Wednesday, April 13, 2016 -
1:00pm to 3:00pm

Location Details: 

Information Technology Dept.
Room 438
4201 Normandy Street North
Bismarck, ND 58503

Meeting Agenda:


Time Topic Presenter

Update on EA Activity

  • Architecture Teams Recaps
    • Security Architecture
    • Data Architecture
    • Application Architecture
    • Technology Architecture

Jeff Quast


Update on ITD Activity

  • Brown Bag Lunch - review
  • Chief Information Security Officer
  • SMUG Meeting - April 21, 2016
  • YouTube EULA Update
Jeff Quast
1:30 Privacy Policy Cliff Heyne
1:45 Update on Project Exploration Process and Statewide IT Planning Justin Data
2:15 Social Media - Deleted Comments and Retention Cliff Heyne
2:30 Ransomware Jeff Quast
2:45 IT Coordinators List Audit Cliff Heyne
2:55 Future Agenda Items  

Meeting Recap:

Update on EA Activity


Update on ITD Activity
  • Jeff Quast gave a brief overview of the Brown Bag Lunch video, ‘Three Secret Virtues of Great IT Contributors” which was presented before the ITCC meeting. All IT Coordinators are welcome to attend the Brown Bag Luncheons, where ITD presents a video once a month from the Gartner annual CIO conference. Bring your own lunch and join us.
  • ITD has a new Chief Information Security Officer. Sean Wiese joined ITD March 23. Sean was formally employed with ITD Security and had since been in the private sector at NISC and KLJ. He will be attending the ITCC meetings beginning in May.
  • Upcoming meetings include the Social Media User Group on April 21, 2016
  • Cliff Heyne gave a brief update on the status of a government friendly YouTube EULA. NASCIO have begun new negotiations with Google to develop that EULA but there is no timeframe for completion or an indication that the negotiations will be successful.
  • ITD rates for the 2017-19 biennium will be posted by Friday April 15, 2016.
  • Beginning with the May ITCC meeting, we would like to include Agency Updates on the agenda. This could include news and events from all agencies, or a presentation from an agency about an initiative or technology used at that agency. Agencies are urged to contact Jeff Quast with any items they would like to have included.
Privacy Policy
  • In response to an inquiry from a citizen regarding the use of Google Analytics, Cliff Heyne reviewed the Google Analytics Terms of Service and what must be included in an agency’s web site privacy policy to comply. Basically, the privacy policy must inform users of the web site that Analytics is being used. Google has a link that can be inserted into that privacy policy that links to Google’s explanation of what Analytics does.
    • The privacy policy template that many have used to create their own privacy policy states that encryption is used, but many sites are not encrypted. Agencies are encouraged to review their privacy policy to ensure it does not state encryption is being used if the site is not https.


Project Exploration and IT Planning
  • Justin Data gave updates and presented roadmaps for the evolving Project Exploration and IT Planning programs.
  • Project Exploration is a result of enhancements to what was previously referred to as a Project Origination Review, or a $100K Project Review.
    • To improve response time and communications, ITD has scheduled a recurring monthly meeting on the 4th Thursday to review the Exploration submissions and if needed, consult with the agency. Future enhancements are planned, such as an updated Business Case/Project Questionnaire form, a simpler method to submit the form, standardized review questions, and the ability for an agency to view the status of the submission online. More information will be available on the Project Overview web page.
  • IT Planning
    • The IT Planning process will look significantly different for the 17-19 biennium than it has in past bienniums. Results from a recent survey indicate that larger agencies found more value in the planning process than smaller agencies, and all agencies would prefer to enter the recurring data one time rather than each biennium, so that type of data will be stored within the IT Planning toolset.
    • The entire Project Management team will be utilized to meet with agencies, and the conversation will be of a strategic nature. The meetings will not be used to review budget and rate sheets as has been done in the past.
    • Some important dates to consider:
      • August 15 - plans are due
      • September - SITAC ranking of major projects
      • January – Statewide Plan distributed to Legislature
    • More information will be available on the IT Planning web page.


Social Media
  • Cliff Heyne reviewed the main topics on the agenda for the upcoming SMUG meeting, which included records retention for social media content and how to manage deleted comments. Also planned was a discussions about the legal aspects of EULAs for common social media services. Legal representation from the Attorney General’s Office will be attending the SMUG meeting.


  • Jeff Quast gave a brief overview of the discussion from Security Architecture regarding the growing threat of Ransomware. Solid Backup and Restore practices are the only real solution in a worst case scenario, but there is also an opportunity and obligation to increase user awareness. Agencies should contact ITD and BCI if infected.


IT Coordinators List Audit – Cliff Heyne
  • Cliff Heyne reviewed the IT Coordinators mailing list and how ITD uses and maintains that internal list. The list was last updated in 2014 and ITD will be asking agencies to review and update the list soon.
  • The list includes a designation for an agency’s Primary IT Coordinator, which is required by NDCC, a Secondary IT Coordinator, an AssuranceNM contact, and an Additional AssuranceNM. The designation will be limited to 3 in the future as the AssuranceNM contact and Additional AssuranceNM designations are merged into one.
  • ITD is also developing better processes to address IT Coordinators leaving or starting.


Open Discussion/New Topics
  • A question was asked about what if anything agencies are using for digital signatures. DOT uses DocuSign and JSND uses EchoSign, but no other agency attending the meeting had a solution in use. There may be more information on this topic at a future ITCC meeting.
  • The Attorney General’s Office is combining CJIS and the AG’s IT department, Molly Goebel will manage that combined program.
PDF icon itcc-20160413-presentation