Inside the FDA’s IT Strategic Plan
When the U.S. Food and Drug Administration released its IT Strategic Plan in September 2015, Chief Information Officer Todd Simpson incorporated a review process in order to revisit the plan annually and ensure it keeps up with mandates, new technologies and priorities.
The following year, the FDA released an updated plan with additional goals, improvement areas and a progress appendix of completed milestones thus far. According to Simpson, the administration has executed about 42 percent of the plan. Using a balanced scorecard approach, the FDA was able to accurately align all of its strategic objectives with its projects. “We realized how important it was to get tactical, to identify the most deliverables that were going to get us from point A to point B,” Simpson told GovernmentCIO Magazine in an interview.
The balanced scorecard is a planning and management method that uses performance measures with traditional financial metrics to provide a more balanced view of how the organization is doing. “And most importantly gave us the ability, I think, to really measure the right KPIs [Key Performance Indicators],” Simpson added. “So you know we’re watching the right stuff and I think we’re moving in the right direction.”
The administration's IT progress spans across the original plan’s three areas of focus: people, processes and technology. While execution continues to be a challenge, Simpson said he has been able to reach milestones through a cumulative sequence of achievements. For example, one of the goals in the plan was to hire a chief technology officer, which the FDA has since done.
The chief technology officer is then tasked with the next corresponding milestones outlined in the plan. Those include stabilizing the technology infrastructure, working on improvement plans, developing a technology roadmap, penetrating and balancing a cloud infrastructure and working with the Choose-Your-Own-Device program in tandem with the cloud.
Other ways Simpson and his team are tackling internal IT challenges are by practicing new acquisition strategies, repositioning the right people, moving toward agile development techniques and getting enabled technologies in place. “And from there, we’re going to actually be able to fix things,” Simpson said.
The Road Ahead
As the FDA continues on its IT Strategic Plan roadmap, Simpson identified the major challenges that remain: interoperability, data issues and system duplications. “It’s a double-edged sword here,” he explained, because the administration works in a federated environment. The FDA also runs on an IT chargeback model, meaning each center in the FDA has its own IT budget authority, creating a sense of autonomy with the technology being purchased and used.
In a sense, this model allows the FDA’s centers to be agile and mission-focused, but it also makes it difficult to collaborate and interoperate across those centers. Each center becomes hyper-focused on doing its job, which can create internal silos. Though Simpson respects this model, he said it can work against the FDA when it comes to projects like a digital transformation. It would be ideal, he said, to work under one language of software, standards and versions, so to speak.
As is, the FDA’s centers are working on different entities with different contractors and developing digital transformation plans. This becomes especially challenging when centers and offices that use the same data change their systems and platforms independently without communicating with each other or working together to make sure the data is still ingestible and usable on older technology platforms. “If these other centers proceed without working across the lines, they’re going to have Corvettes and Maseratis, but they’re going to have to drive on dirt roads,” Simpson explained.
So, he’s working closely to break down these walls. “I’m reaching out to them proactively, looking at all of their plans, trying to find that grey overlap area, which there’s a lot of,” Simpson said. Ideally, the CIO would treat the FDA as a single entity and build a platform that could hold many systems and serve all centers and offices at the enterprise level. “That’s how a CIO wants to do digital transformation,” he added, and if the administration does ever get to that point, it’s going to take a lot of time.
Past and Present IT Successes
Aside from the strategic plan, one of Simpson’s accomplishments as chief information officer for the FDA has been setting up the cloud. “When I arrived here we had no cloud presence,” he said. While previous attempts were made, the administration had trouble acquiring Federal Risk Authorization Management Program “Authority-to-Operate” certifications.
FedRAMP is the government-wide program developed by the General Services Administration that provides standardized authorizations for cloud products and services. According to the GSA, the head of an agency can authorize a system for use after a proper security assessment and by following the risk-based framework. Yet during these failed attempts, Simpson said the administration couldn’t even get low-classified data into the cloud, as it did not have the appropriate infrastructure in place to be authorized in those cloud environments or to monitor what was going on within the cloud.
So, the FDA set up a hybrid Cloud Brokerage Model, with both on-premises cloud, public cloud and five different service providers for Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service. The model includes a security layer and a new Cloud Advisory Board to monitor what should and shouldn’t be going into the cloud. According to Simpson, there are now more than 20 applications in the cloud with an aggressive plan to keep migrating.
The cloud is also allowing the FDA and its centers to technologically evolve. “We don’t want to embark upon a digital transformation and not have a cloud footprint that we can leverage,” Simpson said. Now, the technology roadmap includes those five service providers, representing a very “holistic opportunity” for the FDA.
Simpson has also been working to automate paper-based business processes. For example, the administration stood up the Automated Commercial Environment and International Trade Data System with the U.S. Customs and Border Protection. This system allows the industry to electronically submit data required by government agencies involved in international trade. The FDA also has automated field, audit and inspection processes to be done with tablets to instantly provide available reports and real-time data. To date, the FDA has done about 18,000 in-field inspections with the new system, according to Simpson.
Additionally, the administration is undergoing a software rationalization exercise to create a complete inventory of all system applications. In the FDA’s federated environment, each center had become accustomed to solving its own problems and standing up its own platforms. Though Simpson is not trying to take that autonomy away from the centers, he’s challenged with knowing and governing the types of technology people are buying and bringing in. With the software portfolio, Simpson said, “we know what our software problems are for the first time, and we have a really good road map to fix that.”