Pennsylvania Code & Bulletin

• No statutes or acts will be found at this website.

The Pennsylvania Bulletin website includes the following: Rulemakings by State agencies; Proposed Rulemakings by State agencies; State agency notices; the Governor’s Proclamations and Executive Orders; Actions by the General Assembly; and Statewide and local court rules.

PA Bulletin, Doc. No. 20-1604



[50 Pa.B. 6658]
[Saturday, November 21, 2020]


[ 4 PA. CODE CH. 7A ]


Enterprise Information Technology Governance

 October 27, 2020

Whereas, Commonwealth agencies under the Governor's jurisdiction (the ''Enterprise'') invest significant financial resources in obtaining, creating, securing, and supporting the Commonwealth's information technology (''IT'') infrastructure and information systems; and

Whereas, it is essential that the Commonwealth utilize a central IT organization to govern, evaluate, coordinate, and improve Enterprise and agency IT planning, research, security, policy, governance, project prioritization, investment, and effectiveness; and

Whereas, Sections 501 and 502 of the Administrative Code of 1929, 71 P.S. §§ 181, 182, require administrative departments and the several independent and departmental administrative boards and commissions to coordinate their work and activities with other departments, boards, and commissions; and

Whereas, IT investments and development efforts should be prioritized and coordinated across Enterprise agencies to maximize efficiency and cost effectiveness, by enhancing information sharing and system compatibility through standardization, reducing expenditures for research and development, and enabling volume hardware, software and service purchases; and

Whereas, the Governor's Office of Administration (''OA'') has confirmed that an integrated IT strategy will improve organizational and operational efficiency, streamline data collection and data sharing, and enhance the security posture of the Commonwealth.

Now, Therefore, I, Tom Wolf, Governor of the Commonwealth of Pennsylvania, by virtue of the authority vested in me by the Constitution of the Commonwealth of Pennsylvania and other laws do hereby establish an Enterprise IT governance structure within OA, and order and direct as follows:



Fiscal Note: GOV-2016-06 (Amended). No fiscal impact; (8) recommends adoption.

Annex A




Subchapter M. (Reserved)

§§ 7a.141—7a.147. (Reserved).



7a.191.Powers and duties.
7a.193.Reporting and performance.
7a.195.General provisions.
7a.196.Effective date.

§ 7a.191. Powers and duties.

 (a) The Governor's Office of Administration, Office for Information Technology (OA/OIT) led by the Commonwealth Chief Information Officer, has overall responsibility for the management and operation of information technology (IT) services for all executive agencies under the Governor's jurisdiction, including, but not limited to:

 (1) Developing and recommending to the Secretary of Administration priorities and strategic plans.

 (2) Consolidating infrastructure and support services.

 (3) Directing IT investments, procurement advice and policy.

 (4) Working to ensure that agencies comply with direction from OA/OIT regarding this subchapter.

 (b) OA/OIT shall make recommendations to the Secretary of Administration regarding major changes to staffing and Commonwealth agencies under the Governor's jurisdiction (Enterprise) IT operational matters, and otherwise has the authority to make Enterprise decisions regarding restructuring and operational matters related to consolidation, delivery of shared services, monitoring of project performance and other responsibilities within the scope of this subchapter.

§ 7a.192. Responsibilities.

 The Governor's Office of Administration, Office for Information Technology (OA/OIT) shall be responsible for the following:

 (1) Governance and strategic planning. OA/OIT shall:

 (i) Develop annual information technology (IT) strategic plans for Commonwealth agencies under the Governor's jurisdiction (Enterprise) that include IT priorities; coordination and monitoring of resource use and expenditures; performance review measures; and procurement and other governance and planning measures.

 (ii) Review and approve individual agency IT strategic plans.

 (iii) Consult with the Governor's Office of the Budget on budgetary matters related to IT planning, cost recovery of augmented shared services and procurement advice.

 (iv) Create governance structures to facilitate decision-making regarding the management and operation of IT services under this subchapter.

 (2) Portfolio and project management, business process review. OA/OIT shall:

 (i) Establish and maintain an IT portfolio management process for overall monitoring of program objectives and alignment with Enterprise IT priorities, budgets and expenditures.

 (ii) Identify common IT business functions within agencies, make recommendations for consolidation, convergence, integration and investment, and facilitate the use of common technology, as appropriate.

 (iii) Expand Enterprise and agency use of project management methodologies and principles on IT projects, including measures to review project delivery and quality.

 (iv) Ensure agency compliance with required business process reviews for agency or Enterprise IT projects.

 (3) IT procurement and contract management. OA/OIT shall:

 (i) Be consulted by the central procurement organization within the Department of General Services and:

 (A) Assist with or lead the procurement of IT hardware, software and services for the Enterprise and the agencies.

 (B) Assist with or oversee the resolution of Enterprise IT contract issues.

 (C) Oversee or serve as a liaison for contract monitoring and compliance.

 (D) Serve as a liaison between agencies and contracted IT vendors, where appropriate.

 (E) Align the appropriate technology and procurement methods with the OA/OIT service strategy.

 (ii) In consultation with the Office of General Counsel, advise on Enterprise IT contract issues, contract negotiations, contract terms and conditions, privacy, performance monitoring, compliance and other legal matters.

 (4) IT enterprise architecture, standards and policy. OA/OIT shall:

 (i) Establish an Enterprise IT architecture framework that governs IT investments. The IT architecture framework should include:

 (A) The development of standards, policies, processes and strategic technology roadmaps.

 (B) The performance of technical reviews and capability assessments of services, technologies and agency systems.

 (C) The evaluation of requests for IT policy exceptions.

 (ii) Develop and implement Enterprise-wide efforts to standardize data elements and determine data ownership assignments.

 (iii) Develop and maintain a comprehensive Enterprise IT inventory.

 (iv) Monitor agencies' compliance with IT policy and standards through an architectural review process.

 (5) IT security management. OA/OIT shall:

 (i) Maintain and strengthen the Commonwealth's cyber security posture through security governance.

 (ii) Develop Enterprise security solutions, services and programs to protect data and infrastructure.

 (iii) Identify and remediate security risks and maintain citizen trust in securing their personal information.

 (iv) Implement Enterprise programs, processes and solutions to maintain cyber security situational awareness and effectively respond to cyber security attacks and IT security incidents.

 (v) Foster an Enterprise culture of situational and risk awareness.

 (vi) Conduct evaluations and compliance audits of Enterprise and agency security infrastructure.

 (6) IT shared services. OA/OIT shall:

 (i) Recommend and consult with relevant executive agencies regarding IT services including infrastructure, personnel, investments, operations and support services.

 (ii) Establish and facilitate a process for the identification, evaluation and optimization of IT shared services in consultation with the Governor's Budget Office.

 (iii) Establish, maintain and communicate service level objectives for shared services.

 (7) Telecommunications governance. OA/OIT shall:

 (i) Establish a process for the development and implementation of Enterprise telecommunications policy, services, infrastructure, and for reviewing and authorizing agency requests for enhanced services.

 (ii) Identify opportunities for convergence and for leveraging existing assets to reduce or eliminate duplicative telecommunication networks.

 (8) IT service management. OA/OIT shall:

 (i) Establish and maintain an IT service management process library within OA/OIT to govern the services provided to agencies.

 (ii) Establish a formal governance body to evaluate the introduction of new IT services as well as retiring of existing IT services.

 (iii) Establish metrics to monitor the health of the services OA/OIT provides to customer agencies and make appropriate corrections, as necessary.

§ 7a.193. Reporting and performance.

 (a) The Commonwealth Chief Information Officer (CIO) is responsible for final approval of the appointment of information technology (IT) management personnel that report directly to the Commonwealth CIO.

 (b) The performance reviews of all IT senior management personnel shall be conducted by the Commonwealth CIO. The Commonwealth CIO may consult an agency head at the CIO's discretion.

§ 7a.194. Implementation.

 All Commonwealth agencies under the Governor's jurisdiction and independent agencies that have entered into an agreement for the Governor's Office of Administration, Office for Information Technology to provide information technology services shall take all steps necessary to implement this subchapter. All other independent agencies also are strongly encouraged to implement this subchapter.

§ 7a.195. General provisions.

 This subchapter shall be implemented consistent with applicable law. This subchapter is not intended to, and does not create, any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the Commonwealth, its departments, agencies or entities, its officers, employees or agents, or any other person.

§ 7a.196. Effective date.

 This subchapter, as amended, shall take effect immediately and shall remain in effect unless further amended or rescinded by the Governor.

[Pa.B. Doc. No. 20-1604. Filed for public inspection November 20, 2020, 9:00 a.m.]

No part of the information on this site may be reproduced for profit or sold for profit.

This material has been drawn directly from the official Pennsylvania Bulletin full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.