NIH POLICY MANUAL

1. Explanation of Material Transmitted: This policy establishes an Enterprise Architecture (EA) practice for the National Institutes of Health (NIH).  This document provides information, policy, guidance, and links to other NIH IT resources for developing a practical and integrated EA across the NIH. 

2. Filing Instructions:

   Remove: None
   Insert: NIH Manual Chapter 2808 dated 03/25/05

PLEASE NOTE: To sign up for email notification of future changes, please go to the NIH Manual Chapters LISTSERV Web page.

A. Purpose: This policy establishes an Enterprise Architecture (EA) practice for the National Institutes of Health (NIH). Facilitated by the Office of the Chief IT Architect (OCITA), within the Office of the Chief Information Officer, NIH, this document provides information, policy, guidance, and links to other NIH IT resources for developing a practical and integrated EA across the NIH. 

The NIH EA aligns NIH’s Information Technology (IT) assets and initiatives with its mission, and enables computer systems, networks, software, and data/information systems that support government functions and services to more effectively and efficiently communicate, interoperate, and share resources. The NIH EA facilitates the application of IT to business initiatives and objectives in an orderly, efficient, and cost-effective manner by describing a direction for technology activities supported by guiding principles, standards, and best practices. 

This policy focuses on NIH EA integration to achieve the following benefits for NIH:

· Improved interoperability between systems;
· More reliable and accurate information that is available whenever and wherever needed;
· Improved consistency, accuracy, timeliness, integrity, quality, availability, and access to IT-managed information sharing across the enterprise;
· Elimination of multiple, disparate and duplicate systems;
· Economies of scale by providing mechanisms for sharing services across the enterprise; 
· Improved communication among the business organizations and IT organizations within the enterprise; and
· Stability of systems operations.

There are other benefits of having an effective EA such as business innovation and faster system development timelines. 

B. Background: The Clinger-Cohen Act of 1996 mandates the implementation of an effective EA policy and an associated EA practice. This act requires Federal Agency Chief Information Officers to develop, maintain, and facilitate “a sound and integrated information technology architecture for the executive agency”. Subsequently, the Office of Management and Budget (OMB), in its Circular A-130, issued explicit guidance that requires agency information system investments to be consistent with the Agency’s EA. Further legislative guidance has been provided in the e-Government Act of 2002. The scope of NIH’s EA includes a description of the baseline environment (i.e., current or “as is” state) and target environment (i.e., future or “to be” state) for the business, technical, security, and information/data environments. This description of “as is” and “to be” is required by the legislation referenced in Section D. 

The OCITA was created within the Office of the Chief Information Officer, NIH, to plan, coordinate, develop, implement, and provide ongoing oversight for all EA policy issues at NIH. The OCITA has developed an NIH EA framework that promotes an integrated design for IT systems and its supporting technology implementation at NIH. The NIH EA was created and implemented to: 

· Further the NIH mission through automated processes that expand and enhance the productivity of NIH staff.
· Facilitate a greater relationship between NIH and its customers, stakeholders, and suppliers in the United States and abroad.
· Establish standard system engineering approaches that have worked for complex systems and design issues for the benefit of the NIH mission.

This EA policy has been established based on the governing laws, regulations and guidance set forth in the Reference section (Section D) of this policy.

C. Policy:  

1. This policy applies to all NIH Institutes and Centers (ICs).

2. The NIH EA, as defined by OCITA through the publication of standards, applies to all aspects of information technology (IT) at the NIH, including systems, infrastructure, products, and designs, developed internally and by outside contractors.

3. All NIH ICs shall use the NIH EA framework, methodologies, current (“as is”) and target (“to be”) technologies (i.e., architectural patterns and bricks), and best practices to develop, implement, and/or acquire computer hardware systems, software systems, application systems, operating systems, security systems, and networking systems. The NIH CIO with the concurrence of the ARB will establish clearance and approval procedures to ensure compliance with the EA.

4. Architecture exceptions may be granted on a case-by-case basis by either the Office of the Chief IT Architect (OCITA) or the NIH Architecture Review Board (ARB) as appropriate 
http://enterprisearchitecture.nih.gov/YourPart/File/ExceptionProcess.htm. 

5. The maintenance of the content of the EA is the responsibility of the Chief IT Architect and the location of this information will be made accessible through the OCITA.

6. This policy excludes stand alone IT systems that directly support Intramural scientific research.

D. References

1. HHS CIO Council Memorandum, Enterprise Architecture Policy, dated May 13, 2003 http://intranet.hhs.gov/cio/eapt/read/eapolicy.html

2. Clinger-Cohen Act, 1996 
http://irm.cit.nih.gov/itmra/itmra96.html

3. E-Government Act, 2002 
http://www.whitehouse.gov/omb/egov/g-4-act.html 

4. OMB Circular, A-130, Management of Federal Information Resources, http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html

5. OMB Circular A-11, Preparation and Submission of Budget Estimates, http://www.whitehouse.gov/omb/circulars/a11/04toc.html

6. OMB Memorandum, Implementation Guidance for the E-Government Act of 2002, dated August 1, 2003 
http://www.whitehouse.gov/omb/memoranda/m03-18.pdf 

7. OMB, FEA Federal CIO Council, Federal Enterprise Architecture framework, Version 1.1, dated September 1999 
http://cio.gov/archive/fedarch1.pdf 

8. GAO, A Framework for Assessing and Improving Enterprise Architecture Management, Version 1.1, dated April 2003 
http://www.gao.gov/new.items/d03584g.pdf 

9. NIH Enterprise Architecture 
http://enterprisearchitecture.nih.gov/ 

E. Definitions:

1. Enterprise Architecture—is both a model and a set of guidelines. As a model it documents the NIH and its universe of relationships, operations, processes, and underlying systems. It represents the NIH and how it executes its mission. As a set of guidelines, it defines the technical environment, standards, and policy within which technical solutions will be established. An ‘architecture’ is a set of guidelines and standards that brings order into the world of information systems. It explains where data resides, how systems interface, and what type of “building materials” will be used to develop information systems.

2. Current Architecture—is a dynamically updated representation of the "as-is" business, data, technical and security IT environment.

3. Target Architecture—is a dynamically updated representation of the "to-be" business, data, technical and security IT environment achieved at a future time. 

4. Domain Team—IC representatives assembled to apply their collective knowledge and experience of its individual members, industry best practice, and other knowledge sources to define and document a specific component of the NIH EA.

5. Information Technology (IT)—is the hardware, software, and services operated by an organization that processes information to accomplish a business function, regardless of the technology involved, whether computers, telecommunications, or others.

F. Responsibilities:

1. NIH staff (to include any contractor support staff) that are involved with IT activities that are described in this policy are responsible for complying with the NIH EA. 

2. NIH CIO is responsible for developing, and managing IT policies and procedures in compliance with Federal law and HHS regulations.

3. NIH Chief IT Architect is responsible for researching and organizing information to define and develop the NIH EA. Additionally, the NIH Chief IT Architect is an advisor to the NIH CIO on issues relating to EA.

4. The Office of the Chief IT Architect (OCITA) is responsible for: 

· developing, executing and managing NIH’s EA policy and program;
· ensuring that EA policy directly supports NIH’s IT Strategic Plan;
· developing and maintaining EA management processes to include oversight and control, and EA review, validation, and refinement;
· providing EA input to NIH’s Capital Planning and Investment Control (CPIC) process;
· establishing teams and task forces (e.g., Domain Teams) as needed or required to develop components of the EA; 
· developing and supporting a process for requesting exceptions to the architecture; and
· maintaining and distributing EA artifacts.

5. Architecture Review Board, chaired by the NIH Chief IT Architect, is the architecture oversight steering committee with ultimate NIH EA decision authority. 

G. Procedures: Enterprise Architecture procedures are documented and available on the NIH EA website. The standards development process is described in NRFC0001. 

H. Records Retention and Disposal: All records (e-mail and non-e-mail) pertaining to this policy must be retained and disposed of under the authority of NIH Manual 1743, "Keeping and Destroying Records, Appendix 1, "NIH Records Control Schedule," Section 2800-A., ADP Management and Research.

NIH e-mail messages. NIH e-mail messages (messages, including attachments, that are created on NIH computer systems or transmitted over NIH networks) that are evidence of the activities of the agency or have informational value are considered Federal records. These records must be maintained in accordance with current NIH Records Management guidelines. Contact your IC Records Officer for additional information. All e-mail messages are considered Government property, and, if requested for a legitimate Government purpose, must be provided to the requester. Employees' supervisors, NIH staff conducting official reviews or investigations, and the Office of Inspector General may request access to or copies of the e-mail messages. E-mail messages must also be provided to Congressional oversight committees if requested and are subject to Freedom of Information Act requests. Since most e-mail systems have back-up files that are retained for significant periods of time, e-mail messages and attachments are likely to be retrievable from a back-up file after they have been deleted from an individual's computer. The back-up files are subject to the same requests as the original messages.

I. Management Controls: 

1. Office Responsible for Reviewing Management Controls Relative to this Chapter: CIT

2. Frequency of Review: This policy shall be reviewed for applicability on a yearly basis by the IT Policy and Planning Group.

3. Method of Review: OCITA evaluates input from users based on e-mail, telephone calls, meetings and memoranda, and makes appropriate changes as needed.

4. Review Reports are sent to: The NIH Chief Information Officer.