Resources » Governance » IT Executive Council » ITEC Policies & Standards

ITEC-2410-P - IT Project Oversight

1.0 TITLE: Oversight of Information Technology Projects

1.1 EFFECTIVE DATE: 12/19/2023

1.2 TYPE OF ACTION: Update

2.0 PURPOSE: To establish a policy for the external independent oversight of information technology projects.

3.0 ORGANIZATIONS AFFECTED: State agencies as defined by K.S.A. 75-7201.

4.0 REFERENCES:

4.1 Kansas Statutes:

4.1.1 K.S.A. 75-7201 defines a ‘State agency’.

4.1.2 K.S.A. 75-7203 authorizes the Information Technology Executive Council (ITEC) to adopt information resource policies and procedures and provide direction and coordination for the application of the state's information technology resources for all state agencies.

4.1.3 K.S.A. 75-7211 directs the Branch Chief Information Technology Officer (CITO), under the direction of the Joint Committee on Information Technology (JCIT), to monitor state agency execution of reported information technology projects for their respective branch.

4.2 ITEC Policies:

4.2.1 3000-P defines policy, standard, and guidelines.

4.2.2 2400-S outlines the project plan approval and project status reporting procedures

4.2.3 2410-S outlines the project oversight process for all projects with a cost of more than $10 million.

5.0 DEFINITIONS:

5.1 Information technology (IT) project – An information technology effort by a state agency of defined and limited duration which implements, effects a change in, or presents a risk to, processes, services, security, systems, records, data, human resources, or architecture. (K.S.A. 75-7201(b)).

5.2 Project - means a planned series of events or activities that is intended to accomplish a specified outcome in a specified time period, under consistent management direction within a state agency or shared among two or more state agencies, and that has an identifiable budget for anticipated expenses.

5.3 CITO - Refers to the Executive, Legislative or Judicial Branch Chief Information Technology Officer, with duties as defined in K. S. A. 75-7205.

5.4 ITEC - refers to the Information Technology Executive Council, duties defined in K.S.A.
75-7202.

5.5 JCIT refers to the Kansas Legislature’s Joint Committee on Information Technology.

5.6 IV&V - Refers to Independent Verification and Validation which is a service performed by an independent third party that ensures the products developed and processes employed by the IT project meet specified requirements (business, technical, architectural, design), employs best practices, adheres to industry and state standards, and is being managed and controlled according to the approved baselined project plans. Additionally, IV&V will facilitate early detection and correction of errors, enhance insight into risks, provide findings and recommendations to ensure compliance with project scope, schedule, and budget requirements. Essentially, the IV&V vendor provides a status on the health of the IT project on a periodic basis. Verification and validation are used as defined in the current Project Management Body of Knowledge Guide (PMBOK).

6.0 POLICY:

6.1 A state agency is required to procure an external IV&V provider for IT projects that meet or exceed the cost threshold of $10 million. The branch CITO, in consultation with the agency head, has authority to exempt or recommend IV&V for any project as outlined in ITEC-2400-S.The respective branch CITO must report such exceptions to JCIT at the next scheduled meeting.

6.2 State agencies are required to adhere to the following State of Kansas IV&V requirements when procuring and utilizing an IV&V vendor:

6.2.1 The IV&V specifications and contracts must receive branch CITO approval and must include vendor requirements as detailed in ITEC-2400-S prior to RFP posting and contract award.

6.2.2 Agencies and IV&V vendors will follow the IV&V process as outlined in ITEC-2400-S during contract execution.

6.2.3 All IV&V assessments will be submitted directly and simultaneously to the project sponsor, branch CITO, KITO, agency head, and project manager.

6.2.4 It is the responsibility of the agency head to ensure that their agency complies with all appropriate requests from the IV&V provider.

7.0 RESPONSIBILITIES:

7.1 Heads of entities are responsible for establishing procedures for their organization's compliance with the requirements of this policy.

7.2 The CITO, Executive Branch, is responsible for the maintenance of this policy.

8.0 CANCELLATION: All previous versions of this policy.

9.0 HISTORY: Policy was enacted as ITEC Policy 2510 on October 14, 1999, and updated on July 15, 2010.