In the last 18 months, the U.S. Food and Drug Administration has placed great emphasis on strategic information technology planning. In 2015, the Office of Information Management and Technology (OIMT) developed a three-year IT Strategic Plan using the Balanced Scorecard approach. There was an emphasis on collaboration to overcome the typical challenges present in a federal agency such as system interoperability and system duplication. The mission of IT at the FDA is to enable the agency to promote and protect the public health more securely, effectively and efficiently. The vision is to be the model for IT in the federal government. In order to achieve this vision, three focus areas were identified to include quality, efficiency, and cyber security. Since the plan employed the Balanced Scorecard approach, objectives are linked to weighted, actionable projects that are monitored. This ensured alignment, but also enables tactical execution of the plan. Progress towards the Plan’s goals and objectives are monitored and evaluated by the project management office. The plan also included an annual update process to ensure our strategic plan remains aligned with the agency priorities and agile enough to address emerging FDA business needs.
Fourteen months after the plan’s implementation, we are at 40 percent completion and ready to release the updated plan. What does 40 percent worth of strategic plan look like over the last 14 months at the FDA? Today we have Choose Your Own Device (CYOD) at the FDA with a menu consisting of Android, iPhone and Blackberry mobile devices and MACs, PCs and tablets depending on individual customer requirements. The FDA has fully penetrated the cloud and developed a hybrid cloud brokerage model leveraging cloud-based infrastructure, software and platform as a service across multiple vendor platforms. The FDA has over 20 authorized, cloud-based production applications today, up from zero fourteen months ago. This year, field inspectors have completed over 15,000 inspection reports using an application on a mobile device, compared to last year, when FDA inspectors used pen and paper to conduct their inspections. The FDA also has a new, fully functional Project Management Office (PMO) and an award winning Systems Management Center (SMC) which combined network and security operations into a single unit. These are just a few examples of the transformational activities coming out of the IT strategic planning at FDA.
What does the updated plan look like? The updated plan incorporates IT priorities of the different medical product, food, animal and tobacco centers as it continues to focus on cyber security, compliance of key regulations and mandates, improving the quality of IT services and solutions, and improving efficiency. In this iteration of the plan, we looked at the core capabilities of the FDA in the areas of regulatory review, scientific operations and enterprise business. We identified nine to include product review and approval, emergency response and post-market safety and surveillance, to name a few. The new plan connects these capabilities to key outcomes and their enablers. This not only ensures alignment, but it also helps substantiate the value IT is bringing to the table to enable the larger mission of the FDA.
The focus areas in the plan were flushed out and hard targets were established. For example, security and compliance were defined to mean “ensure the security, reliability, and accuracy, of the agency’s systems as required and in support of key regulations and mandates.” It is critical to ensure the security, reliability, and accuracy of FDA systems in support of key regulations and mandates such as the Federal Information Security Management Act (FISMA) and the Federal Information Technology Acquisition Reform Act (FITARA). A target of 100 percent was defined in the revised plan.
For the focus area quality, the plan now calls for a 10 percent increase in customer satisfaction every quarter. In addition to this goal, the plan is designed to drive awareness and accountability of IT services, while delivering quality systems and services in support of FDA’s priorities such as in the areas of cloud, mobility, scientific and high-performance computing, and public communication. The plan emphasizes the right tools and a high-quality workforce will be needed to deliver high quality of services – OIMT will be developing and investing in our workforce to ensure current and future Agency needs are addressed at the highest level of quality possible.
Finally, for the focus area of efficiency, a 10 percent reduction to the IT base budget equating to approximately $25M annual savings was identified as the target. OIMT maintains over 80 systems that support FDA’s core, business management and administrative capabilities. With rapid advancements in regulatory science, technology, and governmental mandates and regulations, and systems being developed in silos, OIMT has found it difficult to maintain the high volume of systems as the inventory continues to grow. There are multiple systems that serve the same purpose, but were built for different offices/centers, maintain or store the same data or information, and are part of a work process but are not connected, requiring time-consuming manual intervention, which in turn increases the risk for inaccurate or incomplete information being used for decision making. Through consolidation of systems and reducing redundant applications, services, and processes, support for these systems will be more manageable and will allow OIMT to better streamline our processes. This effort, along with improvements in asset management, will help FDA realize long-term cost savings.
The objectives in the updated plan didn’t change and continue to align to FDA’s strategic priorities. Beyond the new hard targets and capability mapping, the most significant changes occurred at the program level inside the Chief Information Security Officer’s (CISO’s) lane. We are now in a position to begin sharing the updated plan to ensure that our customers understand the activities we will be working on over the next two years, the outcomes we hope to realize and how we are trying to support and enable them, and the mission critical work they perform through information technology.
Todd Simpson, Chief Information Officer, FDA
