| NODIS Library | Legal Policies(2000s) | Search |

NASA Ball NASA
Procedural
Requirements
NPR 2800.1B
Effective Date: March 20, 2009
Expiration Date: December 20, 2019
COMPLIANCE IS MANDATORY
Printable Format (PDF)

(NASA Only)

Subject: Managing Information Technology

Responsible Office: Office of the Chief Information Officer


| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |

Chapter 2. IT Governance/IT Authority

2.1 IT Governance/IT Authority Requirement

NASA shall develop and maintain effective Agency IT governance structures and processes to ensure that IT strategy, investment, implementation, and operations decisions are integrated with organizational planning, budget, financial management, human capital management, and programmatic decisions and processes.

2.2 Background

2.2.1 IT governance is a framework that encompasses the structures, inputs, outputs, activities, decision rights, and accountability necessary to facilitate the effective and efficient use of IT.

2.2.2 NASA's IT environment is organized into three major areas: IT infrastructure services, IT applications, and "Highly Specialized" IT, such as the technology that supports real-time control systems and onboard avionics. Figure 2.1 illustrates these three areas.

Organization of the NASA IT Environment

Figure 2.1: Organization of the NASA IT Environment

2.2.3 To address the wide-ranging decisions which occur throughout the life cycle of a nonhighly specialized IT investment, NASA employs a three-board governance model where each board has a clear set of responsibilities as well as interfaces to the other governing bodies. The three-board IT governance model (Figure 2.2) provides complete coverage of the NASA Program and Project Life Cycle and can be implemented at the Centers with variations based on local requirements. Each of these life-cycle phases has associated with it unique milestones and metrics that require different activities and therefore different memberships.

Governance Board Structure

Figure 2.2: IT Governance Board Structure

It is possible that programs and projects governed by NPR 7120.5, NASA Space Flight Program and Project Management Requirements, or NPR 7120.8, NASA Research and Technology Program and Project Management Requirements, will have systems under development with both highly specialized and nonhighly specialized IT components, which must be developed and integrated under a unified management structure to ensure technical and programmatic success. Such IT components embedded in programs and projects will also comply with policies and other technical requirements to ensure systems and capabilities being developed align with Agency requirements and direction for IT architectures, policies, procedures, standards, guidelines, and practices. The OCIO will work with the Mission Directorate or Mission Support Office responsible for the program or project to identify such embedded IT components and define boundaries and interfaces for inclusion in IT management processes. The OCIO will also coordinate with the appropriate governing body required by NPR 7120.5, or NPR 7120.8, as described in Section 2.3 of this document to reflect those interactions.

2.2.4 IT Governance Board Responsibilities and Membership

2.2.4.1 IT Strategy and Investment Board (SIB): Decisions regarding IT strategy and resultant policies, significant IT investments (prioritization and approval), and the NASA EA. Members include senior-level stakeholders from Mission Directorates, Mission Support Offices, and Centers.

2.2.4.2 IT Program Management Board (PMB): Decisions regarding application and infrastructure projects to ensure that investments approved by the IT Strategy and Investment Board stay on track during formulation, design, and implementation. Members include the Deputy CIO, one or more IT SIB representatives for continuity, IT Management Board (ITMB) Chair, EA Lead, representatives from Mission Directorates, Mission Support Offices, and Centers.

2.2.4.3 IT Management Board (ITMB): Decisions regarding management of the IT technical environment at NASA to implement IT strategy, policy, and investment initiatives, including configuration management, integration, and performance of IT systems. Members include the Associate CIO for Architecture and Infrastructure, Center CIOs, the Deputy CIO for IT Security, and the EA Lead. Mission Directorates may provide a representative at their discretion.

2.2.5 NPD 1000.0, NASA Governance and Strategic Management Handbook, describes Mission Support Authorities as the designated "official voices" of their institutional areas and the associated requirements established by NASA policy, law, or other external mandate. These authorities are asserted through leadership, horizontally (across Headquarters) and vertically (Headquarters to Centers and within Centers).

2.2.5.1 The NASA CIO exercises Mission Support Authority for IT and is the "IT Authority." The corresponding process is designated as IT authority (where "authority" is not capitalized, to distinguish between the process and the person exercising the authority).

2.2.5.2 The need for IT authority stems from the inclusion and importance of IT in almost all Agency programs and projects. The scope of IT authority includes all IT with the exception of software engineering. The Office of the Chief Engineer establishes policy and technical standards for software engineering and has included software engineering in its engineering technical authority process. The Office of Safety and Mission Assurance establishes the policy and technical standards for software safety and software assurance and has included software safety and software assurance in its safety and mission assurance technical authority process.

2.2.5.3 Two processes, policy establishment and policy compliance, support IT authority.

2.2.5.3.1 The Agency CIO is responsible for establishing IT policies and technical standards, with the concurrence of the Mission Directorates, other Mission Support Offices, and the Centers, as appropriate.

2.2.5.3.2 The policy compliance process provides assurance that IT fully supports the Agency's missions in a way that is strategically-grounded and cost-effective, and in accordance with NASA IT policies and technical standards.

2.3 IT Governance Roles and Responsibilities

2.3.1 The NASA CIO shall sponsor, organize, and provide logistical support for the NASA IT SIB, IT PMB, and ITMB.

2.3.2 The NASA CIO shall chair the IT SIB and shall serve as the Decision Authority for programs and projects overseen by the IT PMB.

2.3.3 Mission Directorate Associate Administrators (AAs), Officials-in-Charge of Mission Support Offices, and Center Directors shall ensure that proposed investments for IT are brought before the IT SIB for consideration and approval when annual investments meet or exceed the defined criteria identified in the SIB charter. The criteria are defined in the IT SIB charter available in the NASA Directives (NODIS).

2.3.4 The NASA CIO shall ensure that modifications to the NASA EA and new or modified NASA-wide IT policies/processes are brought before the IT SIB for its consideration and approval.

2.3.5 Mission Directorate AAs, Officials-in-Charge of Mission Support Offices, and Center Directors shall ensure that programs and projects in the scope of NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements, are brought before the IT PMB for its oversight.

2.3.6 Mission Directorate AAs, Officials-in-Charge of Mission Support Offices, and Center Directors shall ensure that operational activities that meet or exceed the criteria contained in the ITMB charter are brought before the ITMB for its oversight.

2.3.7 Center Directors shall ensure that an IT governance structure that corresponds or can be mapped to the Agency-level structure described above is established, executed, and maintained at their Centers.

2.4 IT Authority Roles and Responsibilities

2.4.1 The NASA CIO shall serve as the NASA IT Authority and be responsible for the IT authority process.

2.4.2 The NASA CIO or designee shall have the authority to review and approve all nonhighly Specialized IT content (including both IT products and services) in Requests for Proposals (RFPs) for Agency-level procurements before they are issued, even if the end product of the procurement is not IT.

2.4.2.1 The NASA CIO shall coordinate with the Office of Procurement to ensure that contract clauses are reflective of NASA IT policy and that Agency acquisitions include applicable clauses.

2.4.3 Center CIOs or designees shall have the authority to review and approve all nonhighly Specialized IT content (including both IT products and services) in RFPs for Center-level procurements before the RFPs are issued, even if the end product of the procurement is not IT.

2.4.4 The NASA CIO shall have the authority to review and approve nonhighly Specialized IT content in new task orders, delivery orders, and change orders for all NASA-wide contracts, even if the end product of the contract is not IT.

2.4.5 The Center CIO shall have the authority to review and approve nonhighly Specialized IT content in new task orders, delivery orders, and change orders for all Center contracts, even if the end product of the contracts is not IT.



| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |
 
| NODIS Library | Legal Policies(2000s) | Search |

DISTRIBUTION:
NODIS


This Document Is Uncontrolled When Printed.
Check the NASA Online Directives Information System (NODIS) Library
to Verify that this is the correct version before use: http://nodis3.gsfc.nasa.gov