To deliver sustainable and effective results to our customers through innovative, efficient, and secure services.

To be Virginia's most customer-focused technology partner, empowering the Commonwealth to achieve more through innovative, efficient, and secure technology.

VITA is a customer-focused organization that builds trust through respect, collaboration and communication. We build public trust by working according to our shared values:

Accountability -  "We take ownership for delivering on defined outcomes, being transparent and responsible for the decisions we make."

Inclusive Collaboration - "We engage diverse individuals and teams from VITA, customers and suppliers to develop solutions together and foster mutually beneficial partnerships."

Growth Mindset - “We embrace challenges and opportunities for growth, striving to discover innovative solutions and never accepting the status quo."

Effectiveness - "We work decisively to deliver solutions by taking a data-driven approach that creates value for the Commonwealth."

Persistence - “We are dedicated to accomplishing our mission by delivering timely and innovative solutions for our customers despite challenges."

The creation of the Virginia Information Technologies Agency (VITA) by the 2003 General Assembly was widely recognized, both within and outside the Commonwealth, as an initiative to bring significant efficiencies and service improvements to the state’s technology infrastructure.  The legislation was the result of mutual recognition by Virginia’s legislative and executive branches of the pressing need for change as well as the value of applying best business practices to meet such public sector challenges. The Virginia Information Technologies Agency (VITA) is the Commonwealth’s consolidated information technology organization. The agency is headed by the Chief Information Officer (CIO) of the commonwealth.  The Code of Virginia (Code) grants and assigns specific authority and responsibilities to VITA, and to the CIO position. Most of these are found in Chapter 20.1. “Virginia Information Technologies Agency.”  VITA’s responsibilities fall into five primary categories:

1. Governance of the Commonwealth’s information security programs and enterprise architecture in support of the responsibilities of the Chief Information Officer of the Commonwealth; 

2. Operation of the IT infrastructure, including all related personnel, for the executive branch agencies declared by the legislature to be “in-scope” to VITA;

3. Governance of IT investments in support of the duties and responsibilities of the Information Technology Advisory Council and the Chief Information Officer of the Commonwealth;

4. Procurement of technology for VITA and on behalf of other state agencies and institutions of higher education;

5. Working with Executive Branch agencies in the identification and exploitation of enterprise, collaborative and agency business solutions which provide improved services and/or reduce expenses.

VITA’s vision to be Virginia’s preferred government IT partner means that we:

• Create value and provide enterprise IT services supporting the business of state government at the best return on investment for our customers, stakeholders and Virginia’s taxpayers.


• Improve the Commonwealth’s competitive position in the national and world marketplace;  Harness opportunities to utilize technology to improve the availability, quality and responsiveness of state services- seamless, friendly, anywhere, anytime; for our citizens and customers.


• Create accountability for how public funds are spent on technology for VITA as well as for the entire executive branch.


• Grow our employees; Embed opportunities for professional growth and development into the agency’s organization and operations. Recognize and reward accomplishments.


• Serve as the model for transforming state government; Pursue streamlined business processes and innovative partnerships that improve service delivery to deliver greater value.

VITA provides information technology infrastructure services and technology solutions to support customers and address their business needs. We are the information technology organization that supports agency and locality technology requirements as they endeavor to deliver citizen services. While the agencies and localities directly serve the citizens, VITA the agencies and localities as their strategic partner.

The Virginia Information Technologies Agency has modernized the Commonwealth’s technological public sector landscape over the past five years by transitioning from a single IT infrastructure supplier to a multi-supplier model of eight suppliers. Our team has transformed our business model, accelerated the launch of new innovative services, guided the Commonwealth information technology community through a global pandemic, fortified security protocols against mounting cyber threats, and delivered consolidated services to our customers.  As our customer needs continue to grow and evolve, VITA will continue modernizing and improving to meet their needs.

In June of 2022, VITA moved its headquarters out of the office space located at the Chesterfield Enterprise Solutions Center (CESC) into our new headquarters in The Boulders.  This move not only reduced our rental costs, but it also put us in closer proximity to several of our customer agencies in the Richmond downtown area.  VITA has also completely vacated the data center at CESC and migrated the server and storage workloads to the new data center at QTS Richmond.

As is the case with the broader IT industry, VITA has been challenged to find the right staffing levels of Government, contractor, and suppliers.  VITA has received support from the Governor and the General Assembly to have funds appropriated in FY 23 and FY 24 for additional staff to enhance our technological capabilities (especially in our cybersecurity organization) and service delivery functions.  We were granted 42 additional positions in FY 23 and an additional allocation is scheduled for FY 24.   

VITA continues to pursue its mission of delivering sustainable and effective results to our customers through innovative, efficient, and secure services providing value to the commonwealth in the following areas:

IT Infrastructure:  VITA provides IT infrastructure services through a multi-supplier model that delivers the following capabilities:  end user compute, server/storage, network, messaging, print, mainframe, managed security, and supplier integration.    These contracts are scheduled for re-competition over the next several years.  The first contract for re-compete was the messaging contract that was awarded in 2021.  VITA, in partnership with the Administration and executive branch agencies, made the decision to move all executive branch agencies from Google to the Microsoft platform for messaging services.  VITA is still in the early stages of transitioning agencies to the Microsoft platform with the intent to have all agencies migrated by the end of June 2023. Other IT infrastructure contracts are expected to be recompeted starting in early 2023.

IT Security Governance:  VITA continues to improve the information security posture of the Commonwealth for the protection of government information by enhancing capabilities and updating Information Security policies, standards and guidelines to address new security issues as they arise.   In addition, the Governance group manages educational outreach to the Commonwealth security community.  We provide stakeholder outreach through monthly meetings with IT security officers from across the commonwealth and offer an annual IT security conference.  We work with K-12 and higher educational institutions to promote cybersecurity.  In the national Cyberstart America competition, Virginia students finished as one of the top 5 states in the country for participation and Virginia students earned over $159,000 scholarships. CSRM is reviewing options to expand security awareness training to even more agencies and even localities in the coming year.

IT Project Management Division (PMD):  PMD provides assistance for Commonwealth-level Information Technology (IT) projects and associated procurements from project initiation approval throughout the project lifecycle.

IT Investment Management (ITIM):   ITIM is an integrated approach to managing IT investments, promoting the continuous identification, selection, control, life cycle management, and evaluation of IT investments.  ITIM uses structured processes to minimize risks and maximize return on IT investments.  Agencies must adopt an ITIM approach for management of agency technology (investment) portfolios.

Supply Chain Management (SCM): - VITA continues to develop polices, standards and guidelines for the procurement of IT and leverages supplier relationships to provide the best value IT solutions to meet the commonwealth’s business needs.  VITA’s contracts are used by all Government entities in Virginia.

Like many other employers, VITA faces workforce challenges from the highly competitive IT employee market. VITA recognizes the importance of a strategic workforce planning that includes employee development, succession plans, and business continuity through knowledge transfer.  For VITA’s workforce:

• VITA’s MEL increased from 242.4 to 284.4 in FY 2023. Additional MEL will be allotted in FY 2024.


• 17% of staff are new in role or new to VITA.


• 11% of VITA employees are currently eligible for retirement.


• The average age of a VITA employee is 51, with 21% being over the age of 60

The increase in MEL requires a focus on resource planning, hiring and onboarding. We also anticipate employee role changes as people move into new available positions within VITA for career development and in response to ongoing retirements and turnover.  Employee workforce development will need to be strengthened to better prepare our people.  VITA will build and adjust HR program such as training, hiring practices and succession planning strategies to meet these demands.

VITA is currently focused on three key areas to support VITA strategic initiatives and workforce demands.

• Establishing a holistic resource and hiring plan to fill needed positions.


• Building a culture of engagement and continuous improvement.


• Enhancing training programs to support targeted skills development including leadership and technical skills. In addition to content available in the DHRM COV Learning Center, VITA has purchased access to LinkedIn learning to provide meaningful training and development for our employees.

The lease for our CESC facilities (office headquarters and data center) at 11751 Meadowville Lane, Chester, VA  23836 reached end of term on June 30, 2022.  VITA began its search for new office headquarters in August/September 2020 with the identification of our physical space needs.  Upon confirmation of our space needs, it was determined that there were no state-owned facilities that would meet our requirements.  A real estate RFP was released in February 2021 and 22 proposals were received.  After scoring using a pre-determined set of criteria, VITA (in partnership with DGS) identified 8 potential sites and began conducting site visits.  After the site visits, the team narrowed the selection down to two sites to begin negotiations. 

A lease for our new space was signed in September 2021, construction began in February 2022, and we began moving into the space in June 2022.  The new office headquarters located at 7325 Beaufont Springs Dr., Richmond, VA  23236 features approximately 64,500 USF.  There is an additional approximate 5,000 sq ft that VITA has an interest in leasing—making VITA the sole building tenant.  Not only would this provide room for a larger and flexible meeting space, but it would also allow opportunities to improve the physical security of the building and provide greater protection for our staff.  The new location is also in close proximity to a number of our agency customers.

While the governor’s office is not a VITA specific location, we do have a number of staff that are housed in the governor’s office so that they can better support the governor’s technology needs.

VITA also secured a minimal amount of space at Three James Center along with our MSI Integrator, SAIC.  However, VITA is no longer utilizing this space, so we plan to discontinue our agreement with SAIC.

As part of the annual ARMICS Assessment in 2021, VITA’s executive team conducted a risk assessment and identified the following as the primary possible risks facing the agency.  The following risks apply:

• Staffing - including not enough staff, staff burnout, aging staff, pending retirements, loss of institutional knowledge, inability to fill/retain staff, contractor conversions, inability to meet deadlines, competing obligations, etc.


• Security Risks - cyber, data breach, ransomware, and prolonged outages.


• Financial - enough funds to support mission and goals, revenue loss, and funding for additional staff,


• Contractual – many of VITA’s contracts call for financial or other penalties for failure to meet the contract terms.


• Supplier Performance - process changes, platform supplier failure, operational performance, new requirements, and gaps when changing suppliers.


• Supply Chain - chip shortages and other supply chain impacts due to COVID.


• Project Level Risks – all projects carry risk and VITA is very much a project-based organization

VITA’s funding structure consists of Internal Service Fund (06), Special Fund (02), General Fund (01) and Federal Trust (10). 

The Internal Service Fund (ISF) is VITA’s primary source of revenues. In this intra-governmental fund VITA collects revenue and incur expenses for providing information technology infrastructure and telecommunications services to other state agencies, institutions, and local governments. The services furnished are charged to the recipient agency, institution, or local government to recover costs through user charges approved by the Department of Planning and Budget. VITA’s Discretionary services that are provided to some customers are captured in a separate ISF program (Central Support Services). VITA’s internal organization is the ISF Overhead and includes project management, information security, customer relations, service management, and overall agency management and operational support. The total ISF amounts budgeted in Chapter 2, for the 2022 - 2024 biennium, are $470,860,928 in FY 2023 and $475,451,370 in FY 2024.

The Special Revenue Fund is also called the Acquisition Services Special Fund. The revenues are derived from a surcharge on information technology procurements. The Chapter 2 appropriations of $11,743,770 in FY 2023 and $12,464,770 in FY 2024 are used by VITA for procurement and contracting oversight and management expenses and to pay for services to customers that are not considered allowable by the federal government, for their share of payments to VITA (recorded as internal service fund revenues). VITA also provides support to the Governor’s office from this fund.

The General Fund reflects appropriations received from the Commonwealth of Virginia (General Assembly). These funds are used to support vulnerability scanning in the Information Technology Security Service Center. Additional appropriation was given in FY 2023 to serve as the state matching funds related to the federal cybersecurity grant fund. The General Fund appropriation for this service area is $5,212,464 in FY 2023 and $291,064 in FY 2024.

The Federal Trust Fund reflects appropriation received from the Commonwealth of Virginia (General Assembly). These funds are part of the federal cybersecurity grant fund. VITA will obtain the funds, apply federal guidelines and develop a planning committee to oversee the grant. The appropriation for FY 2023 is $21,396,396.

A significant portion of VITA's collections are not categorized as revenue in the Commonwealth Accounting and Reporting System (CARS); rather, they are identified as “recovery of cost”.  Accurate assessment of the relationship between the non-general fund sources [appropriations] and collections depends upon the addition of cost recoveries to revenues.  VITA establishes rates and develops a cost allocation plan on an annual basis that is approved by the Department of Planning and Budget (DPB) that allows VITA to recover costs it expends on behalf of the commonwealth and/or its customers.

The following statistics represent the depth and breadth of services provided by VITA to the commonwealth.  These statistics are utilizing data from FY 22.

VITA does not anticipate any changes to the core customer base.  However, in response to increased federal funding (such as the Infrastructure Investment and Jobs Act), we anticipate greater IT consumption from the agencies.

VITA’s Service Catalog offers its customers access to more than 150 information technology-related services broken down by service categories including Account Management, Application Integration, Cloud, Domain Name Services, Mainframe, Messaging, Network, End user services, Security, Server and Storage, and Voice and Video Services.  

Other services are available through VITA’s statewide contracts such as for networking and broadband, wireline and wireless telecommunications services.

The catalog of services is available at Catalog Services | Virginia IT Agency

Transition to Remote Work Due to COVID-19 Response - COVID-19 represented an unanticipated event that created a great deal of havoc for VITA and the entire Commonwealth as we transition from in-office work to remote work.  The Commonwealth was unprepared to support a remote workforce for some 65,000 employees and contractors.  VITA responded quickly to provide additional bandwidth, acquired additional VPN licenses, implemented Microsoft Teams Transition to supporting remote work, upgrading our infrastructure to support upwards of 30,000 users on VPN from 5000, and upgrading our internet circuits. These are the new solutions we implemented and in the process of deploying for agencies now.

• Cloud-based Private Access, which is known as VITA Secure Remote Access (VSRA) – This is an application-level product that allows secure access to applications, data and file shares without connecting to VPN. (VSRA), allows applications to securely communicate with VITA hosted systems through an application level secure tunnel without the need for a VPN connection. This service provides users the ability to access essential applications from anywhere. 

• Cloud Virtual Desktops (aka Remote Workspaces) - Remote workspaces are designed to allow agencies to deploy virtual workstations to users with a Commonwealth of Virginia (COV) account but who do not have access to a COV-issued workstations or other mobile computing devices. This cloud-based, virtual desktop interface that can be accessed on a wide range of COV and non-COV devices, such as a personal computer, (e.g., Windows desktop, web, MacOS, iOS, Android) and on web browsers like Firefox and Chrome, without the need for a virtual private network (VPN) connection. 


• E-Signature Solutions – This solution allows agencies to continue the business of the Commonwealth and implement capabilities to digitize processes that require send and sign agreements for electronic signature and maintain a complete audit trail. This solution allows for the ability to sign documents anytime, anywhere, on any device with automated routing, signer identification, and capture legally enforceable signatures.

Recompete of Messaging Tower Supplier Contract – VITA has recently completed its first recompete for a message service tower supplier.  VITA has been working with the new vendor for the past several months to ensure a successful transition.  This planning period will provide VITA with several opportunities for re-competing service contracts.

Migration back to Microsoft Office 365 Toolset – Working with the messaging supplier, VITA is in the process of transitioning the Commonwealth from the G-Suite of products to the Microsoft Office 365 Toolset.  Thus far, the pilots have been successful and approximately 20% of mailboxes of state agencies were moved during July.

Program for High-Risk Solicitations and Contracts - In accordance with § 2.2-4303.01 of the Code of Virginia, the Office of the Attorney General (OAG) and the Virginia Information Technologies Agency (VITA) must, for all state public bodies,  review all solicitations and contracts that meet the definition of “high-risk” and are for goods and services related to information technology. 

Data Center Move – The VITA team completed the two-plus-years-long project designed to move the Commonwealth of Virginia’s enterprise data center from a traditional, on-premise site to a modernized, cloud-ready platform. As of late May, the project is finished; a new data center was developed and opened, the data of all 65 Commonwealth executive agencies has been migrated to the cloud-ready platform, and the former physical data center now stands empty and the lease has ended. 

The data center move project required more than 50 move events, tight and detailed coordination and communication efforts, hundreds of team members working together across the Commonwealth, and a shared goal to relocate 4,500 servers and applications. The completion of the data center move positions the Commonwealth to increase the speed of delivery through faster paths to production, provide flexibility regarding solutions, reduce operations and maintenance requirements and more. 

Agency Office Move – In addition to vacating the data center at CESC, VITA also moved its office headquarters to The Boulders.  The move, which took two years to complete, came in on budget and on time.  While the building is not new, it has been renovated and updated to create a fresh new, modernized environment. Some of the other benefits include a cost savings of $2.6 million per year for taxpayers, and the location provides closer proximity to our customer/partner agencies. 

SPLM Revamping – Working with SAIC, the SPLM Team took a step back to review the existing Service Portfolio Lifecycle Management (SPLM) Process to assess the bottlenecks and see if there was a way to revamp the process to reduce the number of days for a service to be released for the service catalog.  Using an Agile methodology, the team was able to reduce the number of days from SPLM Days improvements to program reduced cycle time.

Renewal of cybersecurity insurance policy - Cybersecurity insurance is a critical part of the Commonwealth’s ability to manage risk and to recover from a catastrophic security incident. As a result of VITA’s commitment to meet and exceed the underwriters’ security requirements, the Department of the Treasury renewed VITA’s cyber insurance coverage for our Executive Branch agency customers. VITA was able to obtain the renewal at a time when governmental bodies are losing or have lost coverage due to our centralized IT services, our unique enterprise partnership as well as our collective preparedness and responsiveness.

The Commonwealth’s IT operating environment must be flexible enough to meet the changing needs of state agencies and the citizens they support. For effective delivery of services, the IT environment must also operate within a set of guidelines designed to manage the infrastructure and costs. VITA shall:
• Equip and empower Virginia's executive branch in technology and cybersecurity infrastructure
• Support the digitization of agencies to support all Virginians
• Partner with agencies to achieve their transformation goals
• Provide agencies with enterprise IT leadership to anticipate future needs

: Modernize core infrastructure services to enable the Commonwealth’s digital transformation and ensure a strong, secure IT environment for our enterprise customers. This objective is designed to create a more customer-centric approach to providing IT services in which VITA will work more collaboratively with agencies to find technology solutions that will help agencies meet their goals and objectives. For this planning period, VITA will focus on improving network availability and reliability which will then drive improvements in customer satisfaction. Virginia Executive Branch agencies often encounter “latency” issues that slow or halt their business services. In addition, agencies lack in overall bandwidth to perform daily business functions and to support future initiatives. VITA will complete projects supporting COV network upgrades and new capabilities by implementing SD-Wan capabilities, adding broadband and enhancing MPLS circuits. In addition, VITA will strive to redesign the Request for Solution (RFS) process in order reduce the time to complete a Request for Solution (RFS) for non-catalog requests. This objective is in alignment with the secretariat’s goal of delivering quality information technology services.

Additional improvement efforts are targeted at each of the IT infrastructure suppliers and include such efforts as software consolidation, process improvement, and automation. As we begin to recompete the supplier tower contracts, we will work towards maturing the MSI model to provide for greater efficiencies and reduced infrastructure costs.

• 1. Improve Network Experience with key results of improved capacity, latency, and reduced outages

• 2. Simplify the infrastructure ecosystem and environment by completing the deployment of Enterprise software applications

• 3. Mature the Multi-supplier Integrator model to improve SLA performance, Request for Solution (RFS) cycle time, and Service Portfolio Lifecycle Management (SPLM) cycle time

VITA is launching cost-effective capabilities to agencies to better serve the citizens of the Commonwealth. To achieve that end, VITA will implement standardized tools and templates to modernize websites, branding, security and ensuring ADA compliance for Executive Branch Agency websites. The standardization effort will include a cleanup and elimination of dead sites. VITA will provide agencies with tools that can be used to scan websites for utilization and compliance. All virginia.gov websites should utilize standard tools, branding, security and be ADA accessible. VITA will first focus on the websites for Executive Branch agencies and then expand its efforts to other public entities.

VITA will assist the Commonwealth by providing a standardized platform and tools for centralized commonwealth-wide form processing which will standardize key business functions (employee work profiles, telework agreements, etc.); provide valuable real-time data; and create operational efficiencies.

• 1. Modernize Commonwealth Websites to achieve compliance with web and accessibility standards and address security vulnerabilities.

• 2. Deliver enterprise solutions and platforms such as eForms, web content management systems, and enterprise collaboration tools to agency customers.

• 3. Foster and deliver robotic automations, low-code capability, and data integration by deploying robotic automations, improve application integration adoption, and deliver low code capabilities.

VITA provides an environment where Commonwealth data assets are appropriately protected and available to agencies as they serve the citizens. One method of protecting the Commonwealth is to provide an updated security model (such as Zero Trust) and align the technology needed to support the model. VITA’s application of the Zero Trust model protects the enterprise environment and drives the technology solutions needed for enhanced cybersecurity.

In 2022, the General Assembly approved legislation in support of a Commonwealth-wide approach for assessing the COV public entity security incidents and establishing plans to address risks and threats to the Commonwealth.

VITA will continue working with the administration and state and local partners to improve the overall cybersecurity of the Commonwealth, including through the federal cybersecurity grant program. As criminals become more aggressive in targeting organizational data, it will be critical that VITA provide an appropriate level of a cybersecurity training program to all COV employees that will be centrally managed.

• 1. Deliver a Top Tier Cybersecurity Program that provides cybersecurity training, accelerates vulnerability remediation, and expedites incident reporting.

• 2. Reduce Risks and Threats by increasing protection of backups to combat ransomware, reducing the impacts of Priority 1 and Priority 2 incidents, and adopting enhanced multi-factor authentication.

• 3. Implement Zero Trust Strategy to mature identity and access management practices, establish protective technologies closer to sensitive systems, and increase use of automation in the reconciliation of security alerts.

VITA seeks a balanced approach to risk management, which weighs opportunity for innovation and process improvements with thoughtful and intentional action to minimize the Commonwealth’s risk. Cybersecurity threats have increased in frequency and complexity, with criminals becoming more skilled at gaining access to devices and networks through phishing and other methods. The goal is to provide the right amount of IT governance to balance oversight with delivery speed, cost management, and quality results.

VITA’s interpretation of smart governance incorporates the notions of simplifying the rules and regulations of government process and instilling accountability into processes and with our employees. VITA is shifting from an environment of being reactionary to being more proactive and engaged (from crisis/incident management to execution and enablement). The goal is for VITA to assist agencies in navigating the IT processes as the landscape and ecosystem become more complex.

One area for improvement lies within the procurement processes. The Commonwealth has engaged a consultant to review the procurement processes and to make recommendations for improvements that will shorten the time frame for procurements, introduce efficiencies and reduce procurement costs. VITA will work closely with the governor’s office to identify and implement suggested improvements.

Additional opportunities for improve reside with the project management and IT investment management divisions to improve administration of the Commonwealth Technology Portfolio process used to manage agency IT projects greater than $250,000 in value.

• 1. Optimize Commonwealth Technology Portfolio Management to accelerate the CTP process cycle time and accelerate IT project delivery

• 2. Leverage agency IT Strategic plans to accelerate CTP process cycle time, reduce enterprise IT costs, Accelerate IT project delivery

• 3. Become more consultative to improve customer satisfaction and enhance enterprise solution adoption

• 4. Recompete the MSI Model to reduce infrastructure costs, improve SLA performance and reduce the Request For Solution (RFS) completion time

• 5. Optimize procurement processes to accelerate the procurement cycle time, reduce costs and optimize the procurement value

• 6. Better manage contract risk to accelerate the high-risk review cycle-time and increase agency engagement

Better data and information, analyzed properly, yields better business decisions. VITA, in partnership with the Commonwealth Chief Data Officer, are providing solutions to help agencies and Commonwealth customers analyze, store, and use data more effectively.

VITA is leading the standardization of business intelligence by promoting a single platform (Microsoft Power Business Intelligence). Microsoft Power BI Premium delivers the flexibility to publish reports broadly across the enterprise, without requiring recipients to be licensed individually per user. For example, the Power BI Platform can be utilized to develop a unified analytics platform for Cyber Security data for the Commonwealth. A single, centralized dashboard with predictive analytics will result in cost savings across the Commonwealth and provides visibility data security analysts require in order to make faster and better-informed business decisions to effectively safeguard the Commonwealth data and systems.

VITA will also be working with agencies to identify areas where robotic process automation tools, artificial intelligence, and low-code applications can be implemented to increase efficiencies and reduce the amount of human interaction involved in routine transactions.

• 1. Deliver enterprise solutions and platforms to 100% of agency customers by deploying the enterprise collaboration suite (including Microsoft Power BI and other analytics tools).

• 2. Foster and deliver robotic automations, low-code capability, and data integration to increase application integration services adoption, automation, data use, and process improvement.

VITA’s program delivery and organizational improvement efforts are possible by empowering, developing, engaging and supporting our teams and individuals to effectively deliver exemplary customer services and solutions. VITA is focused on process improvements to drive greater operational efficiency in end-to-end processes from order management to service/solution delivery to integrated billing. The overall goal is to reduce operational spend to invest in improvements and innovations. VITA’s culture will need to be managed to foster teamwork and excellence.

VITA drives efficiency to re-focus from transactional activities, such as invoicing, billing, budget/rate setting, to proactively cutting costs, protecting parts of the business by getting greater value, and driving investment in new capabilities that align with enterprise and agency strategies. Using Technology Business Management Methodologies, VITA will modify the method for recovering overhead and supplier fixed fees to reduce variability in our costs to provide agencies with more autonomy to control their IT spend. VITA is seeking to replace its current Telecom Expense Billing System (TEBS) which services 400 total customers annually, from both executive and non-executive branches of government, and represents ~$50M in legacy telecom spend. Modernization of TEBS into a new Telecom Expense Management system (TEMS) will reduce costs, manage efficiencies, and drive greater business value within VITA and across the Commonwealth. To further transform, Finance Digital Transformation will bring a holistic approach to financial management that relies not only on optimization of finance and accounting business processes but will also optimize the digital landscape and use of innovative technology.

To further implement process improvements and cost savings, VITA will obtain and implement ediscovery and records management solutions for use in automating records processing and reducing costs. These solutions will simplify FOIA and other records requests and help VITA and other agencies follow records requirements and guidelines to greatly increase capabilities and process improvements.

• 1. Simplify processes to reduce cost recovery variances and catalog.

• 2. Reduce IT infrastructure spend through the elimination of redundant software applications and reducing internal service fund spend.

• 3. Optimize operations through automation and other efficiencies.

VITA is focused on our greatest asset, our people—empowering, developing, engaging and supporting our teams and individuals to effectively deliver exemplary customer services and solutions. VITA is building a culture focused on core values. To lead and promote our culture, VITA is developing our leaders with enhanced leadership skills focused on engaging employees, setting direction and development. VITA recently updated our mission, vision and core values and is building a culture focused on supporting business initiatives, engagement and retention. VITA will seek to understand the feedback from employees through ongoing employee surveys and action planning to achieve results. By measuring, reporting and action planning based on survey results, VITA can drive changes to its culture. To manage necessary people and organizational changes, VITA is establishing change management capabilities that are focused on internal business, technology and enterprise projects.

• 1. Recruiting and Developing team members through leadership training for all people leaders, documented development plans for all employees and reducing the MEL to headcount percentage.

• 2. Enhance culture and Diversity, Opportunity and Inclusion (DOI) to drive systemic improvements in our culture survey results and reduce non-retirement voluntary turnover.

• 3. Optimize Administrative Functions through in improving internal/external engagement, building change management capabilities within VITA and implementing ediscovery and records management solutions for automating records processing and thereby reducing costs.

This service area was transitioned to the Virginia Department of Emergency Management.

TThis service area was transitioned to the Virginia Department of Emergency Management.

This service area was transitioned to the Virginia Department of Emergency Management.

This service area was transitioned to the Virginia Department of Emergency Management.

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

The primary capabilities of this service area are network services (data, voice, and video), supported by a wide array of interconnected and interoperating telecommunications networks, facilities, and services that enable digitized electronic information to be exchanged between people, between machines, and between people and machines.  Commonwealth data network services comprise the infrastructure of statewide telecommunications resources that enable the interconnectivity of computers that process and exchange digital data information. Data network services include wide area networks (WAN), local area networks (LAN), Secure Wireless Networks, internet access, Remote Site VPN access, and engineering support.

Voice network services provide tools that enable people to communicate verbally in real time over short and long distances using a wide range of systems and services. These tools include wireline services that provide local and long-distance telephone services. Local services enable communications between people located within the same, close geographical area. Long distance services enable users to communicate with others located almost anywhere in the world. Agencies require diverse configurations of voice communications resources to enable them to manage the voice communications demand they encounter when interacting with the citizens and constituents they serve. They have traditionally used a combination of hosted services such as VoIP, analog and digital Centrex (ISDN -BRIs), business lines, on premises-based Private Branch Exchange (PBX), and key systems and handsets to address agency business team, work group, and enterprise office voice communications needs. Agencies with requirements to efficiently manage high volumes of calls implement automatic call distributor (ACD), interactive voice response (IVR), or contact center capabilities that are offered using hosted and premises-based solutions. Increased worker mobility and the demands of users to be accessible when away from the office while having uninterrupted access to agency information resources continue to drive the increased demand for more and better wireless (cellular) tools and services. Rapid advancements in the development of smartphones and tablet technologies have enabled wireless data communications to replace voice as the main driver of research and development in the industry.

Video services leverage data and voice telecommunications network capabilities that enable participants to see and talk with each other using specially equipped devices and systems. Using equipment and services commonly available today, video sessions can be established with as few as two participants using multi-media smartphones and/or personal computers (PCs). More complex sessions may include fully equipped video conference rooms, interconnected and interoperating with multiple, other similarly equipped sites involving hundreds or thousands of users. Consumer and commercial quality smartphones, PCs, and tablets often come from the manufacturer with the hardware and software to enable users to immediately participate in video sessions.

Responsible VITA Directorate: Core Infrastructure Services

VITA’s Network Services - Data, Voice, and Video support the agency mission by providing high-quality comprehensive resources and solutions to VITA’s customers at the best available cost.

Applicable Code References for this Service Area include:

2.2-2007 - Powers of the CIO

• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Network Data Services: Provide a secure mechanism for employees of the Commonwealth and the public to access the internet, applications, and data stored on the network and cloud-based services. Commonwealth employees may access the network using the Local Area Network (LAN)/Wide Area Network (WAN) connection or via a remote connection using a Virtual Private Network (VPN).

Voice and Video Services: Include cellular wireless access, local access services audio, data and video conferencing, and unified communications as a service (UCaaS) otherwise known as Voice over Internet Protocol (VOIP). Wireless/cellular services are available through a variety of carriers and several plan options are available including text messaging, paging, smartphones with data, and internet access. VOIP provides for a wide range of advanced VOIP communications services that leverage the robust network infrastructure with connections to the internet that are fully managed and monitored. Video services include the capability to provide audio and data conferencing as well as video connections that enable a large number of participants to see and talk with each other from multiple locations throughout the Commonwealth.

Radio Frequency Licensing for Two-way Radio: This is a service VITA manages on behalf of the state. The Federal Communications Commission (FCC) licenses a limited range of radio frequencies for use by the public sector.

• VITA manages allocation of available frequency bands to ensure access for numerous, diverse agency constituents. These users range from the state police with its statewide radio network that supports a wide range of consumers in 21 state agencies to the maintenance staff of the smallest, most remote community college.


• VITA also establishes and manages state contracts to ensure that users have a variety of the two-way radio equipment to satisfy their needs. Upon request, agencies obtain on­site support from a radio expert to assist with assessing their radio requirements and determining a solution to satisfy their needs.

This Service Area is funded by an Internal Service Fund.

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

Data Center Services consists of traditional data center functions such computer operations, system administration, disaster recovery services, and data center facilities. These services can be provided over a wide range of hardware and software operating systems using multiple telecommunications and database architectures. Services include intranet connectivity with the ability to provide secure internet applications using multi­level authentication and encryption. Business applications requiring public access and server hosting also are available. VITA provides two data centers in Virginia that meet numerous physical and security criteria for central IT services. QTS is located in Henrico County and serves as the Commonwealth’s primary data center. The QTS – Ashburn is located in Sterling, VA and serves as the Commonwealth’s backup data center.

Responsible VITA Directorate: Core Infrastructure Services

VITA strives to deliver reliable and cost-effective computing platform services. Customers have a choice of platforms and services to meet their application requirements while VITA continues to take advantage of virtualization techniques accommodating increased workloads more efficiently. Additionally, VITA is actively working on creating more “cloud services” that its customers can use.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Description of Major Products and Services

All computing platform services include the following support benefits:

• 24 x 7 x 365 operation including real-time monitoring and fault management


• Multi­layered security


• Backup and recovery support, including offsite data storage and separate recovery facility


• Systems monitoring, performance, and capacity management


• Comprehensive system monitoring and management software tools

IBM mainframe Multiple Virtual Storage (MVS) Services: Include operation of a high-performance, high-volume, high-availability, and secure hardware and software platform for developing and operating customer agency applications using comprehensive product and tool sets. Mainframe MVS services offer multiple telecommunications and database architectures, automated production scheduling services, state-of-the-art on­line storage and tape archival systems, and print archiving software with local and remote printing

Enterprise Storage Services: Provide management of shared data storage platforms. Multiple storage performance offerings are provided as well as protocols to support agency requirements. Enterprise backup and recovery services provide a reliable means for agencies to back up and restore data. The backup infrastructure provides state-of-the-art tapeless backups. Automatic backups are done according to customer-specified times with backup retention periods and other options for backups tailored to customer requirements. Offsite vaulting services are inherent with the electronic backup environment to ensure the latest backup copies of critical data are sent offsite daily. Near real time data synchronization between the primary data center (CESC) and the backup data center (SWESC) is also available, supporting expedient disaster recovery practices.

Disaster Recovery Services: Provide the planning and coordination to ensure identified critical systems are accounted for and recoverable in the event of a disaster.

The Data Center Services area is funded by Internal Service Fund sources.

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

The VITA Customer Care Center (VCCC) is the Commonwealth’s information technology help desk. It provides end-to-end ownership of the desktop and end user services and assists in the management of agency-specific business applications. Every contact is assigned a ticket, logged, and prioritized as appropriate, leveraging agreed-upon business rules. These contacts are either resolved or assigned to the appropriate technical resource or group for resolution. To ensure prompt resolution, ticket status is monitored throughout its life. The VCCC will accelerate the resolution of tickets that are not being addressed as they should be, using the Service Level Agreements (SLAs) as guidelines. Upon resolution, the VCCC requests confirmation that the issue has been resolved to the customer’s satisfaction.

The VCCC provides customers with the flexibility to report their issues in the way most convenient for them. Customers can contact the desk via a toll-free number, e­mail, or via web ticketing. Customers also have the option to browse VITA’s Knowledge Base. This repository contains solutions to the most common problems encountered by the customer base. Customers also have the ability to check the status of their tickets online.

Responsible VITA Directorate:  Core Infrastructure Services

VITA strives to deliver reliable and cost-effective computing platform services. Customers have a choice of highly available and high-performance platforms to meet their requirements, but customer applications and hardware services are consolidated on shared platforms wherever possible to take advantage of economies of scale. The Information Technology Partnership’s (ITP) oversight and associated activities are instrumental to achieving this mission.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Personal Computing Service: The personal computing environment includes laptops, desktops, tablets, and virtual desktop infrastructure, Customers may choose from among four levels of deskside support -- Bronze, Silver, Gold and Offline. The levels vary in response time to incidents and service requests. The support service includes the full Microsoft Office suite, field services, agency-specific and core images, software distribution, supported software support, regular updates, and patching. Ongoing monthly support is also provided for the maintenance of the equipment up until the device qualifies for refresh replacement (3, 4, or 5 years).  Security components of the service fees include workstation managed host intrusion protection, firewall, antivirus & compliance testing for endpoints.

Managed Print Service:  The managed print service includes multifunction printers/scan/copiers, networked printers, and support services with integrated monitoring and security management.

Ongoing monthly support is also provided for the consumable supplies, and maintenance of the equipment up until the device qualifies for refresh replacement.  Pay as you print with billing by printout volume.

UNIX Server Support: Includes support for multiple UNIX technologies that currently include those compatible with Linux, AIX, and HP­UX operating systems. Servers supported range from small workstations dedicated to specific applications to large enterprise-class servers supporting many mission-critical applications. The primary database products are SQL and Oracle. Services include the ability to provide secure internet applications utilizing multi­level authentication and encryption.

Windows Server Support: Provides secure resources for hosting customer agency servers, websites, and applications. This includes systems and products capable of housing and executing agency business applications using a variety of fail­over and load balancing techniques. Extensive use of server virtualization enables a highly available, flexible, and efficient environment. Services include Active Directory, anti­virus software, application publishing, enhanced operating system and database security, and patch management. Also included is the ability to provide secure internet applications using multi­level authentication, encryption, and database clustering.

The End User Services area is funded by Internal Service Fund sources.

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

VITA has established a multi-provider sourcing model, or integrated services platform to deliver certain IT services to VITA and the other customers within its IT environments (collectively, the “Managed Environment”). While the Managed Environment is comprised of various and separate scopes of services provided by Integrated Suppliers, the multi-provider model requires coordination, cooperation and integration among the Integrated Suppliers, notwithstanding that certain of such parties may otherwise view themselves as competitors, in order to work together toward the common goal of providing uninterrupted, high-quality services to VITA and the other Customers.

The Multisourcing Service Integrator (MSI) will manage the entire managed environment and the various service tower suppliers in their provision of services within the managed environment for the benefit of the Commonwealth, VITA and Customers. The MSI will provide direction and facilitate the discharge of end-to-end service obligations across itself and the Service Tower Suppliers, including performance against end-to-end Service Levels that measure the services of multiple Service Tower Suppliers. The MSI will ensure that these services are performed in a consistent and integrated manner such that each of the coordinated elements is successfully contributing to a harmonious delivery of service to VITA and the other Customers.

The MSI and the Service Tower Suppliers must share with each other various materials, data and information, and provide access to systems, equipment, personnel and other resources, in each case related to the services performed by one or more of such parties for VITA and the other Customers. As part of this concept, several contractual documents (for example OLA’s) are intended to be treated as common documents that are common among the Integrated Suppliers and become part of each of their agreements with VITA, in order to ensure consistency in governance, service delivery and the parties’ understandings and expectations.

The high-level scope of the MSI services is to deliver Cross Functional & Service Desk Services in a multi-supplier environment to include:

• IT Financial Management System


• Program Management Office


• Service Management Practices


• Program Management


• Service Strategy


• Service Design


• Service Transition


• Service Operation


• Continual Service Improvement

Responsible VITA Directorate: Core Infrastructure Services

VITA strives to deliver reliable and cost-effective computing platform services. Customers have a choice of highly available and high-performance platforms to meet their requirements, but customer applications and hardware services are consolidated on shared platforms wherever possible to take advantage of economies of scale. The Information Technology Partnership’s (ITP) oversight and associated activities are instrumental to achieving this mission.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Description of Major Products and Services

Service Desk Services: The VITA Customer Care Center (VCCC) is the Commonwealth’s information technology help desk. It provides end-to-end ownership of the desktop and end user services and assists in the management of agency-specific business applications. Every contact is assigned a ticket, logged and prioritized as appropriate, leveraging agreed-upon business rules. These contacts are either resolved or assigned to the appropriate technical resource or group for resolution. To ensure prompt resolution, ticket status is monitored throughout its life. The VCCC will accelerate the resolution of tickets that are not being addressed as they should be, using the Service Level Agreements (SLAs) as guidelines. Upon resolution, the VCCC requests confirmation that the issue has been resolved to the customer’s satisfaction.

Cross Functional Services: Will deliver consistency and integration among the service areas through a common set of processes and documented procedures. Commonwealth IT Service Management processes will be based on the Information Technology Infrastructure Library (ITIL) framework and tailored to the requirements of the Commonwealth. A procedures manual will be developed and maintained to ensure that accurate, current, and actionable procedures are documented and published for all IT services. Service level management will be implemented as part of the ITIL optimization initiative to provide a detailed service catalog, determine service level requirements, negotiate and reach agreement on service levels, and monitor and report on actual service levels versus agreed-upon service level targets.

This service area is funded by Internal Service Fund and Special Revenue Fund (Acquisition Services Special Fund).

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

Managed Security Services are the operations, administration, and governance services and activities required to provide and support the security of the Commonwealth’s IT infrastructure and enterprise. VITA oversees the primary service area partner, Atos, which carries out the following responsibilities:

• Threat Management and Incident Response


• Perimeter and Internal network security


• Endpoint security


• Vulnerability and supplier compliance management


• Remote access services

Responsible VITA Directorate: Core Infrastructure Services

This service area supports the mission of VITA by providing the information security services that enable the delivery of enterprise IT services and solutions in a manner that protects the confidentiality, integrity, and availability of the Commonwealth’s sensitive and critical systems, technology infrastructure, and information.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Description of Major Products and Services

Threat Management and Incident Response: Includes security incident management, cyber intrusion detection, cyber intrusion prevention, and malware response and alert.

Perimeter and Internal network security: Includes network and web application firewalls, Network Intrusion Detection systems, and web filtering

Endpoint Security includes: host based anti-malware agents, application whitelisting

Vulnerability and supplier compliance management: includes vulnerability scanners, scanning of systems to ensure they are configures to COV standards, Network Access Control systems

Remote Access services: includes infrastructure and software needed for both remote user access and site to site connectivity

Note:  The costs and budget for each of the managed security  product/services are accounted for as an overhead item in other infrastructure product/services.

Computer Operations Security Services is funded by Internal Service Fund sources.

This service area was created in conjunction with Virginia’s Health and Human Resources (HHR) secretariat to implement service-oriented architecture (SOA) for support of HHR federal law compliance efforts. Enterprise Services and Tools (EST) used in Data Exchange Programs is a collection of tool-based and architecture-based services that share hardware and software to reduce overall costs to the Commonwealth. There are several enterprise-level services: Address Validation, Asynchronous Message, Business Rules Engine, Commonwealth and Enterprise Service Bus. Other services include: WebSphere Hosting Administration, Web Services Repository and Registry, and WebSphere Application Server. These services, when implemented, will have a lower total cost of ownership versus the software and infrastructure they replace.

All of these services are sharable at an enterprise level and are intended for Commonwealth of Virginia executive branch agencies? however, use of these services is possible for other governmental organizations.

Responsible VITA Directorate: Enterprise Solutions

Enterprise Services and Tools provide wider cross-application and cross-agency access to Commonwealth information, while reducing agency IT costs.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Address Validation Service: This service has two features: 1) online auto­complete ability when a user begins typing an address and Address Validation completes it with a United States Post Office (USPS) validated address, and 2) an offline feature where addresses are corrected to conform to USPS guidelines.

AIS Database Services:  The AIS-DB and VITA Oracle Private Cloud (VOPC) services are implemented on Oracle's Real Application Clusters (RAC) platform and provides a highly-available database administered and maintained by VITA.  The AIS-DB service also comes with Oracle Advanced Security, which provides encryption of data at rest using Transparent Data Encryption and encryption of data in transit using Oracle native encryption SSL.  The VOPC service utilizes provides customer instances that utilize customer provided Oracle licensing. 

AIS Database Services:  This service provides database and data warehouse hosting for agencies that use application and data integration services.

Asynchronous Messaging (or Message Queuing or MQ): This is a secure and reliable method for integrating applications across multiple platforms.

Business Rules Engine (BRE): Because business rules in applications are changed much more often than business processes, the BRE makes it possible to manage business rules outside of the application. The disentanglement of business rules from business processes using the BRE helps decrease costs related to necessary rules changes by not requiring information technology resources.

Enterprise Service Bus: The ESB service is implemented using IBM Application Connect Enterprise (ACE) platforms. The ESB service provides agencies with a framework for designing and implementing integration between applications and systems. Application integrations are data exchanges across the flexible, dynamic, and extensible ESB infrastructure. The integrations provide the ability to perform operations on the data as it is processed across the ESB infrastructure.

VITA Secure Gateway (VSG):  The service provides security and integration for Commonwealth of Virginia (COV) websites, applications and services. VSG is based on the IBM DataPower® multi-channel gateways that deliver security, control, integration and optimized access to a full range of on-premise and cloud workloads.  The VSG service utilizes enterprise-grade gateways to securely connect within the QTS datacenter, to cloud and external vendors. Customers benefit with secure websites, applications and services all at cost effective rates.   

WebSphere Application Server Hosting (WAS): The service provides customers with access to secure and robust environments for their organization-specific applications. A WAS environment is where applications can readily use the Enterprise Service Bus and other advanced software tools.

Information Technology Services for Data Exchange is funded by Internal Service Fund sources.

VITA is transitioning its services in this service area from Google Apps Tool Suite (Sites, Docs, Pages, Sheets, and Forms) to a broader suite of products to help agencies internally and with their citizens.

 This includes the Microsoft suite of SharePoint, Teams and Power Platform.  Teams is a web-based project collaboration system that provides a single, integrated location where employees can efficiently collaborate, find organizational resources, manage content and workflows, and leverage business insight to make better informed decisions.  It is the key tool to help agencies collaborate and share information.

improves worker efficiency while reducing IT overhead by providing a standardized and scalable collaboration service for agencies to address the business and productivity needs of Commonwealth of Virginia information workers. The service is intended to:

• Provide common standards, policies, procedures, and best practices.


• Cut costs with a consolidated cloud-based infrastructure that offers enterprise scale manageability and availability, including backup/restore and disaster recovery.


• Provide a common method and set of techniques for managing information.


• Connect people to enhance teamwork and work efficiently to address changing business needs.

Responsible VITA Directorate: Enterprise Solutions

VITA strives to deliver reliable and cost-effective computing platform services. Customers have a choice of platforms to meet their requirements, but customer applications are consolidated on shared platforms wherever possible to take advantage of economies of scale. All activities in this area are oriented towards supporting the business strategies and objectives of the Commonwealth, with an emphasis on collaborative and enterprise opportunities that increase efficiency and effectiveness.

The Code Authority relevant to this Service area is:

• 2.2-2007. Powers of the CIO


• 2.2-2011. Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

VITA enterprise services (VES) – Consulting services:  VITA enterprise services (VES) consulting services provides application development using the Office 365 platform (SharePoint and Teams) and SharePoint support services for our customer agencies. This service is available to current VES customers. (This service was previously named workplace collaboration services, or WCS.)

Information Technology Services for Collaboration Improvement is funded through Internal Service Fund sources.

This service area is now merged into 899.

This service has been merged into 899.

The Enterprise Development Services area is funded by Non-general Fund sources.

VITA’s Commonwealth Security and Risk Management (CSRM) directorate provides strategic information security services to the Commonwealth. It develops and promulgates the information technology security policies, standards, and guidelines as well as the Information Security Awareness Program, for all branches of government in the Commonwealth of Virginia. Coupled with the development of the standards are security architecture services that assist agencies in implementing secure information systems. Beginning in December 2008 and annually thereafter, it also reports to the governor and the General Assembly, those executive branch and independent agencies and institutions of higher education that have not implemented acceptable policies, procedures, and standards to control unauthorized uses, intrusions, or other security threats.

In addition, Commonwealth Security and Risk Management monitors and reports on the cyber threat landscape affecting Commonwealth agencies. This activity includes tracking of malicious third parties who are targeting Commonwealth systems and data as well as analyzing security incident reports from the executive branch, US-CERT (United States Computer Emergency Readiness Team) and other sources. Once tracking analysis is complete, Commonwealth Security and Risk Management takes actions necessary or desirable to ensure the security of the Commonwealth's electronic information. Commonwealth Security and Risk Management also partners with Commonwealth localities, federal government, and private industry to strengthen the information security posture of the Commonwealth through threat information exchange, security awareness, and IT security incident notifications.

CSRM also operates the Commonwealth IT Risk Management program. This program is intended to identify significant information security risks and ensure that appropriate resources are dedicated to address the situation or to formally accept the risk.

CSRM also provides assessments of the status of information security controls to agencies receiving infrastructure services from the IT Partnership.

Finally, the Commonwealth Security and Risk Management directorate serves as the internal information security resource for VITA. Program responsibilities include developing and carrying out, as needed, the Continuity of Operations Plan (COOP) and maintaining and overseeing physical security and access controls for VITA as well as carrying out the functions of the information security officer role.

Responsible VITA Directorate: Commonwealth Security and Risk Management

This service area supports the mission of the Commonwealth and VITA by providing the Commonwealth with the information technology security governance and management services necessary to adequately protect government information and the systems on which the information resides so that government services can be delivered effectively and efficiently.

The Code Authority relevant to this Service Area includes:

• § 2.2-2009. Additional duties of the CIO relating to security of government information
  
   
  
  
  
  • To provide for the security of state government electronic information from unauthorized uses, intrusions or other security threats
  
  
  • Subsection I was added to § 2.2-2009 in 2020.  It requires VITA to develop and annually update a curriculum for training all state employees in information security awareness and in using proper procedures for detecting, assessing, reporting and addressing information security threats.  VITA is also required to monitor agencies compliance with the performance of security awareness training. In addition, the 2020 legislative change expanded VITA’s oversight for security awareness training to include all Commonwealth branches of government: executive, legislative, judicial and independent.
  
  
  
  

• § 2.2-603. Authority of agency directors
  
  
  
  • F. Notwithstanding subsection D, the director of every agency and department in the executive branch of state government, including those appointed by their respective boards or the Board of Education, shall be responsible for securing the electronic data held by his agency or department and shall comply with the requirements of the Commonwealth's information technology security and risk-management program as set forth in § 2.2-2009.
  
  
  
  


• 2.2-5514. Prohibited products and services and required incident reporting.


• Item 94 of the 2022 Appropriation Act

Security Governance: Development of Commonwealth IT security policies, standards, guidelines and security training.

Security Awareness: Development of the Commonwealth Security Awareness & Orientation and Commonwealth Security Preparedness programs. This included the development of a new IT security awareness training standard applicable to all branches of state government (SEC527 Cybersecurity Awareness Training Standard).   VITA also established a compliance program for IT security awareness training to monitor employee progress.

Risk Management: Development and implementation of the Commonwealth risk management program; analysis of the annual assessment of security controls in place by the IT Infrastructure Partnership; development of the annual report to the governor and the General Assembly on all executive branch and independent agencies and institutions of higher education that have not implemented acceptable policies, procedures, and standards to control unauthorized uses, intrusions, or other security threats.

Security Incident Management: Response to and resolution of security incidents.

Disaster Recovery: Development and maintenance of the VITA Continuity of Operations Plan (COOP).

The Technology Security Oversight Services area is funded by Internal Service Fund sources.

On July 1, 2016, VITA officially launched the Centralized Information Security Services Center (CISSC) focused on providing ISO Security Services, Risk Management and IT Security Audit Services. Commonwealth Security and Risk Management has implemented the program and both ISO Security Services and IT Security Audit Services are currently staffed and supporting approximately 70 individual agency MOU’s.  At present, over 41 executive branch agencies have entered into a Memorandum of Understanding (MOU) with VITA to have one or both of these services performed. Additional agencies continue to request the services.   Currently, the MOUs in effect total over $8.0 million in service revenues for the next three fiscal years.

Responsible VITA Directorate: Commonwealth Security and Risk Management

This service area supports the mission of the Commonwealth, VITA and Commonwealth agencies providing an efficient and effective solution for information security, risk management and IT security audits.

The relevant code authority includes:

• § 2.2-2009. Additional duties of the CIO relating to security of government information.

           1. Address the scope and frequency of security audits.

           2. Control unauthorized uses, intrusions, or other security threats

           3. Provide for the protection of confidential data maintained by state agencies

           4. Address the creation and operation of a risk management program

• Item 94 of the 2022 Appropriation Act
  
   

Centralized ISO Security Services:  Includes consulting and functional support for agency security programs developing business impact analysis (business process identification), system security plans, risk assessments, and input to corrective action plans – all based on the agency mission and IT environment.

Centralized IT Security Audit Services:  Includes the performance of IT security audits based on the Commonwealth Security standards for IT security compliance.  Audit reports are provided to the agency leadership for risk identification and corrective action plan development. 

Information Security Shared Services Center are currently funded by the revenues generated by service MOUs between VITA and customer agencies.

The Commonwealth has more than 2,000 IT solutions hosted on various physical and virtual PaaS (Platform as a Service) servers. More cloud options are expected to be added in the future. Experts say that within three years, 40 percent of organizations will have a majority of their IT solutions hosted in the cloud. VITA and the Commonwealth of Virginia are striving to meet that mark, but in doing so, are working to keep commonwealth data secure and adapt IT solutions and business processes to they can use cloud-based services.

Cloud and Oversight Services provide oversight and support services for agencies undertaking the decision to move to cloud-based services.  The CoVA Cloud service offering will allow agencies to obtain the optimal hosting solution for their specific business needs. For simple, repeatable application hosting, the agency will be able to leverage SaaS (Software as a Service) via the Enterprise Cloud Oversight Service. For potentially more complex hosting requirements, the agency will be able to leverage the commercial cloud services (i.e., AWS) via the VITA service offerings, and finally, for complex hosting requirements involving sensitive data, or requirements too complex to be satisfied by public cloud offerings, the agency can leverage the CoVA private cloud. VITA will assist customers in navigating this suite of services to find the appropriate service offering that adds most value.

The Enterprise Cloud Oversight Service (ECOS) will eliminate the need for exceptions for agencies seeking to leverage external SaaS services.  These services provide a flexible and custom option to engage software as a service (SaaS) which meet an agency’s specific requirements and growing operational demands.  The services offer automatic compliance updates as well as achieve current regulatory and security compliance.

The service centralizes the oversight functions for certain cloud services by offering:

• SaaS Assessment


• Supply Chain Management Consulting Service


• Cloud Services Oversight

Responsible VITA Directorate: Commonwealth Security and Risk Management

This supports VITA’s mission of delivering agile and cost-effective services to the commonwealth.  VITA strives to deliver reliable and cost-effective services utilizing modern technologies that provide greater flexibility for its customers.

The Code Authority relevant to this Service area is:

• 2.2-2007. Powers of the CIO


• 2.2-2009. Additional duties of the CIO relating to security of government information


• 2.2-2011. Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2013 - Internal service and special funds


• Item 94 of the 2022 Appropriation Act

Enterprise Cloud Oversight Service (ECOS) provides oversight functions and management of cloud-based services, specifically focused on software as a service (SaaS). The service assures compliance and improved security by providing transparency through VITA oversight.

The service assures consistent performance from suppliers through service level and performance monitoring. Agencies benefit from flexibility with growing business demands by ensuring adequate security controls are in place for the protection of data, proper utilization of resources and compliance with regulations, laws and timely resolution of audit recommendations.

ECOS minimizes the need for exceptions in obtaining external SaaS services. ECOS provides a flexible and custom option for obtaining SaaS services which meet the specific needs of the agency. The service offers guidance and oversight activities for agencies in the following areas:

• Meeting commonwealth requirements, such as SEC 501 and SEC 525


• Incorporating appropriate contract terms and conditions to mitigate risk


• Completing Annual SSAE16 assessment reviews


• Ensuring vulnerability scans and intrusion detection are conducted


• Patching compliance of suppliers’ environment


• Ensuring architectural standards are met


• Monitoring performance against Service Level Agreements (SLAs)

ECOS is a service specifically created for vendors offering software as a service (SaaS) applications.

SaaS is the capability to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The provider manages or controls the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings.

SaaS Characteristics include:

• Network-based access to, and management of, commercially available software


• Access to provider’s services through an internet connection to a third party hosted facility


• A one-to-many model (single instance, multi-tenant architecture) for service delivery


• A common architecture for all tenants, usage based pricing, and scalable management


• Third party management of the service including functions such as patching, upgrades, platform management, etc.  


• A multi-tenant architecture with a single, centrally maintained, common infrastructure and code base shared by all users and applications


• Subscriber/user managed access for the application


• Provider-based data custodianship and server administration for the service

ECOS Applies when:

• Services under procurement meet the above definition and/or characteristics of a SaaS provider.


• When an agency is requesting the provider to act on behalf of a Commonwealth entity and/or is accepting commonwealth data, and/or serving as the data custodian and/or system administrator of that data for purposes of making it available back to the Commonwealth via an interface for fee.

ECOS is composed of 3 new component services under the cloud oversight umbrella:

• Assessment Review - The assessment component is a pre-procurement questionnaire that will be completed by the proposed supplier(s) and reviewed by the Enterprise Services Director and the Security Architect.  The assessment allows VITA to verify supplier ability to meet the commonwealth security and governance requirements for non-premise-based services. Note: The Assessment Review service is engaged independently of the other two service components. Once a supplier's solution has been assessed and approved by VITA, the assessment is valid for 12 months from the approval date. An Assessment Review fee or associated fees will not be incurred by agencies seeking use of a previously approved suppler solution.


• Supply Chain Management Consulting Service (SCM) - The SCM component includes consulting services to offer guidance and oversight to the agencies for delegated cloud procurements, including Cloud terms and conditions, support during negotiations, and SCM final contract review.


• Cloud Services Oversight - The oversight component provides monthly performance monitoring (PM), Service Level Agreement (SLA) management, operational oversight and security conformance of SaaS services through analysis and review of data and artifacts provided by the SaaS service supplier. The service assures compliance with regulations, laws and annual audit recommendations. Oversight also includes both an annual and end-of-service contract review. Resources engaged in these activities are Technical Services Lead, IT Security Auditor, IT Security Architect (as required) and Enterprise Services Director.

The Cloud Based Services Oversight Service area is funded by Dedicated Special Revenue.

This service area encompasses the broad range of management, administrative and support activities that fall under the headings of Administrative and Support Services, General Management and Direction, Accounting and Budgeting Services, Human Resources (HR) Services, Planning and Evaluation Services, Procurement and Contracting Services, Web Development and Support Services and IT Investment Management (ITIM) Governance.

The VITA Business Execution and Strategic Technology (BEST) directorate is focused on effectiveness, efficiency, and operational excellence for VITA. BEST works with agency leadership to develop long-range plans and strategies, ensure that the necessary financial resources, human resources, and other assets are available, develop criteria for success, track and report performance, and support continuous operational improvement.

General Management and Direction (service area 89901) – Provides agency leadership, with an emphasis on customers and proactive management of customer relationships, ensuring that VITA’s product and service offerings are consistent with the demands and direction of the agency’s served customer markets. Awareness and adoption of offered services and products is accomplished through communication and promotional programs. Such programs serve to educate customer markets on available offerings and solicit customer feedback to help in fine tuning future product directions, in addition to improving internal staff communications, knowledge, and awareness. Support activities also include policy, legal, and legislative reviews and analyses, and legislative liaison. This area defines and implements strategic planning to support the business strategy and goals of VITA. This area is accountable for setting and enforcing VITA-wide policies, standards, and guidelines and integrating IT processes and procedures using best practices.

Responsible VITA Directorate: Chief Financial Officer / BEST

Accounting and Budgeting Services (service area 89903) – Manages VITA’s internal and external financial resources to ensure legal compliance with state and federal policies and procedures. Activities include maintaining accounting, budgeting, performance, and forecasting systems to provide VITA management with the necessary information for oversight and direction, as well as acting as the point of contact for all external financial information requests. Also included are customer billing for services rendered, reconciliation of expenses to telecommunications services providers’ charges, maintenance and operations of financial and budgeting systems, and analytical support for internal and external projects.

Responsible VITA Directorate: Chief Financial Officer / BEST

Human Resources Services (service area 89914) – VITA reestablished an internal Human Resources function in January 2021. Previously, VITA Human Resources was managed by DHRM’s shared services. VITA Human Resources establishes and manages VITA human resources policies, processes, programs and applications focused on the workforce. HR ensures compliance with state and federal policies and procedures. VITA HR provides comprehensive HR services including hiring, employee development, training, benefits, leave management, performance management, leadership and employee guidance, employee relations, employee records, and staff augmentation resources. HR consults with VITA management to provide information and guidance on critical employee issues. HR resources partners with internal department such as finance, legal, communications and strategy and IT to deliver on organizational objectives.

Responsible VITA Directorate: Chief Administrative Officer / Human Resources

Planning and Evaluation Services (service area 89916) – This area is a strategic management capability that produces plans, policies, requirements, roadmaps, presentations, and diagrams describing the applicable structure of the enterprise; explaining current limitations (current state) and showing how changes could make things better (future state). EA uses an industry standard frameworks (FEAF, TOGAF, BIZBOK, et.al.), customized taxonomies, and its own knowledge base to support the governance, management, design, and delivering of strategic business and IT changes to the Commonwealth. EA aligns outcomes to strategies and helps to ensure successful transformations. EA also contributes to the Commonwealth by advising on critical issues such as creating and managing enterprise-level requirements; enhancing strategy, governance, and operations; cost reduction; process improvements; innovations and technology selection; all while taking into account the opinion and views of various stakeholders and making best use of available resources and investments.

Responsible VITA Directorate: Chief Information Security Officer / Enterprise Architecture

Procurement and Contracting Services (service area 89918) – This area provides comprehensive IT procurement services, leveraging the information technology supplier community for the best-value IT solutions to meet the business needs of our state and local government customers. The centralization of IT procurement services within VITA allows the Commonwealth greater flexibility in negotiating supplier contracts that ensure the Commonwealth is procuring quality prices at the best possible price. It also provides for a mechanism for the standardization of IT equipment used throughout the Commonwealth.

Responsible VITA Directorate: Supply Chain Management

Web Development and Support Services (service area 89940) – Web Development is responsible for the development and maintenance of VITA and Governor’s Office websites and applications. Includes providing oversight of the vulnerabilities and remediation as well as ensuring website comply to Enterprise Architecture website standards, including being accessible and responsive.

Responsible VITA Directorate: Chief of Enterprise Services / Internal Technology and Portfolio Management

Commonwealth IT Governance (ITIM methodology) (part of service area 89901) – The Commonwealth Technology Management Policy (GOV 105-04) establishes the Information Technology Investment Management (ITIM) methodology as the Commonwealth’s approach for managing technology investments throughout the IT investment lifecycle. This is considered the best means to ensure business value and minimize risk. The lifecycle includes pre-select, select, control, and evaluate phases. In support of the responsibilities of the Commonwealth Chief Information Officer (CIO) and the Secretary of Administration, as mandated by the Code of Virginia, ITIM Governance provides a range of Commonwealth services to ensure the effective application of ITIM best practices across the IT investment lifecycle. This includes early and continuous involvement of Commonwealth executives and agencies in the governance, oversight, and management of agency technology investments. ITIM uses structured processes to minimize risks, maximize return on investments, and support Commonwealth agency decisions to maintain, migrate, improve, retire, or obtain IT investments. It also establishes a common language for the Commonwealth to organize IT investments and define their business value, evaluate and prioritize the investments, and effectively manage change.

Responsible VITA Directorate: Chief of Customer Experience / CSIG

Administrative and Support Services: Provides support services throughout the organization and provides VITA with a diverse set of knowledge and skills that assists other directorates in achieving their mission, goals, and objectives.

General Management and Direction: Ensures management emphasis on customer focus, technologically appropriate selection of products and services as well as market awareness. Helps VITA position itself as a change agent to continually improve services, lower costs, and provide improved value propositions to citizens and customers. The more VITA’s products and services are recognized as bringing value, the more they will be used.

Accounting and Budgeting Services: Provides financial management leadership for VITA with an emphasis on the following: implementing equitable and defensible service and service support charges, developing and executing sound spending plans in accordance with agency and state priorities, providing timely and accurate financial information to VITA’s customers and managers, billing, collecting, and paying for services promptly and in compliance with state and federal directives. All of these efforts ensure that VITA possesses sufficient resources to perform its mission while maintaining sound financial management practices. Promoting standardization of planning, processes, and procedures helps VITA to streamline its operations and become more efficient in the use of its resources. This improves services and lowers costs to citizens and customers. Accounting and Budgeting provides guidance and support throughout all VITA service areas in implementing the strategies that directly support the agency mission and goals.

Human Resources Services: This service area supports all VITA service areas, which, in turn, directly support the agency mission and goals.

Procurement and Contracting Services: This area supports VITA’s mission through the procurement of information technology and telecommunications goods and services and through the establishment of statewide contracts and agreements that can be used by all public bodies, including counties, cities, and towns. This supply chain organization further supports the mission by providing services and governance. These goods and services are vital to the success of the many projects identified in VITA’s strategic plan and the achievement of its strategic objectives.

Web Development and Support Services: Management emphasis on cost effective solutions while providing business value in relation to the development and maintenance of websites and web applications helps VITA position itself to continually improve its services while lowering costs to citizens and customers.

Commonwealth IT Governance: ITIM Governance supports VITA’s mission of serving citizens by developing, promoting, and carrying out best practices in IT investment planning and management. All activities in this area are oriented toward optimizing the business value of discretionary IT investments (projects, programs, and procurements) to support the mission, goals, and objectives at the agency, secretariat, and Commonwealth. In support of that orientation, the “best value” of all IT initiatives is consistently measured and evaluated in terms of business results.

Relevant Code Sections for this Service Area include:

• 2.2-2007. Powers of the CIO


• 2.2-2007.1. Additional duties of the CIO relating to information technology planning and budgeting


• 2.2-2011. Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012. Additional powers and duties related to the procurement of information technology


• 2.2-2013. Internal service and special funds


• 2.2-2014. Submission of information technology plans by state agencies and public institutions of higher education; designation of technology resource


• 2.2-2016. Division of Project Management Established


• 2.2-2016.1. Additional powers and duties of the CIO relating to project management


• 2.2-2017. Powers and duties of the Division


• 2.2-2018.1. Project and procurement investment business case approval


• 2.2-2020. Procurement approval for information technology projects


• 2.2-2021. Project oversight committee

General Management and Direction:

Accounting and Financial Management: The establishment of financial policies to ensure that VITA is in compliance with Generally Accepted Accounting Principles (GAAP). These services include such things as:

• Customer accounts and liaison for resolving billing inquiries


• Customer bills for services


• Approved rates establishment


• Reconciled bills


• Budget, revenue and expense monitoring, analysis, and reporting for VITA Divisions


• Performance measurement system and benchmarking process


• Cost savings reports


• Asset management reports and inventories


• Financial reports and queries

· Financial systems development and operations

Strategic Planning: Development and monitoring of long-range plans such as the agency strategic plan and the IT strategic plan to ensure that the necessary financial, human, and other assets are available.

Process Improvement: BEST is accountable for the continuous improvement of VITA operations with the capability for identifying and directing process improvements, change management, knowledge management, and standards. BEST improves VITA’s productivity through the development and application of consistent processes, standards, and principles. Critical activities include:

• Development of templates and assistance in the documentation of processes


• Process improvements


• Paperwork reduction

Customer Relationship Management: BEST’s communication team messages communications, provides standards, and ensures internal and external communication is effective.

• Internal/external communications monitoring and reporting of work plan Initiatives


• Development of the agency strategic plan and the IT strategic plan


• Information and assistance regarding programs administered

Human Resources:

Workforce Development: Development of the talent strategy that ensures personal and organizational objectives are aligned with customer and IT strategies. Accomplished by:

• Establishing and managing VITA human resources policies, processes, programs, and applications focused on the workforce


• Ensuring compliance with state and federal policies and procedures


• Providing comprehensive HR services including hiring, employee development, training, benefits, leave management, performance management, leadership and employee guidance, employee relations, employee records, and staff augmentation resources

Procurement and Contracting Services:

Procurement Governance: Ensures that the Commonwealth is in compliance with procurement policies and guidelines and that the Commonwealth is effectively using the services of SWaM suppliers (small, women and minority-owned). Governance activities include:

• Strategic sourcing, including needs analysis, market analysis, category management, solicitation development, negotiations, and contract establishment, award, and announcement.


• Provisioning, including requisition management, quick quotes, electronic Virginia (eVA) administration, and ordering.


• IT procurement outreach, including promoting increased access, participation, and partnerships with SWaM businesses, assisting IT suppliers in how to do business with the Commonwealth, and supporting Commonwealth procurement professionals with the acquisition of IT goods and services.


• Contract and supplier management, including relationship management, contract administration, service level management, information management, and dispute resolution.

Web Development and Support Services:

Website Maintenance: Ensures consistency in the communication and content of public facing websites. Includes such things as:

• Policy guidelines for the development and maintenance of web applications.


• Procurement and support of a content management system for VITA and the governor’s websites.

ITIM Services:

ITIM products and services include:

• Project Oversight and Guidance: Provide oversight and governance for managing the planning and implementation of Commonwealth investments of $250,000 or more. Included is the development of ITIM policies, standards, and procedures as well as the provision of training on the established ITIM process.


• Strategic Planning: Provide guidance, direction, and training for the development and maintenance of Commonwealth and agency strategic plans for information technology and technology business plans to ensure compliance with Commonwealth IT policies, standards, enterprise architecture, and the Commonwealth’s Strategic Plan for Information Technology. Maintain the Commonwealth Strategic Plan for Technology on an annual basis.


• IT Budget Decision Packages: Review all IT budget decision packages submitted by Executive Branch agencies and make a recommendation to the Commonwealth CIO for recommending or not recommending approval.


• Commonwealth Technology Portfolio Management: Including procuring and managing Strategic/operational/tactical management tools to; plan, collect data on investments, score, rank, and prioritize investments, meet Code mandated reporting requirements and govern implementation of investments of $250,000 or more.


• Project Management Development Program: Provide program and project management training to all project managers and Agency IT Resources in Executive Branch agencies emphasizing industry best practices as well as Code requirements.


• Independent Verification and Validation (IV&V): Reviews and approves Statements of Work (SOW) and project IV&V reports.


• Data Governance: Provide guidance for data quality, data management, data policy management, and risk management to ensure that Commonwealth data are managed consistently throughout the Commonwealth.


• Consulting Services: Provide consulting for IT investments in both the planning and implementation areas.

The Administrative and Support Services area is funded by general fund, Internal Service Fund, and Special Revenue Fund sources. Internal Service Fund costs are recovered through user charges to our customers. Special Revenue Fund costs are recovered through the Industrial Funding Adjustment (IFA) fee charged to most suppliers of statewide IT contracts