Chapter 4 – Information Technology

It is the policy of the California Department of Corrections and Rehabilitation (CDCRCalifornia Department of Corrections and Rehabilitation or the department) that all information system proposals shall receive departmental and, as required, California Department of Technology (CDT) approval before project development can proceed.

The purpose of this policy is to ensure that the department is in compliance with all CDT requirements. The ultimate authority for approval of Information Technology (ITInformation Technology) projects lies with the CDT, but it is the intention of the director of CDT to delegate such approval authority selectively, to the maximum extent practicable, to the department director. Refer to State Administrative Manual (SAMState Administrative Manual), section 4819.34, for the factors considered by CDT in determining whether a project can be delegated.

All project proposals in the department requiring technology must collaborate with Enterprise Information Services (EISEnterprise Information Services (formerly Information Services Division)) to determine if the project’s classification is for maintenance and operations, an ITInformation Technology project, or a service request.

The Project Approval Lifecycle (PALParolee-At-Large) is a process that will be used by the department to manage and assess the full implications of any project proposals. The PALParolee-At-Large is a means of linking ITInformation Technology projects to the department’s strategic business and ITInformation Technology plans. The PALParolee-At-Large is divided into the following four stages which include the following types of analysis: Stage1 business analysis, Stage 2 alternatives analysis, Stage 3 procurement analysis and Stage 4 solution analysis. Refer to the CDT Reportable Project Decision Tree Reference Guide. Per the guidelines outlined in SAMState Administrative Manual, section 4928, the PALParolee-At-Large Stage/Gate deliverables, here and after referred to as “deliverables”, must provide an accurate summary of the results from all four stages of PALParolee-At-Large. The deliverables include a complete summary of the four stages of a proposed project to establish the business case for investment of state resources by setting out the reasons for undertaking the project and analyzing its costs and benefits.

PALParolee-At-Large deliverables must be submitted to CDT, the Office of Legislation (OOLOffice Of Legislation) Analyst, and to the Department of Finance’s Information Technology Consulting Unit for review. CDT publishes detailed instructions and guidelines for preparing deliverables, which are available in the Statewide Information Management Manual (SIMM), section 19. The deliverables must use the format specified by CDT and signed by the Chief Information Officer (CIO) or their designee. The department must maintain documentation of each analysis to ensure that project participants, management, and the CDT personnel can resolve any questions about the intent, justification, nature, and scope of the project.

If during the PALParolee-At-Large process the technology solution incorporates or utilizes Generative Intelligence (GenAI), per SIMM section 5305-F, the project team is required to complete the GenAI risk assessment.

In coordination with the EISEnterprise Information Services (formerly Information Services Division), ITInformation Technology Portfolio Management Office (PMO), the Internal Project Approval Lifecycle should be developed as outlined in this article.

If funding for a project is already available, approval is still necessary, and is discussed in this article.

• Early each calendar year, the Budget Management Branch (BMBBudget Management Branch) shall distribute a memorandum to CDCRCalifornia Department of Corrections and Rehabilitation Executive Staff, Wardens, and Regional Parole Administrators (RPAs) detailing the Budget Concept Statement (BCSBudget Concept Statement) request process for the fiscal year beginning approximately 18 months later. This memorandum shall include a timeline containing significant deadlines which shall be met in order for a request to proceed through the approval process.

• The designated EISEnterprise Information Services (formerly Information Services Division) section or team shall utilize the BCSBudget Concept Statement format when presenting an ITInformation Technology proposal to executives. The purpose of this format is to provide sufficient information to departmental executive staff to allow for a determination of whether the proposal warrants further development as a Budget Change Proposal (BCPBudget Change Proposal). BCPs are discussed in Department Operations Manual (DOMDepartment Operations Manual), Chapter 2, Article 1, section 21010.6 and SAMState Administrative Manual, section 6120.

• Refer to the annual budget instruction bulletin from the BMBBudget Management Branch, which the BMBBudget Management Branch emails all staff each year, when completing the BCSBudget Concept Statement and note that the format shall not exceed two pages in length including any supporting documentation. Requests out of compliance with the established format and instructions shall be returned to the requester without consideration.

The CDT assigns CDCRCalifornia Department of Corrections and Rehabilitation a minimum total Project Cost Delegation for reporting purposes (see SIMM, section 15). CDT delegates to the department the approval authority for any ITInformation Technology proposal with an estimated total development cost equal to or less than the department’s assigned Project Cost Delegation, provided the proposal does not meet any other CDT established reporting criteria defined in SAMState Administrative Manual, section 4819.37.

The CIO or designee shall be responsible for ensuring the contents of this article are kept current and accurate.

The IMAPInformation Management Annual Plan consists of three parts:

• Part A: Overview.

• Part B: Information Technology Activities.

• Part C: Exhibits and Supporting Documents.

Part A contains a brief description of the agency’s mission, its current problems and opportunities associated with information management, and its strategy and objectives for the use of information technology.

Part B provides an overview of current and proposed development projects and potential acquisition activities, with particular emphasis on those projects and activities that are relatively costly, require a BCPBudget Change Proposal, or meet any of the other special criteria described in SAMState Administrative Manual Section 4902.1.

Part C contains Documents that supplement the information in Parts A and B of the IMAPInformation Management Annual Plan by providing details about the agency’s organization of information management and its available resources.

The purpose of the IMAPInformation Management Annual Plan is to ensure that CDC is systematic in identifying and satisfying its information requirements and provides OITOffice of Information Technology and other control and oversight agencies with the basic facts those organizations require to carry out their responsibilities regarding the use of information technology in State government.

ISDInformation Services Division (see EIS) is responsible for assembling and maintaining the IMAPInformation Management Annual Plan. ISDInformation Services Division (see EIS) develops IMAPInformation Management Annual Plan – Part A and the support documents contained in Part C. Part B of the IMAPInformation Management Annual Plan consists of New Reportable Project Forms that are completed by the project teams involved in the information technology projects, and summaries of project status for any major projects.

SAMState Administrative Manual Section 4902.1 lists the criteria used to determine if a project is considered reportable. Reportable projects require completion of a New Reportable Project Form. This form is included in Section B of the IMAPInformation Management Annual Plan and provides OITOffice of Information Technology with information on the proposed project. OITOffice of Information Technology uses this information to determine whether approval authority for the project shall be delegated to CDC or if OITOffice of Information Technology shall retain the approval authority.

All proposed projects that do not meet the criteria in SAMState Administrative Manual Section 4902.1 are considered non-reportable projects. The costs of agency development or new acquisition projects, whether reportable or not, shall be included in the Agency Information Technology Costs spreadsheet included in Part C of the IMAPInformation Management Annual Plan.

A Reportable Project is defined as a planned development activity or the planned acquisition of a new or enhanced information technology capability (as defined in SAMState Administrative Manual Section 4819.2) which meets one or more of the following criteria:

• The project involves total estimated development or acquisition costs that are greater than the cost threshold established for the agency (see DOMDepartment Operations Manual 43020.4.4.2 for further information on cost thresholds).

• The project involves a budget augmentation through submission of a BCPBudget Change Proposal or Budget Revision to increase the agency’s existing information technology activities.

• The project is a new system development or acquisition made in response to a legislative mandate or the project is subject to special legislative review as specified in budget control language or other legislation.

• The project involves direct public access by private sector organizations or individuals to State data bases .

• The project involves contracts for professional, managerial, or technical services (excluding services received through interagency agreements) totalling more than $25,000.

• The project involves acquisition of one or more personal computers, personal computer software, or related peripherals, and the agency does not have an approved Workroup Computing Policy (SAMState Administrative Manual Section 4989 et seq.).

• The project involves installation or expansion of wide area network data communication services other than those offered by the DGSDepartment of General Services, Division of Telecommunications, or a State consolidated data center as defined in SAMState Administrative Manual Section 4982.

• The project involves one or more of the following emerging technologies and more than $25,000 will be spent on acquisition of hardware or software required for the technology:

  • Document imaging.

  • Geographic information systems.

  • Computer aided systems engineering.

  • Expert systems/artificial intelligence.

CDC adheres strictly to State policy requiring that a feasibility study be conducted and a FSRFeasibility Study Reports be approved prior to the expenditure of resources on any information technology project. The only exception to this requirement is the justification and acquisition of personal computers and related commodities through use of the Workgroup Computing Justification Form (SAMState Administrative Manual Section 4991.1).

The term Information Technology Project is defined in DOMDepartment Operations Manual 41010.3, EDPElectronic Data Processing (see IT) Definitions.

The feasibility study shall be performed in conformance with the requirements of SAMState Administrative Manual Sections 4922 through 4927.

The FSRFeasibility Study Reports shall be prepared in accordance with SAMState Administrative Manual Sections 4928 through 4928.4.

The FSRFeasibility Study Reports shall be reviewed and approved in accordance with the general requirement of SAMState Administrative Manual Section 4819.3, State Information Management Authority and Responsibility, as well as the specific requirements of SAMState Administrative Manual Sections 4926 through 4926.5.

Refer to SAMState Administrative Manual and the handbook, “How To Conduct A Feasibility Study,” published by OITOffice of Information Technology, for specific guidelines for completing each step of the process.

The Feasibility Study represents the first opportunity within the project management sequence for State management to assess the full implications of a proposed information technology project. The purposes of the Feasibility Study are to:

• Determine whether a proposed project represents a justified expenditure of public resources in terms of whether it:

  • Is responsive to a clearly defined, program-related problem or opportunity.

  • Is the best of the possible alternatives.

  • Is within the technical and managerial capabilities of the agency.

  • Would provide benefits over the life of the application that exceed development and operations costs. Such benefits typically include reduced program costs, avoidance of future program cost increases, increased program revenues, or provision of program services that can be provided only through the use of information technology.

• Provide a means for achieving agreement between agency executive management, program management, and project management as to:

  • The nature, benefits, schedule, and costs of proposed project.

  • Their respective management responsibilities over the course of the project.

• Provide executive branch control agencies and the Legislature with sufficient information to assess the merits of the proposed project and determine the nature and extent of project oversight requirements.

In addition to the State policy and procedures which govern information technology projects, FSRs shall be developed and approved according to the following internal process. Once the FSRFeasibility Study Reports and/or CDC internal Project Summary Fact Sheet is completed and approved by the Division approving authority, it is submitted to:

• ISDInformation Services Division (see EIS), Project Initiation Unit (PIUProject Initiation Unit), for technical review and recommendation.

• MISManagement Information Systems-SU for inclusion on MISManagement Information Systems Committee agenda.

• MISManagement Information Systems Committee for final departmental approval.

• ISDInformation Services Division (see EIS)/PIUProject Initiation Unit for submission to OITOffice of Information Technology for review and approval if the project is reportable.

• ISDInformation Services Division (see EIS)/PIUProject Initiation Unit for preparation of certification statement (Certifications for Personal Computer systems approved through the Personal Computer Policy are prepared by the MISManagement Information Systems-SU).

• Chairperson, MISManagement Information Systems Committee, to sign certification.

• Deputy Director, ASDSee Division of Administrative Services (DAS) (see ASB), and Assistant Director, OOCOffice Of Compliance (see OACC), to sign certification.

OITOffice of Information Technology’s response to the Department regarding project approval/disapproval is sent directly to the Chief Deputy Director and then to ISDInformation Services Division (see EIS). Subsequently, ISDInformation Services Division (see EIS) shall update the project file and route copies to the project initiator(s) and to MISManagement Information Systems-SU.

The process differs slightly if a BCPBudget Change Proposal is required. In order to ensure that the FSRFeasibility Study Reports is developed and approved within the mandatory time frames, refer to DOMDepartment Operations Manual 43020.3.1.

In addition to a project file, ISDInformation Services Division (see EIS) (Systems Support) also monitors initial and subsequent equipment procurements to ensure they fall within the scope of the approved FSRFeasibility Study Reports or CDC Internal Summary Fact Sheet. Copies of all approved procurement documents shall be routed to the MISManagement Information Systems-SU.