Brian SchweitzerGovernor

State Of

Montana

Teachers’

Retirement

System

IT Plan

S T A T E O F M O N T A N AD E P A R T M E N T O F A D M I N I S T R A T I O N

I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S D I V I S I O N

S T A T E O F M O N T A N A

F O R F Y 2 0 0 8 I T P L A N U P D A T E

2 0 0 8 A G E N C Y P L A N

Should you have any questions or comments regarding this template, or desire additional copies, please contact:

Kyle HilmerChief of the Policy and Planning Services Bureau

Telephone: 406-444-5476E-mail: khilmer@state.mt.us

Website: http:/www.mt.gov/itsd/stratplan/statewideplan.asp

Prepared By:

INFORMATION TECHNOLOGY SERVICES DIVISION

Dick Clark, CIO

Kyle Hilmer, Chief of Policy and Planning Services Bureau

Barry Bass, G. Scott Lockwood, Tom Murphy, Warren Dupuis

January 19 2008

iii

2 0 0 8 A G E N C Y P L A N

TTABLEABLE O OFF C CONTENTSONTENTS

EXECUTIVE SUMMARY............................................................................................................................1

SECTION 1: AGENCY CONTACT INFORMATION..............................................................................2

SECTION 2: AGENCY IT MISSION..........................................................................................................2

2.1 Agency IT Mission Statement.............................................................................................................2

SECTION 3: AGENCY SECURITY PROGRAM......................................................................................4

3.1 Security Program................................................................................................................................4

SECTION 4: AGENCY IT PLAN................................................................................................................5

4.1 Goals/Requirements...........................................................................................................................54.2 Risks....................................................................................................................................................8

SECTION 5: ENTERPRISE ALIGNMENT.............................................................................................10

5.1 State Strategic Plan for IT Alignment..............................................................................................105.2 Standards/Compliance Issues...........................................................................................................10

SECTION 6: EXPENDITURES.................................................................................................................11

6.1 Planned Agency IT Expenditures.....................................................................................................116.2 Total Agency Budget.........................................................................................................................116.3 Augmented IT Funding.....................................................................................................................116.4 Staffing..............................................................................................................................................126.5 Staffing Shortfalls.............................................................................................................................13

SECTION 7: IT INITIATIVES (FY2008-2013)........................................................................................14

7.1 Initiatives..........................................................................................................................................14

SECTION 8: ENTERPRISE IT INVENTORY.........................................................................................15

8.1 Inventory Update..............................................................................................................................15

v

This page intentionally blank.

vi

EEXECUTIVEXECUTIVE S SUMMARYUMMARY

The Montana Teachers’ Retirement System (TRS) mission is “To promote long-term financial security for our membership while maintaining the stability of the fund.” The Information Technology plan serves the TRS staff, members and retirees by providing quality services, security, analysis, and work products in support of the agency mission.

In each of the service areas the delivery capability of the agency is improving. In Administration, the IT services will provide data analysis services, reliable operations, assistance with communication goals, and practical disaster recovery. Active Members will be able access benefit estimates and account information. Retired Members will be able to access general account information. Accounting and employers will have faster services.

The TRS IT Plan presents a direction that strengthens the TRS computing capability as well as its ability to recover in the event of business interruption or a disaster. This plan addresses security as new vulnerabilities arise, technological obsolescence, and potential loss of key staff. The TRS retains a stable, available, and consistent technological environment that meets the needs of TRS staff and members. The TRS staff accomplishes a large amount of work by leveraging skilled people and usable information resources. The plan is to continue to improve the information resources while adding disaster recovery skills.

1

SSECTIONECTION 1: A 1: AGENCYGENCY C CONTACTONTACT I INFORMATIONNFORMATION

Agency Name:

Role: Plan Owner

Name: TRS Board, Represented by David Senn, Executive Director

Telephone Number: 444-3376

Email Address: dsenn@mt.gov

Role: IT Contact

Name: Bill Hallinan, IT Manager

Telephone Number: 444-3395

Email Address: bhallinan@mt.gov

Role: IT Contact (Alternate)

Name: Rex Merrick

Telephone Number: 444-9293

Email Address: remerrick@mt.gov

SSECTIONECTION 2: A 2: AGENCYGENCY IT M IT MISSIONISSION

2.1 Agency IT Mission StatementTo promote long-term financial security for our membership while maintaining the stability of the fund.

Guiding Principles: to earn the respect and trust of our members, we adhere to the following values:

High ethical standards Honesty, integrity, and impartiality Dignity, respect and mutual support Service excellence

The mission of the Teachers’ Retirement System (TRS) Information Technology Staff is to serve the TRS staff, members and retirees by providing quality services, security, analysis, and work products to support the long-term financial security of the TRS membership while maintaining the stability of the fund.

Customer Service

2

2 0 0 8 A G E N C Y P L A N

Maintain a secure and stable computing environment so expected services are easy to use, accurate and available even in a disaster.

Develop and maintain a permanent and secure information repository for the TRS and its members.

Interact and communicate with customers to clarify their needs and suggest improvements based on our specialized knowledge.

Produce analysis, applications and services that are secure, reliable, and useful to TRS employees and members.

Act with integrity, sincerity, and respect to provide the best possible solutions.

Effectiveness and efficiency in producing quality work

Learn continuously to attain and maintain quality in all of our work.

Coordinate our efforts in order to conserve scarce resources while generating products that are effective, easy to use, and a good value.

Apply our knowledge creatively and consistently to provide timely and accurate solutions to problems.

Responsiveness to a changing environment

Adapt our methods to optimize the use of emerging information technology.

Design processes and applications to provide a smooth transition between successive versions or changes of platforms.

Assess present equipment, software, and processes to facilitate a smooth migration to future technologies and business processes.

3

S T A T E O F M O N T A N A

SSECTIONECTION 3: A 3: AGENCYGENCY S SECURITYECURITY P PROGRAMROGRAM

3.1 Security ProgramTrust is essential in the TRS business model. TRS members and benefit recipients expect the TRS not only to keep accurate records, but to secure these records in all circumstances – in day to day operations, the archiving of records, and in business recovery. Breaching the trust of the TRS members and benefit recipients is costly and threatens the security of the retirement system in practical and political ways. Therefore the TRS security program seeks to monitor and improve security on an ongoing basis. The security plan covers policy, daily practice and monitoring, external reviews, and security planning as a part of future operations.

General security policy for the TRS is set by the State of Montana Department of Administration (DOA). Effective July1, 2008, the statewide Enterprise Information System Security Policy requires that the TRS implement requirements for organization information security, information protection and control, and compliance. The TRS will work with DOA Information Technology Service Division to meet these requirements. Meanwhile, the TRS will follow current state security polices as well as filling in with specific agency polices as appropriate. All TRS staff have read and signed the latest TRS computer use policy. Depending on the stipulations of the DOA security policy, the TRS staff may attend additional training on computer security policy and practice. Both TRS information technology staff has had full background checks within the last year.

Daily practice consists of securing computers, renewing passwords every 60 days, monitoring building access, securely disposing of paper, monitoring security alerts, patching and updating software, monitoring logs, scanning computers for viruses and vulnerabilities, and other daily security tasks that arise. Sensitive computers are kept in a locked and environmentally controlled room. Unused services and data are tagged as inaccessible.

Each month the TRS participates in a security scan of its computer by DOA security staff to access vulnerabilities in the configuration or operation of the TRS servers and workstations. These external reviews provide a trusted third party to examine the TRS computer for potential security threats. The TRS keeps its computers on a separate branch of the state computer network, making it easier to isolate activity to the TRS network traffic.

In terms of security planning, the TRS intents to implement the recommendations from the DOA in regards to security policy, to continue to make security a decision factor for new equipment and computing methods, and educate the TRS information technology staff and users on security. In this IT Plan, the TRS proposes virtualizing its servers and making full use of the new state Data Center as a primary or backup site. The disaster recovery model will assume a virtualized servers and workstations.

4

2 0 0 8 A G E N C Y P L A N

SSECTIONECTION 4: A 4: AGENCYGENCY IT P IT PLANLAN

4.1 Goals/Requirements

Goal Number 1:

ITG 1 Pension System Maintenance

Description: Complete updates, maintenance, and clean up of small Pension+ projects, includes:

Automatic interest calculation on dormant accounts reinstated to active statusUpdate member addresses via employer records using on-line wages and contribution data fileAllow active member to review their accounts on-lineAllow retired member to review their accounts on-lineUpgrade the OpenVMS operating system to latest versionUpgrade the Powerhouse application environment to latest version

Benefits: Decrease inquiry phone calls and make self-service access easy. Maintain currency with all software versions to avoid bugs and downtime.

Does this goal support the State IT Strategic Plan? If so, how? Supports the goal to develop IT resources in an organized, deliberative and cost-effective manner by fine tuning an existing IT system. Collecting addresses from employers will support the goal of improving government services by allowing the TRS to mail statement directly to members.

Supporting Objective/ActionITO 1-1 Maintain current maintenance agreements for software support for Pension+, OpenVMS,

and Powerhouse

Describe the business requirements or business problem driving this objective: Without current maintenance agreements, operating systems and application software become out of date. The on-going maintenance contacts are necessary for timely service.

Describe the benefits to be derived from the successful completion of this objective: Use the current and mostly complete software on all platforms. This allows the TRS easily to move to another hardware platform and virtualizes its application environment.

Describe the anticipated risks associated with this objective: Risks involved with upgrades are small, but some implementation issues may arise that have to be ironed out. The TRS has a test system it can practice on before moving the upgrades into production.

Describe how this objective supports the agency IT goal: Seek ITG1

What is the timeframe for completion of this objective: October 2008

Describe the critical success factors associated with this objective; i.e., how will you know when it has been successfully completed? The upgrades will be installed and the system working without problems.

Goal Number 2:

ITG 2 Comprehensive and Well Practiced Disaster Recovery and Business Continuity Services

Description: Develop the means to recreate and recover all business services in less than 4 hours from anywhere using limited staff.

5

S T A T E O F M O N T A N A

Benefits: Provides assurance that TRS can fulfill its obligations to members and retirees in a useful way in case of an emergency. Provides a means to work with other state agencies in practicing and coordinating disaster services. The measure of success is to setup a business continuity site in four hours, run TRS operations on such a site for a couple days, and restore the recovery site to the home site in four hours. The practice of disaster recovery occurs twice a year. The plan contains longer recovery scenarios for timelines up to one year.

Does this goal support the State IT Strategic Plan? If so, how? This will improve government services by assuring retired teachers continued to receive benefits during a disaster. A side benefit is the means to achieve this improve the means by which the TRS protects individual privacy and the privacy of information contained within its IT systems.

Supporting Objective/ActionITO 2-1 Continue with COOP and DR training, requirements definition, and planning

Describe the business requirements or business problem driving this objective: ITSD is coordinating attached agency disaster recovery and business continuity plans through its LDRPS system, training, and precise communication for what individuals are responsible.

Describe the benefits to be derived from the successful completion of this objective: Increased coordination and cooperation, while decreasing the amount of work TRS would have to perform on its own in an emergency.

Describe the anticipated risks associated with this objective: Not completing disaster recovery practice on a regular basis before a disaster strikes.

Describe how this objective supports the agency IT goal: Supports the comprehensive and well practice aspects of being prepared.

What is the timeframe for completion of this objective: May 2009

Describe the critical success factors associated with this objective; i.e., how will you know when it has been successfully completed? The TRS will have a available production and backup systems that are mirrors of each other. The TRS staff will complete business recovery operations in less than 4 hours in a remote site. The TRS staff will work in two groups, each group comprising one-half of the number of staff to simulate a disaster where some staff may be unavailable.

Supporting Objective/ActionITO 2-2 Purchase, implement, and train TRS staff on backup computer system and processes

associated with COOP and DR.

Describe the business requirements or business problem driving this objective: In a disaster environment, the roles and work environment may change. The TRS staff needs to understand what the prepared DR environment will look like and what each needs to successfully continue with work.

Describe the benefits to be derived from the successful completion of this objective: The TRS staff will have more confidence that it can recover during an emergency.

Describe the anticipated risks associated with this objective: This objective may rely on the completion or plans for the state Data Center. Many unknowns exist in terms of how a small agency will interact with the data center in an emergency. Meanwhile, the TRS IT staff may not order and configure the hardware and software environment to allow immediate access in an emergency. Other work priorities at the TRS may prevent every staff from participating and completing practice exercises.

Describe how this objective supports the agency IT goal: Supports the mechanics of being prepared in a disaster.

What is the timeframe for completion of this objective: May 2009 for interim TRS DR operations, May 2010 for integration into state data center.

6

2 0 0 8 A G E N C Y P L A N

Describe the critical success factors associated with this objective; i.e., how will you know when it has been successfully completed?: The TRS staff or a minimum number of TRS staff will be able to run the TRS operations from any location as well as coordinate with the larger efforts to recover state business operations.

Goal Number 3:

ITG 3 Upgrade and virtualize the TRS server environment

Description: The TRS wants to take advantage of virtualization in its next hardware upgrade.

Benefits: Virtualization seems to be the next step in technology that allows for small, energy efficient hardware platforms that allow for the greatest flexibility in configuration. These configurations such as HP’s c3000 or IBM’s Blade Server S may allow the TRS to have small, integrated, yet mobile systems that can be used for production, as a hot backup, and in an emergency.

Does this goal support the State IT Strategic Plan? If so, how? This goal supports the state IT plan by developing IT resources in an organized, deliberative and cost-effective manner. Features of virtualization, such as virtualized workstations, protect individual privacy and the privacy of information contained within IT by removing desktop storage. Finally, the newer hardware will improve the speed of IT services and the ability of the IT staff to recover in an emergency.

Supporting Objective/ActionITO 3-1 Research and purchase equipment and software that supports virtualization.

Describe the business requirements or business problem driving this objective: Currently the TRS has a collection of servers and software that do not have the capacity to support virtualization in a beneficial way, i.e. not enough hardware capacity to combine servers. In addition, the hardware does not blend into a data center model in a space efficient way.

Describe the benefits to be derived from the successful completion of this objective: The TRS will have a hardware environment that supports virtual servers, workstations, off-site replication of server and workstation images and storage, and the ability to create a small, portable TRS disaster recovery system.

Describe the anticipated risks associated with this objective: One risk is how the hardware will interface with the state data center. Another is finding a combination of hardware and software that is affordable and functional given the size of the TRS staff.

Describe how this objective supports the agency IT goal: The agency goal is to provide reliable efficient services in all probable conditions.

What is the timeframe for completion of this objective: May 2009.

Describe the critical success factors associated with this objective; i.e., how will you know when it has been successfully completed? The TRS IT staff will be able to manage the virtual environment easily. The ITSD staff will be satisfied that the solution integrates into the Data Center and Disaster recovery models.

Supporting Objective/ActionITO 2-2 Design and engage a migration plan for hardware and software

Describe the business requirements or business problem driving this objective: Migrations of hardware and software to a virtualized environment will be necessary. The TRS staff must plan and test how this will be done.

Describe the benefits to be derived from the successful completion of this objective: The TRS will have a virtualized environment and the means to make operational its backup and disaster recovery environments.

Describe the anticipated risks associated with this objective: The migration plan depends on clear and timely communication among the TRS IT staff and hardware and software vendors. A timeline and

7

S T A T E O F M O N T A N A

communication planning need to be an important part of the migration.

Describe how this objective supports the agency IT goal: The agency goal is to provide reliable efficient services in all probable conditions.

What is the timeframe for completion of this objective: May 2009.

Describe the critical success factors associated with this objective; i.e., how will you know when it has been successfully completed? The TRS will have a smooth, one-day migration to the new platform. The TRS staff will not notice any difference between the new platform and their old way of doing things. Eventually, workstations will be moved to a virtualized workstation environment.

Goal Number 4:

ITG 4 Maintain FileNet System While Improving Workflow Analysis, Implementation, and Design

Description: Use Filenet P8 to automate and track incoming, on-going, and completed work as measured by volume of correspondence under workflow control. The measure of success is to build one application to allow a request of benefits.

Benefits: The TRS will have a virtualized environment and the means to make operational its backup and disaster recovery environments.

Does this goal support the State IT Strategic Plan? If so, how? This goal develops IT resources in an organized, deliberative and cost-effective manner. The TRS workflow project will use existing ITSD resources to accomplish the TRS goal.

4.2 Risks

Risk 1: Slow adoption of virtualized environments

Impact: Although the TRS can continue to work on its current hardware and operating system platform, the low adoption of a virtualized environment would hinder the integration of the TRS IT services and the state Data Center as well as complicate and delay TRS disaster recovery planning.

Mitigation Strategy: Prioritizing a virtualized environment by introducing the costs for the transition in the TRS FY2009 Budget. The one-time costs are expected to be less than $120,000.00.

Risk 2: Slow progress on disaster recovery planning and practice

Impact: In the event of a real disaster, such as a major earth quake, TRS and the state as a whole has not implemented and practiced viable disaster recovery and business continuity exercises.

Mitigation Strategy: Work with ITSD to design new systems to be compliant with the state Data Center. Create a backup, but integrated, means for TRS to recover from the widest possible range of disaster scenarios and practice these scenarios with state disaster recovery experts. The main idea is to have a virtualized TRS environment at the TRS site and the new Data Center. One or the other could function as the backup in an emergency. Coordinate and practice in such a way as to allow the TRS office to recover quickly.

8

2 0 0 8 A G E N C Y P L A N

Risk 3: Loss of key staff

Impact: The TRS depends on one contractor to maintain the Pension+ system. Although the risk is small, TRS must plan for the risk that the contractor may become unavailable.

Mitigation Strategy: The mitigation strategy consists of actions to maintain knowledge about the system as well as keeping an eye out for alternatives. TRS staff keeps the current program code base up to date, develop in-house skills to maintain the program, research other organizations that can maintain or convert the system if necessary, and learn how other public pension systems update and acquire new systems.

Risk 4: Certifying the security of TRS data so personal data is never compromised.

Impact: State law, the TRS ethics, and common sense dictate that the TRS assure personally identifiable information about TRS members and retirees remains confidential. The trust of members and the public in the competency of TRS to manage information is paramount in the credibility of the retirement system.

Mitigation Strategy: Continue to seek education and experts to assist in securing the TRS system from being compromised – intentionally or unintentionally. TRS will continue to review security concerns, patch machines, perform tests, educate its employees, educate its members and retirees, and review business processes to eliminate security risks.

9

S T A T E O F M O N T A N A

SSECTIONECTION 5: E 5: ENTERPRISENTERPRISE A ALIGNMENTLIGNMENT

5.1 State Strategic Plan for IT AlignmentCovered above.

5.2 Standards/Compliance Issues

Issue: Operating system: OpenVMS 8.2

Resolution Plan: Exemption granted since this was the state standard at the time it was purchased. Continue with support agreement and updates to OpenVMS, but keep an eye on HP’s migration path to new hardware that supports OpenVMS.

Issue: Hardware: Alpha ES40

Resolution Plan: Exemption granted since the Alpha hardware was standard at the time it was purchased. Continue with support agreements and updates to hardware, but keep an eye on HP’s migration path to new hardware. Make a decision on hardware selection in 3-5 years.

Issue: Language: Cognos PowerHouse 8.401D

Resolution Plan: Part of legacy Pension+ systems. Continue with support agreements. Cognos continues to support the OpenVMS platform. If the OpenVMS platform is discontinued, Cognos supports a Microsoft Platform and state standard databases.

10

2 0 0 8 A G E N C Y P L A N

SSECTIONECTION 6: E 6: EXPENDITURESXPENDITURES

6.1 Planned Agency IT ExpendituresPlease see attached spreadsheet: 2008_TRS_Sabhrs_Accounts_for_IT.xls

Expense Category FY2008 FY2009 FY2010 FY2011 FY2012 FY2013

Personal Services - IT Staff

168,170 173,215 178,412 183,764 189,277 194,955 Personal Services – non-IT staff

0 0 0 0 0 0 Contractors

77,000 64,440 66,373 68,364 70,415 72,528 ITSD services

118,113 121,656 125,306 129,065 132,937 136,925 Hardware

9,384 120,515 10,530 10,846 11,172 11,507 Software

3,616 6,000 4,000 4,120 4,244 4,371 Telecommunications

11,062 11,394 11,736 12,088 12,450 12,824 Maintenance

51,692 55,000 56,650 58,350 60,100 61,903 Project Management

0 0 0 0 0 0 IV&V

0 0 0 0 0 0 Contingency

0 0 0 0 0 0 Training (w/Travel)

9,580 9,867 10,163 10,468 10,782 11,106 Other

0 0 0 0 0 0 Totals

448,617 562,088 463,171 477,066 491,378 506,119

6.2 Total Agency BudgetFY2008 FY2009 FY2010 FY2011

Total Agency Budget $1,823,074 $1,977,766 $1,934,099 $1,992,122

The agency budget is estimated by taking the FY2008 budget and incrementing it by 3% for FY2009 through FY2011.

6.3 Augmented IT Funding

Source Fiscal Year Amount Project/Spend Item

11

S T A T E O F M O N T A N A

6.4 Staffing

Job Title

A. Number of authorized

FTEs within IT Support Unit

B. Number of FTEs performing IT

outside of IT units

C. Number of

contracted IT FTEs

D. Total (A+B+C)

Rank most difficult to recruit and train (1 =

most difficult; 2 = next most difficult; etc.)

IT manager 1 1 2

IT Supervisor

Programmer 1 1 1

QA analyst

Systems Engineer

Application Engineer

Support Technician,

Support Specialist 1 1 3

Website Engineer

Programmer Analyst

Help Desk Analyst

IT Methodology Technician

Tech Support Analyst

Systems Analyst

Database Analyst

Network Administrator

Security Specialist

Network Systems Analyst

Telecommunications Specialist

Network Engineer

Systems Architect

Data Center Operator

Computer Operator

Management Analyst

Verifier (File Clerk) .5 .5

Total 2.50 0.00 1.00 3.50

Agency FTEs 15.5

12

2 0 0 8 A G E N C Y P L A N

6.5 Staffing Shortfalls

Time Frame IT Staffing Challenge

13

S T A T E O F M O N T A N A

SSECTIONECTION 7: IT I 7: IT INITIATIVESNITIATIVES (FY2008-2013) (FY2008-2013)

7.1 Initiatives

Title:

Description:

EPP Number (if applicable):

Title:

Description:

EPP Number (if applicable):

Title:

Description:

EPP Number (if applicable):

Title:

Description:

EPP Number (if applicable):

14

2 0 0 8 A G E N C Y P L A N

SSECTIONECTION 8: E 8: ENTERPRISENTERPRISE IT I IT INVENTORYNVENTORY

8.1 Inventory Update

Has the Agency updated their IT Inventory Database as outlined in Section 8 of the instructions? Yes

Date that Agency last updated their IT Inventory: 2/12/2008

15