1. Purpose

To update the delegation of authority and assignment of responsibilities for implementation of the Paperwork Reduction Act of 1995 (PRA) and the Clinger-Cohen Act of 1996 (also known as the Information Technology (IT) Management Reform Act of 1996) by: (1) Updating the Chief Information Officer's (CIO) and agencies' responsibilities to reflect new laws, regulations, and directives, including the Federal Information Security Management Act of 2002 (FISMA) and other provisions of the E-Government Act of 2002; (2) amending all references to the former Management Review Council (MRC) to reflect the new title of Management Review Board (MRB) as defined in Secretary's Order 5-2001; and (3) updating the Technical Review Board (TRB) membership.

2. Background

This Order replaces Secretary's Order 1-2000, which delegated authority and assigned responsibility for implementation of the PRA and the Clinger-Cohen Act.

The PRA of 1995, as well as its predecessor Act of 1980, was enacted to reduce paperwork and enhance the economy and efficiency between the government and the private sector by improving Federal information policy making and management. The Acts required agency heads to designate “senior officials” responsible for carrying out agency responsibilities.

Section 5125 of the Clinger-Cohen Act amended the PRA to (a) create the position of agency CIO and (b) assign all PRA duties previously assigned to agency “senior officials” to Federal agency CIOs. The Clinger-Cohen Act also requires the head of each executive agency, in fulfilling responsibilities under Section 3506(h) of the PRA [44 U.S.C. 3506(h)], to “design and implement * * * a process for maximizing the value and assessing and managing the risks of the information technology acquisitions of the executive agency.” Under the Clinger-Cohen Act, an agency's CIO must have information resources management (IRM) duties as his or her primary duty. Consistent with the foregoing statutory requirements, this Order establishes the position of CIO and outlines the CIO's responsibilities under the Clinger-Cohen Act and the PRA.

In October 1996, the Department established a Capital Planning and Investment Board (CPIB) as part of the Department's process under Clinger-Cohen. In April 1998, the Secretary established a Management Review Council (MRC) within the Department. In November 1998, the MRC voted to establish the TRB. The initial TRB Charter was developed and approved in March 1999 with final adoption on April 12, 1999. The current charter is attached to this Order. (See Attachment 1.) The MRC, TRB, and the process established by Secretary's Order 1-2000 replaced the CPIB. In 2001, the MRC became the MRB.

The E-Government Act of 2002, including FISMA, was enacted to, among other things:

• Promote use of the Internet, other information technologies, and interagency collaboration in providing E-Government services, to provide increased opportunities for citizen participation in Government;
• Improve the Government's ability to achieve agency missions and program performance goals;
• Reduce costs and burdens for businesses and other Government entities;
• Make the Federal Government more transparent and accountable; and
• Provide better access to Government information and services in a manner consistent with laws regarding protection of personal privacy, national security, records retention, access for persons with disabilities, and other relevant laws.

Signed into law by the President on December 17, 2002, the E-Government Act has expanded the Department's duties and responsibilities beyond those assigned by the Paperwork Reduction Act and the Clinger-Cohen Act.

This Secretary's Order updates the roles and responsibilities of the CIO and other agency heads at the Department of Labor to reflect the new responsibilities created by the E-Government Act. Additionally, this Secretary's Order reflects the CIO's responsibilities under the Department's Information Quality Guidelines, which are designed to implement Section 515 of H.R. 5658 (the Treasury and General Government Appropriations Act, 2001), as incorporated into the Consolidated Appropriations Act, 2001 (see Section 1(a)(3) of Pub. L. 106-554) and implementing Office of Management and Budget (OMB) guidelines. The Order also adopts changes made by Secretary's Order 5-2001 to establish the MRB for the Department, replacing the MRC. Finally, the membership of the TRB has been updated to reflect those changes that have occurred since its establishment.

3. Authority, References and Directives Affected

a. Authority. This Order is established pursuant to the Paperwork Reduction Act (PRA) [Sections 3505 and 3506; 44 U.S.C. 3505-3506]; the Clinger-Cohen Act [Sections 5122-5127; 40 U.S.C. 11312-17]; the E-Government Act of 2002 [Sections 101 (44 U.S.C. 3603, 3606), 202-204, 206-212, 214 (5 U.S.C. 3701-7, 41 U.S.C. 266a, 44 U.S.C. 3501 note); 301-3, 305 (15 U.S.C. 278g-3, 40 U.S.C. 11331, 44 U.S.C. 3505-6, 3541-3549)]; the Electronic Freedom of Information Act Amendments (E-FOIA) [Section 11; 5 U.S.C. 552(g)]; Consolidated Appropriations Act, 2001 [Pub. L. 106-554, Section 1(a) (incorporating Section 515 of H.R. 5658, the Treasury and General Government Appropriations Act]; OMB Circular A-130; 29 U.S.C. 551; 5 U.S.C. 301; Reorganization Plan Number 6 (1950).

b. References. Secretary's Order 2-2003 and Secretary's Order 5-2001.

c. Directives Affected:

(1) This Order does not affect the authorities and responsibilities assigned by any other Secretary's Order, unless otherwise expressly so provided in this or another Order.

(2) Secretary's Order 1-2000, which assigned responsibilities and delegated duties to the CIO under the PRA and Clinger-Cohen Act, is canceled.

(3) Except as provided in Paragraph 9, this Order does not affect Secretary's Order 4-76, which assigns procurement and contracting authority to the Assistant Secretary for Administration and Management.

(4) Except as provided in Paragraph 7, this Order does not affect Secretary's Orders 1-92, and 1-97, which establish responsibilities for implementation of the Chief Financial Officers Act of 1990.

(5) This Order amends paragraph 4(1) of Secretary's Order 5-2001 (establishing the MRB) to clarify MRB responsibilities with respect to Information Technology investment management. In addition, all references in Secretary's Order 5-2001 to “Secretary's Order 1-2000” are amended to refer to this Order.

(6) Except as provided in paragraph 14 of this Order, this Order does not affect Secretary's Order 4-2001, which establishes the responsibilities of the Assistant Secretary for Employment Standards.

(7) Except as provided in paragraph 15 of this Order, this Order does not affect the authorities or responsibilities Start Printed Page 28679of the Office of Inspector General (OIG) under the Inspector General Act of 1978, as amended, or under Secretary's Order 2-90 (January 31, 1990).

(8) All references in Secretary's Order 2-2003 to “Secretary's Order 1-2000” are amended to refer to this Order.

4. The Chief Information Officer

As outlined above, Section 5125 of the Clinger-Cohen Act (40 U.S.C. 11315) established the position of Chief Information Officer. The DOL CIO reports directly to the Secretary and Deputy Secretary, has IRM duties as his or her primary duty and performs the responsibilities set forth in paragraphs 5 and 6 of this Order.

5. Delegation of Authorities and Assignment of Responsibilities

a. The CIO will have the following duties, which are assigned to the CIO by Section 3506(a) of the PRA [44 U.S.C. 3506(a)] and related OMB guidance:

(1) Ensure compliance by all DOL agencies with the prompt, efficient, and effective implementation of Information Resources Management responsibilities.

(2) Ensure compliance by all DOL agencies with the prompt, efficient, and effective reduction of information collection burdens on the public.

b. The CIO will have the following duties, which are assigned to the CIO by Sections 5125(b)-(c) of the Clinger-Cohen Act [40 U.S.C. 11315(b)-(c)] and related OMB guidance:

(1) Provide advice and other assistance to the Secretary of Labor and other senior management personnel of DOL to ensure that IT is acquired and information resources are managed effectively and efficiently.

(2) Develop, facilitate, and maintain the implementation of the enterprise architecture for DOL.

(3) Promote the effective and efficient design and operation of all major IRM processes for DOL, including improvements to work processes of the Department.

(4) Monitor and evaluate the performance of IT programs of DOL based on applicable performance measurements, and advise the Secretary of Labor and MRB regarding whether to continue, modify, or terminate a program or project.

(5) Annually, in consultation with DOL agencies and as part of the strategic planning and performance evaluation process, assess the requirements established for DOL personnel regarding knowledge and skill in IRM, develop plans for hiring and training aimed at meeting those requirements (consistent with the requirements of Section 209(b) of the E-Government Act—see Sections 5(c)(3) and 6(c)(7) of this Order), and report to the Secretary of Labor on the progress made in improving IRM capability.

c. The CIO will have the following duties, which are assigned to the CIO in accordance with the E-Government Act of 2002:

(1) Serve as a member of the executive branch Chief Information Officers Council, participate in its functions, and monitor the Department's implementation of information technology standards promulgated by the Secretary of Commerce.

(2) Serve as a representative to the Interagency Committee on Government Information established under Section 207(c) of the E-Government Act.

(3) Subject to the authority, direction, and control of the Secretary of Labor, and as outlined in Section 6(c)(7) of this Order, carry out all powers, functions, and duties of the Secretary with respect to implementation of the training requirements in Section 209(b) of the E-Government Act.

d. The CIO will perform any additional duties which are assigned to the CIO by applicable law, including OMB regulations and circulars.

6. Assignment of Additional Responsibilities to CIO

a. Subject to the Reservation of Authority in paragraph 19 of this Order, the CIO will have the following duties which are assigned by the PRA, Electronic Freedom of Information Act, and related legislation and OMB guidance to the Secretary and are hereby delegated to the CIO:

(1) Establish a process, sufficiently independent of DOL program agencies, to evaluate whether proposed collections of information should be approved under the PRA. The independent evaluation will:

(a) Consistent with Secretary's Order 3-2002 (Policy Planning Board) and other Administration or Department policies and procedures, review the need, function, plan, and burden of each information collection;

(b) Ensure that each information collection is inventoried, displays a control number, and discloses all necessary information, as described at 44 U.S.C. 3506(c)(1)(B); and

(c) Assess the information collection impact of proposed legislation affecting DOL.

(2) Coordinate with DOL agencies to ensure that proposed collections of information covered by Section 3506(c)(2)(A) of the PRA [44 U.S.C. 3506(c)(2)(A)] are published in the Federal Register in order to solicit comments from members of the public and affected agencies with regard to each collection, to:

(a) Evaluate whether the proposed collection of information is necessary and has practical utility;

(b) Evaluate the accuracy of the DOL program agency's burden estimate;

(c) Enhance the quality, utility, and clarity of the information collected; and

(d) Minimize the burden of the collection of information.

(3) Coordinate with DOL agencies to ensure that they provide notice and an opportunity to comment specifically on any collections of information contained within notices of proposed rule making published in the Federal Register.

(4) Certify and provide supporting documentation, for each collection of information submitted to OMB for review under 44 U.S.C. 3507, that the DOL program agency has fully complied with all PRA provisions, as described at 44 U.S.C. 3506(c)(3).

(5) Coordinate with DOL agencies to prepare and maintain the following, as required by the PRA and E-FOIA: An annual inventory of the DOL's major information systems (see 44 U.S.C. 3505(c)); a description of the DOL's major information and record locator systems; and a handbook for obtaining various types and categories of public information pursuant to the PRA and E-FOIA.

(6) Consistent with the Department's Information Quality Guidelines, which are designed to implement Section 515 of H.R. 5658 (the Treasury and General Government Appropriations Act, 2001), as incorporated into the Consolidated Appropriations Act, 2001 (see Section 1(a)(3) of Pub. L. 106-554) and implementing OMB guidelines:

(a) Maintain a leadership role in overseeing the implementation of the Department's guidelines and in providing guidance to the agencies on information quality matters.

(b) Coordinate, as appropriate, with other Federal organizations on cross-agency information quality issues; and

(c) Be responsible for the Department's annual Data Quality report to the Director of OMB beginning January 1, 2004. The report will:

(i) include the number and nature of complaints received by the Department regarding the accuracy of information disseminated by the Department;

(ii) indicate how such complaints were handled by the Department; and

(iii) indicate the number of administrative appeals.

b. Subject to the Reservation of Authority in paragraph 19 of this Order, the CIO will have the following duties, which are assigned by the Clinger-Cohen Act and related OMB guidance to Start Printed Page 28680the Secretary and are hereby delegated to the CIO:

(1) Consistent with the roles and responsibilities of the MRB (see paragraph 17) and TRB (see paragraph 18), design, implement, and maintain DOL's process for maximizing the value and assessing and managing the risks of IT acquisitions, in accordance with Section 5122 of the Clinger-Cohen Act. The process will:

(a) Provide for the selection of IT investments to be made by DOL, the management of such investments, and the evaluation of the results of such investments;

(b) Be integrated with the processes for making budget, financial, and program management decisions within DOL;

(c) Include minimum criteria to be applied in considering whether to undertake a particular investment in information systems, including criteria related to the quantitatively expressed projected net, risk-adjusted return on investment and specific quantitative and qualitative criteria for comparing and prioritizing alternative information systems investment projects;

(d) Provide for identifying information systems investments that would result in shared benefits or costs for other Federal agencies or State or local governments;

(e) Provide for identifying quantifiable measurements for determining the net benefits and risks for a proposed investment; and

(f) Provide the means for DOL senior management personnel to obtain timely information regarding the progress of an investment in an information system, including a system of milestones for measuring progress, on an independently verifiable basis, in terms of cost, capability of the system to meet specified requirements, timeliness, and quality.

(2) Institutionalize performance-based and results-based management for IT in coordination with the Office of the Chief Financial Officer (OCFO), the Office of the Assistant Secretary for Administration and Management (OASAM), and other DOL agencies. In fulfilling this responsibility, the CIO will:

(a) Establish goals for improving the efficiency and effectiveness of DOL operations and, as appropriate, the delivery of services to the public through the effective use of IT;

(b) Prepare an annual report, as required by statute, to be included in the DOL's budget submission to Congress, on the progress in achieving the IT goals; and

(c) Issue DOL policies, directives, and instructions in accordance with Section 5123 of the Clinger-Cohen Act related to results-based management.

(3) In coordination with OASAM, acquire information technology for DOL and, in accordance with guidance issued by OMB, enter into contracts that provide for multi-agency acquisitions of information technology.

(4) Identify in the strategic information resources management plan required under 44 U.S.C. 3506(b)(2) any major information technology acquisition program, or any phase or increment of such a program, that has significantly deviated from the cost, performance, or schedule goals established for the program.

(5) Monitor the Department's compliance with the policies, procedures, and guidance in OMB Circular A-130 (or equivalent guidance), recommend or take appropriate corrective action in instances of failures to comply and, as required by the Circular, report to the OMB Director.

c. Subject to the Reservation of Authority in paragraph 19 of this Order, the CIO will have the following duties which are assigned by the E-Government Act of 2002 and FISMA (as incorporated into the E-Government Act at Section 301 (44 U.S.C. 3541-3549)), to the Secretary and are hereby delegated to the CIO:

(1) The CIO will consider the impact of Departmental E-Government policies and programs on persons without access to the Internet and work with all DOL agencies to ensure that, to the extent practicable, the availability of government information and services is not diminished for individuals who lack access to the Internet.

(2) The CIO is responsible for the annual submission to the OMB Director of the E-Government Status Report required by Section 202 of the E-Government Act.

(3) To meet the objectives of the Government Paperwork Elimination Act (Pub. L. 105-277), the CIO must ensure that the Department's methods for use and acceptance of electronic signatures are compatible with the relevant policies and procedures issued by the OMB Director.

(4) The CIO will work with the Office of Public Affairs (OPA) and the Office of the Solicitor (SOL) to ensure that a publicly accessible DOL Web site includes all information required to be published in the Federal Register under paragraphs (1) and (2) of Section 552(a) of Title 5 of the United States Code (Freedom of Information Act).

(5) In consultation with OMB, SOL, and other agencies as appropriate, the CIO will coordinate with the Office of the Assistant Secretary for Policy (OASP) to ensure that the Department implements Sections 206(c) and 206(d) of the E-Government Act (electronic rulemaking submissions and electronic dockets).

(6) To ensure that the Department carries out the E-Government Act's requirements for privacy impact analyses, as well as related OMB policies and guidance, the CIO will:

(a) In coordination with SOL, oversee the Department's preparation of privacy impact assessments;

(b) In coordination with OASAM, ensure that DOL privacy impact assessments are provided to OMB for each information system for which funding is requested; and

(c) In coordination with SOL and OPA, ensure that, if practicable and appropriate, DOL privacy impact assessments are made available to the public.

(7) Consistent with Section 5(c)(3) of this Order and Section 209(b) of the E-Government Act, the CIO, after consultation with the Director of the Office of Personnel Management (OPM), CIO Council, Administrator of the General Services Administration (GSA), and DOL agencies, will establish and operate IT training programs and encourage DOL employee participation in such programs.

(8) The CIO will coordinate the Department's collection and maintenance of standardized information on the IT and IRM workforce related to the implementation of the E-Government Act's training provisions.

(9) Consistent with Sections 209 of the E-Government Act (Federal Information Technology Workforce Development), and in consultation with OASAM, OCFO, the Office of Small Business Programs (OSBP), the Employment Standards Administration, SOL, and other DOL agencies as appropriate, the CIO may, with the concurrence of the employing agency, coordinate the assignment of a Department employee to a private sector organization or an employee of a private sector organization to the Department as part of an IT Exchange Program. The CIO also will ensure that the Department cooperates with OPM in fulfilling the related reporting requirements of Section 209.

(10) The CIO will have ultimate responsibility for ensuring that the Department fulfills its responsibilities under Title III of the E-Government Act, Start Printed Page 28681the Federal Information Security Management Act, by:

(a) Consistent with Section 3544 of Title 44 of the U.S. Code, designating a senior Department official who will report to the CIO and have responsibility for Department-wide information security as his or her primary duty, including the following responsibilities:

(i) Developing and maintaining an OMB-approved Department-wide information security program, for the protection of information and information systems that support the Department's operations and assets. This information security program will be consistent with the requirements of Section 3544(b) of Title 44 of the U.S. Code, including periodic evaluation, testing, and remediation of the Department's information security policies, procedures and practices;

(ii) Ensuring that the Department effectively implements and maintains information security policies, procedures, and control techniques to address all applicable information security requirements, including those issued by OMB under Section 3543 of Title 44, and by the Secretary of Commerce under Section 11331 of Title 40, of the U.S. Code;

(iii) Training and overseeing personnel with significant responsibilities for information security with respect to such responsibilities;

(iv) Assisting senior Department officials in fulfilling their responsibility to provide information security for the information and information systems that support the operations and assets under their control (see 44 U.S.C. 3544(a)(2); and

(v) Assuming day-to-day responsibility for the CIO functions identified in subparagraphs (b) through (i), as well as any other related responsibilities assigned by the CIO.

(b) Ensure that the Department has trained personnel sufficient to assist in complying with the requirements of FISMA and related policies, procedures, standards, and guidelines.

(c) In coordination with appropriate senior Department officials, ensure that all required reports (to the Secretary, Congress and the Comptroller General) on the effectiveness of the Department's information security program, are submitted.

(d) In coordination with OASAM, ensure that the Department's information security management processes are integrated into its strategic and operational planning processes.

(e) Prepare the Department's annual report to the Congress and Comptroller General on compliance with FISMA, as required by Section 3544(c) of the E-Government Act.

(f) In coordination with OASAM and OCFO, ensure that the adequacy and effectiveness of information security policies, procedures, and practices is addressed in plans and reports relating to the Department's annual budget; information resources management; IT management; program performance under the Government Performance Results Act; financial management and financial management systems; and internal accounting and administrative controls.

(g) In coordination with OCFO, ensure that any significant deficiency in information security policies, practices or procedures is reported as a material weakness under Section 3512 of Title 31 of the U.S. Code and, if related to financial management systems, as an instance of a lack of substantial compliance under the Federal Financial Management Improvement Act.

(h) In coordination with OASAM, ensure that the Department's annual performance plan under Section 1115 of Title 31 of the U.S. Code includes a description of the time periods, budget resources, staffing and training necessary to implement the Department's information security program.

(i) In coordination with SOL, ensure that the public receives timely notice and opportunity for comment on proposed information security policies and procedures that affect communication with the public.

(j) Cooperate with the OIG on the annual independent evaluation of the Department's information security program and practices as required by Section 3545 of Title 44 of the U.S. Code, and in ensuring that the evaluation is submitted to OMB.

(k) In coordination with other relevant DOL agency heads, and as appropriate, consult with the National Institute of Standards and Technology (NIST) on the development of the Department's information security programs, practices, policies; the development of NIST information guidelines and standards; and the detection and handling of information security incidents.

(11) The CIO will establish a system for appropriately sharing OMB, Department of Commerce, and DOL policies, guidance, standards and other communications relating to IT and IRM.

(12) In coordination with OASP, OPA, SOL, OASAM, and other relevant agencies, the CIO will support OMB and GSA efforts to develop, maintain, and promote a Federal Internet Portal and to develop a Directory of Federal Government Web sites (see Sections 204 and 207(f)(3) of the E-Government Act).

(13) In coordination with OASAM, the CIO will ensure that the Department develops performance measures that demonstrate how electronic government enables progress toward DOL objectives, strategic goals, and statutory mandates.

(14) In consultation with SOL, the Office of Disability Employment Policy (ODEP), and OASAM, the CIO will ensure that the Department is in compliance with Section 508 of the Rehabilitation Act of 1974 (29 U.S.C. 794d).

(15) Consistent with Section 207(d) of the E-Government Act, the CIO will ensure that the Department complies with all OMB policies relating to the categorization of information.

(16) In coordination with OASP, SOL and OPA, the CIO will ensure that privacy notices posted on DOL Web sites comply with OMB guidance (see Section 208(c) of the E-Government Act).

(17) The CIO will ensure that the Department cooperates with OMB and other Federal agencies in preparing reports, conducting studies, or undertaking other Administration-wide activities required by the E-Government Act or implementing OMB guidance.

(18) The CIO will have overall responsibility for ensuring that the Department, consistent with guidance developed by the National Archivist, adopts policies and procedures to effectively and comprehensively fulfill its records management responsibilities with respect to DOL information on the Internet and other electronic records (see Section 207(e) of the E-Government Act). The CIO also will ensure that the Department's annual E-Government status report (see paragraph 6c2) includes information on the Department's compliance.

d. In addition to the above duties specifically assigned by the PRA, the Clinger-Cohen Act, and the E-Government Act, the CIO is delegated the following authority and assigned the following responsibilities, subject to the Reservation of Authority in paragraph 19:

(1) The CIO will fulfill the DOL website responsibilities outlined in Secretary's Order 2-2003.

(2) The CIO will act as the Department's spokesperson on all matters relating to Departmental IRM and IT management. The CIO will report to the Secretary, but may receive day-to-day guidance and direction from the Deputy Secretary.

(3) In consultation with ODEP, OASAM and SOL, the CIO will ensure that the DOL is responsive to the needs Start Printed Page 28682of employees who require adaptive technologies and will represent the Department on GSA's Section 508 Committee.

(4) The CIO will oversee agency development of IT Strategic Plans that are in alignment with Agency Plans and Agency Budgets.

(5) The CIO, in consultation with OPA and DOL agencies, will ensure that Departmental communications and processes make maximum appropriate use of web technologies and electronic mail.

(6) The CIO will present TRB recommendations, with an evaluation of their merits, to the MRB for disposition and ensure that MRB decisions are implemented (unless overruled by the Secretary).

e. The CIO will perform any other related duties which are assigned by the Secretary.

7. Assignment of Responsibilities to the Chief Financial Officer

The CFO will have the following duties which are assigned by statute to the Secretary and are hereby delegated to the CFO:

a. Ensure that the accounting, financial, and asset management systems of DOL are designed, developed, maintained, and used effectively to provide financial or program performance data for financial statements of the Department.

b. Ensure that financial and related program performance data are provided on a reliable, consistent, and timely basis to DOL financial management systems.

c. Ensure that financial statements support:

(1) Assessments and revisions of mission-related processes and administrative processes of the Department; and

(2) Performance measurement of the performance in the case of investments made by the Department in information systems.

d. In appropriate consultation with the Office of the Chief Information Officer (OCIO), ensure that the accounting, financial, and asset management systems of the DOL are properly integrated into the DOL enterprise architecture.

e. In appropriate consultation with OCIO, ensure that the adequacy and effectiveness of information security policies, procedures, and practices are addressed in plans and reports relating to the Department's financial management and financial management systems, and internal accounting and administrative controls.

f. In appropriate consultation with OCIO, ensure that any significant deficiency in information security policies, practices or procedures is reported as a material weakness under Section 3512 of Title 31 of the U.S. Code and, if related to financial management systems, as an instance of a lack of substantial compliance under the Federal Financial Management Improvement Act.

g. Consistent with 5 U.S.C. 3702(b), manage the Department's collection of debts and claims waivers arising out of the Department's IT Exchange Program (see Paragraph 6c(9) above). The continued exercise of this authority will conform with the requirements of the General Accounting Office Act of 1996 (Pub. L. 104-316); the OMB Determination of December 17, 1996, with regard to Pub. L. 104-316; and Secretary's Order 01-97.

8. Responsibilities of the Office of the Solicitor of Labor

The Solicitor of Labor is responsible for:

a. Working with OCIO and OPA to ensure that a publicly accessible DOL website includes all information required to be published in the Federal Register under paragraphs (1) and (2) of Section 552(a) of Title 5 of the United States Code.

b. In coordination with OASP, OCIO and OPA, ensuring that privacy notices posted on DOL websites comply with OMB guidance (see Section 208(c) of the E-Government Act).

c. Providing legal advice and assistance to all Department of Labor officials relating to implementation and administration of all aspects of this Order. The Solicitor of Labor will have the responsibility for representing the Secretary, the Deputy Secretary, CIO and other officials of the Department in any administrative or judicial proceedings involving agency decisions issued pursuant to this Order, including representing officials of the Department. In addition, the Solicitor of Labor will have the responsibility for providing legal advice to the Secretary, the Deputy Secretary, CIO and other officials of the Department with respect to decisions covered by this Order, as well as the implementation and administration of this Order.

9. Assignment of Responsibilities to the Assistant Secretary for Administration and Management

The Assistant Secretary for Administration and Management is assigned responsibility for:

a. Consistent with applicable law, regulations and Administration or Department policies, coordinating with OCIO on the acquisition of information technology, including contracts that provide for multi-agency acquisitions of information technology and share-in-savings contracts for information technology.

b. Coordinating with OCIO to ensure that DOL privacy impact assessments are provided to OMB for each information system for which the Department requests funding.

c. Coordinating with OCIO on the assignment of Department employees to private sector organizations, or employees of private sector organizations to the Department, as part of an IT Exchange Program under Section 209 of the E-Government Act.

d. Coordinating with OCIO to ensure that the Department's information security management processes are integrated into its strategic and operational planning processes.

e. Coordinating with OCIO to ensure that the adequacy and effectiveness of information security policies, procedures, and practices is addressed in plans and reports relating to the Department's annual budget and program performance under the Government Performance Results Act.

f. Coordinating with OCIO to ensure that the Department's annual performance plan under Section 1115 of Title 31 of the U.S. Code includes a description of the time periods, budget resources, staffing and training necessary to implement the Department's information security program.

g. Coordinating with OASP, OPA, SOL, OCIO and other relevant agencies to support OMB and GSA efforts to develop, maintain, and promote a Federal Internet Portal and develop a Directory of Federal Government Web sites (see Sections 204 and 207(f)(3) of the E-Government Act).

h. Coordinating with OCIO, SOL and ODEP to ensure that the Department is in compliance with Section 508 of the Rehabilitation Act of 1974 (29 U.S.C. 794d) and that the Department is responsive to the needs of employees who require adaptive technologies.

i. Coordinating with OCIO to ensure that the Department develops performance measures that demonstrate how electronic government enables progress toward DOL objectives, strategic goals, and statutory mandates.

j. In consultation with SOL, ensuring, on a day-to-day basis, that the Department fulfills its records management responsibilities with respect to DOL information on the Internet and other electronic records Start Printed Page 28683(see Section 207(e) of the E-Government Act).

10. Assignment of Responsibility to the Assistant Secretary for Policy

The Assistant Secretary for Policy is assigned responsibility for:

a. Coordinating with OASAM, OPA, SOL, OCIO, and other relevant agencies to support OMB and GSA efforts to develop, maintain, and promote a Federal Internet Portal and develop a Directory of Federal Government Websites (see Sections 204 and 207(f)(3) of the E-Government Act).

b. Coordinating with SOL, OCIO and OPA to ensure that privacy notices posted on DOL web sites comply with OMB guidance (see Section 208(c) of the E-Government Act).

c. In consultation with OMB, SOL, and other agencies as appropriate, coordinating with OCIO to ensure that the Department's implementation of Sections 206(c) and 206(d) of the E-Government Act (electronic rulemaking submissions and electronic dockets).

11. Assignment of Responsibility to the Assistant Secretary for Public Affairs

The Assistant Secretary for Public Affairs is assigned responsibility for:

a. Coordinating with OASP, OASAM, SOL, OCIO, and other relevant agencies to support OMB and GSA efforts to develop, maintain, and promote a Federal Internet Portal and develop a Directory of Federal Government Websites (see Sections 204 and 207(f)(3) of the E-Government Act).

b. Coordinating with ASP, SOL and OCIO to ensure that privacy notices posted on DOL web sites comply with OMB guidance (see Section 208(c) of the E-Government Act).

c. Coordinating with OCIO and DOL agencies to ensure that Departmental communications and processes make maximum appropriate use of web technologies and electronic mail.

d. Working with OCIO and SOL to ensure that a publicly accessible DOL website includes all information required to be published in the Federal Register under paragraphs (1) and (2) of Section 552(a) of Title 5 of the United States Code.

e. Working with OCIO and SOL to ensure that, if practicable and appropriate, DOL privacy impact assessments are made available to the public.

12. Assignment of Responsibility to the Assistant Secretary for Disability Employment Policy

The Assistant Secretary for Disability Employment Policy is assigned responsibility for coordinating with OCIO, SOL and OASAM to ensure that the Department is in compliance with Section 508 of the Rehabilitation Act of 1974 (29 U.S.C. 794d) and that the Department is responsive to the needs of employees who require adaptive technologies.

13. Assignment of Responsibility to the Director of the Office of Small Business Programs

The OSBP Director is assigned responsibility for coordinating with OCIO to ensure the Department's compliance with Section 209(e) of the E-Government Act (Federal Information Technology Workforce Development), including the filing of reports required by Section 209(e)(3).

14. Assignment of Responsibility and Delegation of Authority to the Assistant Secretary for Employment Standards

The Assistant Secretary for Employment Standards is delegated authority and assigned responsibility for coordinating with OCIO on the Department's IT Exchange Program (see paragraph 6c(9) above). This authority includes, consistent with paragraph 4a(10) of Secretary's Order 4-2001, the authority to interpret and administer the provisions of the E-Government Act which relate to the Federal Employees' Compensation Act (see Section 209 of the E-Government Act, creating 5 U.S.C. 3703(b) and 3704(c)).

15. Assignment of Responsibility to the Inspector General

The Inspector General is assigned responsibility for: Consistent with Section 3545 of Title 44 of the U.S. Code, performing, or arranging for the performance of, an annual independent evaluation of the Department's information security program and practices and submitting the evaluation to OMB.

16. Assignment of Responsibilities to Agency Heads

a. All DOL Agency Heads are assigned responsibility to ensure compliance by their organizations with the law, including the Paperwork Reduction Act, Clinger-Cohen Act, E-Government Act (including FISMA) and related CIO and OMB guidance and policies, consistent with their statutory responsibilities and other applicable Secretary's Orders and guidelines.

b. Consistent with their statutory responsibilities and other applicable Secretary's Orders and guidelines, all DOL Agency Heads are assigned responsibility to implement Department-wide IT initiatives approved by the MRB and sponsored by the CIO, re-engineer agencies' mission-related processes to maximize return on IT expenditures, and ensure that IT initiatives are managed for successful implementation.

c. Consistent with their statutory responsibilities and other applicable Secretary's Orders and guidelines, all DOL Agency Heads are assigned responsibility to assess the need and potential for re-engineering agencies' mission-related processes to ensure that such processes are performed efficiently and effectively and that automated processes are designed to properly support mission-related processes; ensure that return on IT expenditures is maximized; and ensure that IT initiatives are managed for successful implementation.

d. Consistent with their statutory responsibilities and other applicable Secretary's Orders and guidelines, all DOL Agency Heads are assigned responsibility to comply with IT security requirements and to help ensure that adequate resources are assigned to IT security projects.

17. Assignment of Responsibilities for the Management Review Board

For purposes of his Order, the MRB will have the following responsibilities:

a. Members must ensure their appropriate involvement with the duties delegated to the MRB.

b. Members will assist in preparation of draft documents for MRB discussions, recommendations, and/or decisions.

c. The MRB will evaluate and either approve, not approve, or approve with conditions, TRB recommendations and advise the CIO of the results.

d. The MRB will ensure that MRB decisions and recommendations pertaining to IT investment management deliver substantial business benefit to the Department and/or improved operational efficiency and/or substantial return-on-investment to the taxpayer.

e. The MRB may direct the TRB to undertake studies or prepare recommendations to address common IT issues.

18. Assignment of Responsibilities to the Technical Review Board

a. The TRB is established in the following manner:

(1) The MRB will determine the membership roster and charter of the TRB. The current charter, including the membership roster, are affixed to this Order as Attachment 1.

(2) The Deputy CIO will chair and manage the TRB.

(3) TRB membership may not be delegated. A DOL agency's permanent member may, with written Agency Head Start Printed Page 28684approval, authorize a qualified alternate to attend and participate in the voting process at TRB meetings.

(4) Each agency represented on the TRB is allocated one vote. The agencies represented by rotating members also have one collective vote. The TRB may adopt resolutions, including recommendations to the MRB on the disposition of IT investments, by majority vote of participating agencies.

(5) The TRB will maintain a record, for internal use only, available to TRB members relating to proposed recommendations under consideration.

b. The TRB is an advisory body to the MRB and the CIO with the following responsibilities:

(1) Review IT initiatives to ensure risks and returns have been adequately and accurately assessed. Reviews of IT initiatives will include assessments of IT investment:

(a) Screening information;

(b) Scoring information;

(c) Return-on-investment information, including improved operational efficiency;

(d) Cost, schedule, and technical performance information;

(e) Supporting documentation, including business case, risk assessments, privacy impact assessments, financial information, technical documentation, and project planning documentation; and

(f) Other information as may be necessary to satisfy OMB budget justification requirements.

(2) Develop and provide recommendations to the MRB and CIO on the disposition of IT initiatives, the selection of new initiatives, or the continuation of existing IT initiatives.

(3) Develop and provide recommendations to the MRB and CIO on Departmental enterprise architecture management and IT capital planning and investment control process improvements.

(4) Develop and provide recommendations to the MRB and CIO on agency and Departmental IT investment portfolios.

(5) Create TRB sub-committees and provide appropriate guidance to sub-committees.

(6) Address common IT issues, investments, and security and provide recommendations to the CIO and/or MRB.

19. Reservation of Authority

a. The following functions are reserved to the Secretary:

(1) No delegation of authority or assignment of responsibility under this Order will be deemed to affect the Secretary's authority to continue to exercise or further delegate such authority or responsibility.

(2) The submission of reports and recommendations to the President and Congress concerning the administration of the statutory provisions and executive orders listed above is reserved to the Secretary.

20. Effective Date

This Order is effective immediately.

Attachment 1—Department of Labor Technical Review Board Charter

Table of Contents

Preface

Mission

Objectives

Membership

Technical Review Board Subcommittees

Temporary Working Groups

Adoption of Technical Review Board Resolutions

Responsibilities

Meeting Protocol

Preface

In November 1998, the Department's Management Review Council (MRC, now the Management Review Board (MRB)) approved the establishment of a two-tiered information technology (IT) Investment Review Board structure to conduct Departmental IT investment management. The new structure replaced the Capital Planning and Investment Review Board (CPIB) with the MRC and a Technical Review Board (TRB). In 2001, the MRC became the MRB. The two-tiered Investment Review Board structure is designed to ensure compliance with the Clinger-Cohen Act and the Department's enhanced IT capital planning process. This Charter establishes the mission, objectives, membership, and responsibilities of the TRB. The TRB operating procedures are presented in the Department's IT Capital Investment Management Guide.

Mission

The Technical Review Board serves as the Department's first tier Investment Review Board for above-threshold ^[1] information technology (IT) investments and as a forum to identify and resolve Department-wide IT-related issues. The TRB makes recommendations on the appropriate disposition of above-threshold IT investments to the MRB based on standardized investment review criteria, with a focus on the technical feasibility of the investments. The TRB also serves as a forum to conduct Departmental IT strategic planning, enterprise architecture management, and IT capital planning process improvements via permanent committees.

Objectives

The objectives of the TRB are to ensure compliance with the IT capital planning provisions of the Clinger-Cohen Act by:

• Conducting IT investment analysis on above-threshold IT investments and recommending the disposition of those IT investments to the MRB;
• Establishing above-threshold IT initiative review schedules and monitoring these IT investments throughout their lifecycle (control phase);
• Evaluating fully operational above-threshold IT initiatives by reviewing the results of post-implementation reviews conducted;
• Recommending to the MRB corrective actions for those above-threshold IT initiatives that are not performing in accordance with established cost, schedule, or technical performance parameters;
• Providing recommendations to the MRB on portfolio management;
• Providing input to the CIO and MRB on Departmental enterprise architecture management planning and IT capital planning process improvement activities;
• Identifying opportunities to minimize duplicate and overlapping information systems across the Department and the Federal Government;
• Addressing common IT issues and recommending the resolution of these issues to the MRB.

Membership

The Technical Review Board has the following membership:

Eight Non-voting members:

Chair: Deputy Chief Information Officer

Vice-Chair: Deputy Assistant Secretary for Operations, OASAM

Advisors:

Procurement Executive

Assistant Inspector General of the Office of Audit Operations

Senior Representative of the Office of the Solicitor

Senior Executive from the Office of Disability Employment Policy

Department Librarian

Department Records Officer

Eleven Voting Members: Unless otherwise noted, the voting member for each of the following is either the Agency's Senior Agency IT Executive or Administrative Officer.

Office of the Assistant Secretary for Policy (Senior Management Representative)

Bureau of Labor Statistics

Employee Benefits Security Administration

Employment Standards Administration

Employment and Training Administration

Office of the Assistant Secretary for Administration and Management

Office of the Chief Financial Offier (Chief Financial Officer's Representative)

Office of Public Affairs (Departmental Web Sites Director)

Mine Safety and Health Administration

Occupational Safety and Health Administration

Small Agencies' Representative

The small agencies' representative is appointed for a one-year term by ___ from agencies and Departmental components without permanent voting representative on the TRB.

TRB Participation: TRB membership may not be delegated. Agency permanent members may, with written Agency Head approval, authorize a qualified alternate to attend and participate in the voting process at TRB meetings. Agency Senior IT Executives and Administrative Officers from agencies that are not permanent or rotating members may attend TRB meetings as observers.

Technical Review Board Sub-Committees

The Technical Review Board will have two standing sub-committees, the IT Architecture Sub-Committee and the IT Capital Planning Sub-Committee, for purposes of carrying out the roles and responsibilities of the CIO. The CIO will appoint a Chair to preside over each standing sub-committee from the TRB membership. The CIO will solicit a call from the TRB for three nominations per sub-committee for consideration as sub-committee Chairpersons on an annual basis. The CIO will appoint the sub-committee Chairpersons for a period of one year. The sub-committee Chairs will be responsible for carrying out the duties and responsibilities of the sub-committees and regularly reporting status to the TRB. Sub-committee membership will include representatives from all of the major agencies and other smaller agencies are encouraged to participate. Sub-committee members will be recognized as authoritative subject matter experts and will be appointed by the TRB.

A. Enterprise Architecture Sub-Committee

Provides enterprise architecture baseline management, configuration control, standards adoption, and enterprise architecture migration recommendations to the full TRB. The enterprise architecture committee will focus on interoperability issues as they pertain to crosscutting IT infrastructure issues.

B. IT Capital Planning Sub-Committee

Assesses the effectiveness of the Departmental IT capital planning process and provides recommendations to the full TRB for refining and improving the process. Process improvement analysis includes: Assessments of screening criteria; IT investment criteria (selection, control, and evaluation procedures); IT capital planning process timing issues; Information Technology Investment Portfolio System (I-TIPS); and integration of IT capital planning activities with other major management processes.

Temporary Working Groups

Temporary working groups will be established by a majority vote of the TRB. The temporary working group chair will be one of the permanent members of the TRB, but other members on the working group may include Federal and contractor staff who are not on the Board. The establishment of a temporary working group requires the following:

• Assignment of working group chair and members;
• Identification of working group scope and objectives; and
• Identification of working group deliverables and schedules.

Adoption of Technical Review Board Resolutions

(1) The Technical Review Board is a consensus-driven body designed to maximize departmental IT investment decision-making through the objective, impartial application of each member's technical and business management expertise.

(2) Technical Review Board resolutions, including recommendations to the MRB on the disposition of IT investments, require a majority vote of participating agencies' representatives. Each agency represented on the TRB is allocated one vote. The agencies represented by rotating members also have one collective vote (resulting in a total of eleven (11) votes).

(3) Voting will be recorded in the TRB meeting minutes and provided to the MRB as part of the disposition recommendation.

Responsibilities

A. Management Review Board

(1) Evaluate and either “approve”, “not approve”, or “approve with conditions” TRB recommendations.

(2) Ensure that MRB decisions pertaining to IT investment management deliver substantial business benefit to the Department and/or, improved operational efficiency and/or substantial return on investment to the taxpayer.

(3) Direct the TRB to undertake studies or prepare recommendations to address common IT issues.

B. Chief Information Officer

(1) Provide advice and other assistance to the Secretary of Labor and MRB to ensure that information technology is acquired and information resources are managed for the Department consistent with the Clinger-Cohen Act, departmental missions and objectives, and the Department's IT capital planning process.

(2) Present TRB recommendations with an evaluation of their merit to the MRB for disposition.

(3) Conduct strategic analysis of the Department's IT investment portfolio. Issue Departmental IT strategic planning guidance.

(4) Develop, maintain, and facilitate implementation of a sound and integrated enterprise architecture for the Department.

(5) Promote the effective and efficient design and operation of all major information management processes for the Department.

C. Deputy Chief Information Officer

(1) Serve as the Chair of the Technical Review Board.

(2) Ensure that the TRB provides comprehensive evaluations of all above threshold IT projects and that the results of these evaluations are presented to the MRB for final disposition.

(3) Ensure that the TRB conducts enterprise architecture management and IT capital planning process improvement activities.

(4) Ensure that common IT issues are fully addressed and recommended resolution of these issues are provided to the CIO and/or MRB.

(5) Responsible for overseeing and providing guidance to TRB sub-committees.

D. Deputy Assistant Secretary for Operations, OASAM

(1) Serve as the TRB Vice Chair. Start Printed Page 28686

(2) Serve as the TRB Chair in the absence of the Deputy Chief Information Officer.

(3) Coordinate and confer with the TRB Chair on all matters before the Board.

E. Deputy Chief Financial Officer (CFO)

Provide assessments of proposed or enhanced financial systems, which address the issues of compliance with government wide standards. Without such compliance, the proposed system cannot be considered under TRB rules. The Deputy CFO may ask for technical review by one or more of the TRB committees or working groups to assist in the compliance determination.

F. Director, Office of the Chief Information Officer (OCIO) Programs

(1) Serve as the Executive Secretary for the TRB. Executive Secretary duties include:

—Manage TRB administrative staff support;

—Prepare read-ahead materials and agendas, in consultation with the Chair and membership, for TRB meetings;

—Prepare meeting minutes;

—Post agendas and minutes in the Public Library section of the I-TIPS;

—Oversee and direct all votes taken by the TRB; and

—Support the Chair in preparing for and conducting meetings.

G. Technical Review Board Members

Coordinate and consult with senior policy and program officials within their respective agencies to:

(1) Review IT initiatives to ensure risks and returns have been adequately and accurately assessed. Reviews of IT initiatives will include assessments of IT investment:

—Screening information

—Scoring information

—Return-on-investment information

—Cost, schedule, and technical performance information

—Alignment with e-government and IT security issues

—IT initiative supporting documentation, including business case, risk assessments, financial information, technical documentation, project planning documentation, privacy impact assessments, and vulnerability assessments.

(2) Develop and provide recommendations to the MRB.

(3) Participate as members on TRB sub-committees.

(4) Address common IT issues, including security and privacy, and provide recommendations for the resolution of these issues to the CIO and/or MRB.

(5) Communicate the direction of IT initiatives, particularly those which are Secretarial initiatives.

(6) Provide guidance to the standing sub-committees on IT Capital Planning and Enterprise Architecture.

(7) Identify opportunities for common IT investments and initiate studies and recommendations to the MRB and/or the CIO.

H. Technical Review Board Advisors

Provide advice commensurate with their specific area of expertise to the TRB Chair and Vice Chair on matters before the TRB. The advisors do not have votes in addition to their agencies' votes as members. (SOL, OIG and ODEP are considered “small agencies” with rotating members for purposes of TRB voting.)

Meeting Protocol

(1) The TRB meets on a monthly basis, with additional or special meetings called by the Chair, as necessary.

(2) At least one TRB member from a majority of TRB member agencies must be present to adopt a TRB resolution.

(3) The Executive Secretary acts as facilitator and parliamentary authority for all meetings.

Footnotes