TABLE OF CONTENTS
Topics | Sections |
---|---|
OVERVIEW | 1.1 What is the purpose of this chapter? 1.2 What is the scope of this chapter? 1.3 How does the Service provide leadership and oversight over IMT? 1.4 What are the authorities for this chapter? 1.5 What terms do you need to know to understand this chapter? |
RESPONSIBILITIES | 1.6 Who is responsible for Information Management and Technology (IMT) leadership and governance? |
IMT GOVERNANCE | 1.7 What is the Service’s IMT governance structure structure Something temporarily or permanently constructed, built, or placed; and constructed of natural or manufactured parts including, but not limited to, a building, shed, cabin, porch, bridge, walkway, stair steps, sign, landing, platform, dock, rack, fence, telecommunication device, antennae, fish cleaning table, satellite dish/mount, or well head. Learn more about structure ? |
SERVICEWIDE IMT DIRECTIVES | 1.8 How does the ACIO establish Servicewide IMT policies, procedures, and requirements? 1.9 How does the ACIO disseminate and communicate IMT directives? |
OVERVIEW
1.1 What is the purpose of this chapter? This chapter:
A. Describes the high-level authorities and responsibilities of the U.S. Fish and Wildlife Service (Service) Associate Chief Information Officer (ACIO) and other Information Management and Technology (IMT) leadership positions within the Information Resources and Technology Management (IRTM) program, as delegated by the Service Director and the Department of the Interior’s (Department) Chief Information Officer (CIO);
B. Provides an overview of the program’s governance structure; and
C. Defines the ACIO’s authority to establish IMT policy requirements, procedures, and standards through issuing Servicewide IMT directives as we describe in section 1.8.
1.2 What is the scope of this chapter? This chapter applies to:
A. Service employees, contractors, and volunteers who use, manage, or are otherwise involved with Information Technology (IT) or Service information resources; and
B. The Service’s IT and information resources, including budgetary resources, personnel, equipment, facilities, or services used in the management, operation, acquisition, disposition, and transformation of IT within the Service, as well as acquisitions or interagency agreements that include IT.
1.3 How does the Service provide leadership and oversight over IMT?
A. The ACIO, also known as the Assistant Director – IRTM (AD-IRTM), is the senior leader and adviser to the Service Director responsible for providing oversight, planning, vision, and leadership for the governance, management, and delivery of IMT within the Service.
B. The senior leadership team within IRTM assists the ACIO with carrying out his or her responsibilities in various subject areas, including, but not limited to, cyber security, privacy, IMT policy and planning, IT operations, data management, and the Freedom of Information Act (FOIA). Figure 1-1 shows the IRTM senior leadership structure.
Figure 1-1: IRTM Senior Leadership Structure
C. The ACIO is ultimately responsible for establishing in the Service Manual and implementing the IMT policies, procedures, and standards related to the IRTM program. To supplement the Service Manual policies, the ACIO has the authority to issue additional IMT directives using a variety of media to ensure that policy keeps up with changing technical requirements and procedures. This helps ensure that the Service remains in compliance with applicable requirements, including, but not limited to, those issued through:
(1) Federal law or regulation;
(2) Departmental Manual chapters and Office of the Chief Information Officer (OCIO) directives and memorandums;
(3) Office of Management and Budget (OMB) circulars, memorandums, and bulletins; and
(4) National Institute of Standards and Technology (NIST) publications.
1.4 What are the authorities for this chapter?
C. E-Government Act of 2002 (Public Law 107-347).
D. Federal Information Security Management Act of 2002 (FISMA) (Public Law 107-347, Title III).
E. FITARA, which is part of the Carl Levin and Howard P. “Buck” McKeon National Defense Authorization Act for Fiscal Year 2015 (Public Law 113-291).
F. Information Technology Management Reform Act of 1996 (Clinger-Cohen Act), Division E (Public Law 104-106).
G. OCIO Memorandum, “Delegation of IMT Authority and Approval of the Fish and Wildlife Service (FWS) IMT Alignment Plan,” June 7, 2019.
H. OMB Circular A-130, Managing Information as a Strategic Resource.
I. OMB Memorandum M-15-14, “Management and Oversight of Federal Information Technology.”
J. Privacy Act of 1974 (5 U.S.C. 552a, as amended).
K. 112 Departmental Manual (DM) 24, Office of the Chief Information Officer.
L. 212 DM 24, Chief Information Officer.
1.5 What terms do you need to know to understand this chapter?
A. Information Management and Technology (IMT).
(1) Information management is the collection, organization, and control of information from one or more sources and distribution of that information to one or more audiences.
(2) IT includes, but is not limited to, any services, equipment, or interconnected systems or subsystems of equipment that we use to automatically acquire, store, analyze, evaluate, manipulate, manage, move, control, display, switch, interchange, transmit, or receive data or information.
B. IMT project. Refers to a temporary endeavor (with defined start and end points) with specific objectives to develop, modernize, enhance, dispose of, or maintain an information system or IMT investment. A project can consist of one or more components and may involve one or more acquisition or development-related activities.
C. Information system. A discrete set of resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
D. IT resources. Service budgetary resources, personnel, equipment, facilities, or services that are primarily used in the management, operation, acquisition, or other activity related to the lifecycle of IT and the IT services and equipment we obtain through acquisitions or interagency agreements. The term “IT resources” does not include grants that establish or support IT not operated directly by the Service.
RESPONSIBILITIES
1.6 Who is responsible for IMT leadership and governance? See Table 1-1.
Table 1-1: Responsibilities for IMT Leadership and Governance
These employees… | Are responsible for… |
---|---|
A. The Director | (1) Ensuring that the Service has an effective IMT program in compliance with applicable Federal and Departmental laws, regulations, and policies; and (2) Approving or declining to approve national IMT policies for the Service Manual. |
B. Directorate members | (1) Coordinating with the ACIO (or delegated official) to ensure that IRTM is included in planning and decision making related to IMT and information resources, including budgeting, acquisitions, and investments; (2) Ensuring employees within their Regions or programs follow IMT policies, standards, and procedures established through the Service Manual and supplemented by ACIO-issued directives we describe in this chapter; and (3) Participating in IMT governance processes the ACIO establishes as necessary or required. |
C. Associate Chief Information Officer (ACIO) | (1) Advising the Service Directorate and the Director on all matters related to IMT; (2) Serving as a liaison between the Service and the Department’s OCIO and collaborating with the OCIO and other bureaus on Departmentwide IMT initiatives and projects; (3) Providing the policy vision, direction, and strategy for the Service’s IMT program while ensuring alignment with overall mission and business goals and compliance with all relevant Federal and Departmental laws, regulations, and policies; (4) Engaging and coordinating with the Service Directorate on planning and decision making related to IMT and information resources, including participating (or delegating a representative to participate) in applicable governance bodies as required or requested; (5) Working with the Assistant Director – Management and Administration (AD-MA) on matters related to IMT budgets, workforce, and acquisitions; (6) Establishing and implementing policies, procedures, and standards related to IMT and the Service’s IT resources; (7) Assisting Regions and programs with planning and executing IMT acquisitions and projects, including developing contracts or agreements involving IMT, and reviewing acquisition plans to ensure that IMT products and services: (a) Do not duplicate existing systems and investments; (b) Are cost effective in meeting mission goals; and (c) Comply with applicable requirements, including, but not limited to, security and privacy; (8) Reviewing, approving, and supporting the Service’s IMT projects and investments in accordance with the authority delegated by the Department’s OCIO and applicable capital planning and investment control guidance; (9) Establishing and overseeing governance bodies within IRTM to perform necessary policy and decision-making functions; (10) Overseeing and managing the Service’s IMT workforce by coordinating with the Joint Administrative Operations (JAO) organization and the AD-MA; (11) Ensuring the confidentiality, integrity, and availability of the Service’s information resources; (12) Coordinating all Service responses to congressional, OMB, Departmental, and other reporting requirements, as necessary; and (13) Performing other duties as assigned in Departmental policy. |
D. Deputy Associate Chief Information Officer (Deputy ACIO) | (1) Assisting the ACIO with carrying out their responsibilities, including, but not limited to: (a) Developing and implementing IMT policies, standards, and procedures; (b) Providing strategic direction for the IMT program; (c) Overseeing the Service’s IMT budget, projects, and investments; and (d) Assisting Regions and programs with planning and executing IMT acquisitions and projects and reviewing IMT acquisition plans; (2) Overseeing and managing day-to-day operations within IRTM in various IMT functional areas; and (3) Working with and providing advice to other Deputy Assistant and Regional Directors on matters related to IMT budgetary resources, acquisition, and more. |
E. Associate Chief Information Security Officer (ACISO) | (1) Overseeing and managing the Servicewide IT cyber security program in accordance with applicable laws, regulations, policies, and standards, and as delegated by the Department’s Chief Information Security Officer (CISO); (2) Advising the Service Directorate (including the ACIO) on all matters related to protecting the confidentiality, availability, and integrity of the Service’s information systems and resources including, but not limited to, risk management, assessment and authorization, and security incident response; (3) Assisting the ACIO with developing and implementing cyber security policies, standards, and requirements Servicewide; (4) Monitoring the effectiveness of implemented cyber security policies, standards, and controls and addressing any vulnerabilities or gaps discovered; and (5) Coordinating with the Department’s CISO and other Departmental OCIO officials in implementing Departmentwide cyber security initiatives or requirements. |
F. Associate Privacy Officer (APO) | (1) Overseeing and managing the Servicewide privacy program in accordance with applicable laws, regulations, policies, and standards; (2) Advising the Service Directorate (including the ACIO) on all privacy-related matters; (3) Assessing Service information systems and resources for compliance with privacy requirements, including the Privacy Act of 1974; (4) Assisting the ACIO with developing and implementing privacy policies, standards, and requirements Servicewide; and (5) Serving as the Service’s liaison to the Departmental Privacy Officer (DPO). |
G. Associate Chief Data Officer (ACDO) | (1) Promoting data management practices to help ensure the Service’s data are available, reliable, consistent, accessible, secure, and timely to support the mission and activities of the Service; (2) Providing leadership, advice, and technical assistance on data management and on the Service’s overall data architecture; (3) Collaborating with Service leadership and the ACIO to create and implement data management policies, procedures, and standards and to conduct strategic planning activities for data management; (4) Coordinating with and assisting the Department’s Chief Data Officer (CDO) in implementing Departmental data management requirements; and (5) Carrying out the specific responsibilities described in Part 274 of the Service Manual (Data Resource Management). |
H. Service FOIA Officer | (1) Overseeing and managing all Service FOIA functions; (2) Coordinating with the Departmental FOIA staff and other bureau FOIA Officers to resolve requests or FOIA issues; and (3) Carrying out the specific responsibilities described in 203 FW 1, FOIA Policy, Roles, and Responsibilities and in Departmental policy. |
I. IRTM Division Chiefs (Policy and Planning and Operations) | (1) Advising the Service Directorate (including the ACIO) on matters related to the areas they oversee; (2) Providing oversight, leadership, and strategic direction for IMT; and (3) Assisting the ACIO with developing and implementing policies, standards, and requirements for the subject areas they oversee, including, but not limited to: (a) Customer support, (b) Enterprise operations, (c) IMT acquisitions and project management, (d) Capital planning and investment control, and (e) Records management. |
J. Service employees | (1) Using, managing, or handling IT resources in accordance with applicable IMT policies, standards, and procedures that the ACIO establishes; (2) Ensuring relevant acquisitions, projects, and investments are reviewed and approved through the governance processes that the ACIO establishes; and (3) Communicating IMT resource needs to their Directorate members for inclusion in budgetary discussions and strategic planning activities. |
IMT GOVERNANCE
1.7 What is the Service’s IMT governance structure?
A. IRTM has established a three-part governance structure designed to bring together IMT subject-matter experts and other mission and business program representatives to help evaluate various IMT requests, projects, investments, and other initiatives. This includes evaluating proposed IMT policies, standards, and procedures to ensure they meet applicable requirements. The IRTM governance structure includes the:
(1) Requirements Management Board (RMB),
(2) IMT Requirements Committee (IMTRC), and
(3) IMT Executive Board (IMTEB).
B. For more information on the structure and function of each of these governance bodies, employees may refer to their respective charters, which are available on the intranet.
SERVICEWIDE IMT DIRECTIVES
1.8 How does the ACIO establish Servicewide IMT policies, procedures, and requirements?
A. The ACIO develops Servicewide IMT policy using the Service Manual, handbooks, Director’s Orders, and memorandums as we describe in 010 FW 1, Requirements, Responsibilities, and Description of Service Directives. The Director or the Director’s designee must approve these types of directives.
B. In addition to using the types of directives in 010 FW 1, the ACIO has the authority to issue the following types of national guidance to supplement existing directives:
(1) IT Bulletins - IT Bulletins are single-issue documents that provide specific and targeted requirements on a technical topic to all Service employees or to a specific audience or audiences. They primarily communicate new or changing requirements and procedures related to a specific IT resource or information system. For instance, the ACIO may use IT Bulletins to provide technical standards and guidance that will need frequent updates. Bulletins may require targeted employees to perform an action, or they may be purely informational.
(2) Standard Operating Procedures (SOPs) –SOPs are documents that provide step-by-step guidance to help Service employees carry out a specific process. SOPs may be accompanied by memos that provide additional context or guidance.
(3) Memorandums – The ACIO may send out memorandums to provide operational, incident-specific, project-related, or one-time (non-continuing) policy or guidance. For long-term policy or guidance, the ACIO will use the directives system we describe in 010 FW 1.
1.9 How does the ACIO disseminate and communicate IMT directives?
A. To reach the appropriate audience, the ACIO disseminates IMT directives through a variety of means, such as:
(1) Document Tracking System (DTS),
(2) IRTM intranet site, and
(3) Other available channels (e.g., all-employee emails, Service news digest, etc.), as appropriate.
B. IRTM stores and links to directives on the Policy and Guidelines SharePoint site.