OPM Congressional Budget Justification and Annual Performance Plan

U.S. Office of Personnel Management

FY 2000
Budget Justification/Performance Plan

(Last page for Administrative Services - OCIO information)

Additional Information Available on the Next Page

OCIO GOAL 6: FY 1999/2000	OPM’s information security program provides adequate computer security commensurate with the risk and magnitude of harm that could result from loss or compromise of mission-critical IT systems.

		Conduct internal and external evaluations of OPM’s information security program to include engaging assistance from experts, e.g., National Security Agency, to review OPM’s security capabilities and implement appropriate recommendations to improve information security.
		Ensure that OPM staff receive appropriate computer security training.
		Oversee the implementation and testing of OPM disaster recovery/continuity of operation plans for OPM’s general support system and major financial, benefits, and workforce information application systems.

		Few security problems are identified during internal and external evaluations and those that are identified are not material weaknesses and are rectified promptly. During FY 1998, no computer security incidents were reported to OCIO.
		A tested disaster recovery capability is in place for OPM’s general support and major financial, benefits, and workforce information application systems. During FY 1998, OPM successfully tested a disaster recovery plan for its mainframe data center and renegotiated disaster recovery hot site support for FY 1999. During FY 1999, OPM will continue to test disaster recovery procedures for its mainframe systems and will develop and test disaster recovery procedures for its nationwide local area network and wide area network systems.
		Staff are trained, as necessary, based on assessment of needs. During FY 1998, OCIO began revising its Computer Security and IT Resource Use policies and reviewing its computer security training. During FY 1999, OCIO will reissue computer security and IT Resource Use policies and implement new computer security training.

VERIFICATION AND VALIDATION

Verification and validation mechanisms that are or will be in place for OCIO’s FY 2000 performance measures include:

OCIO will use accepted qualitative analysis techniques to assess customer feedback and satisfaction for HRTC related projects and OPM system development activities.

OCIO will use accepted accounting methods and procedures to evaluate net present value, return on investment, and cost/benefit analyses for IT systems.

OCIO will use accepted project management and tracking software to monitor project schedules, earned value milestones, budgets, and accomplishments for IT systems.

OCIO will use the Software Engineering Institute’s Capability Maturity Model standard to assess OPM’s system development practices.

OCIO will use OIG/GAO and other independent organization’s reviews of OPM’s IT initiatives to assess performance.

OCIO will use the services of independent verification and validation contractors to assess significant IT initiatives.

Additional Information Available on the Next Page

To Administrative Services Index

To Budget Web Pages Home Page

To OPM Web Site Index

To OPM Home Page

Web Page Created 14 May 1999