STATEMENT OF CLARE MARTORANA Chief Information Officer U S Office of Personnel Management BEFORE THE Subcommittee on Government Operations Committee on Oversight and Reform U S House of Representatives HEARING ON Agency Compliance with the Federal Information Technology Acquisition Reform Act FITARA August 3 2020 Chairman Connolly Ranking Member Hice and Members of the Subcommittee thank you for the invitation to discuss the status of information technology IT at the Office of Personnel Management OPM the progress we’re making in overseeing and addressing IT investments and our vision for what is possible to better serve OPM’s employees and customers My passion is using innovative technology and human-centered design to create products services and experiences that improve people’s lives For over 20 years I worked to do just that as President of Everyday Health and Senior Vice President and General Manager of WebMD In 2016 I felt compelled to improve and simplify the digital experiences people and businesses have with our government so I joined the United States Digital Service USDS For 2 years I worked on the Digital Service team at the Department of Veterans Affairs VA to establish the VA’s enterprise-wide Digital Modernization effort to give our Veterans the 21st century digital experience they deserve I joined OPM in February 2019 as the seventh Chief Information Officer CIO in approximately 7 years When I accepted the position I knew it would be challenging and was excited to do what I could to support the agency’s employees as well as the millions of customers that rely on OPM’s mission to be successful I arrived at an agency with a long list of challenges OPM had experienced a significant 1 breach only 6 years before the agency needed to transition the Department of Defense’s National Background Investigation Bureau NBIB now known as Defense Counterintelligence and Security Agency DCSA and decouple IT systems from OPM’s and we were facing a critical staffing vacancy rate especially in key supervisory roles within the CIO’s office In addition OPM did not have an Enterprise Architecture and several of OPM’s critical systems were running on end-of-life technology with legacy platforms and languages introducing high system complexity security and employee skillset risks The mainframe environment needed to be secured and stabilized as it was residing 20 feet below ground level in a sub Tier 1 Data Center in a flood zone The agency was also missing several key capabilities that lead to a reliance on manual paper driven processes introducing additional process complexity OPM’s legacy funding model with seven different streams of funding for OCIO creates incredible complexity in how we address our IT challenges Since becoming OPM CIO I have received a steady stream of support from OPM’s leadership to meet the provisions of FITARA by establishing an enterprise IT strategy for the agency We will be working closely with the program offices as we move forward in this direction The Importance of FITARA Being a private sector technology executive has its share of challenges but they are really nothing quite like the trials experienced by a Federal CIO In my former life I made decisions in a relatively linear way and directed funding to the areas in greatest need and with the greatest return on investment Federal CIOs have to operate at a level of complexity that is truly staggering meeting and balancing a myriad of executive legislative and oversight requirements all while working in an uncertain budgetary cycle that does not provide a great deal of flexibility One of the frameworks that has helped me since my arrival at OPM is FITARA Thank you Chairman Connolly for introducing the legislation and providing CIOs and agency leaders with the support they need to outline the right investment strategies create efficiencies and deliver on mission critical activities 2 Making Incremental Improvements New Laptops While OPM’s FITARA scorecard rating may be on the lower end of the spectrum across Federal agencies we are extremely proud of raising our score to a C in the past year With only one net new hire and no increase in incremental funding we have been able to make significant progress From decommissioning ‘end of life’ laptops and deploying 2 750 new laptops across the organization we were able to give our employees the tools they need to do their jobs This also enabled us to stand up an IT Life Cycle Management ITLM process to acquire install maintain track retire and replace an asset and institute a 4-year ITLM approach that will replace older laptops each year and over time place the agency on a regular refresh schedule All OPM users were upgraded to the latest version of Windows 10 and leveraged the cloud-based Office365 email Telework Readiness As the COVID-19 global pandemic was declared in March 2020 we made improvements to expand our Virtual Private Network VPN capacity and security to ensure we’d be able to provide the same level of support to our workforce of 2 800 OPM employees as well as 11K Department of Defense DCSA employees and contractors OPM staff and contractors moved seamlessly to maximum telework utilizing this secure connection to the OPM network over the internet to access the various OPM systems and applications Due to our laptop repair program virtually every staff member was able to take their laptop home and perform their work with little to no interruption These investments and actions have ensured the continuity of both agencies’ missions As telework has continued and the number of users connecting to the VPN increased we have an average of 4 500 concurrent users consistently remaining below 50% bandwidth consumption throughout the business day 3 There have been minimal reports of downtime reported to our Help Desk and zero OPM-wide outages or security events Through these actions we have brought modern technologies and hardware to two agencies and most importantly have shown our workforce that we can make incremental improvements As part of our repair work we are upgrading our older technology phone systems with soft phones to allow our staff to use their office phone numbers while teleworking and respond to phone calls remotely via ‘soft phones’ just by plugging in a headset to their laptops Securing the Mainframe In mid-July 2020 the OCIO team successfully migrated our mainframe technology from the Theodore Roosevelt Building in Washington D C to the Iron Mountain commercial data center in Boyers Pennsylvania We also met the challenge of decoupling OPM’s systems from DCSA’s 2 5 months before the October 1 2020 deadline as required under the National Defense Authorization Act NDAA for Fiscal Year 2018 and Executive Order EO 13869 OPM and DCSA’s systems are now fully operational in a new modern environment and have a disaster recovery environment in place Many said this could not be done These developments are a critical first step in placing OPM on the road to information technology modernization We will be moving additional components to their targeted locations and closing several existing data center locations Due to these efforts our systems will not experience flood conditions or power outages and we can focus on modernization efforts knowing we have a solid platform in place These enhancements will also help OPM meet the provisions outlined in FITARA and we expect our scorecard ratings to improve in a number of areas post our closure of two OPM operated data centers 4 CARES Act Achievements New Collaboration and Productivity Enabling Tools While COVID-19 was certainly an unexpected development it provided us with an opportunity to deliver on a few key IT enhancements to benefit our employees as well as our customers To assist OPM in managing in a new operating environment Congress provided OPM with $12 1M in Coronavirus Aid Relief and Economic Security Act CARES Act funding to procure enterprise information technology that would improve cross-agency business processes in a maximum telework environment and serve OPM over the long-term as it continues efforts to modernize IT To support OCIO and fast-track this effort the Office of the Acting Director stood up an intra-agency team led by the Office of the Director and Office of Procurement Operations and comprised of representatives from OCIO Procurement Privacy Office of the Chief Financial Officer and the General Counsel to provide rapid support guidance review and approval of the products and solutions identified and slated for procurement Through this structure we were able to rapidly identify review and acquire new telework-enabling tools telecommunications and hardware and software to benefit the OPM workforce We are in the process of developing training for OPM employees and change management strategies to ensure successful understanding and adoption of these new tools across OPM This new way of doing business worked quite well and has been viewed internally as a successful model for future enterprise projects Successful Test of Electronic Submission of Retirement Packages Under the direction of former Federal CIO Suzette Kent agency CIOs were encouraged to lean into technology solutions to advance agency mission delivery during COVID-19 Working with our partners in Retirement Services we successfully tested an emergency technical solution with one payroll provider to allow for the electronic submission of retirement applications to OPM Our test was successful and can 5 be expanded to the remaining payroll providers should we have the funding levels necessary to support this effort The Road to Digital Modernization Stability Security Due to OPM’s high turnover rate in the CIO position I’ve spent the past year learning all I can about the agency’s operations and building partnerships with colleagues and listening to their history and challenges with OPM IT What I’ve found is that an underinvestment over many years has led to an understaffed OCIO and an OPM-wide need for continuing focus on IT stability security and improvement I believe in being an honest broker with my colleagues We’ve had candid conversations about where we are as an IT organization how OCIO should be thinking about recruiting tech talent and what’s possible if we work together to make investments on an agency-wide basis Before you can modernize an enterprise you must ensure that you have a solid foundation to build upon OPM is undergoing the foundational efforts to modernize outdated and dilapidated systems and infrastructure which makes operating challenging on a daily basis One example is our challenge routing executive correspondence throughout OPM This is a paper-based system due to the failure of an IT system which was first stood up in 2006 The system fails multiple times a day generating dozens of Help Desk tickets and support calls and requires services to be continually rebooted This is also delaying OPM’s ability to respond in a timely fashion to our stakeholders across government and our customers Before you can modernize applications and move to the cloud you need to repair the basic operating infrastructure supporting OPM’s 20 locations and staff Retirement Services Call Center CX Use Case We have demonstrated that we can accomplish a lot with few resources in a short timeframe This approach continues today in how we are addressing OPM IT Earlier this year we partnered with OPM’s 6 Retirement Services on the rapid delivery of customer experience improvements to the Retirement Services Call Center within just 5 weeks and greatly improved sign-in failures by 47% and drastically reduced claim number formatting failures by 99% This confirms our passion for digital modernization OPM’s Digital Modernization Strategy Once modernization is underway we need to pursue a modern and agile infrastructure to innovate and develop solutions to address the business needs of the OPM program offices In OCIO we have a bias toward delivery A 21st century OPM must focus on putting customers first and improving the customer experience for internal and external customers that interact with the OPM Customers experience digital workflows increased self-service capabilities and the ability to access these capabilities using mobile devices while remaining assured that the information they share with the OPM is private safe and secure This is accomplished by using modern cloud-based IT solutions that are innovative simple to use and flexible to adapt to the changing requirements of OPM’s mission These capabilities must be delivered using cost effective techniques while maintaining the needed privacy and cybersecurity protections Outside of government customer technology has trained everyone to expect high quality experiences whether you’re booking a flight checking your bank balance or ordering takeout These interactions should be easy to use fast understandable safe and accurate OPM customers’ expectations are high for the digital services and customer experiences they receive from the agency However OPM’s public websites do not offer compelling authoritative content and tools for its customers When our customers reach our online front door at OPM gov we have duplicative and outdated web content and tools which creates a confusing user experience and reduces OPM’s credibility Unstructured content means OPM gov does not rank as the authoritative source on Google and other search engines 7 Content written in government legalese means search engines AI and machine learning fill the gap by creating better plain-language content and tools for OPM’s customers OPM has the opportunity to modernize its digital services to meet customer needs The President’s Management Agenda as well as the 21st Century Integrated Digital Experience Act IDEAct and the Office of Management and Budget’s Customer Experience Cross-Agency Priority Goal among others require us to do so as well as give us the mandate to use technology to improve the way we deliver services to our customers We firmly believe in the digital principles outlined in these frameworks and know it is possible to use design and technology to modernize OPM Transitioning to a Product Mindset In government we’re familiar with project management – how to deliver customer services Project managers focus on meeting organizational goals and delivering business outcomes to a timeline By transitioning to a product mindset designing with users and not for them we focus on delivering quality user experiences for our customers We use user-centered design practices and research to generate wants and needs by understanding the user and the business and use technology to deliver an exceptional customer experience Products continuously improve based on user feedback and metrics and we’re always making enhancements to customer delivery Congress and the administration have given us tools like FedRAMP the IDEAct and the PMA to simplify security for the digital age move more quickly in deploying technology and focus on providing an exceptional customer experience We need to ensure Federal employees are aware of these flexibilities and are using them to improve agency operations and service delivery 8 By pivoting to digital modernization we can fast-track processes similar to what we achieved with the COVID-19 supplemental finding and show agency employees and our customers what’s possible We can also bring OPM along on the journey by helping our workforce evolve into a product mindset by focusing on improvements for our customers – Federal job seekers Federal employees and Federal retirees chief human capital officers and HR professionals and OPM business lines staff vendors and Federal partners Conclusion We’re at an exciting time in Federal IT Every American deserves modern tools and services and access to their own information to navigate the complexities of modern life when they interact with our government By phasing out legacy systems investing in modern technology stacks that will enable us to become agile and ship products in a daily production environment we’ll be able to retain and attract top tech talent and better serve our customers When Congress appropriates IT funding to an agency you deserve to see the return on investment and ultimately the impact the funding is making for your constituents I am a firm believer that we can and must strive to provide a better customer experience for the American people It’s what they deserve 9 10