HomeMy WebLinkAboutMINUTES - 09101996 - D5 4 �
TO: BOARD OF SUPERVISORS
Contra
FROM:
Costa
INTERNAL OPERATIONS COMMITTEE
County
DATE: September 10, 1996 ef��K
SUBJECT: PROPOSED RESPONSES TO THE REPORTS OF THE 1995-1996 GRAND JURY:
NOS. 9608, 9610 and 9611
SPECIFIC REOUEST(S)OR RECOMMENDATION(S)&BACKGROUND AND JUSTIFICATION
RECOMMENDATIONS :
1 . Adopt this report of our Committee as the Board of
Supervisors ' response to the Reports of the 1995-1996 Grand
Jury:
No. 9608, "Human Resources Department-Project Positions"
No. 9610, "Political Activities in Contra Costa County
Buildings"
No. 9611 "County Computing Evolution"
2 . Remove this item as a referral to our Committee.
BACKGROUND:
The 1995-1996 Grand Jury filed the above reports, which were
reviewed by the Board of Supervisors and subsequently referred to
the Internal Operations Committee. On August 5, 1996 and September
9 , 1996 our Committee met to discuss the recommendations and review
proposed responses . At the conclusion of those discussions, we
prepared these reports utilizing a format suggested by a former
Grand Jury, which clearly specifies :
A. Whether the recommendation is accepted or adopted;
B. If the recommendation is accepted, a statement as to who will
be responsible for implementation and a definite target date;
C. A delineation of the constraints if a recommendation is
accepted but cannot be implemented within the calendar year;
and
D. The reason for not adopting a recommendation.
CONTINUED ON ATTACHMENT: YES SIGNATURE:
RECOMMENDATION OF COUNTY ADMINISTRATOR RECOMMENDATION OF BOARD COMMITTEE
APPROVE OTHER
SIGNATURE(S): GAYLE BISHOP JIM ROGERS
ACTION OF BOARD ON S e p t e m b e r '1 0 . 1996 APPROVED AS RECOMMENDED X OTHER X
IT IS BY THE BOARD ORDERED that the proposed recommended
response to the 1995-1996 Grand Jury Report Item No . 9611 , and
Item No . 9608 as modified , are ADOPTED ; and CONSIDERATION of the
1995-1996 Grand Jury Report Item No . 9610 is CONTINUED to the
Septemberl-7-, 1996 , Board meeting .
VOTE OF SUPERVISORS
I HEREBY CERTIFY THAT THIS IS A TRUE
-X_UNANIMOUS(ABSENT I I ) AND CORRECT COPY OF AN ACTION TAKEN
AYES: NOES: AND ENTERED ON THE MINUTES OF THE BOARD
ABSENT: ABSTAIN: OF SUPERVISORS ON THE DATE SHOWN.
CC: Internal Operations Committee ATTESTED September 10 , 1996
County Administrator PHIL BATCHELOR,CLERK OF THE BOARD OF
Superior Court Presiding Judge SUPERVISORS AND COUNTY ADMINISTRATOR
Grand Jury Foreperson
County Counsel
District Attorney
M382 (10/8 B DEPUTY
�iuman Resources Director
"HUMAN RESOURCES DEPARTMENT - PROJECT POSITIONS"
REPORT NO. 9608
The 1995-96 Contra Costa County Grand Jury recommends that the
Board of Supervisor require a more detailed justification on the
establishment, recruitment and selection for vacant Project
Positions, to include:
RECOMMENDATION NO. 1 :
Written justification for waiver of examination.
RESPONSE:
A. This recommendation is adopted.
B. Administrative Bulletin No. 416 "Project Positions" will be
amended to require that any department seeking to fill a
project position by waiver of examination and direct
appointment first submit a written needs analysis to the Human
Resources Director.
RECOMMENDATION NO. 2 :
Written conflict of interest statement for any selection made
without examination, identifying any relationship between the
selecting official and the selected candidate.
RESPONSE:
A. This recommendation is adopted as modified.
B. Administrative Bulletin No. 416, "Project Positions, " will be
amended to require that any direct appointment to a project
position be in accordance with Resolution No. 96/293, "Policy
on Avoiding Conflicts of Interest in Appointments by
Department Heads to Authorized Positions, " and adopted by the
Board of Supervisors on June 11, 1996 .
RECOMMENDATION NO. 3 :
Requirement that the Human Resources Director review the conflict
of interest statement and seek Board approval of the selection in
sensitive or questionable instances .
RESPONSE:
A. This recommendation is not adopted.
B. The policy on avoiding conflicts of interest adopted by the
Board of Supervisors on June 11, 1996 delegates this
responsibility to the appointing authority.
RECOMMENDATION NO. 4 :
Requirement that at least three (3) identified persons be
interviewed for any project position unless waived in writing by
the Director of Human Resources .
RESPONSE:
A. This recommendation is adopted.
RECOMMENDATION NO. 5:
Written documentation on the results of each interview be kept on
file with HRD for the duration of the project period.
RESPONSE:
A. This recommendation is adopted in part.
B. The Director of Human Resources will apply the practice
currently in use which requires departments to provide a
record of the outcome of the interviews to the Human Resources
Department, i .e. who was interviewed, who waived an interview,
who was appointed, etc.
RECOMMENDATION NO. 6 :
Written certification to the Board of Supervisors by the Director
of Human Resources that all requirements for the establishment,
recruitment and selection for Project Position vacancies have been
met.
RESPONSE:
A. This recommendation is not adopted.
B. Department heads, as appointing authorities, are accountable
for adherence to County policies and processes .
P-6
"COUNTY
COMPUTING EVOLUTION"
REPORT NO. 9611
The 1995-96 Contra Costa County Grand Jury recommends that the
Board of Supervisors :
RECOMMENDATION NO. 1 :
Formally establish the Information Technology Steering Committee
( ITSC) with the following responsibilities :
a. Ensure that the ITSC represents the computer interests of all
departments .
b. Adopt procedures for a model client/server operation.
C . Develop a client/server model for physical and environmental
characteristics needed for departmental computer operations .
d. Develop and maintain, for critical areas, a common disaster
recovery plan, including off-site storage of data at Hot Sites
(standby systems) .
e. Adopt and maintain a Systems Development Life Cycle (SDLC)
procedure which is applicable to all systems : purchased,
externally acquired or internally developed.
f. Adopt a standard for project management of new systems .
RESPONSE:
A. This recommendation is accepted.
B. The Information Technology Steering Committee ( ITSC) was
created in October, 1995 . The committee is chaired by the
County Administrator and its members are from the following
departments : County Administrator, Information Technology,
Probation, Auditor-Controller, Growth Management and Economic
Development Agency, Social Services, Health Services,
Municipal Court, Treasurer-Tax Collector, and Human Resources .
Since its inception, the committee has validated the
creation/broadening in scope of the County Wide Area Network
(WAN) Committee. This committee, co-chaired by
representatives from Superior Court and the Department of
Information Technology, is also represented by every County
department that wishes to belong and attend meetings.
Therefore, through the ITSC and WAN Committees, every County
department ' s interests are represented in decisions in
Information Technology.
The Wide Area Network Committee addresses the County-wide
technical infrastructure design. That committee is in the
process of drafting a model for client/server-distributed
processing operation and environmental characteristics . A
final product is expected by December, 1996 . It will be sent
to the Information Technology Steering Committee for approval
and implementation as County policy.
The Department of Information Technology has on file, tests
and updates each month, a formal disaster recovery plan for
the County's central computer center. This process includes
very secure off-site data storage, an ongoing "hot-site"
processing agreement with the Comdisco Corporation, and a
cooperative processing agreement with Alameda County
Information Services . In March, 1996, the Board of
Supervisors adopted the "Contra Costa County Computer Use and
Security Memorandum of Agreement, " for all department heads
and County employees . One of its provisions is that all
departments develop a disaster recovery document, modeled
after the central data center model . Information Technology
has offered consulting services to departments requiring
assistance designing and implementing such a plan.
Additionally, in July, 1995, the County signed an agreement
with the ARCUS Corporation of Sacramento to provide off-site
storage of data in an extremely secure facility. Information
Technology has offered this centralized service to all
departments and will also implement a centralized system back-
up service in September, 1996, that will be available to all
departments .
Information Technology has been using the "CARA" Systems
Development Life Cycle methodology and product since 1986 .
The project management team and the systems and programming
team went to specialized courses in employing the CARA
methodology. The CARA system, which is still in use today,
includes the system development stages of planning, analysis,
design, development, implementation and post implementation
recommended by KPMG Peat Marwick. There was discussion during
an October, 1995 meeting with KPMG auditors and Grand Jury
members that the County' s IT Director was considering
replacing this process with a more modern process, and this
may have been a matter of miscommunication during the
discussion. The County feels this process is already in place
and being used.
RECOMMENDATION NO. 2 :
Formally support:
a. Filling of the currently vacant EDP Auditor position.
b. Validating of all computer systems by the EDP Auditor against
this report' s recommendations and current EDP auditing
standards .
C. Housing of departmental computers in the County mainframe
facility, whenever feasible.
RESPONSE:
A. This recommendation is accepted.
B. In February, 1996 , the County engaged the Stanford Research
Institute to provide a security assessment of the County' s
central corporate data center and wide area network
connections . One of the preliminary recommendations of SRI ' s
draft report is the creation of a Countywide Security
Administrator function within the Department of Information
Technology. This person' s responsibilities would include the
delineation of functions within the Department with respect to
information security, and would provide a "third party"
relationship in controlling system security. Additionally,
the security as,sessment recommends the position of EDP Auditor
in the County Auditor' s office. The Board agrees with these
findings . It would be the function of these two positions to
coordinate the County' s future direction with respect to the
implementation of prudent information technology security
procedures and standards .
In August, 1995, and March, 1996 , the Director of Information
Technology issued Countywide memoranda advising of certain
inadequacies in various departmental computer sites .
Departments were invited to move their equipment into the
County' s central data center and, to date, two departments
have done so.
RECOMMENDATION NO. 3 :
Direct the development of administrative procedures to cover:
a. Provisions for updated, written administrative procedures for
using all system products and applications .
b. Enforcement of standards (e.g. , automatic virus checking) to
validate outside access to County computers and by limiting
activities to official business only.
C. Restriction of source code modifications to purchased
products .
RESPONSE:
A. This recommendation is accepted.
B. Written procedures for the acquisition and use of information
technology products are provided by the Purchasing Division of
the General Services Department, the Department of Information
Technology, the Wide Area Network Committee, and the
Information Technology Steering Committee on an ongoing basis .
During Fiscal Year 1995-96, policies implemented include
"Contra Costa County Computer Use and Security Memorandum of
Agreement, " "Desktop Computer Purchasing and Maintenance
Policy, " and "Implementation of County-wide Technology
Agreement and Use Policy. " These policies are drafted at the
department or committee level, forwarded to the Information
Technology Steering Committee for review and approval, and
then to the County Administrator for approval and distribution
through the County' s Administrative Bulletins .
In June, 1996 , the County entered into a contract with the
MacAfee Software Corporation for a 2,500 user site license for
MacAfee Anti-Virus software. Approved by the Wide Area
Network Committee as the best anti-virus product on the
market, this software is expected to be distributed to all
County desktop machines during the months of August and
September. However, there is no mandate provision for county
departments to utilize this software at the present time,
because of the cost factor of $30-$60 per machine. The
"Contra Costa County Computer Use and Security Memorandum of
Agreement" includes specific provision of language about every
department' s and employee' s responsibility to protect the
County' s data, utilize responsible and prudent security and
anti-virus guidelines, and use of County machines for County
versus personal business .
The County Administrator has directed all departments
utilizing commercial computer application software to use such
software in accordance with the contractual agreement. It is
incumbent upon each department' s system manager to insure that
this policy is being followed.
. • .° . p. , DYJ
"POLITICAL ACTIVITIES IN
CONTRA COSTA COUNTY BUILDINGS"
REPORT NO. 9610
Because of current circumstances in which the Board finds itself,
it is inappropriate to respond to Grand Jury Report No. 9610,
"Political Activities in Contra Costa County Buildings" at this
time.
Therefore, it is recommended that consideration of the Board of
Supervisors ' response to this report be continued and that County
Counsel be directed to advise the Presiding Judge of the Superior
Court.