Organizational Structure of the
Social Security Administration

 

SSA ORGANIZATION MANUAL  

Chapter TH

THE OFFICE OF THE CHIEF INFORMATION OFFICER

 

I.         Mission

The Chief Information Officer is directly responsible to the Commissioner for carrying out the OCIO mission. The CIO is a member of the Federal CIO Council. 

OCIO is the focal point for SSA’s application of the Clinger-Cohen Act IT management reforms.  Manages SSA’s IT investment process and assesses the performance of the agency’s major IT investments.  Manages and directs SSA’s overall information systems security program.  Responsible for assessing agency notices and developing and implementing the agency’s authentication policies and procedures.  Manages SSA’s initiative to foster broader citizen participation through the use of emerging collaborative technologies. 

OCIO is the agency’s think tank for new and experimental ideas, using a laboratory environment.  Serves as a catalyst for major technology breakthroughs.  Manages SSA’s enterprise architecture; monitors the agency’s performance toward strategic goals; develops SSA’s IT vision; and provides strategic guidance to the agency’s IT planning process.

II.       Organization

A. The Chief Information Officer (TH)
B. The Immediate Office of the Chief Information Officer (THA)
C. The Office of Investment Management (THB)
D. The Office of Information Security (THC)
E. The Office of Open Government (THE)
F. The Office of Innovation (THG)
G. The Office of Vision and Strategy (THH)

III.       Functions

1. The Chief Information Officer (TH) is directly responsible to the Commissioner for carrying out the OCIO mission and providing general supervision to the major components of the OCIO.  The CIO is a member of the Federal CIO Council.  The Deputy Chief Information Officer assists the Chief Information Officer in carrying out his/her responsibilities.
2. The Immediate Office of the CIO (OCIO) (THA) provides the CIO and Deputy CIO with management support on the full range of programmatic, administrative and budget-related duties, including issues related to personnel, such as recruitment and retention, EEO, training, organizational issues, travel and awards.  We provide OCIO desk officer’s support for all OCIO components and manage the correspondence controls process. In addition, staff plan, develop and execute the OCIO Other Objects budget.  OCIO’s Audit liaison responsibility is also managed in the immediate office.
3. The Office of Investment Management (OIM) (THB) is the principal independent source of advice to the CIO and the Strategic IT Assessment and Review (SITAR) Board on IT systems strategies, budgets, investments, acquisitions, implementations, performance and related issues. OIM is the focal point for SSA’s application of the Clinger-Cohen Act IT management reforms and related Office of Management and Budget (OMB) and Government Accountability Office (GAO) guidance concerning the IT budget and investment management. OIM is also responsible for managing SSA’s IT investment process and assessing the performance of the agency’s major IT investments.
   1. The Division of Budget Formulation, Execution, and Technical Review (DBFETR) (THBA) is responsible for the formulation and execution of the ITS budget. This Division defines and manages the processes (in collaboration with the Office of Systems), oversees the review and approval of all ITS budget items and subsequent funding changes, and advises the CIO on ITS funding decisions. The Division performs technology assessments of the Office of Systems’ ITS budget items, System Procurement Requests, and Statements of Work for major procurements; explores innovative information technology plans; and works with the Office of Systems and the Office of Acquisition and Grants to develop innovative systems procurements.
   2. The Division of Investment Performance Reporting and Management (DIPRM) (THBB) leads the SITAR process for the CIO and is responsible for SITAR investment management reporting and for SITAR cost-benefit analysis guidance and support. It also leads the development of guidance related to IT performance measurement and post-implementation reviews and leads the oversight and execution of the process.  DIPRM also leads the development of OMB IT budget plans and the response to other OMB information requests.
4. The Office of Information Security (OIS) (THC) is responsible for managing and directing SSA's overall information systems security program.  OIS develops, manages and provides oversight of functions for agency-wide IT security policies and procedures. OIS’s robust IT security program includes: providing security including PII training and awareness and serving as a liaison to components and system developers; protecting the confidentiality, integrity, and availability of SSA’s computer systems and information; identifying and implementing risk-based security controls; conducting compliance reviews, evaluating trends, and tracking security metrics to gauge compliance and effectiveness; analyzing risks, vulnerabilities and trends to identify threats and to identify solutions to mitigate threats; and identifying appropriate risk mitigation strategies to support SSA’s evolving technology and business processes.
   1. The Division of Technical Operations (DTO) (THCA) designs, develops, and maintains SSA’s network infrastructure security policy. Researches, evaluates, and analyzes current and emerging technologies relevant to SSA’s information security architecture. Recommends functional specifications and coordinates the implementation of SSA’s network security architecture including hardware, software, devices, applications, and settings. Provides security advice and recommendations to the Architecture Review Board. Ensures the application development lifecycle provides for the appropriate control, audit, security, and privacy risk mitigation process and provides recommendations or clarifications on that process. Provides guidance, direction, and advice on the Continuity of Operations Plan (COOP) and disaster and emergency planning for the CIO. Maintains the appropriate COOP documentation.
   2. The Division of Security Policy (DSP) (THCB) designs, develops, and maintains SSA’s overall information security policy. Designs, develops, and implements information security training for SSA. Provides guidance, direction, and advice to SSA’s information security specialists. Manages the access control process for SSA, including policy, procedures, and forms. Provides oversight of the access control systems used at SSA and provides guidance and approval on proper use and administration of those resources. Provides oversight and management of the Critical Infrastructure Protection Program.  Provides oversight of SSA’s implementation of the Federal Information Systems Management Act and ensures SSA follows appropriate guidance and recommendations from the OMB, National Institute of Standards and Technology (NIST), and other applicable guidance.
   3. The Division of Compliance and Oversight (DCO) (THCC) designs, develops, and maintains SSA’s information security compliance program, including developing and implementing compliance reviews at SSA. Designs, develops, and maintains the information security compliance policy and reviews for data exchange partners, including developing and implementing compliance and monitoring reviews (protocols and oversight), as well as, training and coordination with the data exchange network. Designs, develops, and maintains the anti-fraud/integrity review policy and program. Designs, develops, and maintains the audit trail policy and program. Coordinates and provides oversight for the CIO of internal and external audit findings. Provides tracking and control of audit findings and recommendations. Provides the Component Security Officer for the CIO.
5. The Office of Open Government (OOG) (THE) is responsible for fostering the transparency of agency operations, citizen participation and collaboration.  OOG is also responsible for developing and implementing the agency’s authentication policies and procedures to ensure that we can verify the identity of the individuals who use our electronic services and ensure the public’s personal information is secure.  OOG leads agency activities to strengthen and improve notices by establishing clear writing guidance and notice standards, developing and guiding information technology investment projects to improve notice generation systems and establishing priorities for reviewing and rewriting notice language.
   1. The Division of Notice Improvement (THEA) improves the tone, clarity, and structure of SSA notices and develops, maintains and ensures the agency notice standards and clear writing guidance are followed. Provides vision and direction for improving agency notices. Develops, maintains, and coordinates the national notice clearance processes. Identifies, assesses, and resolves problematic notices and correspondence. Coordinates efforts to improve the multiple systems that generate notices.
   2. The Division of Authentication (THEB) ensures the agency follows authentication guidance from the OMB, and authentication technical standards from NIST.   Sets authentication policy, conducts authentication risk assessments, partners with other agency offices to develop authentication processes and investigates industry trends to learn about new technologies that can help strengthen the agency’s authentication techniques.
   3. The Division of Transparency and Citizen Engagement (THEC) identifies information of the greatest use to the public and makes the information available in readily accessible formats. Develops policies for the use of social media and blogs. Facilitates the use of emerging collaborative technology to foster broader citizen participation in government business.
6. The Office of Innovation (OI) (THG) is the agency’s think tank for new and experimental ideas.  The office tests new ideas in a laboratory environment, and offers potential solutions to the agency for implementation.  OI serves as a catalyst for major technology breakthroughs by promoting agility, creativity and flexibility.
   1. The Division of Research (DOR) (THGA) actively engages federal, commercial, and academic resources to collaboratively analyze, classify critique, explore, examine, investigate, and test innovative solutions to address agency challenges. Focuses on high risk/high reward research that merge business needs and cutting edge research. Improves collaboration throughout the agency by establishing a universal portal for research and development activities.  Integrates multiple channels to ensure consistent, accurate, and timely information and service delivery through the creation of a state-of-the-art laboratory to support experimental research and developmental activities.  OI is the agency lead for understanding the user experience which includes cultural, language, and service channel differences. Maintains knowledge of technological advances in the marketplace and determines the appropriateness of new technologies in SSA’s current and target environments.
   2. The Division of Experimentation (DOE) (THGB) examines emerging information technologies that have the potential to improve customer service, reduce costs, increase user and developer productivity, and improve customer access to SSA services.  Serves as a cooperative cross-component process for conceptualizing, evaluating, and implementing technologies that help the agency achieve its strategic goals and the overall objectives.
   3. The Division of Special Projects (DOSP) (THGC) facilitates agency adoption of emerging information technologies that have the potential to be transformative.   DOSP is a critical team for articulating a shared agency vision, and for building the partnerships that are necessary for disparate organizations to work together on common goals. Identifies quick wins for the agency, by leveraging technologies. Transfers technical knowledge and know-how obtained through innovation R&D efforts to other SSA components.  Utilizes strategic planning as an essential tool for moving innovative technologies forward and gaining the required support for investments. Encourages and promotes innovations that are effective, sustainable, repeatable, and maintainable agency-wide.
7. The Office of Vision and Strategy (OVS) (THH) manages SSA’s enterprise architecture; monitors agency performance toward strategic goals; develops an IT vision; and provides strategic guidance to the agency’s IT planning process.
   1. The Division of Strategic Services (DSS) (THHA) is responsible for creating and publishing the agency’s vision, mission and purpose in accurate, transparent reports. The reports provide timely, objective and pertinent performance measures used by SSA’s executives and by external entities to track the agency’s progress.
   2. The Division of IT Strategy (OIS) (THHB) develops and maintains a business-focused Enterprise Architecture (EA) as a blueprint to guide IT modernization in support of agency missions. EA provides a common methodology for IT acquisition, use, and disposal. EA describes the current and future state of the agency, lays out a plan for the transition, and aligns resources to improve business performance. Defines the agency’s technology vision, develops a long-term IT architectural plan, and establishes policy and governance for the agency IT planning process. Oversees and provides agency-wide support for the IT planning process by aligning SSA’s strategic objectives, EA, and innovation and technology vision toward achieving clear business results.