Chapter 25 - Enterprise Architecture

8-25.1  INTRODUCTION

1. Purpose.  This chapter establishes the Indian Health Service (IHS) policies governing the responsibilities of the IHS Enterprise Architecture (EA) Program to ensure compliance with Federal law and mandates, Department of Health and Human Services (HHS) guidance, and strong managerial control required by IHS leadership in support of the IHS mission. This chapter is designed to operate in harmony with additional IHS policies as they relate to records and information management.
2. Background.  The IHS EA Program (EAP) enables the IHS and its Tribal and Urban Indian Organization (UIO) partners to understand the relationship between and among its business operations and the information systems and resources that enable those operations. Architectural information enables the IHS and its Tribal and UIO partners to achieve more effective strategic and capital planning and control over investments for information technology (IT) and related services. The IHS EAP supports the IHS in meeting Agency objectives by enhancing flexibility and interoperability across information systems, reducing redundancies and inefficiencies, and improving access to accurate, timely, and consistent information.

   The IHS EAP complies with EA standards adopted by the Federal government and collaborates with other pertinent government-wide initiatives. These standards may include the Federal Enterprise Architecture Framework and its successors and may also include Frameworks adopted by the IHS which offer additional customization and granularity when modifications better represent or describe the IHS. The IHS EAP is an agency-wide initiative that involves the active participation of all IHS Headquarters offices, Area Offices, and Service Units. The IHS EAP takes a “federated approach” to development and implementation of EA throughout the Agency, engaging all Agency efforts in the fulfillment of the IHS objectives, while enabling the IHS to meet its mission and objectives.

3. Scope.  This chapter applies to all IHS organizational components, including but not limited to the IHS Headquarters, Area Offices, Service Units, and others who are conducting business on behalf of and for the IHS and use the IHS IT and Health IT (HIT) resources. The policies contained in this chapter apply to all IHS IT and HIT activities, including the equipment, procedures, and technologies employed in managing these activities. The policy includes teleworking, travel, other off-site locations, and all IHS office locations. Agency officials will apply this chapter to contractor personnel, interns, externs, students, and other non-Government employees by incorporating such references in contracts or other arrangements as conditions for using Government-provided IT resources.
4. Authorities.
   1. The Government Performance and Results Actof 1993 (GPRA - 1993)
   2. The Federal Acquisition Streamlining Act of 1994, Title V (FASA V) (1994)
   3. The Paperwork Reduction Act of 1995 (PRA)
   4. The E-Government Act, Title III, Federal Information Security Management Act of 2002
   5. Office of Management and Budget (OMB) Memorandum M-15-14, "Management and Oversight of Federal Information Technology"
   6. Federal Information Technology Acquisition Reform Act, Title VIII, Subtitle D of the National Defense Authorization Act (NDAA) for Fiscal Year 2015, P. L. No. 113-291 and contributing prior acts such as the Clinger-Cohen Act of 1996 (also known as Division D and Division E of the 1996 National Defense Authorization Act (NDAA)) and the E-Government Act of 2002
   7. HHS-OCIO Policy 2008-003.001, “Policy for Enterprise Architecture,” August 7, 2008
   8. The Indian Health Service:
      1. IHS Administrative Delegation of Authority #54, “Operating Division Chief Information Officer (CIO) Delegation of Authority, FY 2017,” from the Deputy Assistant Secretary for Information Technology and CIO, Office of the Assistant Secretary for Administration, HHS, dated March 3, 2017
      2. IHM, Part 5, Chapter 15, Records Management Program
      3. Indian Health Manual (IHM), Part 8, Chapter 1, “Chief Information Officer,” Section 8-1.1F (3)e “Business Improvement Process”
   9. International Organization for Standard (2016). Information and documentation – Records management (ISO Standard No. 15489-1)
   10. Federal Records Act of 1950, as amended, 44 United States Code (U.S.C.) Chapter 29, § 2904
   11. Federal Records Act of 1950, as amended, 44 U.S.C. Chapter 31, §§ 3101-3102
   12. Federal Records Act of 1950, as amended, 44 U.S.C. Chapter 31, § 3105
   13. 44 USC § 3301, Federal Records Act
   14. Records Management and Preservation Considerations for Designing and Implementing Electronic Information Systems, 36 C.F.R. § 1236.10; § 1236.12; § 1236.14 (2009)
   15. OMB Circular A-130, Management of Federal Information Resources
   16. National Archives and Records Administration Criteria for Successfully Managing Permanent Electronic Records, (2018)
   17. OMB Memorandum M-18-12, “Modernizing Government Technology Act”

8-25.2  POLICY

It is the IHS policy that all IT and HIT systems used in the IHS:
1. Adhere to compliance with the IHS IT policies, standards, and processes that support the IHS EA;
2. Are accurately documented in the IHS EA repository (Information about the IHS EA Repository can be found on the IHS EA Website);
3. Are covered by a valid waiver for use prior to operation if out of compliance;
4. Integrate records management controls and records retention into existing and new IHS IT and HIT systems, whether custom-developed, commercial-off-the-shelf, or cloud computing before final approval and implementation (Information about the IHS records management controls can be found on the IHS Records Management Website);
5. Manage all IT in compliance with applicable laws, regulations, policies, and standards through the use of internal controls;
6. Ensure the integrity, confidentiality, and availability of data as Information Assets within IT; and
7. Protect the IHS data as information assets against internal and external threats.

8-25.3  DEFINITIONS

1. Architecture. The structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time.
2. Business Architecture. A blueprint of the enterprise that provides a common understanding of the organization and is used to align strategic objectives and tactical demands.
3. Biomedical Systems. Biomedical equipment or clinical engineering equipment as defined in IHM Part 5, Chapter 14, "Clinical Engineering Program," is equipment that interfaces with clinical programs (e.g., medical, pharmacy, dental, radiology/imaging, lab, etc.); IT and HIT systems.
4. Capital Planning. A discipline used by management to reduce the risk and increase the return associated with making investments of capital assets.
5. Capital Assets. Land, structures, equipment (including motor and aircraft fleets), and intellectual property (including software), which are used by the Federal Government and that have an estimated useful life of two years or more. Capital assets exclude items acquired for resale in the ordinary course of operations or held for the purpose of physical consumption such as operating materials and supplies. The cost of a capital asset is its full life-cycle costs, including all direct and indirect costs for planning, procurement (purchase price and all other costs incurred to bring it to a form and location suitable for its intended use), operations and maintenance (including service contracts), and disposal.
6. Change Request. A proposal to alter a product or system, often brought up by the client or another team member.
7. Electronic Information. Recorded information in electronic form (requiring computer technology to retrieve or access) digital content. This definition includes both the content of the information and associated metadata.
8. Enterprise Architecture. An explicit description and documentation of the current and desired relationships among business and management processes and information technology. The EA includes principles, an architecture framework, a technical standards profile, current and target architectures, and a transition strategy to move from the current to target architecture.
9. Federal Record. In general, the term “records” includes all recorded information, regardless of form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the United States Government or because of the informational value of data in them; and does not include:
   1. Library and museum material made or acquired and preserved solely for reference or exhibition purposes; or
   2. Duplicate copies of records preserved only for convenience.
10. Hardware. The collection of physical elements that constitutes a computer system. Computer hardware is the physical parts or components of a computer, such as the monitor, keyboard, computer data storage, hard disk drive, graphics cards, sound cards, Random Access Memory, motherboard, and so on, all of which are tangible physical objects. By contrast, software (see definition below) consists of instructions that can be stored and run by hardware.
11. Health Information Technology. The use of computer hardware and software to privately and securely store, retrieve, and share patient health and medical information. When expressed more generally, HIT is a broad concept that encompasses an array of technologies to store, share, and analyze health information.
12. Information Asset. Recorded information and data that has business value for the IHS and must be managed throughout its lifecycle.
13. Information Technology. Per OMB Memorandum M-15-14, Management and Oversight of Federal Information Technology, dated June 10, 2015, "Information technology" includes:
    1. Any services or equipment, or interconnected system(s) or subsystem(s) of equipment, that are used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency; where
    2. Such services or equipment are 'used by an agency' if used by the agency directly or if used by a contractor under a contract with the agency that requires either use of the services or equipment or requires use of the services or equipment to a significant extent in the performance of a service or the furnishing of a product.
    3. The term "information technology" includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including provisioned services such as cloud computing and support services that support any point of the lifecycle of the equipment or service), and related resources.
    4. The term "information technology" does not include any equipment that is acquired by a contractor incidental to a contract that does not require use of the equipment.
    For IHS purposes, the term "information technology" specifically includes the IHS network and devices connected to it, servers, computers, ancillary equipment including biomedical and networked laboratory equipment, software, firmware and similar procedures, services (including support services), and related resources.
14. Information Technology EA. An integrated framework for evolving or maintaining existing IT and acquiring new IT to achieve strategic and information resource management goals.
15. Information Technology Management. The process of managing information resources to accomplish the Agency's mission and to improve Agency performance, including the reduction of information-collection burdens on the public.
16. Information Technology Resources. Per OMB Memorandum M-15-14, Management and Oversight of Federal Information Technology, dated June 10, 2015, "Information technology resources" includes all:
    1. Agency budgetary resources, personnel, equipment, facilities, or services that are primarily used in the management, operation, acquisition, disposition, and transformation, or other activity related to the lifecycle of information technology;
    2. Acquisitions or interagency agreements that include information technology and the services or equipment provided by such acquisitions or interagency agreements; but
    3. Does not include grants to third parties which establish or support IT not operated directly by the Federal Government.
17. National Archives and Records Administration. An independent Federal agency possessing primary responsibility for managing the records of all three branches of the United States Federal government, for providing guidance to Federal agencies on records management policies and practices, for authorizing the disposition of Federal records, for storing Federal records, and for preserving records of permanent historical value to the United States in both Federal archives and presidential libraries.
18. Recorded Information. Includes all traditional forms of records, regardless of physical form or characteristics, including information created, manipulated, communicated, or stored in digital or electronic form.
19. Reference Architecture. A graphically represented, high-level system overview that is intentionally free of implementation details. It generally includes high level descriptions of the system components, a definition of relationships between components, definitions of relationships between system components and elements external to the system, and identification of performance drivers and capacity requirements. Where applicable, a Reference Architecture also provides high-level definitions of key data sources, data stores produced, and interfaces between the system components.
20. Technical Reference Model. Identifies and describes the technical services used throughout the Agency. The Technical Reference Model (TRM) is a high-level view of the IHS, Tribal, and Urban Indian Organization service areas and how they are related to the general technology layers. It describes the inter-relationship between the services and the user environment, applications, integration, data, and common infrastructure. The TRM is also used for communicating technology component elements such as policies, standards, and product recommendations.
21. Strategic Planning. Long-term planning (spanning the present through five years and beyond) that integrates organizational IT requirements and the projected activities over the planning period.
22. Software. Computer software, or simply software, is part of a computer system that consists of encoded information or computer instructions, in contrast to the physical hardware from which the system is built. The term is roughly synonymous with computer program.
23. Standards. Prescribed or preferred technology, design, data, and process elements that conform to architectural principles.

8-25.4  RESPONSIBILITIES

1. Chief Information Officer. The Chief Information Officer (CIO) EA responsibilities can be found in the IHM, Part 8, Chapter 1, “Chief Information Officer,” Section 8-1.1F (3) e, “Business Improvement Process,” which includes:
   1. Developing the IHS EA;
   2. Establishing Agency IT policies, standards, and processes that implement and support the EA; and
   3. Defining the current IT environment and providing strategies for closing the gap between the current and the targeted environment as defined in the IHS EA.
2. Chief Enterprise Architect. The IHS Chief Enterprise Architect (CEA) manages the IHS EA program under authority delegated from the IHS CIO. The IHS CEA establishes, plans, and directs the IHS EA Program and oversees the construction, verification, and adoption of the EA. The IHS CEA is supported by program and technical advisors through the IHS EA Program. The IHS CEA (or designee) is the IHS representative on EA-related issues to inter-governmental and intra-agency advisory bodies and forums.
   
   

   The IHS CEA is responsible for:

   1. Developing, disseminating, and ensuring compliance with the IHS EA policy, processes, and procedures as foundational principles and practices for business and information system development throughout the IHS;
   2. Developing the agency-wide EA Program, managing the IHS EA Program resources, and establishing operational and technical capabilities within an IHS EA Program;
   3. Developing and ensuring transition strategies and schedules from current to target architectural goals/views;
   4. Developing and promulgating architectural standards;
   5. Providing updated architectural standards for use:
      1. When procurement requests are developed;
      2. When IT Policy is developed; and
      3. When IT program managers and business personnel request guidance for use when advising development efforts of options to mitigate problems;
   6. Ensuring implementation of the EA within the Capital Planning and Investment Control processes and System Development Life Cycle standards of the agency, ensuring EA compliance reviews for agency-wide and IHS projects within the agency’s procurement and project review cycles;
   7. Ensuring the definition and documentation of the IHS current architecture, target architecture, and interim target architectures;
   8. Implementing and maintaining the IHS EA repository and related tools;
   9. Providing EA-related training and technical assistance;
   10. Providing a waiver process that is periodically monitored for continued relevancy governing waivers that are limited in duration, and bounded by scope;
   11. Ensuring the review of waiver files not only for continued relevancy but also to consider the expansion of standards; and
   12. Complying with all records management requirements as outlined in IHM, Part 5, Chapter 15, Records Management Program.
3. The IHS Enterprise Architecture Review Board. The IHS Enterprise Architecture Review Board (IHS EARB) or its equivalent monitors and advises the IHS on EA. Membership includes Federal staff in the IHS/Tribal/Urban Indian Organization (I/T/U) programs, including architectural representatives from sub-organizations, and related technical, program operations, data management, security, records management and business advisors. The IHS EARB is chaired by the IHS CEA or, in the absence of an IHS CEA, the designated EA Lead. The IHS EARB is the IHS’s EA governance body that reviews all new and existing project initiatives with regard to architectural alignment.
   
   The IHS EARB is governed by a charter approved by the IHS CIO. The charter is developed by the IHS EARB, reviewed and updated regularly, and published on the IHS website.
4. The IHS Employees and Users of the IHS IT Resources. The IHS employees are responsible for following EA policies and procedures in their requests to purchase new or modified hardware and software acquisitions. Agency personnel are responsible for using available EA documentation and resources for ongoing planning, management, and monitoring purposes.

   The IHS employees and IT users are responsible for:

   1. Participating in and supporting development of EA documentation of business, technology, security, data, and performance architectures for the IHS; and
   2. Using reports and analyses accessible from the EA repository or available from the EA Program for ongoing strategic planning, analysis, and reporting requirements.
5. The IHS IT Contracting. IHS shall ensure that contracts for planning, developing, implementing, and maintaining IT systems meet the requirements of this chapter.