1

Information Technology Advisory Committee

Date: February 26, 2020

Time: 2:00 PM – 4:00 PM

Location: City-County Building, Room 107

Chairperson: Mr. Elliott Patrick, Interim Chief Information Officer

Previous Meeting Minutes

Review meeting minutes from October 16, 2019

Agenda Topics

Discussion Items

• 2019 Customer Satisfaction Results – Mr. Daniel Rieger

• 2020-2023 Strategic Plan – Mr. Elliott Patrick

Status Updates

• Enterprise Security Program Updates – Mr. Clark Giles

• General Open Forum Discussion

Information Technology Advisory Committee Meeting Minutes

Date of Meeting: October 16, 2019

Time of Meeting: 2:00 PM – 4:00 PM

Location of Meeting: Room 107, City-County Building

Chairperson: CIO, Ken Clark

Members in Attendance:

Elliott Patrick ISA, IT Representative

Chris Becker Recorder’s Office, Property & Land Management

Ann Sutton Public Defender Agency, Justice

Brienne Delaney MCEB, Constituent Services

David Condon OFM, Admin & Finance

David Schwartz DPS, Public Safety

Agenda Topics

Approval of May 29, 2019 Minutes

Ms. Brienne Delaney made a motion to accept the May 29, 2019 minutes as written. Mr. David Schwartz seconded the motion. The motion passed unanimously.

Discussion Items

IT Contract Review and Approval Policy

Mr. Chris Becker provided feedback from Property and Land Management Functional Group, requesting policies which update previous or existing policies include redlines to show what has changed and what has been kept. Mr. Ken Clark agreed moving forward ISA could show the difference between original and updated documents. Mr. Mark Warner with ISA summarized revisions from the Administration and Finance which included adding the IT Board resolution governing the dollar limit for board approvals as an attachment to the policy. There was also discussion regarding the amount of time ISA needed to review contracts in advance (four (4) months was suggested) and whether the contract should go to ISA or to OCC first. Ms. Brienne Delaney expressed concerns about bottlenecking if all ISA contracts must go through a single person, Sean Dean. Mr. Ken Clark acknowledged the concern and in response ISA created a new position, Finance and Compliance Analyst, as well as employing outside counsel, TAFT, to assist with contract overflow. Sean Dean and OCC are currently working on developing standard IT contract terms which would also help to make the process more efficient. Mr. Clark stated the best way to avoid a bottleneck situation is to get ISA involved in the contract process as early as possible. Ms. Ann Sutton presented the concerns brought up in the Criminal Justice Functional Group. The definitions around IT contracts were too broad and also suggested a “notice” process where the agency

can notify ISA and provide justification for contracts they (agencies) feel do not need to be reviewed by ISA. Mr. Clark agreed to add a “notice” process but added ISA may not always agree with the agencies on which contracts do not need ISA review. He further clarified stating whether a system sits on the network or not, ISA would still need awareness. Any systems which have inmate data or social security numbers, such as NeoGov, would also need ISA’s review. He also cited the Crime Lab as an example where “notices” for specialized equipment contracts would make sense. Mr. Clark Giles, Chief Technology Officer for ISA, stated applications for cyber security insurance ask specifically if the central IT agency reviews all IT contracts and the answer to that question is likely to impact insurance costs. Mr. Clark requested Mr. Ed Klaunig, Chief Financial Officer for ISA, work with Sean Dean to develop the notice process. Ms. Sutton also brought up the need for an emergency clause in the policy. This would allow for contracts to be fast-tracked through the review process in emergency situations particularly as they relate to public safety. Mr. Klaunig agreed to put something in writing regarding the clause. On behalf of the Admin and Finance Group, Mr. Mark Warner asked about exceptions for grant funded projects and whether they would still need IT review. Mr. Sean Dean, ISA attorney, was unclear as to why that situation would be treated differently. There was discussion surrounding the issue of grants and ISA involvement in the review of those contracts. New grant contracts as well as existing contracts up for renewal will still need to go through ISA. Ms. Brienne Delaney noted some contracts, such as those for the voting machines, did not go through ISA and the IT Board and asked for clarification on when it was appropriate for the IT Board to see the contracts. Mr. Clark answered, stating it is a dollar amount which determines whether it goes to the IT Board but also wanted to make sure the policy has flexibility for everyone involved, both present and future.

Mr. Clark noted the current City-County IT Strategic Plan goes through 2019 and ISA is currently working on the one for 2020. It will be important to get agency and department input to ensure the plan works well for everyone and by documenting it, the IT Board and functional groups can hold ISA accountable. It is expected by early November to be given to the functional groups for discussion.

Mr. Clark and Mr. Patrick then provided updates on the Bell Techlogix transition, noting there are 27 days left until full transition takes place. There has been good retention of employees for the service teams and the Bell team has been on-site, shadowing people and learning the environment. Bell has also been a part of the cultural immersion visits to 11 different locations to understand specific needs of separate City-County agencies. The new ticketing system, ServiceNow, is having the knowledge based continually reviewed and updated. Presently, there is internal training and testing occurring with a focus on getting more people to use the portal on a regular basis. ISA is also working on a standards and procedures manual and ensuring the work being done has written policies around it to ensure clear understanding of expectations on both sides. The refresh project is on-going. Currently, ISA is down 3,600 devices. Bell has stepped in and is assisting in completing it within the next year. This will set up a more efficient steady state process relating to enterprise refresh. There are renovations occurring on the 9th floor with plans for a walk-up depot, like the one currently at Public Safety Communications. The City-County depot, the PSC depot and the one slated

IT Contract Review and Approval Policy (cont.)

City-County IT Strategic Plan 2020

Bell Techlogix/Infrastructure Services Transition

to be at the new Criminal Justice Center will mean there are three locations for IT assistance when it is needed. ISA will also be piloting Smart Lockers, specifically focused on IMPD. These lockers will allow officers who have issues with their laptops overnight to swap their device out for a new one without much down time.

There being no further business to discuss, Mr. David Schwartz made a motion to adjourn the meeting. The motion was seconded by Ms. Ann Sutton and the motion passed unanimously.

Bell Techlogix/Infrastructure Services Transition (cont.)

Adjournment

Summary of Action Items

Action Item Owner

1 Development of Notice Process Mr. Ed Klaunig/Mr. Sean Dean

2 Development of Emergency Situation Clause Mr. Ed Klaunig/Mr. Sean Dean

3

4

2019 Customer

Satisfaction Survey

January 28, 2020

2019 Customer Satisfaction Survey

• Provided 11/1/19 – 12/6/19 (Five Weeks)

• 415 Completed Responses

• 523 Total Responses

Answer Choices Responses

Management (Agency & Department Heads,

Deputies and C-Level Leadership)16.25% 85

Supervisors 18.36% 96

Staff Members 65.39% 342

Answered 100.00% 523

Management Questions

Strongly

AgreeAgree Disagree

Strongly

Disagree

% Sat

2019

% Sat

2018

% Sat

2017

% Sat

2016

% Sat

2015

I am made aware of the strategic direction of ISA and its impact

on my agency or department.33% 47% 14% 6% 80% 73% 77% 78% 47%

I have a voice in prioritizing what projects ISA focuses their efforts

on.28% 41% 20% 11% 69% 54% 59% 61% 24%

The desktop/laptop refresh program is a great value for my

agency or department.22% 67% 8% 3% 89% 84% 89% 79% 72%

The IT charge back process helps me understand the IT costs of

my agency or department.17% 64% 17% 2% 81% 79% 68% 71% 38%

The IT charge back process allows for IT solutions in a fair and

equitable manner for my agency or department.11% 72% 16% 2% 83% 73% 67% 64% 38%

The services provided by my Business Services Consultant (BSC)

are essential to the operations of my agency or department.56% 33% 8% 3% 89% 87% 77% 84% 57%

ISA provides a good value for the services they provide. 28% 59% 11% 2% 88% 77% 75% 78% 46%

ISA understands the needs of my agency or department. 31% 58% 11% 0% 89% 79% 66% 73% 42%

Management Questions

I am made awareof the strategicdirection of ISA

and its impact onmy agency ordepartment.

I have a voice inprioritizing what

projects ISAfocuses their

efforts on.

The desktop/laptoprefresh program isa great value for

my agency ordepartment.

The IT chargeback process helpsme understand the

IT costs of myagency or

department.

The IT chargeback processallows for IT

solutions in a fairand equitablemanner for my

agency ordepartment.

The servicesprovided by my

Business ServicesConsultant (BSC)

are essential to theoperations of my

agency ordepartment.

ISA provides agood value for the

services theyprovide.

ISA understandsthe needs of my

agency ordepartment.

0%

10%

20%

30%

40%

50%

60%

70%

80%

Strongly Agree Agree Disagree Strongly Disagree

All Participant Questions

Strongly

AgreeAgree Disagree

Strongly

Disagree

% Sat

2019

% Sat

2018

% Sat

2017

% Sat

2016

% Sat

2015

ISA is organized in a way that makes it easy for me to get

what I need.32% 56% 10% 2% 88% 87% 85% 81% 71%

ISA is knowledgeable of, educates me about, and

provides access to emerging technologies.28% 54% 16% 3% 82% 83% 78% 71% 63%

The public-facing website meets the business needs of

my agency or department26% 60% 11% 3% 86% 83% 82% 74% 73%

I receive timely and appropriate communication from ISA. 43% 49% 7% 2% 91% 93% 89% 88% 79%

All Participant Questions

ISA is organized in a way thatmakes it easy for me to get what I

need.

ISA is knowledgeable of, educatesme about, and provides access to

emerging technologies.

The public-facing website meetsthe business needs of my agency

or department

I receive timely and appropriatecommunication from ISA.

0%

10%

20%

30%

40%

50%

60%

70%

Strongly Agree Agree Disagree Strongly Disagree

All Participant Questions

Strongly

AgreeAgree Disagree

Strongly

Disagree

% Sat

2019

% Sat

2018

% Sat

2017

% Sat

2016

% Sat

2015

When I call the ISA Service Desk (x3075 or 317-327-3075), I am

satisfied with the service I receive.44% 47% 7% 2% 91% 91% 91% 89% 83%

When I email the ISA Service Desk (RequestIT@indy.gov), I am

satisfied with the service I receive.39% 52% 8% 1% 90% 92% 91% 89% 80%

When I open a ticket using the ISA Service Desk Portal

(RequestIT) I am satisfied with the service I receive.41% 49% 7% 3% 90% 90% 91% 88% 79%

When I contact the ISA Service Desk outside of normal business

hours, I am satisfied with the service I receive.42% 47% 8% 3% 89% 90% 88% 87% 78%

The technical knowledge of the ISA Service Desk staff is

adequate for my needs.38% 53% 7% 2% 91% 89% 88% 86% 78%

The ISA Service Desk staff is able to understand my needs and

solve my problem upon my first request (No Repeat Tickets).36% 48% 13% 2% 85% 85% 84% 80% 69%

All Participant Questions

When I call the ISAService Desk (x3075 or

317-327-3075), I amsatisfied with the service I

receive.

When I email the ISAService Desk

(RequestIT@indy.gov), Iam satisfied with the

service I receive.

When I open a ticketusing the ISA Service

Desk Portal (RequestIT•),I am satisfied with the

service I receive.

When I contact the ISAService Desk outside ofnormal business hours, I

am satisfied with theservice I receive.

The technical knowledgeof the ISA Service Deskstaff is adequate for my

needs.

The ISA Service Deskstaff is able to understandmy needs and solve myproblem upon my firstrequest (No Repeat

Tickets).

0%

10%

20%

30%

40%

50%

60%

Strongly Agree Agree Disagree Strongly Disagree

All Participant Questions

Strongly

AgreeAgree Disagree

Strongly

Disagree

% Sat

2019

% Sat

2018% Sat 2017

% Sat

2016% Sat 2015

The desktop/laptop provided by ISA meets the

needs of my job functions.32% 56% 8% 4% 88% 86% 91% 89% 83%

Applications on my City/County device are well

maintained and supported.30% 56% 12% 2% 86% 88% 91% 89% 80%

The network speed and performance is adequate

to perform my job functions.28% 56% 13% 3% 84% 80% 91% 88% 79%

I have adequate file storage options for my job

functions (H:Drive, S:Drive, etc.).38% 58% 4% 0% 96% 95% 88% 87% 78%

All Participant Questions

The desktop/laptop provided by ISAmeets the needs of my job functions.

Applications on my City/Countydevice are well maintained and

supported.

The network speed and performanceis adequate to perform my job

functions.

I have adequate file storage optionsfor my job functions (H:Drive, S:Drive,

etc.).

0%

10%

20%

30%

40%

50%

60%

70%

Strongly Agree Agree Disagree Strongly Disagree

All Participant Questions

Strongly

AgreeAgree Disagree

Strongly

Disagree

% Sat

2019

% Sat

2018

% Sat

2017

% Sat

2016

% Sat

2015

When working away from my desk, the City/County Wi-Fi (not

public) supports my job function.28% 57% 11% 4% 85% 76% - - -

When working away from my desk, I can easily access my

critical applications and documents.25% 54% 18% 4% 78% 74% - - -

When working away from my desk, I can appropriately

communicate with my team.31% 62% 7% 1% 93% 93% - - -

When working away from my desk, Remote.indy.gov allows me

to easily access necessary tools for my job function.28% 54% 14% 3% 82% 76% 78% 68% 72%

The provided public Wi-Fi is adequate for my visitor's needs. 24% 50% 16% 10% 74% 70% - - -

All Participant Questions

When working away from mydesk, the City/County Wi-Fi(not public) supports my job

function.

When working away from mydesk, I can easily access my

critical applications anddocuments.

When working away from mydesk, I can appropriately

communicate with my team.

When working away from mydesk, Remote.indy.gov allows

me to easily accessnecessary tools for my job

function.

The provided public Wi-Fi isadequate for my visitor's

needs.

0%

10%

20%

30%

40%

50%

60%

70%

Strongly Agree Agree Disagree Strongly Disagree

Open Feedback: Dissatisfied Users

• “Sometimes it is cumbersome or not possible to add apps or even, for example, print when I do work at home. Would also like a more user friendly interface for remote access.”

• “I have not been able to connect to the IMC network since starting my position.”

• “When you have to call ISA they usually can't fix the problem and your complaint has to be forwarded to someone that can fix the problem which can take a while and it results in a loss of productivity especially for those that work in the field.”

• “Hard to find information.” [Indy.gov website]

Open Feedback: Satisfied Users

• “Everyone who I've contacted has been immensely helpful &

kind, especially Ian. I think ISA does good work.”

• “Friendly and Funny Staff! Love that constant attention to

detail!”

• “Website for sure! The process of editing and updating the

website is MILES ahead of where we were at the beginning

of administration.”

• “Consistency is the name of the game. I have no complaints

at all with the ISA team and their level of service to us.”

Overall Satisfaction

92% of the respondents are overall “Satisfied” or

“Very Satisfied” with the services provided by ISA

2018: 90%2017: 89%2016: 84% 2015: 73%

Very Satisfied Satisfied Dissatisfied Very Dissatisfied

0%

10%

20%

30%

40%

50%

60%

Answer Choices Responses

Very Satisfied 37% 155

Satisfied 55% 226

Dissatisfied 7% 28

Very Dissatisfied 1% 6

2020 - 2024

IT Strategic Plan2020 - 2023

As of January 2020

To provide our partners with

exceptional technology services

To lead government transformation through

collaborative partnerships and modern

technology

Service Provider + Trusted Advisor

Collaborative Driver

VISION

MISSION

Technology Strategic Plan | 1

VALUES

GUIDING

PRINCIPLES

Advance internal and external partnerships

Maintain our fundamental focus, while promoting enterprise growth

Revere the responsibility of tax payer dollars

Focus on opportunities for equitable government service

Preserve the security and stability of our environment

The following values serve as the standard by

which ISA operates. These are key tenants for the way we interact and serve our partners.

The following guiding principles allow ISA to

navigate and prioritize projects and initiatives, regardless of size or scope.

Expand access to government services

Capture legally-mandated revenue

Increase efficiency and reduce the cost of operations

Foster health and safety in our community

Comply with relevant legal regulations and standards

Technology Strategic Plan | 2

CY 2020 CY 2021 CY 2022 CY 2023

Building Enterprise

Architecture

Advance Digital

Workplace

Expand Constituent

Service

Enhance Data

Capabilities

Process Automation Pilot Process Automation Implementation

Business Architecture

Technical Architecture

Disaster Recovery/Business Continuity

Partner IT Roadmap

Identity & Access Management

Enterprise Security Program

Enterprise Phone System

Video Conferencing

AP Automation

Call Center

Enterprise Content Collaboration

Remote Work Program

Kiosk Pilot

Enterprise Workflow Management

Business Portal

Multi-Channel Service Platforms

Satellite Sites

Data Dashboard Program

Intelligence-led Policing

Data Architecture

Data Warehouse Program

Document Management Program

Transparency Portal

Technology Strategic Plan | 4

Project Roadmap

ISA SECURITY UPDATEFEBRUARY 2020

NEW FEATURE: SELF-SERVICE PASSWORD RESET

2

SELF-SERVICE PASSWORD RESET

• Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement.

• This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.

3

REGISTRATION

• All users with an indy.gov email are eligible

• Link is available anywhere, from any device

• Help Desk is still available if you need help

• Pre-registration required to use tool

1. Visit https://aka.ms/ssprsetup

2. Enter credentials and click next

4

REGISTRATION

• 3. click “Set it up now” next to Phone.

• 4. Enter your personal or office phone number (personal is highly recommended for ease-of-use).

• 5. Click one of the verification options

• 6. Enter the code that is given to you to finish registering that method.

• 7. Go back and complete the same steps for email. DO NOT use your indy.gov email. A personal email is recommended.

5

REGISTRATION

• Once you’ve successfully registered, both options will show green.

6

NEW FEATURE: PHISH ALARM FEATURE

7

PHISHALARM

• Proofpoint PhishAlarm allows users to easily report suspicious mail to ISA for investigation.

• If the email is malicious it will be removed from everyone’s mailbox automatically, protecting other users from falling victim.

• The tool will close the loop with the user, letting them know if the email was clean and what to do next, thus removing the ambiguity from security incident reporting.

8

PHISHALARM

• Button in Outlook• Sends email to InfoSec team and

Proofpoint for review

• Usage• Click “Report Phish” button

• Then if you’re sure, click “Report Phish” in the pop-up window

• Pop-up prevents users from reporting important emails that have been whitelisted by ISA.

9

PHISHALARM

• Message will automatically be moved to your junk mail.

• A pop-up will explain what happens next.

• You will receive another response once the email has been reviewed:

• Malicious/Suspicious• Mail will be automatically removed

from all mailboxes

• Clean• No further action

• Bulk• For SPAM that poses no threat

• Unknown• User judgement, however, ISA does

provide some guidance. See screenshot.

10

PHISHALARM

• The process is similar on Mobile OWA

• Tap the … icon

• Select “Mark as phishing”

• No pop-up on mobile

• Outlook apps for iOS and Android have this option as well

11

PHISHALARM

• Currently a pilot group of 300+ users

• Rolling out to everyone this week

12

NEW FEATURE: WIN 7 END-OF-LIFE

13

WINDOWS 7 - END-OF-LIFE

• Microsoft has retired Windows 7 as of January 14, 2020

• What are the risks?• Security

• Compatibility

• Compliance

• Stability / Performance

• Cost

14