CIO Council Charter
June 27, 2007
Table of Contents
- I. Purpose
- II. Mission
- III. Scope and Responsibilities
- IV. Membership and Reporting Structure
- V. Administration
- VI. Approval
This Charter establishes the U.S. Department of Health and Human Services (HHS) Chief Information Officer (CIO) Council and defines its mission, scope and authority, membership, and administration. All proposed changes to this document, with supporting rationale, are to be submitted in writing to the HHS CIO.
In response to the Clinger-Cohen Act and the need to establish a process that ensures technical feasibility of proposed HHS IT investments, HHS has established the HHS CIO Council. The HHS CIO Council shall perform the following functions:
§ Determine the technical feasibility of individual information technology investments and mitigate technical risks of the overall HHS IT investment portfolio.
§ Research, evaluate, and implement new information technologies to advance HHS goals and mission.
§ Ensure that all IT investments comply with the HHS Enterprise Architecture (EA), or obtain waivers from the architecture, prior to project funding and/or approval to proceed.
§ Oversee the HHS IT Security Program.
The HHS CIO Council is an enterprise-wide committee responsible for reviewing the technical and managerial soundness of IT investments and providing technical recommendations to the HHS Information Technology Investment Review Board (ITIRB).
Although the HHS CIO Council operates under the authority of the HHS Information Technology Investment Review Board (ITIRB), the HHS CIO Council has independent authority to review any IT investment, technology or other matter relevant to its mission. Typically, matters will come before the HHS CIO Council before going before the HHS ITIRB, but there may be situations where the ITIRB refers issues before it to the HHS CIO Council for review and recommendation.
The HHS CIO Council will address technology issues for the entire HHS IT investment portfolio, but will typically limit its individual investment reviews to those investments that cross the threshold criteria for Department-level review per HHS Capital Planning and Investment Control (CPIC) policy. All investments that meet criteria for Department-level review will be within the scope of the HHS CIO Council regardless of their funding source. The HHS CIO Council responsibilities set forth in this charter apply to the entire life cycle of the investments under its review.
The Council shall be responsible for:
§ Recommending approval/disapproval of IT investments to the ITIRB based on technical merits.
§ Ensuring new investments do not duplicate or conflict with existing IT investments.
§ Reviewing and approving the HHS Enterprise Architecture and ensuring that investments are consistent with that architecture.
§ Reviewing and recommending all IT upgrades, network initiatives, new IT technologies, Intranet and Internet initiatives, and new IT services.
§ Providing cogent and sound recommendations to the HHS ITIRB on matters referred to the Council by the ITIRB.
Figure 1 reflects the HHS Capital Planning and Investment Control (CPIC) Governance structure. For a detailed discussion of the HHS CPIC Governance structure and CPIC Policy see “HHS OCIO Policy for Information Technology (IT) Capital Planning and Investment Control (CPIC),” HHS-OCIO-2005-0005.
Figure 1: HHS CPIC Governance Structure
*Note: Investments meeting Department-level CPIC review thresholds will be reviewed by the HHS CPIC Team.
The HHS CIO Council shall review the technical approach of individual IT investments coming before the HHS ITIRB and make recommendations to the HHS ITIRB regarding technical aspects of affordability, soundness of design, risk, and compliance with architectural and security standards. The HHS CIO Council shall consider the recommendations of the HHS CPIC critical partners in preparing its recommendations to the HHS ITIRB.
The HHS CIO Council shall review the IT investment planning and/or status of each individual IT investment coming before the HHS ITIRB to ensure that the investment’s business case, IT investment plan, alternatives analysis and other IT investment documentation are complete, accurate and in compliance with Department policies and standards.
The HHS OPDIVs, STAFFDIVs and Enterprise investment managers shall maintain required investment data in the HHS Portfolio Management Tool (PMT) for each proposed and approved IT investment under their cognizance. Their investments and related data shall be consistent with the organization’s IT Strategic Plan and its IT budget submissions. The HHS CIO Council will rely on information contained in the PMT for executing its review and recommendation responsibilities to the HHS ITIRB.
The HHS CIO Council shall review IT investments meeting Department-level review requirements to ensure technical feasibility prior to submitting the investment to the HHS ITIRB for review. If the investment meets with the HHS CIO Council approval, the Council shall forward the investment recommendation with any comments or conditions to the HHS ITIRB. In the event an investment is evaluated and found not to meet technical requirements, the CIO Council shall return the investment to the investment managers with comments regarding deficiencies. The investment manager may return to the HHS CIO Council for review once deficiencies are corrected.
For a detailed description of the review and approval process for HHS IT investments refer to the “Information Technology (IT) Capital Planning and Investment Control (CPIC) Procedures,” HHS-OCIO-2005-0005P.
Membership in the HHS CIO Council is comprised of the following:
§ Chair, HHS CIO.
§ HHS OPDIV CIOs.
§ HHS Office of the Secretary (OS) CIO
§ HHS Program Support Center (PSC) CIO
§ HHS Office of the Inspector General (OIG) CIO
In addition, subject matter experts (SMEs) and other advisory members, such as members of the Enterprise Architecture Review Board (EARB), may be invited to attend HHS CIO Council meetings as non-voting members with the concurrence of the Council Chair.
The HHS CIO Council shall report to the HHS ITIRB through the HHS CIO.
The HHS CIO Council shall review:
§ The technical approach and management planning of IT investments coming prior to going before the ITIRB and make recommend to the ITIRB regarding technical aspects of affordability, soundness of design, risk, and compliance with architectural and security standards.
§ The IT investment planning and/or status of each individual IT investment coming before the ITIRB to ensure that the investment’s business case, IT investment plan, alternatives analysis and other IT investment documentation are complete, accurate and in compliance with Department policies and standards. Recommend approval or non-approval to the ITIRB with comments.
The HHS CIO Council shall meet regularly at a time and place set by the Chair. In addition, the CIO Council may be convened in an emergency session to address time-critical topics as deemed necessary by the Chair. It is currently expected that the Council shall meet monthly.
Principals are expected to attend all meetings. Attendance may be in person or any two-way, interactive communications means, such as conference call or video conference acceptable to the Chair. If necessary, a member may be represented by a designated alternate. A majority of voting members, one of whom is the Chair, must attend the meetings to establish a quorum.
Decisions shall be determined based on the vote of a majority (at least 51 percent) of the voting members in attendance. Each principal HHS ITIRB member has one vote. In the event of a tie vote, the Chair shall cast a second vote to make the final decision. The Chair shall communicate significant minority positions of the Council to the ITIRB when submitting Council recommendations.
Items presented for HHS CIO Council review shall be circulated electronically for members' review far enough in advance of the meeting to allow members time to review the documents in a meaningful way. Disposition may be determined by virtual deliberation and voting of the members without convening a CIO Council meeting.
The HHS CIO Council Administrator, provided by the HHS Office of Chief Information Officer (OCIO), shall perform all CIO Council administrative activities, including:
§ Receiving, recording, and tracking all agenda items submitted for CIO Council consideration.
§ Preparing the agenda, supplemental materials, and minutes for each CIO Council meeting.
§ Tracking action items from the CIO Council meetings.
§ Maintaining current and historical CIO Council logs, distribution lists, and other records.
§ Preparing routine and ad hoc reports of CIO Council activities.
June 27, 2007
Acting HHS Chief Information Officer and
Deputy Assistant Secretary for Information Technology