Effective Date: March 20, 2009
Expiration Date: December 20, 2019
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL ||
Effectively and efficiently managing, preserving, protecting, and disseminating the information required to achieve, and resulting from, exploration and other NASA missions is vital to mission success. As well, seamless collaboration of the NASA workforce across multiple Centers will be vital in the planning, design, and development of mission-related capabilities and technology in the future. It is imperative that information technology (IT) at NASA be managed in a manner that enables the NASA mission and operating model, now and in the future.
This document is intended to provide a framework for IT management, decision-making, and planning and, in turn, serve as an avenue for the authoring of more in-depth documents (Standard Operating Procedures, NPRs, handbooks, etc.). Effective management of IT is characterized by IT that is aligned with the following NASA principles:
a. Mission Enabling: information technology at NASA serves to enable NASA?s mission.
b. Integrated: NASA will implement information technology that enables the integration of business (mission) processes and information across organization boundaries.
c. Efficient: NASA will implement information technology to achieve efficiencies and ensure that IT is efficiently implemented.
d. Secure: NASA will implement and sustain secure information technology solutions.
The NASA Information Resources Management (IRM) Strategic Plan, updated and published annually, describes the specific strategies, goals, and objectives required for the strategic management of information and IT, directly contributing to mission success for the Agency. While the overall objective of this policy document is the management of NASA IT in a manner that enables the NASA mission and operating model, the detailed objectives and activities for doing so change over time. Consequently, those detailed objectives and associated performance measures are documented annually in the IRM Strategic Plan.
As described in NPD 1000.3, The NASA Organization, the Office of the Chief Information Officer (OCIO), provides leadership, planning, policy direction, and oversight for the management of NASA information and all NASA IT in accordance with the responsibilities required by the Clinger-Cohen Act of 1996, the Paperwork Reduction Act of 1995, the E-Government Act of 2002, the Federal Information Security Management Act of 2002, and the Privacy Act of 1974. The Chief Information Officer (CIO) is the principal advisor to the Administrator and other senior officials on matters pertaining to information technology, the NASA Enterprise Architecture (EA), IT security, records management, and privacy. NPD 2800.1, Managing Information Technology, provides more detail concerning these responsibilities.
While NPD 1000.3 contains a complete list of OCIO responsibilities, of special importance for this document is the responsibility of the OCIO for management of NASA's IT systems as a joint responsibility with the NASA Centers, Mission Directorates, and Mission Support Offices. The Centers, Mission Directorates, and Mission Support Offices have responsibility for the applications, while the CIO has overarching responsibility for ensuring alignment of those applications with the NASA EA and for all aspects of the IT infrastructure in which those applications reside. Further, the OCIO manages an application portfolio management program in conjunction with Centers, Mission Directorates, and Mission Support Offices to ensure a robust, yet efficient, set of applications to enable the NASA mission.
Figure 1.1 illustrates this division of responsibilities as well as the important and distinct responsibility of the Mission Directorates in managing the Highly Specialized IT that is critical to the success of the Agency's missions. While Highly Specialized IT must conform to Agency IT policies established by the OCIO in areas such as IT security and EA, the management of Highly Specialized IT is the responsibility of the Mission Directorates. This document focuses primarily on the responsibilities of the OCIO in managing IT and on the OCIO interactions with the Mission Directorates and other Mission Support Offices in carrying out its responsibilities, for example in the area of relationship management as described in section 188.8.131.52. The requirements for managing Highly Specialized IT, aside from the OCIO NPD 1000.3 responsibilities noted above, are included in the policy documents established by the NASA Office of Chief Engineer, e.g., NPR 7120.5, NASA Space Flight Program and Project Management Requirements, and in those published by the individual Mission Directorates.
The OCIO carries out its responsibilities both via the Agency-level office resident at NASA Headquarters and via Center Offices of the CIO that are delegated responsibilities as described in this document.
1.2.1 Core Functions of Center CIO Organizations
The successful management of IT at NASA depends largely on the Center CIO organizations' ability to provide consistent, quality services, align technology with mission requirements, and ensure compliance with policy. The required organizational capabilities include not only the skills and competencies of the civil servants and supporting contractors that make up the CIO organization, but also the policies, governance structures, and process disciplines that guide and deliver the services and the platform for meaningful, ongoing communication between the CIO organization and the Mission Directorates, Mission Support Offices, and programs.
Figure 1.1 below highlights the core functions that are required under the NASA IT management model. These functions, and associated competencies, require execution in all Center CIO organizations.
Figure 1.1 Responsibilities for Managing IT at NASA
184.108.40.206 Relationship Management: The relationship management function acts as the primary interface between NASA customers and CIO organizations. Personnel performing the relationship management function (Relationship Managers (RM)) ensure alignment between customer expectations and CIO services. The RM is positioned as a well-respected partner by the customer and has insight into their strategic needs. Activities include collecting, analyzing, reviewing, documenting, and communicating mission and business needs and requirements to the CIO organization, defining and establishing service and support requirements, performing issue mediation and escalation, and reporting performance on services provided by the CIO organization. The RM coordinates with other IT service providers (e.g., contractors, vendors) to ensure customer needs are addressed and provides input into the IT portfolio management process.
The RM focuses on understanding the customer's needs. Changes to business processes, policies, and information systems are gathered, analyzed, communicated, and validated. The RM ensures requirements are communicated with clarity, completeness, and specificity between the CIO and the customer organization. The RM supports the initial development of business requirements for all solution development activities and works closely with solution developers to ensure developing solutions continue to meet business requirements. The RM is actively involved in coordinating with Innovation Management and Project Management for proof of concept and/or pilot development activities.
220.127.116.11 Governance and Policy: The governance and policy function oversees and ensures that decision making for IT investments, principles, and standards are clearly assigned and administered through established governance boards. The function defines and manages a full life-cycle IT governance process, including ensuring IT investments align with NASA mission and institutional requirements.
The governance and policy function manages the development, consolidation, and maintenance of IT-related policies and regulations. It ensures all policies are consistent, current, and accessible to the appropriate NASA staff. The function is responsible for coordination with subject matter experts to develop policy, guidance, and regulations. In addition, this function reviews policies, guidance, and regulations to ensure consistency and to avoid conflicts.
Finally, the governance and policy function implements and assesses effectiveness of internal controls consistent with OMB Circulars A-123 and A-130 and NASA policies.
18.104.22.168 Enterprise Architecture: The EA function leads and defines how NASA IT capabilities and systems are aligned with mission and institutional requirements, operations, and objectives. The function follows IT strategic planning methodology to align mission, program, and institutional objectives with IT projects and technology initiatives and measures NASA's performance toward goals established in the NASA Strategic Plan.
The EA function defines the current or "as-is" state, the planned or "to-be" state, the gap between the two states, and a plan for closing the gap. The function develops and updates the EA segments that represent a mission and institutional view of NASA's use of IT to meet program and service requirements. Other activities include developing and implementing architecture metrics and communications, conducting EA project and services reviews, and developing EA artifacts and guidelines.
The EA function establishes the technical and architecture standards that guide IT solution development and operational support activities. It documents the technologies that are acceptable for the current and future environment and facilitates IT Configuration Control Boards in the approval of software, hardware, and protocols. NPD 2830.1, NASA Enterprise Architecture, and NPR 2830.1, NASA Enterprise Architecture Procedures, provide more details on enterprise architecture requirements at NASA.
22.214.171.124 IT Security Management: The IT security management function ensures information technology security across NASA meets confidentiality, integrity, and availability objectives for data and information, including disaster recovery and continuity of operations for systems. It develops and maintains an information security program that ensures consistent security policy, identifies and implements risk-based security controls, and tracks metrics to gauge compliance and effectiveness. The function is responsible for performing audits and reviews to assess compliance with security and privacy policies and procedures. NPD 2810.1, NASA Information Security Policy, and NPR 2810.1, Security of Information Technology, provide more details on IT security requirements at NASA.
126.96.36.199 Innovation Management: The innovation management function researches and assesses emerging technologies to determine applicability to NASA requirements. Activities include conducting emerging technology pilots, research, evaluations, and predictive analysis of technology solutions. The function may maintain an "innovation laboratory" to assess new technologies and new ways to integrate IT at NASA in support of NASA's IT principles. The innovation management function teams with customer and support organizations to plot the course for technologies being evaluated and their readiness for deployment.
188.8.131.52 Performance Management: The performance management function manages the processes to ensure delivered services meet or exceed customer needs. The function coordinates the development, monitoring, and reporting of performance metrics associated with the CIO organization, CIO projects, and CIO services. It monitors performance against Service Level Agreements (SLA) and provides the relationship management function with customer-specific reports that assess performance against established goals and SLAs. This function also identifies performance gaps and conducts root cause analysis to recommend solutions to meet SLAs.
184.108.40.206 Project Management: The project management function ensures that development, modernization, and/or enhancement (DME) of IT systems are undertaken with the appropriate level of project management discipline in accordance with
NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements and Center project management processes. The project management function ensures the assignment of project managers with the appropriate level of knowledge, skills, and abilities to lead the project to successful completion. The function oversees the tracking of metrics relative to cost, schedule, performance, and risk to identify when the baseline has been significantly breached or when risks have not been sufficiently mitigated.
220.127.116.11 Service Management and Delivery: The service management and delivery function is responsible for providing IT infrastructure and applications services to customers in accordance with service level agreements developed by the service provider in collaboration with the customer organizations. Responsibilities include steady state operations and integration of services, help desk services, problem resolution, implementation of updates and new services, and sunsetting of legacy applications.
18.104.22.168 Resource Management: The resource management function develops and implements the financial services for IT planning and control and coordinates chargeback/cost recovery activities for CIO-provided services in conjunction with Chief Financial Officer (CFO) representatives. Activities include developing budget proposals, planning IT spending allocation, enhancing business case development, conducting financial modeling and cost accounting, and billing for services.
The resource management function in coordination with the Office of Human Capital Management oversees IT workforce planning and management; understands the current organization's staffing levels and skill sets; defines and develops the roles, responsibilities, skills, and competencies necessary to support objectives and investments; manages professional development and training activities to help NASA develop IT training curriculum and analyzes, develops, and maintains NASA IT resource policies, regulations, and procedures.
The resource management function helps develop the sourcing strategy, selects vendors, and builds an appropriate portfolio of internal and external service providers; manages contract life cycle and measures and manages vendor performance; and ensures the delivery of the specified outcomes is obtained in terms of performance commitments.
Finally, the resource management function manages and optimizes the cost, retention, and ultimate disposal of IT assets (hardware and software); ensures IT assets are identified and properly categorized and that plans are established to manage the full asset life cycle; manages the licensing associated with IT assets, leveraging enterprise-licensing economies of scale; and coordinates with service delivery function in the identification of assets and in the scheduling of life-cycle replacements, upgrades, etc.
As depicted in Figure 1.2, the relationship management and EA functions are critical functions in the relationship between CIO and customer organizations. Each NASA Center shall implement the model depicted in Figure 1.2. Variations of this model are authorized with the approval of the NASA CIO and the applicable Center Director, depending on Center size and program capabilities. The NASA Deputy CIO performs the relationship manager responsibilities within the Office of the NASA CIO, interfacing with Mission Directorate and selected Mission Support Office representatives to ensure relationship management, EA, and IT security functions are administered. Upon request of the Deputy CIO, Mission Directorates and selected Mission Support Offices shall identify an individual to represent their organization in the coordination of IT services and matters, including programmatic reporting.
As depicted in Figure 1.2, Center personnel performing the nine core functions identified in Section 1.1 shall be aligned within the Center CIO organization. Variations from this model are authorized with the approval of the NASA CIO and the applicable Center Director, depending on Center size and program capabilities.
Figure 1.2 Organization: Structure
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |
|| NODIS Library | Legal Policies(2000s) | Search ||