DEPARTMENT OF THE ARMY USAWC & CARLISLE BARRACKS CARLISLE, PA 17013 CBks Regulation No. 25-4
29 April 2008
Information Management INFORMATION TECHNOLOGY PROCUREMENT AND TECHNOLOGY REQUEST 1. Purpose. To establish policy and assign responsibility for governance of information management (IM), information technology (IT) engineering and resources for the U.S. Army War College (USAWC) and Carlisle Barracks (CBks). 2. References. a. AR 25-1, Army Information Management & Information Technology, 15 July 2005. b. TRADOC Regulation 25-1, Information Management: Automation, 16 September 2006. c. CBks Pam 10-1 Administrative Policies and Procedures For Students, Faculty and Staff, 17 Jul 07, and Change 1, 18 October 2007. d. Clinger-Cohen Act of 1996 (also known as the Information Technology Management Reform Act). 3. Scope. This policy is applicable to all organizations throughout CBks including tenant activities. It applies to all IT procurements for systems, equipment, and services relating to automation, telecommunication, printing, records management, and visual information. The scope of Chief Information Officer (CIO) and the Directorate of Information Management (DOIM) responsibilities and management processes are delineated throughout this regulation. Section 5002 of the Clinger-Cohen Act establishes a definition of information technology. a. The Section 5002 definition of information technology is as follows: “(a) The term “information technology”, with respect to an executive agency means any equipment or interconnected system or subsystem of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is ______________________________________________________________________ This regulation supersedes CBks Regulation 25-4, dated 10 January 2002.
used by a contractor under a contract with the executive agency which (i) requires the use of such equipment, or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. (b) The term “information technology” includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.” b. In addition to the above requirements as defined by Clinger-Cohen, for CBks, IT also includes any collection of hardware and software, firmware, products, procedures or other items used to collect, process, store, transmit, display, and disseminate information. It includes all IT service contracts. It does not apply to general supply/support items (i.e., computer and printer cartridges, manuals) costing less than $100 unless they can store data. Also, it is not required for online or electronically delivered publications such as a membership to a web site or a data base. 4. Policy. a. The Clinger-Cohen Act of 1996 was designed to improve the way the Federal government acquires and manages IT. The Clinger-Cohen Act of 1996 established the role of CIOs in the government and empowers the CIO with the ability to make wise use of taxpayer dollars when making investments in IT systems and programs. b. Per CBks Pam 10-1, the CIO reports to the Commandant. The Commandant has directed the Chief Information Officer (CIO) to provide management and oversight of USAWC and CBks information technology. c. Per CBks Pam 10-1, the DOIM reports to the Garrison Commander. The Garrison Commander has directed the DOIM to provide management and oversight of USAWC and CBks configuration, architecture and implementation. d. All USAWC and CBKs IT procurements must follow the CIO/DOIM Information Technology Request (ITR) Approval Process Flowchart (Appendix A). Also, the CIO/DOIM ITR (Appendix B) is required to process the procurement. The CIO and/or DOIM will not provide after-the-fact authentications. e. Organizations will submit an electronic copy of the CIO/DOIM ITR (Appendix B), along with all required procurement documentation, to the DOIM Service Desk. The ITR is located on the CBks Portal at http://cbnet/orgs/DOIM/servicedesk/itr.cfm. (1) The DOIM Service Desk will process the ITR; if more information is required, they will contact the ITR POC. The ITR will then be forwarded to the Change Manager. 1 Day to process. (2) The Change Manager will determine the required DOIM departments that need to review this request and forward to the appropriate departments. The Change
2 CBks Regulation 25-4 * 29 April 2008
Manager will also generate an e-mail to the ITR POC stating the ITR was received and is being processed. 1 to 14 Days. (3) Upon review by appropriate evaluators, the request will be forwarded to the DOIM Director for review. The DOIM Director will determine if the request is approved, not approved or if it must be reviewed by the Change Control Board (CCB). The DOIM will also generate an e-mail to the ITR POC stating the route the ITR is taking. 2 Days. (4) If the request is forwarded to the CCB, it will be reviewed at the next scheduled CCB meeting. The CCB Chair will update the Change Manager on the status. The Change Manager will generate an e-mail to the ITR POC stating the route the ITR is taking. 1 to 14 Days. (5) When the request is approved by the DOIM Director it will be forwarded to the CIO ITR Coordinator. 1 day. (6) The CIO ITR Coordinator will determine the required CIO departments that need to review this request and forward to the appropriate departments. 1 day. (7) The CIO ITR Coordinator will determine any additional required documentation that is required. The CIO ITR Coordinator with provide a list of documents that the customer and/or CIO has to fill out and submit. Upon completion of all required documentation the CIO ITR Coordinator will generate an e-mail to the ITR POC stating the route the ITR is taking. 1 day. (8) Additional documentation that maybe required is as follows: (a) Statement of Work (SOW)
1 to 30 days.
(b) Independent Government Cost Estimate (IGCE)
(c) Sole Source Justification Memo
3 to 5 days.
(d) Management Decision Document
1 to 30 days.
(e) Secretary of the Army Form
1 to 30 days.
(f) Vice Chief of Staff of the Army Form
1 to 30 days.
(g) Army Small Computer Program (ASCP) Waiver
1 to 3 days.
3 to 5 days.
(i) Mini J&A Form
(j) TRADOC RAD
3 CBks Regulation 25-4 * 29 April 2008
(k) CIO/G-6 Goal 1 Waiver
(l) IMCOM Approval
1 to 30 days.
(m) Purchase Card Worksheet
(n) Networthiness Certification
(9) Upon review by appropriate CIO departments, the request will be forwarded to the CIO Director for review. The CIO Director will determine if the request is approved or denied. The CIO will generate an e-mail to the ITR POC stating the route the ITR is taking. When the request is approved, an electronic Authorization Letter with an electronic signature will be sent to the ITR POC and posted to the Portal. 2 days. 5. Responsibilities. a. Installation Organizations: (1) Organizations shall be responsible for initiating the ITR process by completing and submitting all required documentation as shown in the ITR Purchasing Approval Process Flowchart (Appendix A). (2) Organizations submitting a procurement through PRweb will include a completed CIO/DOIM ITR and CIO Authorization Letter. PRweb is not part of this regulation. (3) Organizations using government purchase cards to purchase IT items will attach the CIO Authentication Letter to their purchase card worksheet (CBks Form 742RE). b. Directorate of Information Management. (1) Provide technical analysis of IT procurements to ensure compliance with the installation technical architecture and configuration through the ITR Process. (2) Return disapproved/rejected IT procurements to the ITR POC with justification for the denied ITR. (3) Forward approved/authenticated ITR to the CIO. (4) Maintain internal controls to ensure compliance with this policy. c. Chief Information Office. (1) Provide technical analysis of IT procurements to ensure compliance with the USAWC technical architecture and configuration through the ITR Process.
4 CBks Regulation 25-4 * 29 April 2008
(2) Return disapproved/rejected IT procurements to the requestor with justification for the denied procurement. (3) Provide the requestor an electronically signed copy of the approved Authentication Letter. (4) Upload to the portal the approved authenticated letter automatically notifying Directorate of Contracting or Directorate of Resource Management the approval of the ITR. (5) Maintain internal controls to ensure compliance with this policy. d. Directorate of Contracting. (1) Maintain internal controls to ensure compliance with this policy. (2) Notify CIO if IT procurement requests are received without CIO/DOIM ITR or CIO Authentication Letter. (3) Institute corrective actions against any organization not complying with this policy. 6. Duration. This policy remains in effect until superseded or rescinded. It supersedes any previously granted â€˜blanketâ€™ authority to procure IT items via government purchase card or any other means without a CIO/DOIM authentication.
Proponent for this regulation is the Chief Information Office
FOR THE COMMANDING GENERAL:
//signed// THOMAS G. TORRANCE Colonel, FA Deputy Commandant
DISTRIBUTION: U1 (electronic)
5 CBks Regulation 25-4 * 29 April 2008
Appendix A Information Technology Request
A-1 CBks Regulation 25-4 * 29 April 2008
Carlisle Barracks Information Technology Request (ITR) FOR: DOIM (Change Manager) Submitted to Service Desk 1. Project Information Date:
Title: POC: Phone Number: Organization: Requestor Office of Principal Responsibility Office of Coordination Responsibility
2. Project Description
3. Justification/ Benefit
4. How does this project match your organization strategic plan?
5. Consequences if not implemented
6. Implementation Timeline Required Start Date: Required Completion Date:
B-1 CBks Regulation 25-4 * 29 April 2008
7. Is funding available? If yes, what is the funding source?
7a. Was a UFR submitted?
7b. Is this project executable this FY?
7c. Investment Resource Requirements: What is the purchase price for this system (if known)?
7d. Sustainment Resource Requirements: What are the recurring costs and at what frequency?
8. How will this system be used? (Will it be networked or standalone, student usage, staff/faculty usage)?
9. Information Assurance Coordination: Has a System Security Authorization Agreement (SSAA) been accepted by the Designated Approval Authority (DAA)?
10. What are the hardware and software requirements (if known)?
B-2 CBks Regulation 25-4 * 29 April 2008