Skip to main content

Problems viewing this page?    

2130.1 CIO GSA Information Technology (IT) Governance

Date: 11/26/2008
Status: Cancelled
Outdated on: 11/26/2018

This directive has been cancelled by GSA Instructional Letter CIO IL-14-01 dated February 19, 2014


                    Washington, DC 20405 

CIO 2130.1
November 26, 2008


SUBJECT:        GSA Information Technology (IT) Governance

1.  Purpose.  The purpose of this order to establish a broad IT governance framework within GSA.  IT governance specifies the decision rights and accountability framework to encourage desirable behavior in the use of IT.  GSA will use this framework to manage its overall IT portfolio.

2.  Background.  Historically, GSA has had separate governance structures and processes for IT management.  These governance structures were redundant, had overlapping responsibilities, and were inconsistent.  Furthermore, operational level governance actions were embedded in the Capital Planning and Investment Control and the Enterprise Architecture directives.  This order focuses solely on IT governance in a single document to provide clarity in IT decision making and accountability.

3.  Objectives.

 a.  Establish a streamlined enterprise-level IT governance structure in which organizational and position roles and responsibilities are clear.

 b.  Implement an IT governance process that is visible and performance based.

 c.  Establish a decision making process that is appropriate for enterprise-wide functions and that supports Services and Staff Office (SSO) level IT operations and management decisions as appropriate.

d.  Establish a governance process that supports the agency decision making processes for IT investments.

4.  Applicability.  This order applies to all GSA Service and Staff Offices (SSOs) including the Regional Offices.  This order applies to IT decision-making throughout GSA.

5.  IT Governance Guiding Principles.

 a.  Ensure IT decisions support business needs.

 b.  Ensure IT delivers best value.

 c.  Optimize IT investments.

 d.  Make risk-based IT decisions.

 e.  Manage and monitor strategic IT resources.

 f.  Learn from prior experience.

6.  Organizational Governance Roles and Responsibilities.

 a.  Business Systems Council (BSC). The BSC reviews, approves, and makes final decisions on matters related to the intersection of GSA’s strategy, business and technology.

      (1)  Membership: 

  •     Deputy Administrator
  •      Head of SSOs
  •      Three Regional Administrators

      (2)  Responsibilities.  The BSC responsibilities are to:

  • Approve the agency IT Strategic Plan;
  • Approve the agency IT Capital Plan;
  • Approve the agency enterprise architecture and segment architectures;
  • Establish IT-related business goals and objectives; and
  • Consult with the CIO on agency IT governance.

 b.  IT Executive Council (ITEC).  The ITEC reviews, makes decisions and recommendations on agency-wide technical issues and the strategic use of IT.  Strategic planning, IT portfolio management, and enterprise architecture guide the decision-making process.

      (1)  Membership

  • Chief Information Officer, Office of the Chief Information Officer
  • Chief Information Officer, Public Buildings Service
  • Chief Information Officer, Federal Acquisition Service
  • Director, Office of Information Management, Office of the Chief Human Capital Officer
  • Director, Office of Financial Management Systems, Office of the Chief Financial Officer
  • Director, Office of Acquisition Systems, Office of the Chief Acquisition Officer
  • Deputy Associate Administrator, Office of Technology Strategy and Policy, Office of Government-wide Policy
  • Deputy Associate Administrator, Office of Citizen Services and Communications

          (2)  Responsibilities.  The ITEC responsibilities are: 

  • Approve technical architecture;
  • Approve IT infrastructure and service level agreements;
  • Develop and oversee IT policy implementation;
  • Develop and oversee implementation of the IT Strategic Plan;
  • Develop and implement the IT Capital Plan, including control and evaluation activities. Recommend actions to the BSC;
  • Oversee enterprise architecture development and implementation; and
  • Oversee IT infrastructure strategic direction.

          (3)  Committees.  The ITEC sponsors, by charter, five standing committees for which it has oversight responsibility.  It may add or terminate committees or task forces based on specific needs or requirements.   

  • Portfolio Management Committee (PMC).  The PMC oversees the development and monitoring of the IT Capital Plan, also known as the IT investment portfolio.  The PMC provides input to the ITEC which in turn provides funding recommendations to the BSC.  The PMC monitors and makes corrective action recommendations on investment control issues to the ITEC.  The ITEC reviews evaluations and incorporates lessons learned into future capital planning and investment control activities.
  • Enterprise Infrastructure Committee (EIC).  The EIC oversees infrastructure service delivery performance, evaluates cost effectiveness of shared service solutions, and reviews effectiveness of the infrastructure service level agreements.  The EIC provides analysis and recommendations to the ITEC, which decides technical matters.  The ITEC and the BSC make decisions on issues that impact mission or core value operations.
  • Information Assurance Committee (IAC).  The IAC oversees the development and implementation of enterprise security policy.  The IAC makes recommendations on GSA’s IT security policy to the ITEC which makes final decisions.  The ITEC and the BSC make decisions on issues that impact mission or core operations.
  • Enterprise Applications Committee (EAC).  The EAC oversees enterprise-wide development and management of the agency’s enterprise and government-wide applications.  The ITEC decides technical matters.  The ITEC and the BSC make decisions on issues that impact mission or core value operations.
  • Enterprise Architecture Committee (EARC).  The EARC oversees the agency’s enterprise architecture including business architecture, solutions architecture, data architecture and technical architecture. The EARC and the ITEC decide technical issues.  The ITEC and the BSC make decisions on business issues that have impact to mission or core value operations.

     c.  Heads of SSOs.  Heads of SSOs are responsible for establishing and assuring internal IT governance and procedures that are synchronized with the enterprise level IT governance as described in this directive.  

7.  References.

 a.  The Clinger-Cohen Act of 1996 (Pub. L. 104-106, Division E).

 b.  OMB Circular A-11, Preparation, Submission and Execution of the Budget.

 c.  OMB Circular A-130, Management of Federal Information Resources.

 d.  E-Government Act of 2002

 e.  Paperwork Reduction Act of 1995

 f.  Federal Information Security Management Act – Title 3 of the E-GOV Act of 2002.

 g.  Government Performance and Results Act of 1993

 h.  Services Acquisition Reform Act of 2003

 i.  Chief Financial Officers Act of 1990. 

Chief Information Officer