The personnel agency recently released its first IT strategic plan in nearly a decade.
The Office of Personnel Management’s tech shop is zeroed in on moving to the cloud and improving agency technology for governmentwide services like retirement, human resources and more, according to its first new IT strategic plan in nearly a decade.
The plan for fiscal years 2023 through 2026, released in May, sets out six strategic goals — including improving cybersecurity; modernizing IT procurement, development and deployment practices; improving customer experience; and investing in the CIO’s own workforce — in addition to over 100 specific to-do items.
The last plan dates back to 2014 -- before the discovery of the hack of agency data that compromised the personal information of more than 20 million federal employees, family members and job applicants. The new strategic plan is meant to set a vision for the agency so that “we’re all rowing in the same direction,” Larry Allen, associate chief information officer for IT strategy and policy at OPM, told Nextgov/FCW.
Modernizing agency IT also serves as a linchpin in OPM’s larger strategic plan.
The IT strategy is meant “to close the gap on that pace of technology change versus our legacy technology debt,” OPM Chief Information Officer Guy Cavallo wrote in the document’s introduction.
“OPM’s leadership acknowledges that the OPM legacy technology debt it has been carrying for years is a significant inhibitor to the agency’s ability to accomplish” its own broader, strategic goals, the plan says.
One ongoing focus for the agency will be moving to the cloud.
The CIO shop is going to evaluate all of its legacy tech and prioritize what to target first, according to the strategy. OPM launched an enterprise cloud in early 2022 and also has a Cloud Center of Excellence meant to provide oversight for that system, Cavallo told lawmakers last year
The CIO also has established a policy prohibiting new applications from being built on OPM’s mainframes, according to Allen, who said the agency is “going from the Flintstones to the Jetsons” by skipping incremental developments and moving from mainframes to the cloud.
As such, another priority flagged in the IT strategy is training for the OCIO workforce to, for example, reskill those that have only ever worked on the mainframes.
“We’ve encouraged team members to take cloud training as well as get any certifications for the cloud,” said Allen.
Several public-facing OPM services have also been targeted for improvements.
The agency’s retirement services — still largely paper-based and often the subject of complaints about backlogs of pending claims — are one focus. OPM plans to pilot a “digital retirement system” to get away from paper, it says, as well as move to electronic retirement records and online retirement applications.
It will also have to “migrate all legacy applications off the current mainframe computing environment,” the strategy states. “These custom applications, written in COBOL, will require refactoring and redeveloping the business logic in a modern programming language.”
The agency will need to develop a blueprint for how to get to those retirement services targets set in the roadmap, said Allen.
The agency’s public-facing website and the tech behind federal employee health benefits are also slated for modernization. OPM also wants to “optimize” its “USA suite” of offerings, like USA Jobs, which is set to get search engine optimization that includes machine learning and artificial intelligence to create a “personalized search experience” for job seekers.
The IT strategic plan also includes objectives addressing how OPM’s CIO shop does its work, such as imperatives to collaborate more with internal agency customers to improve their experiences of the OPM IT. The CIO’s office is also setting up a new governance model meant to involve program offices in decision-making for IT investments, track spending and review capital investments.
The agency is also “committed to having OPM enterprise contracts in place that support many of the IT services and products that the OPM program offices need,” the strategy says.
In addition to improving the operability of OPM IT, the strategy also targets that tech’s cybersecurity posture, noting that the agency will “define OPM’s overall IT security strategy” and “increase visibility and protection of key systems.” Already, the plan says that OPM has made big improvements in vulnerability management over the last year, automating parts of threat detection and response.
Finally, the agency wants to rid itself of legacy tech that it’s still maintaining for personnel vetting, even after OPM lost that function to the Defense Department, following the 2015 hack of personnel records.
The Defense Counterintelligence and Security Agency is building a new system, but OPM is “still responsible for supporting a number of legacy systems,” the strategy states. That discrepancy has previously resulted in funding shortfalls at the agency.
"What we’re doing is making sure that the old, legacy system is still available to them because they still have to get information there,” said Allen. ”So it does consume its fair amount of … resources to maintain both the network as well as the actual housing of the hardware.”
And though the strategy stated that OPM will continue to support the resource-intensive systems “over the next couple of years, it is important that this migration is completed to free up resources for OCIO to focus solely on OPM-related work.”