To deliver sustainable and effective results to our customers through innovative, efficient, and secure services.

To be Virginia's most customer-focused technology partner, empowering the Commonwealth to achieve more through innovative, efficient, and secure technology.

VITA is a customer-focused organization that builds trust through respect, collaboration and communication. We build public trust by working according to our shared values:

Accountability -  "We take ownership for delivering on defined outcomes, being transparent and responsible for the decisions we make."

Inclusive Collaboration - "We engage diverse individuals and teams from VITA, customers and suppliers to develop solutions together and foster mutually beneficial partnerships."

Growth Mindset - “We embrace challenges and opportunities for growth, striving to discover innovative solutions and never accepting the status quo."

Effectiveness - "We work decisively to deliver solutions by taking a data-driven approach that creates value for the Commonwealth."

Persistence - “We are dedicated to accomplishing our mission by delivering timely and innovative solutions for our customers despite challenges."

The creation of the Virginia Information Technologies Agency (VITA) by the 2003 General Assembly was widely recognized, both within and outside the Commonwealth, as an initiative to bring significant efficiencies and service improvements to the state’s technology infrastructure.  The legislation was the result of mutual recognition by Virginia’s legislative and executive branches of the pressing need for change as well as the value of applying best business practices to meet such public sector challenges. The Virginia Information Technologies Agency (VITA) is the Commonwealth’s consolidated information technology organization. The agency is headed by the Chief Information Officer (CIO) of the commonwealth.  The Code of Virginia (Code) grants and assigns specific authority and responsibilities to VITA, and to the CIO position. Most of these are found in Chapter 20.1. “Virginia Information Technologies Agency.”  VITA’s responsibilities fall into five primary categories:

1. Governance of the Commonwealth’s information security programs and enterprise architecture in support of the responsibilities of the Chief Information Officer of the Commonwealth. 


2. Operation of the IT infrastructure, including all related personnel, for the executive branch agencies declared by the legislature to be “in-scope” to VITA.


3. Governance of IT investments in support of the duties and responsibilities of the Information Technology Advisory Council and the Chief Information Officer of the Commonwealth.


4. Procurement of technology for VITA and on behalf of other state agencies and institutions of higher education.


5. Working with Executive Branch agencies in the identification and exploitation of enterprise, collaborative and agency business solutions which provide improved services and/or reduce expenses.

VITA’s vision to be Virginia’s preferred government IT partner means that we:

• Create value and provide enterprise IT services supporting the business of state government at the best return on investment for our customers, stakeholders and Virginia’s taxpayers.


• Improve the Commonwealth’s competitive position in the national and world marketplace; Harness opportunities to utilize technology to improve the availability, quality and responsiveness of state services- seamless, friendly, anywhere, anytime; for our citizens and customers.


• Create accountability for how public funds are spent on technology for VITA as well as for the entire executive branch.


• Grow our employees; Embed opportunities for professional growth and development into the agency’s organization and operations. Recognize and reward accomplishments.


• Serve as the model for transforming state government; Pursue streamlined business processes and innovative partnerships that improve service delivery to deliver greater value.

VITA provides information technology infrastructure services and technology solutions to support customers and address their business needs. We are the information technology organization that supports agency and locality technology requirements as they endeavor to deliver citizen services. While the agencies and localities directly serve the citizens, VITA the agencies and localities as their strategic partner.

The Virginia Information Technologies Agency has modernized the Commonwealth’s technological public sector landscape over the past six years by transitioning from a single IT infrastructure supplier to a multi-supplier model of eight suppliers. Our team has transformed our business model, accelerated the launch of new innovative services, guided the Commonwealth information technology community through a global pandemic, fortified security protocols against mounting cyber threats, and delivered consolidated services to our customers.  As our customer needs continue to grow and evolve, VITA will continue modernizing and improving to meet their needs.  VITA continues to work with our suppliers to ensure efficient service delivery that meets customer needs.

During our planning for the 2024-2026, VITA made a conscious effort to ensure that our goals and objectives were in alignment with the COV Technology Plan.

As is the case with the broader IT industry, VITA has been challenged to find the right staffing levels of Government, contractor, and suppliers.  VITA has increased our recruitment avenues to include usage of national recruitment platforms, job fairs (including those targeting Veterans and their spouses and individuals with disabilities) and networking connections.

VITA continues to pursue its mission of delivering sustainable and effective results to our customers through innovative, efficient, and secure services providing value to the commonwealth in the following areas:

IT Infrastructure:  VITA provides IT infrastructure services through a multi-supplier model that delivers the following capabilities:  end user compute, server/storage, network, messaging, print, mainframe, managed security, and supplier integration.    These contracts are scheduled for re-competition over the next several years.  The first contract for re-compete was the messaging contract that was awarded in 2021.  VITA, in partnership with the Administration and executive branch agencies, made the decision to move all executive branch agencies from Google to the Microsoft platform for messaging services.  VITA has also migrated users from Cisco VPN to Global Protect. Other IT infrastructure contracts that have been released include Mainframe Services, Managed Public Cloud Services, and Managed Security Services.  Other tower contracts will be re-competed as they become due.

IT Security Governance:  VITA continues to improve the information security posture of the Commonwealth for the protection of government information by enhancing capabilities and updating Information Security policies, standards and guidelines to address new security issues as they arise.   In addition, the Governance group manages educational outreach to the Commonwealth security community.  We provide stakeholder outreach through monthly meetings with IT security officers from across the commonwealth and offer an annual IT security conference.  We work with K-12 and higher educational institutions to promote cybersecurity. 

IT Project Management Division (PMD):  PMD provides assistance as well as oversight and governance for Commonwealth-level Information Technology (IT) projects and associated procurements from project initiation approval throughout the project lifecycle.

IT Investment Management (ITIM):   ITIM is an integrated approach to managing IT investments, promoting the continuous identification, selection, control, life cycle management, and evaluation of IT investments.  ITIM uses structured processes to minimize risks and maximize return on IT investments.  Agencies must adopt an ITIM approach for management of agency technology (investment) portfolios.

Supply Chain Management (SCM):  VITA continues to develop polices, standards and guidelines for the procurement of IT and leverages supplier relationships to provide the best value IT solutions to meet the commonwealth’s business needs.  VITA’s contracts are used by all Government entities in Virginia.

Enterprise Solutions:  a division within the Virginia Information Technologies Agency (VITA), offers a comprehensive suite of services, solutions, and capabilities to support the digital transformation of the Commonwealth of Virginia (COV) agencies. Through close collaboration, Enterprise Solutions provides expertise for knowledge transfer, solution implementation, and vendor vetting, ensuring that service offerings are aligned with agency business strategies. Key initiatives include deploying security and accessibility tools for standard compliance, establishing Communities of Practice (CoP) for collaboration, and offering cloud solutions through Azure and AWS. The division is dedicated to fostering long-term success for agencies through strategic alignment, governance, and continuous learning opportunities.

Like many other employers, VITA faces workforce challenges from the highly competitive IT employee market. VITA recognizes the importance of a strategic workforce planning that includes employee development, succession plans, and business continuity through knowledge transfer.  For VITA’s workforce:

• VITA’s MEL increased from 242.4 to 284.4 in FY 2023 and 319.4 for FY24. Our MEL for FY 25 is 337.4


• 29% of staff are new in role or new to VITA.


• 18% of VITA employees are currently eligible for retirement.


• The average age of a VITA employee is 50, with 49% being age 50 or over.

The increase in MEL requires a focus on resource planning, hiring, employee performance and onboarding. We also anticipate employee role changes as people move into new available positions within VITA for career development and in response to ongoing retirements and turnover.  Employee workforce development will need to be strengthened to better prepare our people.  VITA will build and adjust HR programs such as training, hiring practices and succession planning strategies to meet these demands.

VITA is currently focused on four key areas to support VITA strategic initiatives and workforce demands.

• Establishing a holistic resource and hiring plan to fill needed positions.


• Targeting new and fresh IT talent on a junior level


• Building a culture of engagement and continuous improvement.


• Enhancing training programs to support targeted skills development including leadership and technical skills.

In addition to content available in the DHRM COV Learning Center, VITA has purchased access to LinkedIn learning to provide meaningful training and development for our employees.

VITA moved into its new office headquarters in June 2022.  The facility is located at 7325 Beaufont Springs Dr., Richmond, VA  23236 and features approximately 64,500 USF.  The new location is also in close proximity to a number of our agency customers.

The space is currently shared with the Office on Data Governance and Analytics (ODGA) as well as representatives from the various service suppliers.  There is an additional approximate 5,000 sq ft that VITA could potentially lease if funds were available—making the Commonwealth of Virginia the sole building tenant.  Not only would this provide room for additional staff or a larger and flexible meeting space, but it would also allow opportunities to improve the physical security of the building and provide greater protection for our staff. 

While the governor’s office is not a VITA specific location, we do have a number of staff that are housed in the governor’s office so that they can better support the governor’s technology needs.

As part of the annual ARMICS Assessment VITA conducted a risk assessment in October 2023 and identified the following as the primary possible risks facing the agency. 

The following were identified as key weaknesses or threats for the agency:

• Communication gaps in operational processes


• Lack of sufficient funds for adequate staffing, training, professional development and equipment for agency operations


• Insufficient collaboration and sharing of information across the agency


• Business processes are seen as complex and difficult to understand


• Gaps in procurement process or workflows


• Reputation of VITA – many do not see the value proposition for VITA services.


• Cybersecurity threats


• External operational requirements

The following risks were identified in the 2021 ARMICS Assessment and are still applicable today:

• Staffing - including not enough staff, staff burnout, aging staff, pending retirements, loss of institutional knowledge, inability to fill/retain staff, contractor conversions, inability to meet deadlines, competing obligations, etc.


• Security Risks - cyber, data breach, ransomware, and prolonged outages.


• Financial - enough funds to support mission and goals, revenue loss, and funding for additional staff,


• Contractual – many of VITA’s contracts call for financial or other penalties for failure to meet the contract terms.


• Supplier Performance - process changes, platform supplier failure, operational performance, new requirements, and gaps when changing suppliers.


• Project Level Risks – all projects carry risk and VITA is very much a project-based organization

VITA’s funding structure consists of Internal Service Fund (06), Special Fund (02), General Fund (01) and Federal Trust (10). 

The Internal Service Fund (ISF) is VITA’s primary source of revenues.  In this intra-governmental fund, VITA collects revenue and incurs expenses for providing information technology infrastructure and telecommunications services to other state agencies, institutions, and local governments.  The services furnished are charged to the recipient agency, institution, or local government to recover costs through user charges approved by the Department of Planning and Budget.  VITA’s Discretionary services that are provided to some customers are captured in a separate ISF program (Central Support Services).  VITA’s internal organization is the ISF Overhead and includes project management, information security, customer relations, service management, and overall agency management and operational support. The total ISF amounts budgeted in Chapter 2, for the 2024 - 2026 biennium, are $432,003,925 in FY 2025 and $427,730,589 in FY 2026.

The Special Revenue Fund is also called the Acquisition Services Special Fund.  The revenues are derived from a surcharge on information technology procurements.  The Chapter 2 appropriations of $13,092,342 in FY 2025 and $13,092,342 in FY 2026 are used by VITA for procurement and contracting oversight and management expenses and to pay for services to customers that are not considered allowable by the federal government, for their share of payments to VITA (recorded as internal service fund revenues).  VITA also provides support to the Governor’s office from this fund.

The General Fund reflects appropriations received from the Commonwealth of Virginia (General Assembly).  These funds are used to support vulnerability scanning in the Information Technology Security Service Center.  Additional appropriation will be given in FY 2025 to serve as the state matching funds related to the federal cybersecurity grant fund as well as funding for website translation services.  The current General Fund appropriation for this service area is $318,676 in FY 2025 and $318,676 in FY 2026.

The Federal Trust Fund reflects appropriation received from the Commonwealth of Virginia (General Assembly).  These funds are part of the federal cybersecurity grant fund.  VITA will obtain the funds, apply federal guidelines and develop a planning committee to oversee the grant. The appropriation for FY 2025 is $21,396,396.

A significant portion of VITA's collections are not categorized as revenue in the Commonwealth Accounting and Reporting System (CARS); rather, they are identified as “recovery of cost”.  Accurate assessment of the relationship between the non-general fund sources [appropriations] and collections depends upon the addition of cost recoveries to revenues.  VITA establishes rates and develops a cost allocation plan on an annual basis that is approved by the Department of Planning and Budget (DPB) that allows VITA to recover costs it expends on behalf of the commonwealth and/or its customers.

The following statistics represent the depth and breadth of services provided by VITA to the commonwealth.  These statistics are utilizing data from FY 24.

VITA does not anticipate any changes to the core customer base.  However, in response to increased federal funding (such as the Infrastructure Investment and Jobs Act), we anticipate greater IT consumption from the agencies.

In addition to the governor’s office and executive branch agencies listed below, VITA provides services to a number of non-executive branch agencies, institutions of higher education, local governments, federal agencies and non-profit entities.

VITA’s Service Catalog offers its customers access to more than 139 information technology-related services broken down by service categories including Account Management, Application Integration, Cloud, Domain Name Services, Mainframe, Messaging, Network, End user services, Security, Server and Storage, and Voice and Video Services.  

Other services are available through VITA’s statewide contracts such as for networking and broadband, wireline and wireless telecommunications services.

The catalog of services is available at Catalog Services | Virginia IT Agency

Finance Performance Highlights: 

Oracle EPM (Enterprise Performance Management) Budget and Forecasting Tool and Power BI Financial Reporting Suite Implementations – VITA’s CFO area rolled out a transformative toolset that allows for automated and integrated budgeting and forecasting activities as well as replication and enhancement of financial reports. Oracle EPM allows for automated notifications of budget changes and integration with VITA’s Peoplesoft Financials instance as well as direct access for managers and directors to their up-to-the-minute budget statuses. Power BI reporting will allow for formal, exportable reports associated with VITA’s P&L and performance compared to budget.

Implementation of Fixed Fee Methodology in Customer Chargeback Rates for Improved Transparency – FY 2024 marked the first year of a significant shift in VITA’s chargeback rate methodology. VITA now separates charges received from platform vendors that are fixed and bills them separately from variable, consumption-based costs. This allows customer agencies to have greater control over their IT spend and prevents large swings in the outcome of VITA’s recoveries. Eliminating these outliers allows for better budget planning from year to year and keeps the focus on customer consumption.

NextGen TEMS Implementation – VITA’s migration of the current telecom expense and billing system (TEBS) to Calero’s next generation telecommunications expense management system (TEMS) is scheduled for FY 2025. This new system, in conjunction with the addition of managed services, will deliver a significant improvement to reporting, order processing, workflow and dispute management. This transformational project will deliver to VITA and agencies the transparency critical to optimizing cost and consumption of telecom services.

Data Warehouse Modernization – The CFO organization is focused on leading and creating data-based insights to meet accounting and financial reporting requirements, improving day-to-day operations, and supporting audit activities. This effort will have a broad reach within finance, leading the consolidation and transformation of disparate data sets, building databases, reconciliations, metrics, dashboards and applications to achieve data completeness and facilitate management decision-making. This is a strategic initiative to design and execute VITA’s technology strategy and roadmap, especially as VITA has rolled out Apptio and Oracle EPM and will implement Calero’s TEMS.

General Accounting Playbook Development – The CFO organization is proactively developing a General Accounting Playbook with the assistance of KPMG to improve internal controls and create standard operating procedures along with a succession plan to avoid disruptions in finance and accounting activities. Recent changes by new Governmental Accounting Standards Board (GASB) pronouncements have significantly impacted the requirements for general accounting and reporting. This playbook will improve the accuracy, efficiency and timeliness of financial reporting.

Enterprise Solutions Performance Highlights: 

Web Modernization – With over 1,500 websites in the executive branch portfolio and no central control, the Virginia government web world was sprawling and in need of a unified review. To address this issue, VITA launched the Website Modernization Project, which aimed to improve on each of these needs for better security, accessibility and consistency in look and feel.

The project included multiple workstreams developed by expert teams of web, security staff, enterprise architects, project managers, IT colleagues and communications professionals to make the effort successful. Together, the team:

• Developed new web standards,


• Created a full portfolio of shared tools and solutions for all,


• Deployed a unified branding bar, domain naming convention, design system and downloadable templates for a cohesive digital experience,


• Established tested workflows for remediation with production-ready government vendors,


• Provided multidisciplinary training, including the Accessible VA training with accessibility certification


• Communicated regularly through virtual meetings and newsletters

The project has achieved remarkable progress and success. In one year, agencies doubled their websites’ accessibility compliance from 44% to over 88%. The cohesively designed branding bar was deployed to 100% of public-facing sites to ensure consistency. Using similar tools and programs provided shared knowledge and collective problem solving, which saved money, time and resources across the enterprise. This programmatic partnership sets the Commonwealth up for compounding success in future opportunities together.

COVA Apps – The COVA Apps programs aid agencies to achieve business outcomes by offering secure, integrated and pre-approved solutions and tools. COV Apps will achieve cost savings for the Commonwealth by creating solutions that enable agencies to focus on providing their customers with great services.

Program Goals:

• Standardize key business functions across the Commonwealth


• Provide valuable data for metrics that can be analyzed in real time


• Save agencies time spent creating and maintaining their own forms and processes


• Provide enhanced visibility of processes

Microsoft Power Platform implementation: The Microsoft Power Platform is a transformative suite of tools designed to simplify and innovate the process of low-code application development and automation. Tailored for citizen developers, business analysts, IT administrators, and professional developers alike, this platform empowers users to automate processes, construct solutions, analyze data, and create virtual agents. In July 2023, VITA introduced its Low-Code Application Platform (LCAP) Power Platform managed service to facilitate the adoption process for COV agencies by streamlining licensing, procurement, governance, and support procedures associated with the platform. At launch, Commonwealth of Virginia (COV) personnel, including employees and contractors, had already leveraged Microsoft Power Platform tools to develop over 3,000 custom applications and automate 6,000 workflows. To nurture collaboration among COV agencies and promote effective governance, VITA established a Power Platform Community of Practice (CoP). Utilizing Microsoft Teams as its central hub, VITA has created dedicated channels for each agency to engage directly with VITA and each other. VITA facilitates monthly CoP meetings to share information, discuss best practices, and spotlight platformrelated initiatives at individual COV agencies. The CoP has rapidly expanded, boasting a membership of over 1,300 members since its inception with just 50 initial participants.

Cloud Native Adoption –

VITA – AIS - Expanded AIS Enhanced Services Offering for Integration

Business Problem being solved: As COV agencies transform and modernize systems and applications and as the COV footprint changes from Data Center focus to Hybrid Cloud architecture, the need for integration management and complimentary services that allow management of application connectors is becoming necessary.        

VITA – AIS Expanded AIS Enhanced Services Offering for Data Integration

Business Problem being solved: As COV agencies transform and modernize, they realize an apparent need for data management services. Complimentary to existing VITA – AIS services for Infrastructure, Database, Integration and Gateway, intended VITA – AIS Data Management services provide an end-to-end data lifecycle solution.

Infrastructure Services Performance Highlights:

OKR Support of Improving the Customer IT Experience, Cybersecurity and Driving Efficiency are the keystones of initiatives executed and in process.  Solutions and initiatives we implemented are as follows:

• Improve the Network: VITA implemented many initiatives to achieve the following results:
  
  
  • Reduced critical outages (P1 incidents) 42%
  
  
  • Reduced the ‘hot sites’ (those that appear on overutilized circuit reports) 79%
  
  
  • Implemented SDWAN technology to 1,046 sites
  
  
  • Upgraded or added over 550 broadband and MPLS connections
  
  
  
  

• Cloud Services:  Multiple cloud services established or in development:
  
  
  • Implemented COV Cloud using a tool that provides an automated orchestration, self-service and management of cloud resources, resource consumption, and reporting on utilization.  The tool was secured in the AWS Gov cloud tenant and provides service from the AWS commercial cloud tenant and other clouds in the near future
  
  
  • Initiated RFP for Azure Cloud Managed Cloud Supplier (MCS)
  
  
  
  

• Recompete the Mainframe contract:  One of the original 8 agreements making up Multisource Systems Integrator (MSI) model, the mainframe was recompeted and the incumbent won the award. Originally targeted for elimination, all but two agencies are still utilizing the mainframe for key application support.

• Managed Print Services (MPS) elimination:  VITA eliminated the MPS services with Xerox as a result of high costs due to associated overhead with VITA and the supporting MSI model.  VITA purchased print services from the state contract and provided its own services to agencies utilizing the MPS service.

• Teams Voice Enterprise Service:  Implemented Teams Voice Enterprise Service (TVES) offering an optional low-cost phone service. TVES is an optional alternative to the existing UCCaaS and VCE phone services.  VITA has adopted this service while other agencies are preparing to do so.

While still supporting the seven strategic initiatives VITA has many more initiatives to implement.  While the MSI model matures and supplier contracts come due for renewal or recompete, VITA must strategically determine how to modify the model appropriately to reflect current technology and customer requirements as well as consider increasing the number of suppliers in the ecosystem.  These are the new solutions and initiatives being implemented:

• Network Infrastructure:  The increase of agency cloud usage is creating an opportunity to reduce overall agency costs, standardize our cloud network infrastructure and enable any agency to easily connect to any or multiple clouds.  The infrastructure build out consists of utilizing existing SD-WAN technology and adding SD-WAN hubs within the clouds and converting Secure Cloud Interconnection (SCI) connections to Software Defined Interconnect (SDI) Connection.  With the advent of additional agencies and connections, the recommended solution provides an operational cost savings opportunity let alone multiple cost avoidance opportunities.

• Cloud Services:  The development and implementation of COV-Cloud calls for the continuing usage of the automated provisioning tool providing agency deployment, utilization, and consumption billing.  The RFP for the Azure Managed Cloud Supplier (MCS) will be completed 3rd qtr 2024 and initiatives to remediate and modernize the existing tenant for agency consumption is planned

• Cloud Infrastructure:  With the development of VITA’s cloud services and supplier tools, VITA should retain ownership and direct management of the tools that create the security approved deployment and change controls of cloud resources

• Identity Access Management: VITAs infrastructure and service offerings have evolved over the past 4 years.  Many new services have been requested or identified to better serve our customer base.  While VITAs suppliers have stepped up to offer limited help, often these new services fall outside of their current scope of work.  Directory Services, the Sailpoint platform, and our Multi-factor Authentication tool (MFA) all have key initiatives.  These initiatives range from enabling cloud services, automated onboarding to creating an enterprise OKTA service for internal and external application access.

• Network Monitoring: Recent successful projects and services have improved network services, but have increased the complexities and reach of the COV network with the addition of VITA and supplier tools.  Over the past 4 years, VITAs infrastructure and core services have evolved and changed and the utilization of tools to ensure compliance and view end to end monitoring are needed.  These tools will enable better monitoring and event management for identifying and resolving incidents/outages quicker.

• Disaster Recovery:  VITA only offers an ‘all or nothing’ disaster recovery service of which there is limited agency participation due to fixed testing dates and their Return on Investment (ROI) based on an unlikely scenario occurring.  VITA needs a service that provides for agency level testing and recovery that supports multiple types of disaster scenarios to include security events.  A Disaster Recovery as a Service (DRaaS) will modernize COVs disaster recovery capabilities, eliminate the secondary data center, and the network ‘bubble’ that creates the all or nothing disaster response.  This project results in long term cost savings of individual disaster recovery subscriptions and elimination of the secondary data center.

• Central Decision Support System:  VITA and its customers lack the infrastructure of a central decision support system to perform data analysis across the platform from ticket information to finance.  Today this analysis is performed on spreadsheets and data has to be continuously pulled from various resources to update ‘reports’ which is inefficient and time consuming.  VITA is recommending providing a “Data Warehouse as a Service (DWaaS)”.  This tool is strategic in planning for future Platform sourcing models.

• Government Owned Service Management Application: Decrease this transition cost/risk either through negotiations or contract re-compete by switching to Government Owned Contractor Operated (GOCO) model for IT Service Management (ITSM) software. The goal is for VITA to own ITSM software before the current MSI contract ends in 2026, thereby increasing COVA’s leverage in contract negotiations. Moving to a GOCO model would remove the value of the SM licensing for future MSI contracts thereby reducing cost of recompete. This shifts the SM licensing to a VITA as a platform operating expense which can be recovered by prorating licenses across agencies. It would also provide a SM platform as a VITA service to meet executive agency’s internal business needs which is in line with agency strategic goals in providing better customer experience.

• Recompete IT Infrastructure Suppliers:
  
  
  • Security services contract ends December 2025 with one up to 14-month extension available.  Procurement is underway, which may have multiple supplier awards
  
  
  • End user compute contract ends November 2025 with one 24-month extension available.  Procurement planned for early 2025.
  
  
  • Server services data center contract ends November 2024, we plan to execute a 24-month extension, leaving one 24-month extension available.  Procurement planned for late 2025.
  
  
  • Multi-service integrator contract ends February 2026 with one up to 24-month extension available.
  
  
  • Voice data network contract ends June 2026, with up to one 24-month extension available. 
  
  
  
  

Customer Experience Performance Highlights: 

Commonwealth CIO Governance Approvals: VITA’s oversight & governance division transformed the commonwealth technology portfolio governance process. We reduced the average approval cycle time for project and procurement approvals from 30 to 9 days (70% reduction) and the IT strategic plan approvals from 289 to 54 days (81% reduction). 

Customer experience score: VITA streamlined and optimized customer feedback collection mechanisms, methods, and frequencies in response to customer feedback about “survey fatigue.” We reduced the customer satisfaction survey frequency by 50% and transitioned the monthly survey to conversations with customer account managers. This has resulted in an increased response rate. We also leveraged additional data that was already being collected, such as service request and incident ticket data to develop a composite score that provides more comprehensive insights the areas to focus on in the continual effort to improve the customer experience.

IT Contingent Labor Policy Revision: VITA, in partnership with the Commonwealth Chief Procurement Office, revised the IT contingent labor (ITCL) policy to ensure procurement behaviors aligned with competitive principles of the ITCL and Virginia Public Procurement Act (VPPA). The ITCL program enables a common acquisition process for agencies to obtain IT staff augmentation services and deliverables-based SOW services through a managed service provider program. The goals of the revised ITCL policy included decreasing the number of exceptions in staff augmentation, promoting competition and negotiation in SOW engagements, and helping agencies make better decisions and hold them accountable to those decisions. The revised policy went into effect January 1, 2024.

Commonwealth Security & Risk Management Performance Highlights: 

Recompete of Managed Security Services – Managed security services provide a range of security solutions to VITA’s suppliers and customers, including threat management, perimeter security, internal network security, endpoint security, application security and data security. While most services are provided to executive branch agencies as part of their participation in the program, some optional services are available for agencies to purchase as needed.  To ensure VITA receives the highest level of service in a cost-effective manner, CSRM and VITA Procurement are moving forward with the recompete process for a Managed Security Services supplier.

Continued Rollout of Zero Trust - With the adoption of Zero Trust security strategy in 2023, VITA is enhancing its security posture both within the agency and across the Commonwealth. Zero trust shifts away from the traditional security model of perimeter protection to one that continuously assesses the security of users, networks, and endpoints. This approach is critical to supporting the distributed technology and cloud model the Commonwealth is currently implementing. Investments have been made to improve identity and access management through the acquisition of an identity and access governance tool and to provide correlated monitoring through the acquisition of Splunk. Further improvements to our network security model are planned for fiscal year 2025, which will secure assets in a standardized way regardless of their physical location.

Whole of State Approach in Cybersecurity – In an ongoing effort to support all government and tribal entities across the Commonwealth with their cybersecurity needs, Virginia applied for and was awarded more than $12M in grant funding through year 1 and 2 State and Local Cybersecurity Grant Program awards. VITA and our partners, including the Virginia Department of Emergency Management (VDEM) serving as the State Administrative Agency (SAA), are collaborating with the Virginia Cybersecurity Planning Committee (VCPC), which was created in response to grant program requirements. The VCPC developed a statewide cybersecurity plan, also as required by the grant program, and is prioritizing projects and subgrant awards based on the goals and objectives of the plan. The first project, the Cybersecurity Plan Capability Assessment, offered local government entities an evaluation of their current state cybersecurity position as compared to the goals, objectives, and metrics outlined in Virginia’s Cybersecurity Plan. This project received more than 170 applications from entities across the state. This project was also used as an input to identify areas of improvement and define projects and funding for localities that allows them to implement risk-appropriate security protections and train personnel according to their responsibilities.

Maturity of Cloud Computing Services – Agencies across the Commonwealth are modernizing many of their systems and applications from on-premises solutions to hybrid cloud environments. As a result, securing Commonwealth data in the cloud has become a priority. CSRM, along with other division across VITA, is working to enhance cloud security and architectural standards while offering users multiple cloud vendor options.

Administration Performance Highlights: 

COV Technology Strategy: The 2023-2027 Commonwealth of Virginia (COV) Technology Strategy outlines the vision, strategic objectives, and plan for advancing technology leadership and operational effectiveness. Developed with input from Commonwealth agencies, local governments, higher education organizations, Cabinet Members, and others, it serves as the “call to action” and describes the guiding principles that must underpin collective efforts across the Commonwealth. The plan outlines seven strategic initiatives: transform Virginians’ experiences, deliver with Commonwealth mindset, protect through cybersecurity, drive better, faster decision-making through data, advance government excellence and adaptability, optimize the partner ecosystem and cultivate a statewide IT talent capability.

VITA’s Strategic Business Plan: This 2023-2027 plan was built for the VITA agency team by executive leadership, the strategy and transformation team, and many others across the organization. The plan outlines seven strategic initiatives that are focused on improving the customer experience and creating opportunities for innovation. The plan serves as the cross-organizational foundation for the development of policies, processes and practices, as well as a guide for prioritizing new initiatives and budding needs. The initiatives include: improve customers’ experiences, power transformation, provide cybersecurity, drive efficiency, enable data analytics, transform the VITA culture and apply smart governance.

Regulatory management:  Well in advance of the December 2025 deadline, VITA met the Executive Order 19 requirements for reductions in guidance documents, and additional updates are planned.  Streamlining and revising procurement, architecture, project management, and other governance and template documents improves efficiency and clarity for both VITA and its customer agencies.

People Change Management – VITA has a Change Management Program also known as the People Change Management (PCM) Program, under the Strategy and Transformation (S&T) area of responsibility. The PCM is supporting multiple projects such as the Telecommunications Expense and Management System (TEMS), Individual One Drive Migration, several S&T business process improvements and many other special initiatives in collaboration with the Customer Experience team in support of our agency customers.  The PCM has trained over 130 VITA employees and leaders in Prosci Change management methodology and planning more training and workshops in the fall of 2024 and throughout 2025.

Human Resources:  continues its efforts to address our human resources needs.  VITA has gone from 214 in FY 22 to 287 in FY 24 employees, addressed our culture survey results with items such as establishing in house leadership development programs, created associate, jr. associate and intern programs. VITA has been able to uphold compliance of policies such as hiring, performance management and personnel policies. We have streamlined the onboarding process resulting in a more in-depth personal onboarding experience and automated some HR forms to keep up with the modernization of our processes.  VITA have also implemented the new Cardinal system (Oct 22), trained, and supported our employees during the implementation. 

Transformation Program – VITA is further maturing an agency transformation function to address updating and streamlining agency policies and business processes. Business improvement efforts include modernization and automation of procedures relating to staff travel authorization and reimbursement and state vehicle usage, creation of an employee orientation program, and implementation of a tool and workflow for managing employee building access badging.  Also underway are efforts to standardize and automate agency review-and-approval workflows, and to develop a more user-friendly and accessible repository of memoranda of understanding (MOUs) between VITA and its customer agencies.

Cost Savings Initiative – Internal IT has embarked on a cost savings initiative involving the decommissioning of unused phone lines, migration mobile devices from Verizon/T-Mobile to AT&T, removing unused delegations from mailboxes, reducing storage costs by moving to OneDrive, archiving data for inactive users, etc.  Combined the expected annual savings is $127,000.

.

The Commonwealth’s IT operating environment must be flexible enough to meet the changing needs of state agencies and the citizens they support. For effective delivery of services, the IT environment must also operate within a set of guidelines designed to manage the infrastructure and costs. VITA shall:
• Equip and empower Virginia's executive branch in technology and cybersecurity infrastructure
• Support the digitization of agencies to support all Virginians
• Partner with agencies to achieve their transformation goals
• Provide agencies with enterprise IT leadership to anticipate future needs

:Modernize core infrastructure services to enable the Commonwealth’s digital transformation and ensure a strong, secure IT environment for our enterprise customers. This objective is designed to create a more customer-centric approach to providing IT services in which VITA will work more collaboratively with agencies to find technology solutions that will help agencies meet their goals and objectives. During the 2022-2024 planning period, VITA focused on improving network availability and reliability to drive improvements in customer satisfaction. Virginia Executive Branch agencies often encountered “latency” issues that slow or halt their business services. In addition, agencies lacked the overall bandwidth to perform daily business functions and to support future initiatives. VITA completed projects supporting COV network upgrades and new capabilities by implementing SD-Wan capabilities, adding broadband and enhancing MPLS circuits. In addition, VITA redesigned the Request for Solution (RFS) process in order to reduce the time to complete a Request for Solution (RFS) for non-catalog requests.

For the 2024-2026 planning period, our primary focus will be on migrating agencies and servers to the Microsoft AWS Cloud environment. Additional improvement efforts are targeted at each of the IT infrastructure suppliers and include such efforts as software consolidation, process improvement, and automation. As we continue to recompete the supplier tower contracts, we will work towards maturing the MSI model to provide for greater efficiencies and reduced infrastructure costs.

This objective is in alignment with the secretariat’s goal of delivering quality information technology services.

• 1. Launch the Commonwealth of Virginia Cloud on the AWS Platform

VITA is launching cost-effective capabilities to agencies to better serve the citizens of the Commonwealth. To achieve that end, VITA will implement standardized tools and templates to modernize websites, branding, security and ensuring ADA compliance for Executive Branch Agency websites. The standardization effort will include a cleanup and elimination of dead sites. VITA will provide agencies with tools that can be used to scan websites for utilization and compliance. All virginia.gov websites should utilize standard tools, branding, security and be ADA accessible. VITA will first focus on the websites for Executive Branch agencies and then expand its efforts to other public entities.

VITA will assist the Commonwealth by providing a standardized platform and tools for centralized commonwealth-wide form processing which will standardize key business functions (employee work profiles, telework agreements, etc.); provide valuable real-time data; and create operational efficiencies.

• 1. Expand statewide applications

• 2. Drive COV Technology Talent Development Through Communities of Practice and Technology Events

• 3. Foster and deliver robotic automations, low-code capability, and data integration by deploying robotic automations, improve application integration adoption, and deliver low code capabilities.

VITA provides an environment where Commonwealth data assets are appropriately protected and available to agencies as they serve the citizens. One method of protecting the Commonwealth is to provide an updated security model (such as Zero Trust) and align the technology needed to support the model. VITA’s application of the Zero Trust model protects the enterprise environment and drives the technology solutions needed for enhanced cybersecurity. VITA is also working to ensure that critical data assets are vaulted.

In 2022, the General Assembly approved legislation in support of a Commonwealth-wide approach for assessing the COV public entity security incidents and establishing plans to address risks and threats to the Commonwealth.

VITA will continue working with the administration and state and local partners to improve the overall cybersecurity of the Commonwealth, including through the federal cybersecurity grant program. As criminals become more aggressive in targeting organizational data, it will be critical that VITA provide an appropriate level of a cybersecurity training program to all COV employees that will be centrally managed.

• 1. Optimize the COV Cybersecurity Program

• 2. Protect Commonwealth critical data

VITA seeks a balanced approach to risk management, which weighs opportunity for innovation and process improvements with thoughtful and intentional action to minimize the Commonwealth’s risk. Cybersecurity threats have increased in frequency and complexity, with criminals becoming more skilled at gaining access to devices and networks through phishing and other methods. The goal is to provide the right amount of IT governance to balance oversight with delivery speed, cost management, and quality results.

Better data and information, analyzed properly, yields better business decisions. VITA, in partnership with the Commonwealth Chief Data Officer, are providing solutions to help agencies and Commonwealth customers analyze, store, and use data more effectively.

VITA is leading the standardization of business intelligence by promoting a single platform (Microsoft Power Business Intelligence). Microsoft Power BI Premium delivers the flexibility to publish reports broadly across the enterprise, without requiring recipients to be licensed individually per user. For example, the Power BI Platform can be utilized to develop a unified analytics platform for Cyber Security data for the Commonwealth. A single, centralized dashboard with predictive analytics will result in cost savings across the Commonwealth and provides visibility data security analysts require in order to make faster and better-informed business decisions to effectively safeguard the Commonwealth data and systems.

VITA will also be working with agencies to identify areas where robotic process automation tools, artificial intelligence, and low-code applications can be implemented to increase efficiencies and reduce the amount of human interaction involved in routine transactions.

VITA will use FY 25 to identify appropriate measures for this objective.

• 1. Deliver enterprise solutions and platforms to 100% of agency customers by deploying the enterprise collaboration suite (including Microsoft Power BI and other analytics tools).

• 2. Foster and deliver robotic automations, low-code capability, and data integration to increase application integration services adoption, automation, data use, and process improvement.

VITA’s interpretation of smart governance incorporates the notions of simplifying the rules and regulations of government process and instilling accountability into processes and with our employees. VITA is shifting from an environment of being reactionary to being more proactive and engaged (from crisis/incident management to execution and enablement). The goal is for VITA to assist agencies in navigating the IT processes as the landscape and ecosystem become more complex.

One area for improvement lies within the procurement processes. The Commonwealth has engaged a consultant to review the procurement processes and to make recommendations for improvements that will shorten the time frame for procurements, introduce efficiencies and reduce procurement costs. VITA continues to work closely with the governor’s office to identify and implement suggested improvements.

Additional opportunities for improve reside with the project management and IT investment management divisions to improve administration of the Commonwealth Technology Portfolio process used to manage agency IT projects greater than $250,000 in value.

• 1. Optimize Commonwealth ITIM/PMD

• 2. Improve customer satisfaction

VITA’s program delivery and organizational improvement efforts are possible by empowering, developing, engaging and supporting our teams and individuals to effectively deliver exemplary customer services and solutions. VITA is focused on process improvements to drive greater operational efficiency in end-to-end processes from order management to service/solution delivery to integrated billing. The overall goal is to reduce operational spend to invest in improvements and innovations. VITA’s culture will need to be managed to foster teamwork and excellence.

VITA drives efficiency to re-focus from transactional activities, such as invoicing, billing, budget/rate setting, to proactively cutting costs, protecting parts of the business by getting greater value, and driving investment in new capabilities that align with enterprise and agency strategies. Using Technology Business Management Methodologies, VITA will modify the method for recovering overhead and supplier fixed fees to reduce variability in our costs to provide agencies with more autonomy to control their IT spend. VITA is seeking to replace its current Telecom Expense Billing System (TEBS) which services 400 total customers annually, from both executive and non-executive branches of government, and represents ~$50M in legacy telecom spend. Modernization of TEBS into a new Telecom Expense Management system (TEMS) will reduce costs, manage efficiencies, and drive greater business value within VITA and across the Commonwealth. To further transform, Finance Digital Transformation will bring a holistic approach to financial management that relies not only on optimization of finance and accounting business processes but will also optimize the digital landscape and use of innovative technology.

To further implement process improvements and cost savings, VITA’s accounting staff is working diligently to create greater efficiencies in our financial processes with an end goal of reducing the time for month end close and to comply with GASB Reporting requirements.

• 1. Save the Commonwealth money

• 2. Optimize financial operations

• 3. Increase utilization & value of VITA Contracts

VITA is focused on our greatest asset, our people—empowering, developing, engaging and supporting our teams and individuals to effectively deliver exemplary customer services and solutions. VITA is building a culture focused on core values. To lead and promote our culture, VITA is developing our leaders with enhanced leadership skills focused on engaging employees, setting direction and development. VITA recently updated our mission, vision and core values and is building a culture focused on supporting business initiatives, engagement and retention. VITA will seek to understand the feedback from employees through ongoing employee surveys and action planning to achieve results. By measuring, reporting and action planning based on survey results, VITA can drive changes to its culture. To manage necessary people and organizational changes, VITA is establishing change management capabilities that are focused on internal business, technology and enterprise projects. Emphasis on building our internal culture will have a positive impact on our customer relationships by becoming more customer centric and collaborative with customers.

• 1. Achieving full force strength by recruiting and developing team members through individual development plans for all employees including leadership training for all people leaders.

• 2. Enhance culture and Diversity, Opportunity and Inclusion (DOI) to drive systemic improvements in our culture survey results and reduce non-retirement voluntary turnover.

• 3. Strengthening agency processes and organizational change management capabilities including assessing the health and vulnerability of internal applications and servers.

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

Description of this Program / Service Area

The primary capabilities of this service area are network services (data, voice, and video), supported by a wide array of interconnected and interoperating telecommunications networks, facilities, and services that enable digitized electronic information to be exchanged between people, between machines, and between people and machines.  Commonwealth data network services comprise the infrastructure of statewide telecommunications resources that enable the interconnectivity of computers that process and exchange digital data information. Data network services include wide area networks (WAN), local area networks (LAN), Secure Wireless Networks, internet access, Remote Site VPN access, SD-WAN, and engineering support.

Voice network services provide tools that enable people to communicate verbally in real time over short and long distances using a wide range of systems and services. These tools include wireline services that provide local and long-distance telephone services. Local services enable communications between people located within the same, close geographical area. Long distance services enable users to communicate with others located almost anywhere in the world. Agencies require diverse configurations of voice communications resources to enable them to manage the voice communications demand they encounter when interacting with the citizens and constituents they serve. They have traditionally used a combination of hosted services such as VoIP, analog and digital Centrex (ISDN -BRIs), business lines, on premises-based Private Branch Exchange (PBX), and key systems and handsets to address agency business team, work group, and enterprise office voice communications needs. Agencies with requirements to efficiently manage high volumes of calls implement automatic call distributor (ACD), interactive voice response (IVR), or contact center capabilities that are offered using hosted and premises-based solutions. Increased worker mobility and the demands of users to be accessible when away from the office while having uninterrupted access to agency information resources continue to drive the increased demand for more and better wireless (cellular) tools and services, most recently with the addition of a new communication tool in Microsoft Teams Voice. Teams voice provides flexibility to use the same work number on both your PC/laptop and your mobile device.  Rapid advancements in the development of smartphones and tablet technologies have enabled wireless data communications to replace voice as the main driver of research and development in the industry.

Video services leverage data and voice telecommunications network capabilities that enable participants to see and talk with each other using specially equipped devices and systems. Using equipment and services commonly available today, video sessions can be established with as few as two participants using multi-media smartphones and/or personal computers (PCs). More complex sessions may include fully equipped video conference rooms, interconnected and interoperating with multiple, other similarly equipped sites involving hundreds or thousands of users. Consumer and commercial quality smartphones, PCs, and tablets often come from the manufacturer with the hardware and software to enable users to immediately participate in video sessions.

Responsible VITA Directorate: Core Infrastructure Services

VITA’s Network Services - Data, Voice, and Video support the agency mission by providing high-quality comprehensive resources and solutions to VITA’s customers at the best available cost.

Applicable Code References for this Service Area include:

2.2-2007 - Powers of the CIO

• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Network Data Services: Provide a secure mechanism for employees of the Commonwealth and the public to access the internet, applications, and data stored on the network and cloud-based services. Commonwealth employees may access the network using the Local Area Network (LAN)/Wide Area Network (WAN) connection or via a remote connection using a Virtual Private Network (VPN).

Voice and Video Services: Include cellular wireless access, local access services audio, data and video conferencing, Microsoft Teams voice, and unified communications as a service (UCaaS) otherwise known as Voice over Internet Protocol (VOIP). Wireless/cellular services are available through a variety of carriers and several plan options are available including text messaging, paging, smartphones with data, and internet access. VOIP provides for a wide range of advanced VOIP communications services that leverage the robust network infrastructure with connections to the internet that are fully managed and monitored. Video services include the capability to provide audio and data conferencing as well as video connections that enable a large number of participants to see and talk with each other from multiple locations throughout the Commonwealth.

This service area is funded by Internal Service Fund and Special Revenue Fund (Acquisition Services Special Fund).

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

Description of this Program / Service Area

Data Center Services consists of traditional data center functions such mainframe, storage, backup/recovery and disaster recovery services These services can be provided over a wide range of hardware and software operating systems using multiple telecommunications and database architectures. Services include intranet connectivity with the ability to provide secure internet applications using multi­level authentication and encryption. VITA provides two data centers in Virginia that meet numerous physical and security criteria for central IT services. QTS is located in Henrico County and serves as the Commonwealth’s primary data center. The QTS – Ashburn is located in Sterling, VA and serves as the Commonwealth’s backup data center.

Responsible VITA Directorate: Core Infrastructure Services

VITA strives to deliver reliable and cost-effective computing platform services. Customers have a choice of platforms and services to meet their application requirements while VITA continues to take advantage of virtualization techniques accommodating increased workloads more efficiently. Additionally, VITA is actively working on creating more “cloud services” that its customers can use.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

All computing platform services include the following support benefits:

• 24 x 7 x 365 operation including real-time monitoring and fault management


• Multi­layered security


• Backup and recovery support, including offsite data storage and separate recovery facility


• Systems monitoring, performance, and capacity management


• Comprehensive system monitoring and management software tools

IBM mainframe Multiple Virtual Storage (MVS) Services: Include operation of a high-performance, high-volume, high-availability, and secure hardware and software platform for developing and operating customer agency applications using comprehensive product and tool sets. Mainframe MVS services offer multiple telecommunications and database architectures, automated production scheduling services, state-of-the-art on­line storage and tape archival systems, and print archiving software and remote printing.

Enterprise Storage Services: Provide management of shared data storage platforms. Multiple storage performance offerings are provided as well as protocols to support agency requirements. Enterprise backup and recovery services provide a reliable means for agencies to back up and restore data. The backup infrastructure provides state-of-the-art tapeless backups. Automatic backups are done according to customer-specified times with backup retention periods and other options for backups tailored to customer requirements. Offsite vaulting services are inherent with the electronic backup environment to ensure the latest backup copies of critical data are sent offsite daily. Near real time data synchronization between the primary data center (QTS-Sandston) and the backup data center (QTS-Ashburn) is also available, supporting expedient disaster recovery practices.

Disaster Recovery Services: Provide the planning and coordination to ensure identified critical systems are accounted for and recoverable in the event of a disaster.

The Data Center Services area is funded by Internal Service Fund sources.

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

Description of this Program / Service Area

Server, Data Center, EUC, Print, Messaging and Cloud services consists of traditional data center services providing compute and end user functionality. These services can be provided over a wide range of hardware and software operating systems using multiple telecommunications and database architectures. Services include internet connectivity with the ability to provide secure internet applications using multi­level authentication and encryption. Business applications requiring public access and server hosting also are available. VITA provides two data centers in Virginia that meet numerous physical and security criteria for central IT services. QTS is located in Henrico County and serves as the Commonwealth’s primary data center. The QTS – Ashburn is located in Sterling, VA and serves as the Commonwealth’s backup data center.  Additionally, cloud services are now offered and utilized.

Responsible VITA Directorate: Core Infrastructure Services

VITA strives to deliver reliable and cost-effective computing platform services. Customers have a choice of highly available and high-performance platforms to meet their requirements, but customer applications and hardware services are consolidated on shared platforms wherever possible to take advantage of economies of scale. The Information Technology Partnership’s (ITP) oversight and associated activities are instrumental to achieving this mission.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Personal Computing Service: The personal computing environment includes laptops, desktops, tablets, and virtual desktop infrastructure, Customers may choose from among four levels of deskside support -- Bronze, Silver, Gold and Offline. The levels vary in response time to incidents and service requests. The support service includes the full Microsoft Office suite, field services, agency-specific and core images, software distribution, supported software support, regular updates, and patching. Ongoing monthly support is also provided for the maintenance of the equipment up until the device qualifies for refresh replacement (3, 4, or 5 years).  Security components of the service fees include workstation managed host intrusion protection, firewall, antivirus & compliance testing for endpoints.

Managed Print Service:  The VITA Managed Print Service (MPS) contract was terminated on July 31, 2024. With the termination of MPS, VITA stood up a new VITA Print Service (VPS) that leverages the existing Xerox convenience contract and was successfully release on August 1, 2024. The new VPS option offers a smooth transition of existing MPS equipment with the same lease cycle, continued engagement via the VITA Service Portal for services and support, and continued ITFM billing at a comparable cost to the terminated MPS contract.

UNIX Server Support: Includes support for multiple UNIX technologies that currently include those compatible with Linux, AIX, and HP­UX operating systems. Servers supported range from small workstations dedicated to specific applications to large enterprise-class servers supporting many mission-critical applications. The primary database products are SQL and Oracle. Services include the ability to provide secure internet applications utilizing multi­level authentication and encryption.

Windows Server Support: Provides secure resources for hosting customer agency servers, websites, and applications. This includes systems and products capable of housing and executing agency business applications using a variety of fail­over and load balancing techniques. Extensive use of server virtualization enables a highly available, flexible, and efficient environment. Services include Active Directory, anti­virus software, application publishing, enhanced operating system and database security, and patch management. Also included is the ability to provide secure internet applications using multi­level authentication, encryption, and database clustering.

Public Cloud Support:  Provides support for multiple public cloud environments, to include Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI).  These environments host infrastructure and services utilized by Commonwealth agencies for applications to meet agency business needs.  These cloud services include virtual machines, databases, cloud networking and security, as well as cloud-centric services that are possibly unique per cloud environment.  Infrastructure in the public cloud supports the ability of applications to be highly available, elastic, and support levels of disaster recovery necessary to meet agency business needs.  Additionally, VITA has introduced the Cloud Broker Technology Integrator (CBTI) role and tool into the public cloud environment, providing automated orchestration and management of cloud resources, self-service for agency staff, public cloud utilization and consumption reporting, and additional FinOps insight into cloud spend.

The End User Services area is funded by Internal Service Fund sources.

VITA has established a multi-provider sourcing model, or integrated services platform to deliver certain IT services to VITA and the other customers within its IT environments (collectively, the “Managed Environment”). While the Managed Environment is comprised of various and separate scopes of services provided by Integrated Suppliers, the multi-provider model requires coordination, cooperation and integration among the Integrated Suppliers, notwithstanding that certain of such parties may otherwise view themselves as competitors, in order to work together toward the common goal of providing uninterrupted, high-quality services to VITA and the other Customers.

The Multisourcing Service Integrator (MSI) will manage the entire managed environment and the various service tower suppliers in their provision of services within the managed environment for the benefit of the Commonwealth, VITA and Customers. The MSI will provide direction and facilitate the discharge of end-to-end service obligations across itself and the Service Tower Suppliers, including performance against end-to-end Service Levels that measure the services of multiple Service Tower Suppliers. The MSI will ensure that these services are performed in a consistent and integrated manner such that each of the coordinated elements is successfully contributing to a harmonious delivery of service to VITA and the other Customers.

The MSI and the Service Tower Suppliers must share with each other various materials, data and information, and provide access to systems, equipment, personnel and other resources, in each case related to the services performed by one or more of such parties for VITA and the other Customers. As part of this concept, several contractual documents (for example OLA’s) are intended to be treated as common documents that are common among the Integrated Suppliers and become part of each of their agreements with VITA, in order to ensure consistency in governance, service delivery and the parties’ understandings and expectations.

The high-level scope of the MSI services is to deliver Cross Functional & Service Desk Services in a multi-supplier environment to include:

• IT Financial Management System


• Program Management Office


• Service Management Practices


• Program Management


• Service Strategy


• Service Design


• Service Transition


• Service Operation


• Continual Service Improvement

Responsible VITA Directorate: Core Infrastructure Services

VITA strives to deliver reliable and cost-effective computing platform services. Customers have a choice of highly available and high-performance platforms to meet their requirements, but customer applications and hardware services are consolidated on shared platforms wherever possible to take advantage of economies of scale. The Information Technology Partnership’s (ITP) oversight and associated activities are instrumental to achieving this mission.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Service Desk Services: The VITA Customer Care Center (VCCC) is the Commonwealth’s information technology help desk. It provides end-to-end ownership of the desktop and end user services and assists in the management of agency-specific business applications. Every contact is assigned a ticket, logged and prioritized as appropriate, leveraging agreed-upon business rules. These contacts are either resolved or assigned to the appropriate technical resource or group for resolution. To ensure prompt resolution, ticket status is monitored throughout its life. The VCCC will accelerate the resolution of tickets that are not being addressed as they should be, using the Service Level Agreements (SLAs) as guidelines. Upon resolution, the VCCC requests confirmation that the issue has been resolved to the customer’s satisfaction.

Cross Functional Services: Will deliver consistency and integration among the service areas through a common set of processes and documented procedures. Commonwealth IT Service Management processes will be based on the Information Technology Infrastructure Library (ITIL) framework and tailored to the requirements of the Commonwealth. A procedures manual will be developed and maintained to ensure that accurate, current, and actionable procedures are documented and published for all IT services. Service level management will be implemented as part of the ITIL optimization initiative to provide a detailed service catalog, determine service level requirements, negotiate and reach agreement on service levels, and monitor and report on actual service levels versus agreed-upon service level targets.

This service area is funded by Internal Service Fund and Special Revenue Fund (Acquisition Services Special Fund).

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

 SSDC, MSI, EUC, and MSG towers provide various services that are associated Identity Credential and Access Management (ICAM) cybersecurity domain. ICAM enables agencies to ensure that the right person with the right privileges can access the right information at the right time. Managed Security Services are the operations, administration, and governance services and activities required to provide and support the security of the Commonwealth’s IT infrastructure and enterprise. VITA oversees the primary service area partner, Atos, which carries out the following responsibilities.

• Threat Management and Incident Response


• Perimeter and Internal network security


• Endpoint security


• Vulnerability and supplier compliance management


• Remote access services

Responsible VITA Directorate: Core Infrastructure Services

This service area supports the mission of VITA by providing the information security services that enable the delivery of enterprise IT services and solutions in a manner that protects the confidentiality, integrity, and availability of the Commonwealth’s sensitive and critical systems, technology infrastructure, and information.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

The 820 service areas are used to record payments to vendors with revenues collected by VITA from customers. Each service area corresponds to a specific subset of services.

 SSDC, MSI, EUC, and MSG towers provide various services that are associated Identity Credential and Access Management (ICAM) cybersecurity domain. ICAM enables agencies to ensure that the right person with the right privileges can access the right information at the right time. Managed Security Services are the operations, administration, and governance services and activities required to provide and support the security of the Commonwealth’s IT infrastructure and enterprise. VITA oversees the primary service area partner, Atos, which carries out the following responsibilities.

• Threat Management and Incident Response


• Perimeter and Internal network security


• Endpoint security


• Vulnerability and supplier compliance management


• Remote access services

Responsible VITA Directorate: Core Infrastructure Services

Computer Operations Security Services is funded by Internal Service Fund sources.

This service area was created in conjunction with Virginia’s Health and Human Resources (HHR) secretariat to implement service-oriented architecture (SOA) for support of HHR federal law compliance efforts. Enterprise Services and Tools (EST) used in Data Exchange Programs is a collection of tool-based and architecture-based services that share hardware and software to reduce overall costs to the Commonwealth. There are several enterprise-level services: Address Validation, Asynchronous Message, Business Rules Engine, Commonwealth and Enterprise Service Bus. Other services include: WebSphere Hosting Administration, Web Services Repository and Registry, and WebSphere Application Server. These services, when implemented, will have a lower total cost of ownership versus the software and infrastructure they replace.

All of these services are sharable at an enterprise level and are intended for Commonwealth of Virginia executive branch agencies? however, use of these services is possible for other governmental organizations.

Responsible VITA Directorate: Enterprise Solutions

Enterprise Services and Tools provide wider cross-application and cross-agency access to Commonwealth information, while reducing agency IT costs.

Applicable Code References for this Service Area include:

• 2.2-2007 - Powers of the CIO


• 2.2-2011 - Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

Address Validation Service: This service has two features: 1) online auto­complete ability when a user begins typing an address and Address Validation completes it with a United States Post Office (USPS) validated address, and 2) an offline feature where addresses are corrected to conform to USPS guidelines.

AIS Database Services:  The AIS-DB and VITA Oracle Private Cloud (VOPC) services are implemented on Oracle's Real Application Clusters (RAC) platform and provides a highly available database administered and maintained by VITA.  The AIS-DB service also comes with Oracle Advanced Security, which provides encryption of data at rest using Transparent Data Encryption and encryption of data in transit using Oracle native encryption SSL.  The VOPC service utilizes provides customer instances that utilize customer provided Oracle licensing. 

AIS Database Services:  This service provides database and data warehouse hosting for agencies that use application and data integration services.

Asynchronous Messaging (or Message Queuing or MQ): This is a secure and reliable method for integrating applications across multiple platforms.

Business Rules Engine (BRE): Because business rules in applications are changed much more often than business processes, the BRE makes it possible to manage business rules outside of the application. The disentanglement of business rules from business processes using the BRE helps decrease costs related to necessary rules changes by not requiring information technology resources.

Enterprise Service Bus: The ESB service is implemented using IBM Application Connect Enterprise (ACE) platforms. The ESB service provides agencies with a framework for designing and implementing integration between applications and systems. Application integrations are data exchanges across the flexible, dynamic, and extensible ESB infrastructure. The integrations provide the ability to perform operations on the data as it is processed across the ESB infrastructure.

VITA Secure Gateway (VSG):  The service provides security and integration for Commonwealth of Virginia (COV) websites, applications and services. VSG is based on the IBM DataPower® multi-channel gateways that deliver security, control, integration and optimized access to a full range of on-premise and cloud workloads.  The VSG service utilizes enterprise-grade gateways to securely connect within the QTS datacenter, to cloud and external vendors. Customers benefit with secure websites, applications and services all at cost effective rates.   

WebSphere Application Server Hosting (WAS): The service provides customers with access to secure and robust environments for their organization-specific applications. A WAS environment is where applications can readily use the Enterprise Service Bus and other advanced software tools.

Information Technology Services for Data Exchange is funded by Internal Service Fund sources.

VITA is transitioning its services in this service area from Google Apps Tool Suite (Sites, Docs, Pages, Sheets, and Forms) to a broader suite of products to help agencies internally and with their citizens.

This includes the Microsoft suite of SharePoint, Teams and Power Platform.  Teams is a web-based project collaboration system that provides a single, integrated location where employees can efficiently collaborate, find organizational resources, manage content and workflows, and leverage business insight to make better informed decisions.  It is the key tool to help agencies collaborate and share information.

The service improves worker efficiency while reducing IT overhead by providing a standardized and scalable collaboration service for agencies to address the business and productivity needs of Commonwealth of Virginia information workers. The service is intended to:

• Provide common standards, policies, procedures, and best practices.


• Cut costs with a consolidated cloud-based infrastructure that offers enterprise scale manageability and availability, including backup/restore and disaster recovery.


• Provide a common method and set of techniques for managing information.


• Connect people to enhance teamwork and work efficiently to address changing business needs.

Responsible VITA Directorate: Enterprise Solutions

VITA strives to deliver reliable and cost-effective computing platform services. Customers have a choice of platforms to meet their requirements, but customer applications are consolidated on shared platforms wherever possible to take advantage of economies of scale. All activities in this area are oriented towards supporting the business strategies and objectives of the Commonwealth, with an emphasis on collaborative and enterprise opportunities that increase efficiency and effectiveness.

The Code Authority relevant to this Service area is:

• 2.2-2007. Powers of the CIO


• 2.2-2011. Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2012 - Additional powers and duties related to procurement of information technology


• 2.2-2013 - Internal service and special funds

VITA enterprise services (VES) – Consulting services:  VITA enterprise services (VES) consulting services provides application development using the Office 365 platform (SharePoint and Teams) and SharePoint support services for our customer agencies. This service is available to current VES customers. (This service was previously named workplace collaboration services, or WCS.)

Information Technology Services for Collaboration Improvement is funded through Internal Service Fund sources.

VITA’s Commonwealth Security and Risk Management (CSRM) directorate provides strategic information security services to the Commonwealth, including developing IT security policies, standards, and guidelines for all government branches in the Commonwealth of Virginia. Coupled with the development of the standards are security architecture services that assist agencies in implementing secure information systems. Annually since December 2008, CSRM has reported to the governor and the General Assembly, those executive branch and independent agencies and institutions of higher education that have not implemented acceptable policies, procedures, and standards to control unauthorized uses, intrusions, or other security threats.

Commonwealth Security and Risk Management monitors and reports on the cyber threat landscape affecting Commonwealth agencies, tracking malicious actors and analyzing security incidents. It collaborates with localities, federal agencies, and private industry to enhance the Commonwealth’s security posture through threat information exchange and security awareness initiatives.

CSRM also operates the Commonwealth IT Risk Management program to identify significant security risks and ensure proper resource allocation. Additionally, CSRM assesses the status of information security controls for agencies receiving IT infrastructure services from the IT Partnership.

Finally, CSRM serves as VITA’s internal information security resource, managing the Continuity of Operations Plan (COOP), physical security, access controls, and fulfilling the role of information security officer.

Responsible VITA Directorate: Commonwealth Security and Risk Management

This service area supports the mission of the Commonwealth and VITA by providing the Commonwealth with the information technology security governance and management services necessary to adequately protect government information and the systems on which the information resides so that government services can be delivered effectively and efficiently.

The Code Authority relevant to this Service Area includes:

• § 2.2-2009. Additional duties of the CIO relating to security of government information
  
   
  
  
  
  • To provide for the security of state government electronic information from unauthorized uses, intrusions or other security threats
  
  
  • Subsection I was added to § 2.2-2009 in 2020.  It requires VITA to develop and annually update a curriculum for training all state employees in information security awareness and in using proper procedures for detecting, assessing, reporting and addressing information security threats.  VITA is also required to monitor agencies compliance with the performance of security awareness training. In addition, the 2020 legislative change expanded VITA’s oversight for security awareness training to include all Commonwealth branches of government: executive, legislative, judicial and independent.
  
  
  
  

• § 2.2-603. Authority of agency directors
  
  
  
  • F. Notwithstanding subsection D, the director of every agency and department in the executive branch of state government, including those appointed by their respective boards or the Board of Education, shall be responsible for securing the electronic data held by his agency or department and shall comply with the requirements of the Commonwealth's information technology security and risk-management program as set forth in § 2.2-2009.
  
  
  
  


• 2.2-5514. Prohibited products and services and required incident reporting.


• Item 94 of the 2022 Appropriation Act

Security Governance: Development of Commonwealth IT security policies, standards, guidelines, security training and outreach, as well as monitoring performance and ensuring compliance with these policies and standards.

Security Awareness: Development of the Commonwealth Security Awareness & Orientation and Commonwealth Security Preparedness programs. This included the development of an IT security awareness training standard applicable to all branches of state government (SEC527 Cybersecurity Awareness Training Standard).   VITA also established a compliance program for IT security awareness training to monitor employee progress.

Risk Management: Development and implementation of the Commonwealth risk management program; analysis of the annual assessment of security controls in place by the IT Infrastructure Partnership; development of the annual report to the governor and the General Assembly on all executive branch and independent agencies and institutions of higher education that have not implemented acceptable policies, procedures, and standards to control unauthorized uses, intrusions, or other security threats.

Security Incident Management: Response to and resolution of security incidents.

Disaster Recovery: Development and maintenance of the VITA Continuity of Operations Plan (COOP).

The Technology Security Oversight Services area is funded by Internal Service Fund sources.

On July 1, 2016, VITA officially launched the Centralized Information Security Services Center (CISSC) focused on providing ISO Security Services, Risk Management and IT Security Audit Services. Commonwealth Security and Risk Management has implemented the program and both ISO Security Services and IT Security Audit Services are currently staffed and supporting approximately 70 individual agency MOU’s.  At present, over 40executive branch agencies have entered into a Memorandum of Understanding (MOU) with VITA to have one or both of these services performed. Additional agencies continue to request the services.   Currently, the MOUs in effect total over $6.50 million in service revenues for the next three fiscal years.

Responsible VITA Directorate: Commonwealth Security and Risk Management

This service area supports the mission of the Commonwealth, VITA and Commonwealth agencies providing an efficient and effective solution for information security, risk management and IT security audits.

The relevant code authority includes:

• § 2.2-2009. Additional duties of the CIO relating to security of government information.

           1. Address the scope and frequency of security audits.

           2. Control unauthorized uses, intrusions, or other security threats

           3. Provide for the protection of confidential data maintained by state agencies

           4. Address the creation and operation of a risk management program

• Item 94 of the 2022 Appropriation Act

Centralized ISO Security Services:  Includes consulting and functional support for agency security programs developing business impact analysis (business process identification), system security plans, risk assessments, and input to corrective action plans – all based on the agency mission and IT environment.

Centralized IT Security Audit Services:  Includes the performance of IT security audits based on the Commonwealth Security standards for IT security compliance.  Audit reports are provided to the agency leadership for risk identification and corrective action plan development. 

Vulnerability Scanning Services:  identifies vulnerabilities before they can be exploited. The web application vulnerability scanning program provides automated scans of Commonwealth websites to identify potential security weaknesses. These scans are used to identify and mitigate vulnerabilities to prevent attacks. CSRM performed over 6,000 scans of public sites and private websites. In addition, CSRM’s vulnerability scanning service has helped to reduce the number and impact of vulnerabilities.

Information Security Shared Services Center are currently funded by the revenues generated by service MOUs between VITA and customer agencies.

The Commonwealth has more than 2,000 IT solutions hosted on various physical and virtual servers. Commonwealth agencies are in process of modernizing their systems and applications and many of those solutions will be hosted in the cloud. VITA and the Commonwealth of Virginia along with multiple vendors will continue to assess cloud security and are working to keep commonwealth data secure and adapt IT solutions and business processes to they can use cloud-based services.

COV Ramp (formerly known as enterprise cloud oversight services (ECOS)) provides oversight and support services for agencies undertaking the decision to move to cloud-based services.  COV Ramp cloud services allow agencies to obtain the optimal hosting solution for their specific business needs. For simple, repeatable application hosting, the agency will be able to leverage SaaS (Software as a Service) via COV Ramp. For potentially more complex hosting requirements, the agency will be able to leverage the commercial cloud services (i.e., AWS) via the VITA service offerings. COV Ramp enables Commonwealth agencies to securely utilize various vendors utilizing third party risk management processes and continuous oversight. COV Ramp services provide flexible services provide flexible and custom options to engage software as a service (SaaS) which meet an agency’s specific requirements and growing operational demands.  The services ensure current regulatory and security compliance along with regular updates.

The service centralizes the oversight functions for certain cloud services by offering:

• SaaS Assessment


• Negotiate cloud terms and conditions with the aid of Supply Chain Management


• Cloud Services Oversight


• Cloud Service Audit

Responsible VITA Directorate: Commonwealth Security and Risk Management

This supports VITA’s mission of delivering agile and cost-effective services to the commonwealth.  VITA strives to deliver reliable and cost-effective services utilizing modern technologies that provide greater flexibility for its customers.

The Code Authority relevant to this Service area is:

• 2.2-2007. Powers of the CIO


• 2.2-2009. Additional duties of the CIO relating to security of government information


• 2.2-2011. Additional powers and duties relating to development, management, and operation of information technology


• 2.2-2013 - Internal service and special funds


• Item 94 of the 2022 Appropriation Act

COV Ramp provides oversight functions and management of cloud-based services, specifically focused on software as a service (SaaS) and platform as a service (PaaS). The service assures compliance and improved security by providing transparency through VITA oversight.

COV Ramp ensures consistent performance from suppliers through service level and performance monitoring. It provides agencies with the flexibility to meeting growing business demands while ensuring the protection of data, proper resource utilization, and compliance with regulations. It also aids in the timely resolution of audit recommendations.

COV Ramp minimizes the need for exceptions in obtaining external SaaS and PaaS services, offering a flexible and customized approach to meet specific agency needs.  The service provides guidance and oversight activities for agencies in the following areas:

• Meeting commonwealth requirements, such as SEC 530


• Negotiating and incorporating appropriate contract terms and conditions to mitigate risk


• Completing Annual SSAE16 assessment reviews


• Ensuring vulnerability scans and intrusion detection are conducted


• Patching compliance of suppliers’ environment


• Ensuring architectural standards are met


• Monitoring performance against Service Level Agreements (SLAs)

COV Ramp is a service specifically created for vendors offering software as a service (SaaS) and platform as a service (PaaS) applications.

SaaS is a cloud-based software delivery model where a third-party provider hosts and manages the application. Users access the software through the internet, typically via a web browser, on a subscription basis.

SaaS Characteristics include:

• Cloud-based: The software is hosted on remote servers managed by the provider


• Subscription model: Users pay a recurring fee for access to the software


• Internet access: Users require an internet connection to use the software


• No installation: Users don’t need to install software on their devices


• Provider management: The provider handles software updates, maintenance, and security

In the simplest terms, COV Ramp applies when Commonwealth data is being:

• Processed


• Transmitted


• Hosted

COV Ramp is composed of 3 component services under the COV Ramp umbrella:

• Assessment Review - The assessment component is a pre-procurement questionnaire that will be completed by the proposed supplier(s) and reviewed by the Security Architect and the Security Architect Manager.  The assessment allows VITA to verify supplier ability to meet the commonwealth security and governance requirements for SaaS and PaaS services. Note: The Assessment Review service is engaged independently of the other two service components. Once a supplier's solution has been assessed and approved by VITA, the assessment is valid for 12 months from the approval date. An Assessment Review fee or associated fees will not be incurred by agencies seeking use of a previously approved suppler solution.

• Supply Chain Management Consulting Service (SCM) - The SCM component includes consulting services to offer guidance and oversight to the agencies for delegated cloud procurements, including Cloud terms and conditions, support during negotiations, and SCM final contract review.

• Audit- The COV Ramp audit component provides monthly performance monitoring (PM), Service Level Agreement (SLA) management, operational oversight and security conformance of SaaS services through analysis and review of data and artifacts provided by the SaaS service supplier. The service assures compliance with regulations, laws and annual audit recommendations. Audit also includes both an annual and end-of-service contract review. Resources engaged in these activities are Technical Services Lead, IT Security Auditor, IT Security Architect (as required) and the Security Architect Manager.

The Cloud Based Services Oversight Service area is funded by Dedicated Special Revenue.

This service area encompasses the broad range of management, administrative and support activities that fall under the headings of Administrative and Support Services, General Management and Direction, Accounting and Budgeting Services, Human Resources (HR) Services, Planning and Evaluation Services, Procurement and Contracting Services, Web Development and Support Services and IT Investment Management (ITIM) Governance.

The VITA CFO Chiefdom is focused on delivering timely, accurate and reliable financial information through effective and efficient financial systems, and operational excellence for VITA. The CFO works with agency leadership to develop long-range plans and strategies, ensure that the necessary financial resources, human resources, and other assets are available. In addition, the CFO leads efforts to develop criteria for success, track and report performance, and support continuous operational improvement.

General Management and Direction (service area 89901) – Provides agency leadership, with an emphasis on customers and proactive management of customer relationships, ensuring that VITA’s product and service offerings are consistent with the demands and direction of the agency’s served customer markets. Awareness and adoption of offered services and products is accomplished through communication and promotional programs. Such programs serve to educate customer markets on available offerings and solicit customer feedback to help in fine tuning future product directions, in addition to improving internal staff communications, knowledge, and awareness. Support activities also include policy, legal, and legislative reviews and analyses, and legislative liaison. This area defines and implements strategic planning to support the business strategy and goals of VITA. This area is accountable for setting and enforcing VITA-wide policies, standards, and guidelines and integrating IT processes and procedures using best practices.

Manages VITA’s internal and external financial resources to ensure legal compliance with state and federal policies and procedures. Activities include maintaining accounting, budgeting, performance, and forecasting systems to provide VITA management with the necessary information for oversight and direction, as well as acting as the point of contact for all external financial information requests. Also included are customer billing for services rendered, reconciliation of expenses to telecommunications services providers’ charges, maintenance and operations of financial and budgeting systems, and analytical support for internal and external projects. These efforts are carried out in a manner that fosters effective stewardship of public funds and supports fiscal integrity by developing and implementing solid internal control standards.

Responsible VITA Directorate: Chief Financial Officer / CFO

Human Resources Services (service area 89914) – VITA reestablished an internal Human Resources function in January 2021. Previously, VITA Human Resources was managed by DHRM’s shared services. VITA Human Resources establishes and manages VITA human resources policies, processes, programs and applications focused on the workforce. HR ensures compliance with state and federal policies and procedures. VITA HR provides comprehensive HR services including hiring, employee development, training, benefits, leave management, performance management, leadership and employee guidance, employee relations, employee records, and staff augmentation resources. HR consults with VITA management to provide information and guidance on critical employee issues. HR resources partners with internal department such as finance, legal, communications and strategy and IT to deliver on organizational objectives.

Responsible VITA Directorate: Chief Administrative Officer / Human Resources

Planning and Evaluation Services (service area 89916) – This area is a strategic management capability that produces plans, policies, requirements, roadmaps, presentations, and diagrams describing the applicable structure of the enterprise; explaining current limitations (current state) and showing how changes could make things better (future state). EA uses industry standard frameworks (FEAF, TOGAF, BIZBOK, et.al.), customized taxonomies, and its own knowledge base to support the governance, management, design, and delivering of strategic business and IT changes to the Commonwealth. EA aligns outcomes to strategies and helps to ensure successful transformations. EA also contributes to the Commonwealth by advising on critical issues such as creating and managing enterprise-level requirements; enhancing strategy, governance, and operations; cost reduction; process improvements; innovations and technology selection; all while taking into account the opinion and views of various stakeholders and making best use of available resources and investments.

Responsible VITA Directorate: Chief Information Security Officer / Enterprise Architecture

Procurement and Contracting Services (service area 89918) – This area provides comprehensive IT procurement services, leveraging the information technology supplier community for the best-value IT solutions to meet the business needs of our state and local government customers. The centralization of IT procurement services within VITA allows the Commonwealth greater flexibility in negotiating supplier contracts that ensure the Commonwealth is procuring quality prices at the best possible price. It also provides for a mechanism for the standardization of IT equipment used throughout the Commonwealth.

Responsible VITA Directorate: Supply Chain Management

Web Development and Support Services (service area 89940) – Web Development is responsible for the development and maintenance of VITA and Governor’s Office websites and applications. Includes providing oversight of the vulnerabilities and remediation as well as ensuring website comply to Enterprise Architecture website standards, including being accessible and responsive.

Responsible VITA Directorate: Chief of Enterprise Services / Internal Technology and Portfolio Management

Commonwealth IT Governance (ITIM methodology) (part of service area 89901) – The Commonwealth Technology Management Policy (GOV 105-04) establishes the Information Technology Investment Management (ITIM) methodology as the Commonwealth’s approach for managing technology investments throughout the IT investment lifecycle. This is considered the best means to ensure business value and minimize risk. The lifecycle includes pre-select, select, control, and evaluate phases. In support of the responsibilities of the Commonwealth Chief Information Officer (CIO) and the Secretary of Administration, as mandated by the Code of Virginia, ITIM Governance provides a range of Commonwealth services to ensure the effective application of ITIM best practices across the IT investment lifecycle. This includes early and continuous involvement of Commonwealth executives and agencies in the governance, oversight, and management of agency technology investments. ITIM uses structured processes to minimize risks, maximize return on investments, and support Commonwealth agency decisions to maintain, migrate, improve, retire, or obtain IT investments. It also establishes a common language for the Commonwealth to organize IT investments and define their business value, evaluate and prioritize the investments, and effectively manage change.

Responsible VITA Directorate: Chief of Customer Experience

Administrative and Support Services: Provides support services throughout the organization and provides VITA with a diverse set of knowledge and skills that assists other directorates in achieving their mission, goals, and objectives.

General Management and Direction: Ensures management emphasis on customer focus, technologically appropriate selection of products and services as well as market awareness. Helps VITA position itself as a change agent to continually improve services, lower costs, and provide improved value propositions to citizens and customers. The more VITA’s products and services are recognized as bringing value, the more they will be used.

Accounting and Budgeting Services: Provides financial management leadership for VITA with an emphasis on the following: implementing equitable and defensible service and service support charges, developing and executing sound spending plans in accordance with agency and state priorities, providing timely and accurate financial information to VITA’s customers and managers, billing, collecting, and paying for services promptly and in compliance with state and federal directives. All of these efforts ensure that VITA possesses sufficient resources to perform its mission while maintaining sound financial management practices. Promoting standardization of planning, processes, and procedures helps VITA to streamline its operations and become more efficient in the use of its resources. This improves services and lowers costs to citizens and customers. Accounting and Budgeting provides guidance and support throughout all VITA service areas in implementing the strategies that directly support the agency mission and goals.

Human Resources Services: This service area supports all VITA service areas, which, in turn, directly support the agency mission and goals. HR ensures the agency is in compliance with personnel policies and executive orders while helping leaders to build and maintain a culture that is impactful to the Commonwealth.

Procurement and Contracting Services: This area supports VITA’s mission through the procurement of information technology and telecommunications goods and services and through the establishment of statewide contracts and agreements that can be used by all public bodies, including counties, cities, and towns. This supply chain organization further supports the mission by providing services and governance. These goods and services are vital to the success of the many projects identified in VITA’s strategic plan and the achievement of its strategic objectives.

Web Development and Support Services: Management emphasis on cost effective solutions while providing business value in relation to the development and maintenance of websites and web applications helps VITA position itself to continually improve its services while lowering costs to citizens and customers.

Commonwealth IT Governance: ITIM Governance supports VITA’s mission of serving citizens by developing, promoting, and carrying out best practices in IT investment planning and management. All activities in this area are oriented toward optimizing the business value of discretionary IT investments (projects, programs, and procurements) to support the mission, goals, and objectives at the agency, secretariat, and Commonwealth. In support of that orientation, the “best value” of all IT initiatives is consistently measured and evaluated in terms of business results.

General Management and Direction:

Accounting and Financial Management: The establishment of financial policies to ensure that VITA is in compliance with Generally Accepted Accounting Principles (GAAP). These services include such things as:

• Customer accounts and liaison for resolving billing inquiries


• Customer bills for services


• Approved rates establishment


• Reconciled bills


• Budget, revenue and expense monitoring, analysis, and reporting for VITA Divisions


• Performance measurement system and benchmarking process


• Cost savings reports


• Asset management reports and inventories


• Financial reports and queries

· Financial systems development and operations

Strategic Planning: Development and monitoring of long-range plans such as the agency strategic plan and the IT strategic plan to ensure that the necessary financial, human, and other assets are available.

Process Improvement: CFO is accountable for the continuous improvement of VITA operations with the capability for identifying and directing process improvements, change management, knowledge management, and standards. CFO improves VITA’s productivity through the development and application of consistent processes, standards, and principles. Critical activities include:

• Development of templates and assistance in the documentation of processes


• Process improvements


• Paperwork reduction

Customer Relationship Management: CFO’s communication team messages communications, provides standards, and ensures internal and external communication is effective.

• Internal/external communications monitoring and reporting of work plan initiatives


• Development of the agency strategic plan and the IT strategic plan


• Information and assistance regarding programs administered

Human Resources/Workforce Development: Development of the talent strategy that ensures personal and organizational objectives are aligned with customer and IT strategies. Accomplished by:

• Establishing and managing VITA human resources policies, processes, programs, and applications focused on the workforce


• Ensuring compliance with state and federal policies and procedures


• Providing comprehensive HR services including hiring, employee development, training, benefits, leave management, performance management, leadership and employee guidance, employee relations, employee records, and staff augmentation resources

Procurement and Contracting Services:

Procurement Governance: Ensures that the Commonwealth is in compliance with procurement policies and guidelines and that the Commonwealth is effectively using the services of SWaM suppliers (small, women and minority-owned). Governance activities include:

• Strategic sourcing, including needs analysis, market analysis, category management, solicitation development, negotiations, and contract establishment, award, and announcement.


• Provisioning, including requisition management, quick quotes, electronic Virginia (eVA) administration, and ordering.


• IT procurement outreach, including promoting increased access, participation, and partnerships with SWaM businesses, assisting IT suppliers in how to do business with the Commonwealth, and supporting Commonwealth procurement professionals with the acquisition of IT goods and services.


• Contract and supplier management, including relationship management, contract administration, service level management, information management, and dispute resolution.

Web Development and Support Services:

Website Maintenance: Ensures consistency in the communication and content of public facing websites. Includes such things as:

• Policy guidelines for the development and maintenance of web applications.


• Procurement and support of a content management system for VITA and the governor’s websites.

ITIM Services:

ITIM products and services include:

• Project Oversight and Guidance: Provide oversight and governance for managing the planning and implementation of Commonwealth investments of $250,000 or more. Included is the development of ITIM policies, standards, and procedures as well as the provision of training on the established ITIM process.


• Strategic Planning: Provide guidance, direction, and training for the development and maintenance of Commonwealth and agency strategic plans for information technology and technology business plans to ensure compliance with Commonwealth IT policies, standards, enterprise architecture, and the Commonwealth’s Strategic Plan for Information Technology. Maintain the Commonwealth Strategic Plan for Technology on an annual basis.


• IT Budget Decision Packages: Review all IT budget decision packages submitted by Executive Branch agencies and make a recommendation to the Commonwealth CIO for recommending or not recommending approval.


• Commonwealth Technology Portfolio Management: Including procuring and managing Strategic/operational/tactical management tools to; plan, collect data on investments, score, rank, and prioritize investments, meet Code mandated reporting requirements and govern implementation of investments of $250,000 or more.


• Project Management Development Program: Provide program and project management training to all project managers and Agency IT Resources in Executive Branch agencies emphasizing industry best practices as well as Code requirements.


• Independent Verification and Validation (IV&V): Reviews and approves Statements of Work (SOW) and project IV&V reports.


• Data Governance: Provide guidance for data quality, data management, data policy management, and risk management to ensure that Commonwealth data are managed consistently throughout the Commonwealth.


• Consulting Services: Provide consulting for IT investments in both the planning and implementation areas.

The Administrative and Support Services area is funded by general fund, Internal Service Fund, and Special Revenue Fund sources. Internal Service Fund costs are recovered through user charges to our customers. Special Revenue Fund costs are recovered through the Industrial Funding Adjustment (IFA) fee charged to most suppliers of statewide IT contracts