Department of Health and Human Services Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter
June 23, 2008
HHS TICAP Steering Committee Charter
The Trusted Internet Connection Steering Committee (TICSC) for the Trusted Internet Connection Access Provider (TICAP) serves as the Department of Health and Human Services’ (HHS) governing body for the HHS Trusted Internet Connections (TIC) initiative. This is a short term steering committee that will define roles and responsibilities and outline ongoing operations such as governance, change control, and business practices. It is envisioned once this initial approach is approved by the CIO Council, other formal teams with specific areas of expertise will fill those roles as defined by this steering committee to handle on going operations such as business, billing, etc.
The TICSC acts to establish the TICAP, performs quality assurance relative to TICAP performance, reviews TICAP funding, and recommends policy. The TICSC will present recommendations and proposals to the HHS Chief Information Officer (CIO) Council for authorization and funding.
This Steering Committee will:
- Establish the TICAP organization;
- Establish baseline TICAP performance measurements;
- Establish a sustainable funding model to support TICAP;
- Report on the TICAP’s performance, progress and funding;
- Review and authorize TICAP involvement within the HHS and OPDIV Enterprise Architecture processes; and
- Review and authorize TICAP involvement with external agencies.
The vision of this charter is to ensure that critical resources are available and engaged to conduct the necessary analysis, to provide direction and to perform the planning that enables HHS to become a Trusted Internet Connection Provider and provide portal access for the Federal Government.
The mission of this charter is to establish an HHS TICSC to evaluate, analyze, and provide oversight and guidance in determining the requirements of the TICAP, its business, operational and governance strategies. Upon the completion of the above goals, the TICSC will develop the business case and support the development of the Project Plan that will support the HHS TICAP initiative.
The principles, guidelines and processes described in the TICAP Charter are applicable to all Department of Health and Human Services organizational Components (Operating Divisions). In response to the Office of Management and Budget (OMB) Memorandum M-08-05, dated November 20, 2007, HHS will adopt a network and security architecture for all external connections to include the Internet and all inter-agency, partner, contractor, educational, health and research connectivity that reduces the total number of Internet connections and complies with the Department of Homeland Security (DHS) requirements.
The TICAP will consist of the following three groups:
- The Business Units
- Technical Support & Services
- Information Technology Operations
- OPDIV Infrastructure support offices
- Department of Homeland Security (DHS)
These three groups will interface with the software product Einstein used by DHS for intrusion detection across all TICAP providers that will also handle the security activities of the TICAP.
The TICSC shall identify/enumerate TIC related roles and responsibilities of the Business Units, Technical Support & Services, and Department of Homeland Security. The description of the specific areas of responsibility will be a deliverable of this steering committee.
The TICSC shall establish liaison memberships to designated representatives of major HHS enterprise-wide investment initiatives, or other initiatives where information sharing and decision-collaboration are beneficial. The HHS CIO Council shall consider recommendations for liaison membership from the TICSC members and from other sources. The CIO shall advise the Task Force of planned appointments of new liaison representation to the Task Force.
Once established the Task Force will determine its Chair or optionally Co-Chairs.
The TICAP TICSC Charter will be reviewed by the TICSC to ensure it’s consistent with the intended functions of the TICSC as directed by the CIO Council. The charter may be amended to reflect the developing purpose, mission, and business objectives specific to the TICAP. The TICSC may, by majority vote, amend this Charter providing such amendment does not substantially alter the intended purpose of this body. The Charter may be amended to add additional types of membership to the organization. Substantial changes to the Charter shall be authorized through the Department’s standard authorization procedures.
The TICSC will initially provide overall direction to the Requirements Phase of the TICAP that will be developed incrementally, as defined and recommended by the HHS Enterprise Performance Life Cycle (EPLC). These incremental steps include the following:
- Determine Requirements Definition
- Perform Alternative Analysis / Cost Benefits Analysis
- Recommendation of Selected Alternative
- Business Case Development
- Requirements Implementation Plan
- Requirement Proof-of-Concept Testing Plan
- TIC Implementation Project Plan
The Chief Information Officer (CIO) of each Operating Division (OPDIV) at their option shall appoint the OPDIV’s Lead to represent their OPDIV on the TICSC. Participating members will be senior-level personnel who have full voting authority to represent their respective OPDIV regarding the TICAP efforts. The members will have a broad knowledge and direct involvement with their OPDIV’s planning, development and implementations, IT investment portfolio, and E-Government initiatives to support the HHS goals and objectives.
If a need for representation from additional organizations is identified and approved by the TICSC, the Charter may be amended to include these individuals. If the existing representative leaves, the OPDIV will be responsible for appointing a qualified replacement within the week and notifying the TICAP Chair/Co-chair.
The following OPDIVs constitute the initial voting membership of the Task Force:
- Centers for Disease Control and Prevention (CDC)
- Centers for Medicare & Medicaid Services (CMS)
- Food and Drug Administration (FDA)
- Indian Health Service (IHS)
- National Institutes of Health (NIH)
- One or more representatives each having one vote, as designated by the HHS Office of the CIO, from the small OPDIVs group consisting of:
- Administration for Children and Families (ACF)
- Administration on Aging (AoA)
- Agency for Healthcare Research and Quality (AHRQ)
- Health Resources and Services Administration (HRSA)
- Office of Inspector General (OIG)
- Program Support Center( PSC)/ ITO
- Substance Abuse and Mental Health Services Administration (SAMHSA)
The actions of the TICSC may impact one or more interested parties or organizations (“stakeholders”). Key stakeholders, who have been identified for HHS’s TICAP activities, include:
Member Name, OPDIV, Roles and Responsibilities
Member OPDIV name
Roles and responsibilities
The TICAP initiative will be formally initiated by establishing the TICSC. The procedures for conducting the activities of the TICSC will align to the guidance for Trusted Internet Connection Statement of Capability Form as defined by OMB.
The TICSC will meet weekly at a time and place set by the Chair and/or Co-Chairs. In addition, the TICSC may convene for an emergency session to address time-critical topics as deemed necessary by the Chair and/or Co-Chairs. Attendance may be in person or by any two-way, interactive communications means, such as conference call or video conference.
The Chair or Co-Chairs will assign the TICSC Secretariat who will be responsible for:
- Recordation and dissemination of meeting minutes;
- Distribution of TIC-related communications, including work products of the TICAP Steering Committee; and,
- Coordination and facilitation of communication with other IT Governance and Management committees, including the HHS CIO Council, the HHS IT Investment Review Board, and the HHS Service and Supply Fund Standing Committee.
Before each meeting, the Chair and/or Co-Chairs will develop the meeting agenda and provide it to the TICSC Secretariat for distribution to all members.
A vote is decided by majority (at least 51 percent) among the voting members in attendance. The Chair or Co-Chairs will resolve any lack of consensus that remains following a vote. The steering committee shall conclude what constitutes a quorum. A minimum number of members must be present to have a quorum. That minimum number will be defined by the steering committee.
Status reports are prepared by the Chair and/or Co-Chair as necessary to keep management, the CIO Council and HHS ITIRB informed of the TICSC’ TICAP activities and progress.
Ad hoc reports are prepared as requested by management or as deemed necessary by the Chair and/or Co-Chair.
Below are the required reports to be developed and associated timeframes during the Requirements Phase:
Requirements Phase Table
Develop Business Strategies
Develop Operational Strategies
Develop Governance Strategies
Complete Project Plan
START=Charter Signature Date (CSD) plus NN Calendar Days (CD)
FINISH=CSD plus CD
_ __June 23, 2008_
Michael W. Carleton
Deputy Assistant Secretary for Information Technology and
HHS Chief Information Officer
Glossary Terms Table
The use of information resources (information and information technology) to satisfy a specific set of user requirements (OMB A-130, App. III). In particular, an application is usually considered to be the software component of a system. An application runs on, and may or may not be part of, a general support system. The terms “application” and “information system” are sometimes used interchangeably although the latter has a broader definition to include general support systems.
Baselines are the standard against which actual work is measured. Baselines are used in the annual report to Congress required by Federal Acquisition Streamlining Act Title V on variances of 10 percent or more from cost and schedule goals and any deviation from performance (scope) goals. Baseline cost and schedule goals should be realistic projections of total cost, total time to complete the project, and interim cost and schedule goals. Performance (scope) goals should be realistic assessments of what the investment or project is intended to accomplish, expressed in quantitative terms, if possible.
The executive in charge of the organization, who serves as the primary customer and advocate for an IT project. The Business Owner is responsible for identifying the business needs and performance measures to be satisfied by an IT project; providing funding for the IT project; establishing and approving changes to cost, schedule and performance goals; and validating that the IT project initially meets business requirements and continues to meet business requirements.
Program offices and system owners.
Capital Planning and Investment Control (CPIC) Process
A process to structure budget formulation and execution and to ensure that investments consistently support the strategic goals of the Agency.
Chief Information Officer (CIO)
The Office of the Chief Information Officer advises the Secretary and the Assistant Secretary for Resources and Technology (ASRT) on matters pertaining to the use of information and related technologies to accomplish Departmental goals and program objectives. The mission of the Office is to establish and provide: Assistance and guidance on the use of technology-supported business process reengineering; investment analysis; performance measurement; strategic development and application of information systems and infrastructure; policies to provide improved management of information resources and technology; and better, more efficient service to our clients and employees.
The HHS CIO Council, a cross-OPDIV review committee comprised of the OPDIV CIOs and chaired by the HHS CIO, is responsible for reviewing the technical and managerial soundness of IT investments and providing technical recommendations to the ITIRB.
Earned Value Management (EVM)
Earned Value Management integrates the scope of work with schedule and cost elements for optimum planning and control. The qualities and operating characteristics of earned value management systems are described in American National Standards Institute (ANSI) /Electronic Industries Alliance (EIA) Standard-748-1998, Earned Value Management Systems.
An organization supporting a defined business scope and mission. An enterprise is comprised of interdependent resources (people, organizations, and technology) that coordinate functions and share information in support of a common mission (or set of related missions).
Functional requirements specify Business Product features and what the Business Product must do. They are directly derived from the objectives defined in the Project Management Plan. A functional requirement is a tangible service, or function, that the Business Product must provide and is a non-technical requirement. See also Non-functional Requirements.
An organizational investment employing or producing IT or IT-related assets. Each investment has or will incur costs for the investment, has expected or realized benefits arising from the investment, has a schedule of project activities and deadlines, and has or will incur risks associated with engaging in the investment.
A discrete set of information resources organized for the collection, processing, maintenance, transmission, and dissemination of information, in accordance with defined procedures, whether automated or manual to support HHS’ or OPDIV’s mission. An interconnected set of information resources under the same direct management control, which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. Refers to a set of information resources under the same management control that share common functionality and require the same level of security controls.
Operating Division within the Department of Health & Human Services.
A program is an activity or set of activities intended to help achieve a particular outcome for the public. A program may be recognized by the Executive Branch and the Congress when making budget or other decisions. A program may be selected for an Office of Management and Budget (OMB) Program Assessment Rating Tool (PART) Review. (The PART was designed by the Office of Management and Budget (OMB) to provide a consistent approach to assessing federal programs in the executive budget formulation process. It is a diagnostic tool drawing on available program performance information to form conclusions about program benefits and recommended improvements.
A project is a temporary planned endeavor funded by an approved investment; thus achieving a specific goal and creating a unique product, service, or result. A project has a defined start and end point with specific objectives that, when attained signify completion
A collection of components organized to accomplish a specific function or set of functions.