Glossary of Key Enterprise TermsThe HHS Office of Enterprise Architecture (OEA) uses the following key Enterprise Terms in support of HHS OEA activities and programs. A definition, usage, context and examples for each key Enterprise Term are provided below. A full text version of this information is available for download and printing in PDF format. This information is current as of March 2007.
- Information Technology (IT) Investment
- Major IT Investment
- Tactical IT Investment
- Supporting IT Investment
- IT Project
- IT System
- Major IT System
- Non-Major IT System
- General Support System (GSS)
Definition: A program is an activity or set of activities intended to help achieve a particular outcome for the public.
Usage and Context: A program may be recognized by the Executive Branch and the Congress when making budget or other decisions. A program may be selected for an Office of Management and Budget (OMB) Program Assessment Rating Tool (PART) Review. (The PART was designed by the Office of Management and Budget (OMB) to provide a consistent approach to assessing federal programs in the executive budget formulation process. It is a diagnostic tool drawing on available program performance information to form conclusions about program benefits and recommended improvements.
Examples: FDA HIV/AIDS Program, HHS Title V Program, Secure One Program, and Enterprise Architecture Program.
Definition:IT Investment. An organizational investment employing or producing IT or IT-related assets. Each investment has or will incur costs for the investment, has expected or realized benefits arising from the investment, has a schedule of project activities and deadlines, and has or will incur risks associated with engaging in the investment.
Usage and Context: The term IT investment is most commonly used in the context of Capital Planning and Investment Control (CPIC).
OMB Circular A-11 identifies two types of investments, major, and non-major. All investments, major or non-major are represented as an Exhibit 53 line item. OMB requires that major investments provide an Exhibit 300 Business Case. HHS identifies three types of investments, major, tactical, and supporting. The HHS major categorization is equivalent to the OMB major classification. Tactical and supporting relate to the OMB non major classification (OMB does not require an Exhibit 300 business case).
Definition: An IT investment that applies one or more of the following:
- Has total planned outlays (i.e., DME and Steady State) of $10 million or more in the budget year.
- Is for financial management and obligates more than $500,000 annually.
- Is otherwise designated by the HHS CIO as critical to the HHS mission or to the administration of HHS programs, finances, property or other resources.
- Has life-cycle costs exceeding $50 million.
Usage and Context:The term major IT investment is most commonly used in the context of Capital Planning and Investment Control (CPIC); OMB requires an Exhibit 300 for major investments.
Examples: NIH - Electronic Research Administration, AHRQ – Medical Expenditure Panel Study, ACF - Expanded Federal Parent Locator Service, CDC – National Vital Statistics System (NVSS)
Definition: An investment that applies one or more of the following:
- Has planned total outlays (i.e., DME and Steady State) of $3 million or more in the budget year.
- Is otherwise designated by the HHS CIO as significant to the HHS mission or to the administration of HHS programs, finances, property or other resources.
Usage and Context: The term tactical IT investment is most commonly used in the context of Capital Planning and Investment Control (CPIC); HHS requires an Exhibit 300 for tactical investments; although OMB does not.
Examples: FDA – Mammography Program Reporting System, IHS – National Patient Information Reporting System (NPINS), SAMHSA – NCSAP Prevention Platform
Definition: An IT investment that is not designated as a major or tactical IT investment and is one or more of the following:
- Has planned total outlays (i.e., DME and Steady State) of less than $3 million in the budget year.
- Has been designated by the HHS CIO as a supporting IT investment.
Usage and Context: The term supporting IT investment is most commonly used in the context of Capital Planning and Investment Control (CPIC); An Exhibit 300 business case is not required for a supporting IT investment.
Examples: CDC - Infections Disease Office Administration, NIH – HNLBI Clinical Data System
Definition: A project is a temporary planned endeavor funded by an approved information technology investment; thus achieving a specific goal and creating a unique product, service, or result. A project has a defined start and end point with specific objectives that, when attained signify completion
Usage and Context: Projects are initiated to manage investments.
Examples: NVSS Edit System Project, NVSS Medical Mortality Project, NVSS Statistical Quality Project, PKI Implementation Project
Definition: A discrete set of information resources organized for the collection, processing, maintenance, transmission, and dissemination of information, in accordance with defined procedures, whether automated or manual to support HHS’ or OPDIV’s mission. An interconnected set of information resources under the same direct management control, which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. Refers to a set of information resources under the same management control that share common functionality and require the same level of security controls.
Usage and Context: The term IT system is used in context of security. The term IT system and application are often used interchangeably while the term application has the more narrow focus of software to meet user requirements.
Types: Major IT System, General Support IT System (GSS), and Non-Major IT Systems.
Definition: An IT system that requires special management attention because of its importance to HHS’ or OPDIV’s missions; or its significant role in the administration of agency programs, finances, property, or other significant resources. An adverse impact on a major system would constitute serious, severe, or catastrophic harm due to the loss of confidentiality, integrity, or availability, as determined through conducting a system risk assessment. Major systems would be classified as either moderate or high impact as defined in FIPS 199. Those systems identified as Critical Infrastructure Protection (CIP) assets would clearly fall in this category as a major system.
Usage and Context: The term IT system is used in context of security. The term Major IT System and Major Application are often used interchangeably while the term application has the more narrow focus of software to meet user requirements.
Examples: Badging System, PKI System
Definition: A system that requires appropriate attention to security when a compromise of the information or application would cause limited adverse harm (low or medium impact as defined in FIPS 199) on the HHS mission, business functionality, public health function and/or employee and citizen welfare, due to the loss of confidentiality, integrity, or availability of the information in the application. A system not defined as either Major or GSS is by default a Non-Major system.
Usage and Context: A Non-Major system is included (documented and reviewed) under the supporting General Supporting System’s (GSS) Certification and Accreditation (C&A) process.
Definition: An interconnected set of information resources under the same direct management control which shares common functionality. A General Support System may be, for example, a local area network (LAN), including smart terminals, that supports a branch office, or an agency-wide backbone, or a communications network, or a departmental data processing center including its operating system and utilities, or a tactical radio network, or a shared information processing service organization (IPSO). Normally, the purpose of a general support system is to provide processing or communication support. (FISCAM)
Usage and Context: The term General Support System is used in context of security. Individual applications supporting different business-related functions may run on a single GSS.
Example: HHSNET, NIHNET