Pennsylvania Code
Pennsylvania Code & Bulletin
COMMONWEALTH OF PENNSYLVANIA

• No statutes or acts will be found at this website.

The Pennsylvania Code website reflects the Pennsylvania Code changes effective through 54 Pa.B. 1032 (February 24, 2024).

4 Pa. Code § 7a.192. Responsibilities.

§ 7a.192. Responsibilities.

 The Governor’s Office of Administration, Office for Information Technology (OA/OIT) shall be responsible for the following:

   (1)  Governance and strategic planning. OA/OIT shall:

     (i)   Develop annual information technology (IT) strategic plans for Commonwealth agencies under the Governor’s jurisdiction (Enterprise) that include IT priorities; coordination and monitoring of resource use and expenditures; performance review measures; and procurement and other governance and planning measures.

     (ii)   Review and approve individual agency IT strategic plans.

     (iii)   Consult with the Governor’s Office of the Budget on budgetary matters related to IT planning, cost recovery of augmented shared services and procurement advice.

     (iv)   Create governance structures to facilitate decision-making regarding the management and operation of IT services under this subchapter.

   (2)  Portfolio and project management, business process review. OA/OIT shall:

     (i)   Establish and maintain an IT portfolio management process for overall monitoring of program objectives and alignment with Enterprise IT priorities, budgets and expenditures.

     (ii)   Identify common IT business functions within agencies, make recommendations for consolidation, convergence, integration and investment, and facilitate the use of common technology, as appropriate.

     (iii)   Expand Enterprise and agency use of project management methodologies and principles on IT projects, including measures to review project delivery and quality.

     (iv)   Ensure agency compliance with required business process reviews for agency or Enterprise IT projects.

   (3)  IT procurement and contract management. OA/OIT shall:

     (i)   Be consulted by the central procurement organization within the Department of General Services and:

       (A)   Assist with or lead the procurement of IT hardware, software and services for the Enterprise and the agencies.

       (B)   Assist with or oversee the resolution of Enterprise IT contract issues.

       (C)   Oversee or serve as a liaison for contract monitoring and compliance.

       (D)   Serve as a liaison between agencies and contracted IT vendors, where appropriate.

       (E)   Align the appropriate technology and procurement methods with the OA/OIT service strategy.

     (ii)   In consultation with the Office of General Counsel, advise on Enterprise IT contract issues, contract negotiations, contract terms and conditions, privacy, performance monitoring, compliance and other legal matters.

   (4)  IT enterprise architecture, standards and policy. OA/OIT shall:

     (i)   Establish an Enterprise IT architecture framework that governs IT investments. The IT architecture framework should include:

       (A)   The development of standards, policies, processes and strategic technology roadmaps.

       (B)   The performance of technical reviews and capability assessments of services, technologies and agency systems.

       (C)   The evaluation of requests for IT policy exceptions.

     (ii)   Develop and implement Enterprise-wide efforts to standardize data elements and determine data ownership assignments.

     (iii)   Develop and maintain a comprehensive Enterprise IT inventory.

     (iv)   Monitor agencies’ compliance with IT policy and standards through an architectural review process.

   (5)  IT security management. OA/OIT shall:

     (i)   Maintain and strengthen the Commonwealth’s cyber security posture through security governance.

     (ii)   Develop Enterprise security solutions, services and programs to protect data and infrastructure.

     (iii)   Identify and remediate security risks and maintain citizen trust in securing their personal information.

     (iv)   Implement Enterprise programs, processes and solutions to maintain cyber security situational awareness and effectively respond to cyber security attacks and IT security incidents.

     (v)   Foster an Enterprise culture of situational and risk awareness.

     (vi)   Conduct evaluations and compliance audits of Enterprise and agency security infrastructure.

   (6)  IT shared services. OA/OIT shall:

     (i)   Recommend and consult with relevant executive agencies regarding IT services including infrastructure, personnel, investments, operations and support services.

     (ii)   Establish and facilitate a process for the identification, evaluation and optimization of IT shared services in consultation with the Governor’s Budget Office.

     (iii)   Establish, maintain and communicate service level objectives for shared services.

   (7)  Telecommunications governance. OA/OIT shall:

     (i)   Establish a process for the development and implementation of Enterprise telecommunications policy, services, infrastructure, and for reviewing and authorizing agency requests for enhanced services.

     (ii)   Identify opportunities for convergence and for leveraging existing assets to reduce or eliminate duplicative telecommunication networks.

   (8)  IT service management. OA/OIT shall:

     (i)   Establish and maintain an IT service management process library within OA/OIT to govern the services provided to agencies.

     (ii)   Establish a formal governance body to evaluate the introduction of new IT services as well as retiring of existing IT services.

     (iii)   Establish metrics to monitor the health of the services OA/OIT provides to customer agencies and make appropriate corrections, as necessary.


No part of the information on this site may be reproduced for profit or sold for profit.


This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.