Skip Navigation

 

Frequent Questions

Font Size Reduce Text SizeEnlarge Text Size     Print Send this page to printer     Download Reader  Download PDF readerHHS Home|HHS News|About HHS

OCIO Home > Capital Planning & Budget > Exhibit 300

OCIO Home

About the OCIO

Policy

Enterprise Architecture

Enterprise Performance Life Cycle

Capital Planning & Budget

IT Contracting & Purchasing

Enterprise Solutions

IT Security & Privacy

E-Government & President's Management Agenda

Plans & Reports

OCIO Site Map

Exhibit 300 (BY2010) - National Select Agent Registry (NSAR) (formerly SATERIS)

PART ONE

OVERVIEW

1. Date of Submission:
2009-04-10
2. Agency:
009
3. Bureau:
20
4. Name of this Capital Asset:
CDC National Select Agent Registry (NSAR) (formerly SATERIS)
5. Unique Project Identifier:
009-20-01-03-01-0547-00
6. What kind of investment will this be in FY2010?
Mixed Life Cycle
7. What was the first budget year this investment was submitted to OMB?
FY2005
8. Provide a brief summary and justification for this investment, including a brief description of how this closes in part or in whole an identified agency performance gap.
The 2002 Bioterrorism Preparedness & Response Act requires entities to register with the U. S. Departments of HHS or Agriculture (USDA) if they possess,use,or transfer select biological agents or toxins that could pose a severe threat to public health and safety, animal, plant health, or animal/ plant products. The 2002 Act requires maintenance of a national database of entities that are registered for possession of SA & toxins, laboratory compliance with national safety guidelines, security measures including controlled access to SA and toxins, security screening of entities & personnel and criminal/civil penalties for inappropriate use of SA/toxins. NSAR is a joint APHIS & CDC program designed to control, protect, store & oversee the use, possession & transfer SA & toxins. This inter-agency collaboration combines agency efforts, better funds use, avoid duplication resulting in savings for government. NSAR maintains information regarding an entity's SA registration, lists of select agents or toxins they have & individual access & laboratory inspection information & where SA work is conducted. Access and accurate processing of SA data via NSAR system enables agencies to increase their ability to enforce and prevent the spread of infectious diseases & illnesses. Individuals desiring to conduct research related activities are screened and approved by Department of Justice's Criminal Justice Information Services. NSAR system manages the data and controls who, where, how & when SA research is conducted, thereby aiding to improve & protect the health & well-being of the public. The existence of NSAR database containing historic, current and accurate information about individuals, location, agents, toxins, and lab inspection outcomes enables rapid reporting of SA identified in a diagnostic/lab setting, aids/notifies SAP during a outbreak event, and ability to know where SA/toxins exists or transferred, so agencies can proactively query and respond to both natural & man-made disasters in a timelier manner. NSAR investment is a single secure shared national database, which merged two disparate data systems (CDC/APHIS) into 1 national system and minimizes data collection/entry redundancy, improves information sharing, & will reduce entities reporting burden when forms are submitted electronically.
9. Did the Agency's Executive/Investment Committee approve this request?
yes
9.a. If "yes," what was the date of this approval?
2008-07-11
10. Did the Project Manager review this Exhibit?
yes
11.a. What is the current FAC-P/PM certification level of the project/program manager?
Waiver Issued
11.b. When was the Program/Project Manager Assigned?
2007-01-31
11.c. What date did the Program/Project Manager receive the FACP/PM certification? If the certification has not been issued, what is the anticipated date for certification?
2010-12-31
12. Has the agency developed and/or promoted cost effective, energy-efficient and environmentally sustainable techniques or practices for this project.
no
12.a. Will this investment include electronic assets (including computers)?
yes
12.b. Is this investment for new construction or major retrofit of a Federal building or facility? (answer applicable to non-IT assets only)
no
13. Does this investment directly support one of the PMA initiatives?
yes
If yes, select the initiatives that apply:
Initiative Name
Expanded E-Government
13.a. Briefly and specifically describe for each selected how this asset directly supports the identified initiative(s)? (e.g. If E-Gov is selected, is it an approved shared service provider or the managing partner?)
Gaps: inadequate database to collect, enter, process, report, redundant data entry, collaborations with APHIS. Supports eGov: minimizes data entry redundancy through a single joint national db, information sharing through inter-agency e-communications, reduce reporting burden for regulated community with e-submissions. Performance/productivity improvements: reduce registration time, data entry/reporting, robust database, efficient inter-agency collaboration, reduce entity reporting burden.
14. Does this investment support a program assessed using the Program Assessment Rating Tool (PART)?
no
15. Is this investment for information technology?
yes
16. What is the level of the IT Project (per CIO Council's PM Guidance)?
Level 3
17. What project management qualifications does the Project Manager have? (per CIO Council's PM Guidance)
(1) Project manager has been validated as qualified for this investment
18. Is this investment identified as high risk on the Q4 - FY 2007 agency high risk report (per OMB memorandum M-05-23)?
yes
19. Is this a financial management system?
no
20. What is the percentage breakout for the total FY2009 funding request for the following? (This should total 100%)
AreaPercentage
Hardware4
Software6
Services88
Other3
21. If this project produces information dissemination products for the public, are these products published to the Internet in conformance with OMB Memorandum 05-04 and included in your agency inventory, schedules and priorities?
n/a
22. Contact information of individual responsible for privacy related questions.
NameFelicia Kittles
Phone Number770.488.8919
TitleIT Security Project Manager
Emailice8@cdc.gov
23. Are the records produced by this investment appropriately scheduled with the National Archives and Records Administration's approval?
yes
24. Does this investment directly support one of the GAO High Risk Areas?
yes

SUMMARY OF SPEND

1. Provide the total estimated life-cycle cost for this investment by completing the following table. All amounts represent budget authority in millions, and are rounded to three decimal places. Federal personnel costs should be included only in the row designated Government FTE Cost, and should be excluded from the amounts shown for Planning, Full Acquisition, and Operation/Maintenance. The total estimated annual cost of the investment is the sum of costs for Planning, Full Acquisition, and Operation/Maintenance. For Federal buildings and facilities, life-cycle costs should include long term energy, environmental, decommissioning, and/or restoration costs. The costs associated with the entire life-cycle of the investment should be included in this report.

All amounts represent Budget Authority

Note: For the cross-agency investments, this table should include all funding (both managing partner and partner agencies).

Government FTE Costs should not be included as part of the TOTAL represented.
Cost TypePy-1 & Earlier
-2007		PY
2008		CY
2009		BY
2010
Planning Budgetary Resources0.0360.0370.0380.039
Acquisition Budgetary Resources16.5553.3403.0002.800
Maintenance Budgetary Resources9.9874.0004.1604.300
Government FTE Cost1.4400.2800.2900.301
# of FTEs2222
2. Will this project require the agency to hire additional FTE's?
no

PERFORMANCE

In order to successfully address this area of the exhibit 300, performance goals must be provided for the agency and be linked to the annual performance plan. The investment must discuss the agency's mission and strategic goals, and performance measures (indicators) must be provided. These goals need to map to the gap in the agency's strategic goals and objectives this investment is designed to fill. They are the internal and external performance benefits this investment is expected to deliver to the agency (e.g., improve efficiency by 60 percent, increase citizen participation by 300 percent a year to achieve an overall citizen participation rate of 75 percent by FY 2xxx, etc.). The goals must be clearly measurable investment outcomes, and if applicable, investment outputs. They do not include the completion date of the module, milestones, or investment, or general goals, such as, significant, better, improved that do not have a quantitative measure.
Agencies must use the following table to report performance goals and measures for the major investment and use the Federal Enterprise Architecture (FEA) Performance Reference Model (PRM). Map all Measurement Indicators to the corresponding Measurement Area and Measurement Grouping identified in the PRM. There should be at least one Measurement Indicator for each of the four different Measurement Areas (for each fiscal year). The PRM is available at www.egov.gov. The table can be extended to include performance measures for years beyond FY 2009.
RowFiscal YearStrategic Goal SupportedMeasurement AreaMeasurement GroupingMeasurement IndicatorBaselinePlanned Improvement to the BaselineActual Results
12005S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt5% in 180 days10% in 180 days10% in 180 days
22005S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%0%; continuing to work on deploying the system, so no results to report
32005S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors5-6%7-8%0% continuing to work on deploying the system, so no results to report
42005Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR4-5%5-6%0% continuing to work on deploying the system, so no results to report
52006S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt10% in 180 days45% in 180 days90% in 180 days
62006S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%Currently exceeding 99% up-time
72006S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors7-8%6-7%achieved data entry error reduction. 6.5% error rate
82006Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR5-6%6-7%0%;continuing to work on deploying this functionality, problems with secure user authentication and identity proofing
92007S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt45% in 180 days95% in 180 days95 % in 180 days
102007S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%Currently exceeding 99% up-time
112007S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors6-7%5-6%achieved data entry error reduction. 3% error rate
122007Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR6-7%7-8%0%;continuing to work on deploying this functionality, problems with secure user authentication and identity proofing
132008S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt95% in 180 days45% in 120 days95 % in 180 days
142008S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%Currently exceeding 99% up-time
152008S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors10-15%4-5%achieved data entry error reduction. 3% error rate
162008Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR7-8%8-9%2%; performing analysis and information gathering; continuing to work on deploying this functionality, problems with secure user authentication and identity proofing
172009S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt45% in 120 days95% in 120 daysTBD
182009S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%TBD
192009S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors4-5%3-4%TBD
202009Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR8-9%10-15%TBD
212010S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt95% in 120 days45% in 90 daysTBD
222010S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%TBD
232010S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors4%<4%TBD
242010Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR15-20%20-25%TBD
252011S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt45% in 90 days95% in 90 daysTBD
262011S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%TBD
272011S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors3-4%<4%TBD
282011Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR25-35%30-40%TBD
292012S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt45% in 90 days95% in 90 daysTBD
302012S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%TBD
312012S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errorsv3-4%<4%TBD
322012Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR30-40%40-45%TBD
332013S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt45% in 90 days95% in 90 daysTBD
342013S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%TBD
352013S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors3-4%<4%TBD
362013Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR45-55%55-60%TBD
372014S.O. 2.1 - Prevent the spread of infectious diseasesMission and Business ResultsKey Asset and Critical Infrastructure ProtectionCompleted SA entity registrations within 180 days of receipt45% in 90 days<15 daysTBD
382014S.O. 2.4 - Prepare for and respond to natural and man-made disastersCustomer ResultsService AvailabilityTotal system up-time90%>90%TBD
392014S.O. 4.3 - Conduct and oversee applied research to improve health and well-beingProcesses and ActivitiesEfficiencyReduction in # of Select Agent data entry errors3-4%<4%TBD
402014Effective Management of Human Capital/Information Technology/ResourcesTechnologyExternal Data Sharing# registered entities provided data electronically via NSAR60-70%70-90%TBD

Enterprise Architecture

In order to successfully address this area of the business case and capital asset plan you must ensure the investment is included in the agency's EA and Capital Planning and Investment Control (CPIC) process, and is mapped to and supports the FEA. You must also ensure the business case demonstrates the relationship between the investment and the business, performance, data, services, application, and technology layers of the agency's EA.
1. Is this investment included in your agency's target enterprise architecture?
yes
2. Is this investment included in the agency's EA Transition Strategy?
yes
2.a. If yes, provide the investment name as identified in the Transition Strategy provided in the agency's most recent annual EA Assessment.
CDC National Select Agent Registry (NSAR)
3. Is this investment identified in a completed (contains a target architecture) and approved segment architecture?
no
4. Identify the service components funded by this major IT investment (e.g., knowledge management, content management, customer relationship management, etc.). Provide this information in the format of the following table. For detailed guidance regarding components, please refer to http://www.whitehouse.gov/omb/egov/.

Component: Use existing SRM Components or identify as NEW. A NEW component is one not already identified as a service component in the FEA SRM.

Reused Name and UPI: A reused component is one being funded by another investment, but being used by this investment. Rather than answer yes or no, identify the reused service component funded by the other investment and identify the other investment using the Unique Project Identifier (UPI) code from the OMB Ex 300 or Ex 53 submission.

Internal or External Reuse?: Internal reuse is within an agency. For example, one agency within a department is reusing a service component provided by another agency within the same department. External reuse is one agency within a department reusing a service component provided by another agency in another department. A good example of this is an E-Gov initiative service being reused by multiple organizations across the federal government.

Funding Percentage: Please provide the percentage of the BY requested funding amount used for each service component listed in the table. If external, provide the funding level transferred to another agency to pay for the service.
RowAgency Component NameAgency Component DescriptionService TypeComponentReused Component NameReused UPIInternal or External Reuse?Funding %
1National Select Agent Registery (547)A national database of regulated entitites for the Select Agent Program that includes: names and locations of registered persons; the listed agents and toxins such persons possess, use or transfer; and, characterization of such agents and toxins. The information contained in the national database is classified &quot;secret&quot; and will be safeguarded as appropriate. In addition to the development and maintenance of SATERIS, a Continuation of Operations Plan will be developed and maintained. ThCustomer Initiated AssistanceReservations / Registration  No Reuse20
2National Select Agent Registery (547)A national database of regulated entitites for the Select Agent Program that includes: names and locations of registered persons; the listed agents and toxins such persons possess, use or transfer; and, characterization of such agents and toxins. The information contained in the national database is classified &quot;secret&quot; and will be safeguarded as appropriate. In addition to the development and maintenance of SATERIS, a Continuation of Operations Plan will be developed and maintained. ThRouting and SchedulingOutbound Correspondence Management  No Reuse15
3National Select Agent Registery (547)A national database of regulated entitites for the Select Agent Program that includes: names and locations of registered persons; the listed agents and toxins such persons possess, use or transfer; and, characterization of such agents and toxins. The information contained in the national database is classified &quot;secret&quot; and will be safeguarded as appropriate. In addition to the development and maintenance of SATERIS, a Continuation of Operations Plan will be developed and maintained. ThKnowledge ManagementInformation Retrieval  No Reuse15
4National Select Agent Registery (547)A national database of regulated entitites for the Select Agent Program that includes: names and locations of registered persons; the listed agents and toxins such persons possess, use or transfer; and, characterization of such agents and toxins. The information contained in the national database is classified &quot;secret&quot; and will be safeguarded as appropriate. In addition to the development and maintenance of SATERIS, a Continuation of Operations Plan will be developed and maintained. ThManagement of ProcessesChange Management  No Reuse10
5National Select Agent Registery (547)A national database of regulated entitites for the Select Agent Program that includes: names and locations of registered persons; the listed agents and toxins such persons possess, use or transfer; and, characterization of such agents and toxins. The information contained in the national database is classified &quot;secret&quot; and will be safeguarded as appropriate. In addition to the development and maintenance of SATERIS, a Continuation of Operations Plan will be developed and maintained. ThRouting and SchedulingInbound Correspondence Management  No Reuse15
6National Select Agent Registery (547)A national database of regulated entitites for the Select Agent Program that includes: names and locations of registered persons; the listed agents and toxins such persons possess, use or transfer; and, characterization of such agents and toxins. The information contained in the national database is classified &quot;secret&quot; and will be safeguarded as appropriate. In addition to the development and maintenance of SATERIS, a Continuation of Operations Plan will be developed and maintained. ThDevelopment and IntegrationData Integration  No Reuse10
7National Select Agent Registery (547)A national database of regulated entitites for the Select Agent Program that includes: names and locations of registered persons; the listed agents and toxins such persons possess, use or transfer; and, characterization of such agents and toxins. The information contained in the national database is classified &quot;secret&quot; and will be safeguarded as appropriate. In addition to the development and maintenance of SATERIS, a Continuation of Operations Plan will be developed and maintained. ThSearchQuery  No Reuse15
5. To demonstrate how this major IT investment aligns with the FEA Technical Reference Model (TRM), please list the Service Areas, Categories, Standards, and Service Specifications supporting this IT investment.

FEA SRM Component: Service Components identified in the previous question should be entered in this column. Please enter multiple rows for FEA SRM Components supported by multiple TRM Service Specifications.

Service Specification: In the Service Specification field, Agencies should provide information on the specified technical standard or vendor product mapped to the FEA TRM Service Standard, including model or version numbers, as appropriate.
RowSRM Component>Service AreaService CategoryService StandardService Specification (i.e., vendor and product name)
1Reservations / RegistrationService Platform and InfrastructureDelivery ServersApplication ServersBEA WebLogic Platform by: BEA Systems, Inc.
2Reservations / RegistrationService Platform and InfrastructureDelivery ServersWeb ServersMicrosoft Internet Information Services by: Microsoft Corporation
3Outbound Correspondence ManagementComponent FrameworkSecurityCertificates / Digital SignaturesThe Transport Layer Security (TLS) Protocol Version 1.1 by: The Internet Engineering Task Force
4Information RetrievalService Access and DeliveryService TransportSupporting Network ServicesLightweight Directory Access Protocol by: The Internet Engineering Task Force
5Information RetrievalService Access and DeliveryService TransportSupporting Network ServicesT3 Carrier by: ANSI
6Information RetrievalComponent FrameworkData InterchangeData ExchangeSOAP by: World Wide Web Consortium
7Information RetrievalService Interface and IntegrationInterfaceService Description / InterfaceWeb Services Description Language (WSDL) by: World Wide Web Consortium
8Information RetrievalService Access and DeliveryService TransportSupporting Network ServicesT1 Carrier by: ANSI
9Information RetrievalService Access and DeliveryService TransportSupporting Network ServicesMultipurpose Internet Mail Extensions by: The Internet Engineering Task Force
10Information RetrievalService Platform and InfrastructureSupport PlatformsDependent PlatformMicrosoft Windows 2000 by: Microsoft Corporation
11Information RetrievalService Access and DeliveryAccess ChannelsOther Electronic ChannelsCDC Web Service Standard by: CDC
12Change ManagementComponent FrameworkBusiness LogicPlatform Dependent TechnologiesDocumentum by: EMC Corporation
13Change ManagementService Platform and InfrastructureSoftware EngineeringTest ManagementRational RequisitePro by: International Business Machines Corp.
14Change ManagementService Platform and InfrastructureDatabase / StorageStorageVeritas NetBackup by: Symantec Corporation
15Change ManagementService Platform and InfrastructureSoftware EngineeringSoftware Configuration ManagementRational ClearQuest by: International Business Machines Corp.
16Change ManagementService Platform and InfrastructureSoftware EngineeringModelingRational Rose by: International Business Machines Corp.
17Inbound Correspondence ManagementService Platform and InfrastructureHardware / InfrastructureWide Area Network (WAN)Integrated Services Digital Network (ISDN) - Core Aspects of Frame Protocol for Use with Frame Relay Bearer Service by: ANSI
18Inbound Correspondence ManagementComponent FrameworkUser Presentation / InterfaceStatic DisplayHyper Text Markup Language by: International Organization for Standardization
19Inbound Correspondence ManagementComponent FrameworkSecuritySupporting Security ServicesCheck Point Firewall by: Check Point Software Technologies Ltd
20Inbound Correspondence ManagementService Interface and IntegrationInteroperabilityData Format / ClassificationExtensible Markup Language (XML) 1.1 by: World Wide Web Consortium
21Inbound Correspondence ManagementService Platform and InfrastructureSoftware EngineeringTest ManagementBobby by: International Business Machines Corp.
22Inbound Correspondence ManagementService Access and DeliveryService RequirementsLegislative / Compliance36 CFR Part 1194 by: United States Access Board
23Inbound Correspondence ManagementService Access and DeliveryAccess ChannelsWeb BrowserMozilla Firefox by: Mozilla
24Inbound Correspondence ManagementService Platform and InfrastructureSupport PlatformsIndependent PlatformJava 2 Enterprise Edition by: Sun Microsystems, Inc.
25Inbound Correspondence ManagementService Platform and InfrastructureDatabase / StorageDatabaseMicrosoft SQL Server by: Microsoft Corporation
26Inbound Correspondence ManagementService Access and DeliveryService TransportService TransportTCP/IP by: The Internet Engineering Task Force
27Inbound Correspondence ManagementService Interface and IntegrationInteroperabilityData Types / ValidationXML Schema by: World Wide Web Consortium
28Inbound Correspondence ManagementComponent FrameworkUser Presentation / InterfaceStatic DisplayHypertext Transfer Protocol with SSL by: The Internet Engineering Task Force
29Inbound Correspondence ManagementService Platform and InfrastructureSoftware EngineeringTest ManagementJProfiler by: ej-technologies GmbH
30Inbound Correspondence ManagementService Platform and InfrastructureSoftware EngineeringIntegrated Development EnvironmentjBuilder by: Borland Software Corporation
31Inbound Correspondence ManagementComponent FrameworkData ManagementDatabase ConnectivityJava Database Connectivity by: Sun Microsystems, Inc.
32Inbound Correspondence ManagementComponent FrameworkBusiness LogicPlatform Independent TechnologiesEnterprise Java Beans by: Sun Microsystems, Inc.
33Inbound Correspondence ManagementService Platform and InfrastructureHardware / InfrastructurePeripheralsCDC Desktop Scanner Standard by: CDC
34Inbound Correspondence ManagementComponent FrameworkSecurityCertificates / Digital SignaturesSecure Sockets Layer by: Netscape Communications Corporation
35Inbound Correspondence ManagementService Access and DeliveryAccess ChannelsWeb BrowserWindows Internet Explorer 6.0 by: Microsoft Corporation
36Inbound Correspondence ManagementComponent FrameworkUser Presentation / InterfaceDynamic Server-Side DisplayJava Server Pages by: Sun Microsystems, Inc.
37Inbound Correspondence ManagementService Access and DeliveryService TransportSupporting Network ServicesMicrosoft Active Directory by: Microsoft Corporation
38Inbound Correspondence ManagementComponent FrameworkBusiness LogicPlatform Independent TechnologiesJava Servlet (JSR 53) by: Sun Microsystems, Inc.
39Inbound Correspondence ManagementComponent FrameworkBusiness LogicPlatform Independent TechnologiesJavaScript by: Sun Microsystems, Inc.
40Inbound Correspondence ManagementService Interface and IntegrationInteroperabilityData TransformationXSL Transformations (XSLT) Version 2.0 by: World Wide Web Consortium
41Data IntegrationComponent FrameworkData ManagementDatabase ConnectivityOpen Database Connectivity by: Microsoft Corporation
42Data IntegrationService Interface and IntegrationIntegrationMiddlewareDistributed Component Object Model by: Microsoft Corporation
43Data IntegrationService Platform and InfrastructureSoftware EngineeringIntegrated Development EnvironmentEclipse by: Eclipse Foundation
44QueryService Platform and InfrastructureHardware / InfrastructurePeripheralsNetwork Attached Storage, EMC by: EMC Corporation
45QueryComponent FrameworkData ManagementReporting and AnalysisCrystal Reports by: SAP AG
46QueryService Platform and InfrastructureDatabase / StorageDatabaseStructured Query Language by: International Organization for Standardization
6. Will the application leverage existing components and/or applications across the Government (i.e., FirstGov, Pay.Gov, etc)?
no

PART TWO

RISK

You should perform a risk assessment during the early planning and initial concept phase of the investment's life-cycle, develop a risk-adjusted life-cycle cost estimate and a plan to eliminate, mitigate or manage risk, and be actively managing risk throughout the investment's life-cycle.

Answer the following questions to describe how you are managing investment risks.
1. Does the investment have a Risk Management Plan?
yes
1.a. If yes, what is the date of the plan?
2006-08-04
1.b. Has the Risk Management Plan been significantly changed since last year's submission to OMB?
yes
1.c. If yes, describe any significant changes:
The current Risk Management Plan was a product based on reviewing, analyzing and strategizing based on the information available regarding our contract acquisition, project goals, objectives, deliverables and developing a risk management plan that identifies the cost, schedule and performance risks for the investment. The select agent program in conjunction with other portions of COTPER/CDC has recently selected a new IT development and support contractor. As a result, an IBR will be conducted to re-access the risk associated with NSAR. The key risks areas with be evaluated and will result in a revised risk management plan in FY 2009.
2. If there is currently no plan, will a plan be developed?
yes
2.a. If yes, what is the planned completion date?
2009-04-30
3. Briefly describe how investment risks are reflected in the life cycle cost estimate and investment schedule:
Schedule Risk from external dependencies is mitigated through the use of conservative milestone completion date estimates. Previous experience with integration efforts with both external agencies (CDC's Secure Data Network and USDA/APHIS) has provided historical context for adjusting internal schedule estimates with appropriate additional calendar time (adjusted at a macro level since we do not have a contractual relationship with either of the agencies with which we have schedule dependencies). Internal schedule risks are also accounted for through milestone estimate adjustments for historical experience, though are more directly tied to specific WBS tasks. The investment development effort is a complex project with multiple time-phased releases, however the major architectural elements are complete, integrated, and deployed; they no longer represent significant schedule risk. Initial Cost Risk is no longer a major factor since the investment has attained initial operational deployment and is 4 years into its contract. In addition, several major changes of direction for the program, driven both internally and through external direction (e.g., OMB direction to change development to a joint inter-agency system) make original cost estimates invalid. This investment is incrementally funded through annual exercise of option years to the contract base year (each year is fully funded/committed as funds are available). The original, modified, and current investment budget cost estimates are OMB approved. Lifecycle Cost Risk is estimated against the base year and 4 option years of the current contract, plus an additional estimated five years of use. Original Cost Benefit Analysis (CBA) figures present a Benefit-Cost Ratio of 1.64 with a payback period of approximately 7 years. As noted in the schedule risk and initial cost risk sections above, schedule adjustments have been made for both internal and external schedule risks, and associated cost estimates have been approved by OMB. The costs reported to OMB and used in the CBA include all development costs (DME) for the current contract period and estimated maintenance costs of the system/software for the projected five year follow-on contract (in line with the expected life cycle of the system). Earned Value Management information is reported monthly and overall investment cost and schedule variances are and expected to remain well below 10% for the remainder of the contract.

COST & SCHEDULE

1. Does the earned value management system meet the criteria in ANSI/EIA Standard 748?
no
2. Is the CV% or SV% greater than ± 10%?
yes
2.a. If yes, was it the?
CV
3. Has the investment re-baselined during the past fiscal year?
no

horizontal line

HHS Home | Questions? | Contacting HHS | Accessibility | Privacy Policy | FOIA | Disclaimers | Inspector General | No FEAR Act
The White House | USA.gov | HHS Archive | Flu.gov

U.S. Department of Health & Human Services · 200 Independence Avenue, S.W. · Washington, D.C. 20201