123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230 |
- <!DOCTYPE html>
- <html>
- <head>
- <meta name="google-site-verification" content="xXEGpPeG9CfACp-aeM0kS8pSS9Vk7Z8OS0QB_EehREs" />
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta charset="utf-8">
- <meta content="width=device-width, initial-scale=1.0" name="viewport">
- <link rel="stylesheet" href="/assets/css/normalize.css">
- <link href="/assets/css/google-fonts.css" rel="stylesheet" type="text/css">
- <link rel="stylesheet" href="/assets/css/styles.css?201509271090037">
- <link rel="stylesheet" href="/assets/css/syntax.css">
- <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
- <script src="/assets/js/jquery.navgoco.min.js"></script>
- <!--[if lt IE 9]>
- <script src="/assets/js/html5.js"></script>
- <script src="/assets/js/respond.min.js"></script>
- <![endif]-->
- <link rel="shortcut icon" type="image/ico" href="/assets/favicon.ico" />
- <link rel="canonical" href="https://ombegov.github.io/a130//it-investment-mgmt/" />
-
- <title>IT Investment Management</title>
- <meta property="og:title" content="IT Investment Management" />
-
-
- <meta name="description" content="IT Investment Management">
- <meta property="og:description" content="IT Investment Management" />
-
- </head>
- <body>
- <div class="container">
- <header role="banner">
- <h1>
- <a href="/">OMB Circular A-130</a>
- </h1>
- </header>
- <div class="wrap content">
- <aside>
- <a class="skip-link visuallyhidden focusable" href="#main">Skip to Main Content</a>
- <nav class="sidebar-nav" role="navigation">
- <ul>
-
-
-
- <li class="">
- <a href="/">Home</a>
- </li>
-
-
-
- <li class="">
- <a href="/introduction/">Introduction</a>
- </li>
-
-
-
- <li class="">
- <a href="/purpose/">Purpose</a>
- </li>
-
-
-
- <li class="">
- <a href="/applicability/">Applicability</a>
- </li>
-
-
-
- <li class="">
- <a href="/basic_consideration/">Basic Considerations</a>
- </li>
-
-
-
- <li class="">
- <a href="/policy/">Policy</a>
- </li>
-
-
-
- <li class="">
- <a href="/gov-wide-responsbilities/">Government-Wide Responsbilities</a>
- </li>
-
-
-
- <li class="">
- <a href="/effectiveness/">Effectiveness</a>
- </li>
-
-
-
- <li class="">
- <a href="/oversight/">Oversight</a>
- </li>
-
-
-
- <li class="">
- <a href="/autorities/">Authorities</a>
- </li>
-
-
-
- <li class="">
- <a href="/definitions/">Definitions</a>
- </li>
-
-
-
- <li class="">
- <a href="/inquiries/">Inquiries</a>
- </li>
-
-
-
- <li class="">
- <a href="/appendix1/">Appendix I</a>
- </li>
-
-
-
- <li class="">
- <a href="/appendix2/">Appendix II</a>
- </li>
-
-
-
- <li class="">
- <a href="/appendix3/">Appendix III</a>
- </li>
-
- </ul>
- </nav>
- <p>
- <a href="https://github.com/OMBEGOV/a130/edit/gh-pages/pages/it-investment-mgmt.md">Edit this page</a>
- </p>
- </aside>
- <article id="main" class="main-content" role="main">
- <h1>IT Investment Management</h1>
- <h3 id="it-investment-management"><strong>IT Investment Management</strong></h3>
- <ol>
- <li>Acquisition of Information Technology and Services</li>
- </ol>
- <p>Agencies shall:</p>
- <div class="highlight"><pre><code class="language-" data-lang=""> 1. Consistent with applicable Federal acquisition requirements, make use of adequate competition, analyze risks (including supply chain risks), associated with potential awards, allocate risk between government and contractor, and maximize return on investment (ROI) when acquiring information technology;
- 2. Conduct definitive technical, cost, and risk analyses of alternative design implementations, including consideration of migration and retraining costs, scaled to the size and complexity of individual requirements (definitive acquisition planning provisions are set forth in Federal Acquisition Regulation [FAR] subpart 7.1, Acquisition Plans, and subpart 10, Market Research);
- 3. Consider existing Federal contract solutions available to meet agency needs to avoid duplicative investments;
- 4. Structure acquisitions for major IT investments into useful segments with a narrow scope and brief duration in order to reduce risk, promote flexibility and interoperability, increase accountability, and better match mission need with current technology and market conditions;
- 5. To the extent practicable, award all contracts which include IT within 180 days after the solicitation is issued and, if this deadline is not reached, consider the cancellation of the work related to the contract, and the IT acquired should be delivered within 18 months after the solicitation resulting in award of the contract was issued (41 U.S.C. § 2308);
- 6. Ensure all acquisition strategies or acquisition plans (as described in FAR Part 7) or interagency agreements (such as those used to support purchases through another agency) that include IT are reviewed and approved by the agency CIO. The CIO shall consider the following factors when reviewing acquisition strategies and acquisition plans:
- 1. Alignment with mission and program objectives in coordination with program leadership;
- 2. Appropriateness with respect to the mission and business objectives supported by the IT strategic plan;
- 3. Appropriateness of contract type for IT-related resources;
- 4. Appropriateness of IT-related portions of statement of needs or statement of work;
- 5. Ability to deliver functionality in short increments; and
- 6. Opportunities to migrate from end-of-life software and systems, and to retire those systems.
- </code></pre></div>
- <ol>
- <li>Investment Planning and Control</li>
- </ol>
- <p>Agencies are responsible for establishing a decision-making process that provides for analyzing, tracking, and evaluating the risks, including information security and privacy risks, and results of all major investments made by an agency for information systems. The process shall cover the life of each system and shall include explicit criteria for analyzing the projected and actual costs, benefits, and risks, including information security and privacy risks, associated with the investments. Agencies shall designate IT investments as major or non-major investments, or other categories, according to relevant statute, regulations and guidance in OMB Circular A-11, and execute processes commensurate with the size, scope, duration, and delivery risk of the investment. The investment processes shall encompass planning, budgeting, procurement, management, and assessment. For further guidance on management and reporting related to investment planning, refer to OMB Circular A-11, including the Capital Programming Guide. At a minimum, agencies shall ensure that:</p>
- <div class="highlight"><pre><code class="language-" data-lang=""> 1. All IT resources (see definitions) are included in IT investment planning documents or artifacts;
- 2. Significant decisions related to major IT investments are supported by business cases with appropriate evidence;
- 3. All IT investments appropriately implement incremental development and modular approaches as defined in OMB guidance;
- 4. IT investments support and enable core mission and operational functions and processes related to the agency's missions and business requirements;
- 5. Decisions to improve, enhance, or modernize existing information technology investments or to develop new information technology investments are made only after conducting an alternatives analysis that includes both government-provided (internal, interagency, and intra-agency where applicable) and commercially provided options and the most advantageous option to the government has been selected;
- 6. Qualitative and quantitative research methods are used to determine the goals, needs, and behaviors of current and prospective managers and users of the service to strengthen the understanding of requirements;
- 7. Analysis of alternatives first consider using available and suitable existing Federal information systems, technologies, and shared services or information processing facilities, to acquiring commercially available off-the-shelf and, where allowable, open source software and technologies. Once existing Federal solutions, commercial solutions, or open solutions are considered, analysis turns to developing or acquiring custom or duplicative solutions in a technology neutral manner that is merit-based and considers factors such as performance, cost, security, interoperability, ability to share or re-use, and availability of quality support. Decisions to acquire custom or duplicative solutions must be justified based on overall cost-effectiveness of the solution throughout the life cycle, the ability to meet acceptable levels of security, or the ability to meet specific and high-priority mission or operational requirements;
- 8. Information technology needs are met through acquiring scalable, provisioned IT services when it is cost-effective to do so rather than the agency developing its own information system or equipment;
- 9. Information systems security levels are commensurate with the impact that may result from unauthorized access, use, disclosure, disruption, modification, or destruction of such information consistent with guidance from NIST;
- 10. Information systems built in a way that maximizes interoperability and access to information through application programming interfaces (APIs) and other means, maintains internal and external data asset inventories, while enhancing information safeguards;
- 11. Information technology investments must facilitate interoperability, application portability, and scalability across networks of heterogeneous hardware, software, and telecommunications platforms;
- 12. Information systems and processes must support interoperability and access to information , maximize the usefulness of information, minimize the burden on the public, and preserve the appropriate integrity, usability, availability, confidentiality, and disposition of information throughout the life cycle of the information, in accordance with the Paperwork Reduction Act, Federal Information Security Modernization Act, and Privacy Act (as amended) and the Federal Records Act (as amended);
- 13. Information systems and processes must facilitate accessibility under the Rehabilitation Act of 1973, as amended; in particular, see specific electronic and information technology accessibility requirements commonly known as "section 508" requirements (29 U.S.C. § 794d);
- 14. Records management functions and retention requirements are incorporated into the design, development, and implementation of information systems, particularly Internet resources to include storage solutions and cloud-based services such as software as a service, platform as a service, and infrastructure as a service; and
- 15. Investments use an EVMS and Integrated Baseline Review (IBR), when appropriate, as required by Federal Acquisition Regulation Subpart 34.2 or, when an EVMS is not required, implement a baseline validation process as part of an overall investment risk management strategy consistent with OMB guidance.
- </code></pre></div>
- <ol>
- <li>Enterprise Architecture</li>
- </ol>
- <p>Agencies shall develop an actionable enterprise architecture (EA) that describes the baseline architecture, target architecture, and a plan to get to the target architecture. The intent is to align business and technology resources to achieve strategic outcomes. The process of describing the current and future state of the agency, and laying out a plan for transitioning from the current state to the desired future state, helps agencies eliminate waste and duplication, increase shared services, close performance gaps, and promote engagement among government, industry, and citizens.</p>
- </article>
- </div>
- </div>
- <!-- <script>
- (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
- (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
- m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
- })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
- ga('create', 'UA-48605964-20', 'auto');
- // anonymize user IPs (chops off the last IP triplet)
- ga('set', 'anonymizeIp', true);
- // forces SSL even if the page were somehow loaded over http://
- ga('set', 'forceSSL', true);
- ga('send', 'pageview');
- </script>
- <!-- Digital Analytics Program roll-up, see https://analytics.usa.gov for data
- <script async id="_fed_an_ua_tag" src="/assets/js/Universal-Federated-Analytics-Min.js?agency=GSA"></script> --> -->
- </body>
- </html>
|