Office of the Chief Information Officer
Assistant Secretary for Administration
Department of Health and Human Services

HHS OCIO Policy for Information Technology Capital Planning and Investment Control

 

September 2016

Project:    HHS OCIO CPIC Policy

Document Number:    HHS-OCIO-2016-CPIC-01

 


 Executive Summary

This Policy supersedes the HHS Office of the Chief Information Officer (OCIO) Policy for Information Technology (IT) Capital Planning and Investment Control (HHS-OCIO-2010-0002), dated February 26, 2010.

Capital Planning and Investment Control (CPIC) is the primary Information Technology (IT) Investment management methodology at the Department of Health and Human Services (HHS) for selecting, managing, and evaluating the performance of HHS IT Investments.  It also describes the roles and responsibilities for carrying out IT CPIC requirements.

This Policy describes the principles for conducting IT Investment management and planning in HHS.  The principles are based on legislation and Office of Management and Budget (OMB) guidance that direct agencies to institute and maintain a disciplined approach to funding and monitoring IT Investments.  Alongside the 25-Point Implementation Plan to Reform Federal IT Management, the Digital Government Strategy, and Office of Management and Budget (OMB) Memorandum M-11-29, HHS leverages the Information Resources Management (IRM) Strategic Plan to shape ongoing tactical planning.

The principles form the basis for efficient and effective management of the Department's IT Investments by promoting informed decision-making and timely oversight by appropriate level review boards.  The goal is to achieve the best balance of the Department's IT Investments at the lowest cost with the least risk while ensuring that mission and business goals are met.


On this page: 1 Background | 2 Scope | 3 Policy | 4 CPIC Process | 5 CPIC Roles and Responsibilities | 6 HHS CPIC Integration with Other IT Governance | 7 IT Governance | Appendices

 


1 Background

This Policy supersedes the HHS Office of the Chief Information Officer (OCIO) Policy for Information Technology (IT) Capital Planning and Investment Control (HHS-OCIO-2010-0002), dated February 26, 2010.  The Clinger-Cohen Act (CCA) of 1996 (Division E of Public Law 104-106, formerly known as the IT Management Reform Act of 1996),requires federal agencies to use a disciplined Capital Planning and Investment Control (CPIC) process to acquire, use, maintain and dispose of IT assets.  Other laws and policies, such as the Paperwork Reduction Act of 1980 and 1995, the Government Performance and Results Act of 1993, the Federal Acquisition Streamlining Act of 1994, the Federal Information Technology Acquisition Reform Act of 2014, and OMB Circular A-130, Management of Federal Information Resources, also require agencies to design and implement a disciplined process to maximize the value and assess and manage IT Investment risks.  However, CCA supplements existing law and policies by mandating a specific, more rigorous methodology for managing IT Investments than was previously required and an approach that integrates IT capital planning with other agency processes.  CCA also elevates the role of what was previously called the Senior Information Resource Management Officer to the more visible Chief Information Officer (CIO) position and gives agencies authority and responsibility for IT acquisition.

CCA mandates that the CPIC process shall:  (1) provide for the selection, control, and evaluation of agency IT Investments; (2) be integrated with the processes for budget, financial, and programmatic decision-making; (3) include minimum criteria for considering whether to undertake an IT Investment; (4) identify IT Investments that would result in shared benefits or costs for other Federal agencies or State or local governments; (5) provide for identifying quantifiable measurements for IT Investment net benefits and risks; and, (6) provide the means for senior management to obtain timely information regarding an Investment’s progress.

Under the CCA, the HHS CIO is responsible for: (1) advising and assisting the HHS Secretary and other HHS senior executives in managing IT resources effectively and efficiently and consistent with HHS priorities; (2) using performance measures to monitor and evaluate HHS IT Investment; (3) advising senior management on whether to continue, modify, or dispose of an IT Investment; and, (4) promoting effective and efficient development and operation of all major IT processes in HHS, including work process improvements.

Operationally, HHS is structured into major business areas, with the Operating Divisions (OpDivs) and Office of the Secretary (OS) and its Staff Divisions (StaffDivs) assigned responsibility for accomplishing the HHS goals, objectives, and functions within their respective lines of business.  Consistent with this operational structure, the HHS CIO relies on a federated model for HHS IT governance, wherein the OpDivs and StaffDivs are responsible for IT governance within their respective organizations in conformance with this CPIC Policy.

HHS and its OpDivs control IT Investmentdecisions and portfolio management by leveraging enterprise architecture, strategic procurement, and the HHS Enterprise Performance Life Cycle (EPLC).EPLC is HHS’s standard IT project management methodology that provides IT project managers, business owners, functional subject matter experts (known as “Critical Partners” in EPLC), IT governance executives, and other stakeholders a repeatable structure for planning, managing, and overseeing IT projects throughout their entire life cycle. Additional information about the EPLC is available at http://www.hhs.gov/ocio/eplc/.

Whereas the HHS IT EPLC Policy addresses IT project requirements, this CPIC Policy addresses IT Investments (which may be comprised of one or more IT projects) and IT portfolio management requirements.  Adherence to this CPIC Policy ensures that HHS IT Investments are selected based on their support of HHS business needs and mission requirements; that selected meet approved cost, schedule, and performance milestones; and that they successfully achieve specified benefits and outcomes throughout the IT Investment life cycle.

This Policy recognizes that IT Investment management is dynamic – IT Investments are selected and continually monitored and evaluated to ensure that each chosen IT Investment effectively and efficiently supports the HHS mission and strategic goals.  The HHS IT CPIC model relies on three processes – Select, Control, and Evaluate – to address the following:

Select – Determine the best IT Investments based on current and future business needs as they relate to the mission.

Control – Ensure that the selected IT Investments will deliver anticipated benefits on time and within budget.

Evaluate – Determine whether operational IT Investments continue to efficiently and cost-effectively support requirements and deliver benefits.

An IT Investment can be active concurrently in more than one CPIC process.  After the IT Investment’s initial funding is in the select process, it becomes the subject of evaluation throughout the control processes for the purposes of reselection.  Reselection is ongoing and continues for as long as an IT Investment receives funding.  A decision must be made to continue to fund or to “de-select” an Investment in the following instances:

  1. If an IT Investment is not meeting the goals and objectives that were originally established when it was selected, and/or
  2. If the goals have been modified to reflect changes in mission objectives – and corrective actions are not succeeding.
Once IT Investments are operating, they remain under constant review for reselection.

2 Scope

This Policy applies to all HHS organizational components (i.e., OpDivs and StaffDivs) and organizations conducting business for and on behalf of the Department through contractual relationships when using HHS IT resources.  This Policy does not supersede any other applicable law, higher-level agency directive, or existing labor management agreement in effect as of the effective date of this Policy. Department officials shall apply this Policy to employees, contractor personnel, interns, and other non-government employees. All organizations collecting or maintaining information, or using or operating information systems on behalf of the Department, are also subject to the stipulations of this Policy. The content of and compliance with this Policy shall be incorporated This Policy also applies to all HHS IT Investments and IT projects throughout their entire life cycle, regardless of funding source, whether owned and operated by HHS or operated on behalf of HHS. OpDivs are expected to manage their IT Investment portfolios using a methodology modeled after the HHS CPIC Program. OpDivs shall use this Policy or may create a more restrictive OpDiv/StaffDiv policy, but not one that is less restrictive or less comprehensive or not compliant with this document.

3 Policy

To maximize the value and to assess and manage the risks of IT Investments, the HHS CIO has established the HHS IT CPIC policies in this section.  All IT Investment Managers and all IT Project Managers shall attain the levels of knowledge, skills, and experience required for their respective roles in accordance with applicable HHS training and certification requirements, the Office of Federal Procurement Policy (OFPP) Act, 41 U.S.C. § 1101 et. seq., OFPP Policy Letter 05-01, which established a requirement for Federal acquisition certification programs, the July 2014 HHS Handbook for Federal Acquisition Certification for Program and Project Managers,  and the December 16, 2013 OFPP Memorandum on Revisions to the Federal Acquisition Certification for Program and Project Managers (FAC-P/PM).

All IT Investments within HHS, whether managed and funded at the Department level or by the OpDivs, are HHS IT Investments.  In the event that an IT Investment is jointly funded by HHS and another agency, then the portion that HHS contributes funding to is considered an HHS investment.

3.1.1 IT Investment Characteristics

An IT Investment is the means through which a discrete and unique set of logically related, business-driven IT products and/or services is delivered. The IT Investment’s justification, cost, schedule, measurement indicators, and other management and technical artifacts shall describe its discrete and unique set of IT products/services.

Two or more HHS IT Investments shall not deliver the same discrete and unique set of IT products/services and shall not serve the same purpose without providing justification to the HHS OCIO as to why consolidation into a single IT investment is not appropriate.  When two or more IT Investments deliver IT products/services through the same IT system, each IT Investment’s set of IT products/services shall be discrete and unique and clearly distinguishable from the sets of IT products/services delivered by the other IT Investments through the IT system.

3.1.2 IT Funding

A funding source may fund more than one IT Investment and an IT Investment may be funded by one or more funding sources. 

The funds provided through each IT Investment shall be traceable to each

3.2 Cost and Schedule Milestones: The Performance Management Baseline

Performance Management Baseline (PMB) shall be established for each IT Investment with Development, Modernization, and Enhancement (DME) activities.  The IT Investment manager shall report, monitor, and implement actions as needed to correct variances from established IT Investment baselines to reduce the risk of cost overruns, schedule delays, and uncontrolled changes in scope.

Cost and schedule milestone data for DME should be tracked for all IT investments, whether funded by DME or Operations and Maintenance funds. Major IT investments with DME are required to report cost and schedule data monthly in the HHS Portfolio Management Tool (PMT).

3.3 IT Investment Classification and Reporting Requirements

3.3.1 IT Investment Classification

Each IT Investment shall be classified in one of two classes: Major or Non-major.

3.3.1.1 Major Investment Classification

An IT Investment is classified as Major when it:

FITARA establishes a sub-set of investments within the Major classification that requires review at the Department CIO level. HHS has designated such investments as “Mega-Major”. Mega-Major investments differ from regular Major investments in the following ways:

Mega-Major investments must be reviewed and approved by the HHS OCIO’s Administration and Management Domain IT Steering Committee (ITSC) before submission to OMB.

Classification of an investment as Mega-Major is temporary. Upon approval by the ITSC, a Mega-Major investment is treated the same as, and has the same reporting requirements as any Major investment.

3.3.1.2 Non-Major Investment Classification

An IT Investment is classified as Non-major when it:

3.3.2 IT Investment Reporting Requirements

The HHS PMT shall be the source of IT Investment information that supports IT governance, the CPIC process, and the HHS budget submission, with reporting data elements to be specified by the HHS CIO.

Changes in classification, such as upgrades to Major or downgrades to Non-Major, must be approved by the HHS CIO prior to the submission of the IT portfolio budget to OMB.

The following table summarizes investment classification criteria, IT governance levels, and reporting requirements.

IT Investment Classification Criteria IT Governance Review and Approval Reporting Requirements
Mega-Major Any of the criteria for Major
AND
Budget year costs ≥ $20M, or 5-year costs ≥ $100M

OpDiv IT Investment Review Board
AND
IT Steering Committee

IT Portfolio Summary; Major IT Business Case; IT Steering Committee Briefing (new investments only)
Major Any of the criteria for Major
AND/OR
Budget year costs ≥ $10M, or life cycle costs ≥ $75M
OpDiv IT Investment Review Board IT Portfolio Summary, Major IT Business Case
Non-Major Any of the criteria for Non-Major OpDiv IT Investment Review Board IT Portfolio Summary

4 CPIC Process

The CPIC process integrates all stages of capital programming, including planning, budgeting, procurement, management, and assessment.  All IT projects that comprise an IT Investment shall comply with the requirements of the HHS Policy for EPLC.

Each OpDiv shall adopt and implement CPIC procedures consistent with (1) this HHS CPIC Policy, and (2) best practice IT Investment management principles described in OMB Memorandum M-97-02, the OMB Capital Planning Guide (Supplement to Part 7 in OMB Circular A-11), and other CPIC-related Federal and industry IT Investment and project management guidance.

HHS CPIC consists of three phases:  Select, Control, and Evaluate.

4.1 Select Phase

IT Investments proposed and selected for funding shall include, but are not limited to the following criteria:

4.2 Control Phase

The Control Phase consists of continuous management involvement in monitoring a project’s cost, schedule, and performance during development and deployment through the EPLC Process.

4.3 Evaluate Phase

Each IT Investment that has received approval to transition to Steady State shall conduct a Post-Implementation Review (PIR) after a period of sustained operation.

 HHS OCIO Operational Analysis (OA) Policy provides a Department-wide standard for analyzing and evaluating the performance and continued viability of all Steady State IT Investments during the EPLC Operations and Maintenance (O&M) phase.

An approved disposition plan shall be executed by the IT Investment Manager for each IT Investment that is scheduled by the Business Owner for retirement or termination.

5. CPIC Roles and Responsibilities

The key executives, decision boards, and critical partners described in this section are required for HHS IT Investment planning, decision-making, and execution.

5.1 HHS CIO

The HHS CIO oversees the Department's use of IT to improve program performance and to manage risk and advises the HHS Secretary and other HHS senior executives.  Under the leadership of the CIO, the OCIO leads the Department’s IT CPIC, EA, governance, security, and IRM programs in collaboration with all organizational components

The HHS CIO shall:

5.2  OpDiv CIOs

HHS OpDiv CIOs advise their respective executive management on the strategic direction and management of their organizations’ IT programs.  The CIOs and their staffs provide leadership for the implementation of technology to create the information foundation for the efficient and effective operation and management of their respective organizations.  With delegated authority from the HHS CIO, OpDiv CIOs are responsible within their respective organizations for long-term and short-term IT strategic planning, IT governance, IT architecture management, IT budget and contract review, IT security and privacy, IT performance and results-based management, and where applicable, records management.  Within their respective organizations, the OpDiv CIOs shall:

5.3  HHS IT CPIC Officer

The HHS IT CPIC Officer is designated by the HHS CIO to direct and coordinate HHS CPIC processes and provide the HHS CIO with IT governance support. The HHS IT CPIC Officer shall:

5.4  OpDiv IT CPIC Officer

As directed by their respective CIOs under their delegated authority, the OpDiv IT CPIC Officer (also known as the CPIC Manager) coordinates their organization’s CPIC processes and ensures that the appropriate rigor for PBM is fully integrated into their organization’s processes. Moreover, they ensure that required PBM processes are implemented for IT Investments and IT projects, and that PBM information is used effectively. The OpDiv IT CPIC Officer shall:

5.5  Business Owners

The Business Owner is the organization executive who advocates for the IT Investment and is the primary point of contact to the CIO and the IT governance board.  Consistent with approved enterprise and/or OpDiv governance policies and procedures, the Business Owner shall:

5.6  IT Investment Manager

The IT Investment Manager is accountable to the Business Owner for ensuring that the IT Investment meets business requirements efficiently and cost effectively, and to the respective IT governance organization for meeting IT Investment management requirements.  The IT Investment Manager shall:

5.7  IT Project Manager

The IT Project Manager reports to the IT Investment Manager.  As directed by the IT Investment Manager, the IT Project Manager shall:

5.8  Contracting Officer/Contracting Officer’s Representative

The Contracting Officer and Contracting Officer’s Representative should work with the Business Owner to ensure that all contracts associated with an IT Investment comply with all pertinent rules, policies, and procedures of the Federal Acquisition Regulation and HHS Acquisition Regulation, and incorporate the content and compliance with this Policy into applicable contract language, as appropriate. 

6. HHS CPIC Integration with Other IT Governance

6.1  The HHS EPLC Framework

The HHS EPLC framework is the standard structure for planning, managing and overseeing the IT projects that comprise the IT Investment over the respective IT project life cycles.  Defining features of EPLC include the following:

6.2  Critical Partners

The Critical Partners are subject matter experts in enterprise architecture, security and privacy, acquisition management, finance, budget, human resources, performance, governance, and other areas.  Based on the IT Investment Manager or the IT governance board determination, the Critical Partners shall:

6.3  IT Enterprise Architecture

Working from the standard ‘Strategy, Architecture, Investment, and Implementation’ framework, the Office of Enterprise Architecture shall have the formal role of determining a proposed Investment’s alignment with the HHS Enterprise Architecture.   As a Critical Partner in the HHS EPLC framework, EA shall also have a decisional role throughout the IT project lifecycle via the EPLC Stage Gate reviews. To ensure support of the HHS mission, strategic plans, and performance and outcome objectives, IT Investments shall comply with Federal, HHS and OpDiv enterprise architectures.

6.4  PortfolioStat

OMB mandates that Federal agencies review their respective IT Investment portfolios and identify opportunities to consolidate the acquisition and management of IT services, particularly with respect to commodity IT. This process, known as PortfolioStat, is a data driven, evidence-based review of an agency’s IT portfolio that includes data on commodity IT Investments, potential duplications within the agency, IT Investments that do not appear to be well aligned to agency missions or business functions, and other key considerations and data within an agency’s IT portfolio. PortfolioStat empowers CIOs to assess the effectiveness of established IT Investment and IT portfolio management processes, streamline IT portfolios, and augment the CPIC process.

6.5  TechStat

A TechStat is an in-depth review of a single IT Investment. A TechStat can be triggered by the HHS CIO, an OpDiv CIO, or OMB when it is determined that a project or IT Investment is under-performing.  Generally, the initial assessment of the necessity of a TechStat is made using data from the HHS Portfolio Management Tool.  Two possible TechStat triggers are a high cost and/or schedule variance(s) for projects associated with an IT Investment or an assessment by the HHS CIO that the IT Investment is “High Risk”.  Per the June 10, 2015, FITARA implementation guidance released by OMB, a TechStat is mandatory for all Major IT Investments that trend as “High Risk” for three consecutive months. TechStats sessions review the overall management of the IT Investment, examine program performance data, and explore opportunities for corrective action. The outcome of a TechStat session is the establishment of clear action items required in order to correct the issues that triggered the TechStat. These items are tracked by the HHS Office of the CIO until the IT Investment’s program office achieves completion of all action items.

6.6  IT Privacy, Security, and Records Management

To ensure confidentiality, integrity, availability, reliability, and non-repudiation within the HHS infrastructure and its operations, IT Investments shall comply with Federal and HHS privacy, security, and records management requirements for IT Investments and systems. IT Investments shall also demonstrate that costs for appropriate IT privacy, security, and records management controls are explicitly incorporated into the life cycle planning and operational costs of all associated IT systems.

6.7  IT Acquisition Strategy

The primary purpose of IT Investment acquisition-related activities shall be to support the execution of the IT Investment decisions made by the IT Investment’s Business Owner and the IT governance board.

To improve effectiveness and minimize costs/risks, IT Investments shall develop, execute, and maintain a performance-based acquisition strategy that includes an appropriate mix of contract types to minimize risk to the government,  reflects approved and updated cost and schedule milestones, and complies with Federal and HHS acquisition requirements for IT Investments and systems.

7 IT Governance

HHS established the domain IT governance model to address the need for providing common delivery of shared services and benefits across the Department.  The domain structure replaces the former Department-level IT Investment Review Board (ITIRB), which reviewed, validated and approved all HHS IT Investments in the HHS IT Investment portfolio either directly or through delegation to the OpDiv governance boards, and served as the IT governance board for all HHS enterprise IT Investments.  The domain IT governance framework established the IT Steering Committees (ITSCs) to focus on categories of Investments, which enable efficiencies to better align the IT and business communities.  The CPIC Officer, as delegated by the CIO, is responsible for overseeing the CPIC processes to select, control, and evaluate for their organization’s IT Investments.

Enterprise Governance

The ITSCs are organized into three distinct business areas, known as “domains”: Health and Human Services, Scientific Research, and Administration and Management.  HHS IT Investments within the domain model are structured and mapped according to their business area.  The ITSCs are responsible for directing strategy, policy, and standards surrounding these IT Investments.

The mission of each domain ITSC is to:

This governance framework provides greater visibility into division Investment decisions and allows for collaboration and coordination of HHS-wide initiatives that benefit the entire Department.

7.2  Delegated OpDiv Governance

At the OpDiv level, IT Investments and projects are reviewed and approved through oversight of the OpDiv’s IT Investment Review Board (ITIRB) or other appropriate governance bodies, consistent with HHS policy.  OpDivs coordinate IT project governance and Investment management functions within their respective organizations and OpDiv-level ITIRBs.  OpDivs shall work directly with their IT project teams to ensure performance and overall compliance with the direction of the ITSCs and conduct the following:

Appendix A   CPIC Policy Approval

The undersigned acknowledge they have reviewed the HHS OCIO Policy for Information Technology Capital Planning and Investment Control.  Changes to this policy will be coordinated with and approved by the undersigned or their designated representatives.

 

Signatre:                                    Date:


Print Name:                              /Beth Anne Killoran/

Title:                                      HHS Chief Information Officer

Signatre:                                    Date:


Print Name:                              /Christos Skeadas/

Title:                                     Deputy Chief Information Officer

Applicable Laws and Guidance

Applicable laws and guidance include, but are not limited to, the following:

Chief Financial Officers Act of 1990 (Public Law 101-576)

Clinger-Cohen Act (CCA) of 1996 (formerly the IT Management Reform Act of 1996 (Division E of Public Law 104–106) and Federal Acquisition Reform Act of 1996 (Division D of Public Law 104–106)

Federal Information Technology Acquisition Reform Act (FITARA) of 2014 (Public Law 113-291)

American National Standards Institute/Electronic Industries Alliance (ANSI/EIA) Standard 748 

E-Government Act of 2002 (Public Law 107-347)

Federal Information Security Management Act (FISMA) of 2002 (Public Law 107-347)

Federal Managers Financial Integrity Act of 1982 (Public Law 97-255)

Federal Financial Management Improvement Act of 1996 (Public Law 104-208)

Federal Acquisition Streamlining Act of 1994 (Public Law 103–355)

Government Performance and Results Act of 1993 (Public Law 103–62)

Paperwork Reduction Act of 1995 (Public Law 104-13)

Records Management Act of 1950

National Archives and Records Administration (NARA) Code of Federal Regulations (CFR) - 36 CFR Subchapter B - Records Management. 

Government Accountability Office (GAO) Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity, GAO-04-394G, March 2004

GAO Cost Estimating and Assessment Guide: Best Practices for Developing and Managing Capital Program Costs, GAO-09-3SP,  March 2, 2009

GAO Accounting and Information Management Division (AIMD) Assessing Risks and Returns: A Guide for Evaluating Federal Agencies' IT Investment Decision-making, AIMD-10.1.13, February 3, 1997

HHS Policy for Section 508 Electronic and Information Technology, January 2005 

HHS Acquisition Regulation, April 26, 2010

HHS Office of Acquisition Management and Policy (OAMP) – Acquisition Policy Memorandum No. 2008-02, October 1, 2008

HHS-OCIO-2008-0003, IT Policy for Enterprise Architecture, August 7, 2008

HHS-OCIO-2008-004, Policy for IT Enterprise Performance Life Cycle, October 6, 2008

HHS-OCIO-2010-0007,  Policy for IT Performance Baseline Management, December 21, 2010

HHS Information Resource Management (IRM) 2003-0002, Policy for Conducting Information Technology Alternative Analysis, June 13, 2003

HHS Information Resource Management (IRM) Strategic Plan 2014-2018, April 2014

HHS-OCIO-2014-0007,  HHS Policy for Information Systems Security and Privacy (IS2P), July 30, 2014

HHS-OCIO-2007-0004, Policy for Records Management, January 30, 2008

HHS CIO Roles and Responsibilities - Circular No. IRM-101, March 1999

HHS Section 508 Implementation Policy, January 24, 2005

OMB Circular A-11, Part 7,

Planning, Budgeting, Acquisition and Management of Capital Assets

OMB Circular A-11, Part 7 Supplement, Capital Programming Guide (June 2006)

OMB Circular A-76, Performance of Commercial Activities (May 29, 2003) including changes made by OMB Memorandum M-07-02 (October 31, 2006) and OMB Memorandum M-08-13 (March 11, 2008), and a technical correction made by OMB Memorandum M-03-20 (August 15, 2003)

OMB Circular A-94, Guidelines and Discount Rates for Benefit-Cost Analysis of

OMB Circular A-127, Financial Management Systems

OMB Circular A-130, Management of Federal Information Resources

OMB Memorandum 97-02 Funding Information Systems Investments, October 25, 1996

OMB Memorandum 05-23, Improving Information Technology (IT) Project Planning and Execution, August 5, 2005

Appendix C    Glossary

Term Definition
Business Owner The organizational executive who is the primary IT Investment customer, advocates for the IT Investment, and serves as the primary point of contact to the CIO and the IT Governance Board (or designated governance body). 
Enterprise Performance Life Cycle A framework to enhance IT Governance through rigorous application of sound investment and project management principles and industry best practices. The Enterprise Performance Life Cycle (EPLC) provides the context for the HHS IT Governance process and describes interdependencies between its project management, investment management, and capital planning components. The EPLC is comprised of 10 phases – from initiation through disposition – and identifies the activities, roles and responsibilities, Stage Gate Reviews, and exit criteria for each phase. The EPLC framework complies with federal regulations and policies, industry best practices, and HHS policies and standards.
Information Technology Any equipment or interconnected system or subsystem of equipment used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. This includes equipment used by the executive agency directly or used by a contractor under a contract with the executive agency that (i) requires the use of such equipment, or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term includes computer, ancillary equipment, software, firmware, and similar procedures, services (including support services), Web sites, subscriptions to electronic services and products, and related resources.
Investment Manager The Investment Manager is responsible for planning and executing the investment to achieve approved baselines.  The Investment Manager may or may not be a subject matter expert in the business area supported by the investment.
IT Investment The acquisition of an IT asset and the management of that asset through its life cycle after the initial acquisition.  An IT Investment may consist of one or more IT projects.
IT Project A temporary, planned endeavor funded by an approved IT Investment; thus achieving a specific goal and creating a unique product, service, or result. 
IT Steering Committee (ITSC) The ITSCs are organized into three distinct business areas, known as “domains”: Health and Human Services, Scientific Research, and Administration and Management.  HHS IT Investments within the domain model are structured and mapped according to their business area.  The ITSCs are responsible for directing strategy, policy, and standards surrounding these IT Investments. The mission of each domain ITSC is to:
  • Ensure HHS receives optimal value from IT Investments by addressing HHS-wide IT policy, procedure, and architecture issues.
  • Maximize knowledge sharing, best practices, assets, and capabilities.
  • Collaborate with OpDivs and StaffDivs to implement and execute an expedited IT Investment management process.

This governance framework provides greater visibility into division decisions and allows for collaboration and coordination of HHS-wide initiatives that benefit the entire Department.

IT System A discrete set of information resources organized for the collection, processing, maintenance, transmission, and dissemination of information, in accordance with defined procedures, whether automated or manual, to support HHS’s or OpDiv’s (including OS’s) mission. An interconnected set of information resources under the same direct management control, which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. Refers to a set of information resources under the same management control that share common functionality and require the same level of security controls. Includes automated information system applications, enclaves, outsourced IT-based processes, and platform IT interconnections. 
Lessons Learned A document that summarizes information gained throughout the course of the Investment that can be used to benefit other Investments and projects in the organization.  Lessons learned should draw from positive and negative Investment and project experiences and address the causes of issues, reasoning behind the corrective action chosen, and suggestions for future improvement.
Life Cycle The duration of all activities associated with the Investment from its initiation through disposal of its assets.
Life Cycle Costs All initial costs, plus the periodic or continuing costs of operation and maintenance (including staffing costs), and any costs of decommissioning or disposal.
Operational Analysis An Operational Analysis (OA) evaluates IT Investment performance, user satisfaction with the IT Investment, the IT Investment’s adaptability to changing business needs, and new technologies that might improve the IT Investment. The OA review is diagnostic in nature and can lead to the initiation of development or maintenance activities. Any major IT Investment modifications needed after the IT Investment has been implemented follow the EPLC framework life cycle process from planning through implementation. The OA ultimately determines whether the IT Investment should continue, be modified or be terminated.
Performance Baseline Measurement A primary tool to measure IT Investment, IT project, or IT contract performance and identifying risk. The baseline identifies the work that will be accomplished, and defines the cost and schedule to accomplish that work.  The Performance Baseline Measurement, which consists of the cost, schedule, and scope baseline, is derived from the scope of work described in a hierarchical Work Breakdown Structure (WBS) – which, in turn, decomposes the entire project into a logical structure of tasks and activities tied to deliverables and to assigned responsibilities – and the associated WBS dictionary. The Performance Baseline Measurement comprises:
  • The cost baseline, which defines the approved, projected, time-phased, life-cycle costs for acquiring, operating, and disposing of the physical and/or logical system represented by the scope baseline.
  • The schedule baseline, which is the approved timeline for acquiring, operating, and disposing of the physical and/or logical IT asset/system.
  • The scope baseline, which represents the configuration of the product of the project as developed and described in the project’s technical documentation. The Performance Baseline Measurement is integrated where the time-phased cost baseline is consistent with the schedule baseline, and the costs are related to acquiring, operating, and disposing of the physical and/or logical IT asset represented by the scope baseline.

Appendix D    List of Acronyms

Acronym Term
AIMD GAO’s Accounting and Information Management Division
AMD Administration & Management Domain
ANSI/EIA American National Standards Institute/Electronic Industries Alliance
CCA Clinger-Cohen Act of 1996
CFR Code of Federal Regulations
CIO Chief Information Officer
CPIC Capital Planning and Investment Control
EA Enterprise Architecture
EPLC Enterprise Performance Life Cycle
FAC-P/PM Federal Acquisition Certification for Program and Project Managers
FISMA Federal Information Security Management Act of 2002
FITARA Federal Information Technology Acquisition Reform Act of 2014
GAO Government Accountability Office
HHS Health and Human Services, Department of
HHSD Health and Human Services Domain
IRM Information Resources Management
IT Information Technology
ITIRB Information Technology Investment Review Board
ITSC Information Technology Steering Committee
NARA National Archives and Records Administration
OA Operational Analysis
OAMP Office of Acquisition Management and Policy
OCIO Office of the Chief Information Officer
OFPP Office of Federal Procurement Policy
OMB Office of Management and Budget
OpDiv Operating Division
OS Office of the Secretary
PBM Performance Baseline Management
PIR Post-Implementation Review
PMT Portfolio Management Tool
SRD Scientific Research Domain
StaffDiv Staff Division