress, quality, compliance, in
order to calculate the return on investment.
D. Regulatory Information Management Services
Regulatory and Information Management Services (RIMS) provides leadership, oversight, and
coordination to ensure Departmental compliance with government initiatives regarding the
acquisition, release and maintenance of information. In particular, this relates to the following
activities within the Department of Education:
• Freedom ofInformation Act (FOIA);
• Privacy Act;
• Records Retention and Management;
• Information Collection;
• Government Paperwork Elimination Act (GPEA); and
• Information Quality Guidelines (lQG).
RIMS is responsible for providing policies, standards, and procedures that ensure ED complies
with governmental information management requirements in the above areas. In addition, RIMS
provides instruction to assure that customers are educated and supported in the performance of
these efforts.
The office is headed by a Director who reports to the Chief Information Officer. RIMS includes
two teams:
• Information Policy and Standards Team; and
• Information Management Case Services Team.
OCIO - Page 8 PROPOSED: 7/07/04
OFFICE OF THE CHIEF INFORMATION OFFICER
The office of the Director includes a Special Assistant for Appeals Services who is
responsible for the oversight, coordination and disposition of all agency appeals regarding the
Freedom ofInformation Act (FOIA) and the Department's IQGs.
Information Policy and Standards Team
The Information Policy and Standards Team is responsible for developing and implementing
strategies and programs designed to enhance the Department's responsiveness to government
information management requirements regarding the acquisition, release and maintenance of
information.
In performing its responsibilities, the Information Policy and Standards Team:
• Promotes the effective and efficient design and operation of major ED information
resource management processes; and, as appropriate, examines and recommends
improvements to agency business processes.
• Supports the policies and procedures of management, analysis and protection of federal,
state, and local data collected and disseminated by the Department.
• Articulates standards for the Department's IQG's, and provides guidance and technical
assistance to program offices on quality, dissemination, privacy, and security issues.
• Issues directives and handbooks to support and enhance the performance of agency
responsiveness to information management initiatives.
• Provides instruction designed to help agency personnel better coordinate intra- and inter
agency efforts regarding the acquisition, release and maintenance of information.
• Supports agency information to improve the productivity, efficiency, and effectiveness of
federal programs including information dissemination initiatives and efforts to reduce
information collection burdens.
• Champions e-records management and works to ensure that enterprise-wide e-records
policies are adopted.
• Works with client offices to plan for and coordinate enterprise-wide information access,
data collection and records management activities.
• Manages the implementation of the Government Paperwork Elimination Act (GPEA)
across the agency.
• Provides leadership and coordination in the resolution of sensitive and high-risk
information management cases.
OCIO - Page 9 PROPOSED: 7/07/04
OFFICE OF THE CHIEF INFORMATION OFFICER
Information Management Case Services Team
The Information Management Case Services Team is responsible for the comprehensive
operation of the agency case management system that responds to FOIA and Privacy Act
requests. The Team also is responsible for supporting ED information collection, records
retention and management, and GPRA activities.
In performing its responsibilities, the Team:
• Oversees agency compliance with FOIA, Privacy Act and Departmental records retention
and management policies.
• Ensures the successful handling of all requests regarding FOIA and the Privacy Act
received by the Department. The team also is responsible for furnishing reliable,
accurate, and timely information on FOIA and the Privacy Act in compliance with
relevant laws, statutes, regulations and directives.
• Administers the agency's information collection activities, overseeing the Department's
collection and reporting prpcesses under the Paperwork Reduction Act and preparing the
annual Information Collection Budget for transmittal to OMB.
• Supports Department systems and databases associated with information collections,
FOIA, Privacy, and records retention and management.
• Oversees and monitors the administration of contracts to support operation and
maintenance of systems and databases relating to the mission of RIMS.
E. Information Assurance Services
Information Assurance Services oversees the Department's IT security program and
implementation of the Federal Information Security Management Act. The Director of
Information Services reports directly to the Chief Information Officer.
In performing its responsibilities, the Information Assurance Team:
• Directs the Department's enterprise-wide information assurance activities,
developing policies and guidance to prevent and defend against unauthorized access
to networks, system, and data directly or indirectly related to the Department's
activities.
• Provides agency-wide leadership in maintaining and improving the accuracy,
confidentiality and integrity of data maintained in the Department's information
systems, including ongoing support of the agency's Data Integrity Board and data
matching/exchange agreements with other agencies.
OCIO - Page 10 PROPOSED: 7/07/04
-,
OFFICE OF THE CHIEF INFORMATION OFFICER
• Coordinates agency-wide IT security incident reporting and emergency response
activities and serves as the Department liaison with the Office of General Counsel,
Fed CIRC, the FBI, and other external law enforcement agencies concerning IT
security incident reporting and follow-up activities.
• Implements and coordinates activities regarding the agency's Critical Infrastructure
Protection (CIP) focusing on protecting mission essential infrastructure, promoting
best practices in infrastructure management, and developing and promulgating
policies to implement requirements of Presidential Direction (PDD) 63.
• Enforces Federal ADP Security standards, including review and evaluation
activities prescribed by OMB Circulars A-123 and A-130.
• Coordinates agency-wide policies regarding authentication and message encryption
techniques inclusive of digital signatures and PKI technology.
• Conducts annual Department-wide security audit reviews mandated by the
Government Information Security Reform Act (GISRA) and periodically assists the
agency's OIG with the conduct and resolution of Department IT security program
and system audits.
• Manages the operation of the agency's Information and Critical Infrastructure
Assurance Steering Committee.
• Develops and maintains a comprehensive and effective disaster recovery planning
program that ensures continuity of operations for essential Departmental systems in
the event of an emergency or other disruption to normal operations.
• Develops corrective action plans to address weaknesses disclosed by GISRA
reviews, IG audits, and Federal Managers Financial Management Integrity Act
(FMFESIA) annual certifications related to IT security matters.
• Defines IT security curricula and provides specialized security training for agency's
technical staff and general security awareness/orientation training required of all
Departmental employees.
OCIO - Page 11 PROPOSED: 7/07/04
Audit of the Department's Efforts in Identifying IRM KSAs.
Published by the Department of Education, Office of Inspector General on 2004-08-20.
Below is a raw (and likely hideous) rendition of the original report. (PDF)