PresentationTitle City and County of San Francisco Police

PresentationTitle City and County of San Francisco Police Department Information Technology Strategic Plan 31 May 2007 Engagement: 221255031

Table of Contents Overview of Project Objectives and Methodology Current Environment Overview: 3 Key Organizational Data & Drivers/Challenges 10 IT Environment and Services 15 Operational and Infrastructure Requirements 26 Key Findings and Assessment 31 Recommended Initiatives and IT Service Delivery Organization 37 Five-Year Road Map 45 Scope, Objectives, and Description of Initiatives IT Infrastructure Upgrade 47 IT Service Delivery and Governance 63 RMS/CMS/LIMS, EIS, and Patrol Car Data Access 70 For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 2

Overview of Project Objectives & Methodology For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 3

SFPD IT Strategy Project Objectives Review current applications and infrastructure and determine opportunities for improvement to support Department performance management and decision making. In addition to the current records management automation initiative, what are additional needs in headquarters and in the field? What are potential application and technology risk areas? Are applications and supporting infrastructure aligned to meet current and future needs of the SFPD? Assess current IT infrastructure, applications, and service delivery. Are there additional technology solutions needed to facilitate effective management reporting and decision making? Will the various data collection and management reporting applications meet growing and emerging constituent demands? Are current systems consistent with industry best practices for seamless integration of workflow and data? Are current IT service delivery and processes adequate to meet short and long term Department needs? For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 4

SFPD IT Strategy Project Objectives Develop short and long term recommendations to address potential gaps in the following areas: Applications and supporting infrastructure Information security and disaster recovery Management and performance measures reporting systems IT services and service delivery IT management processes and governance IT project management IT investment management Develop roadmap to implement prioritized recommendations. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 5

Information Technology (IT) Strategy A Definition An IT strategy articulates clear vision and objectives and sets a roadmap to attain and maintain the strategy. The IT strategy should: Support existing business/operational priorities and enable achievement of new priorities. Be anchored in core values and principles and balance visionary thinking with pragmatic operational realities. Provide an initial statement of direction to guide activity in all aspects of IT. Be an on-going process that needs continual refinement. Business/Operations Strategy IT Strategy Solutions Strategy IT strategies should always be driven by the business/operations strategy Delivery Strategy Drives Enables “Doing the Right Things” “Doing Things Right” Business Solutions Architecture For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Leading organizations leverage IT to enable new and different business strategies Communications Roadmap 31 May 2007 Page 6 Organization Governance Processes

IT Strategic Planning Gartner Methodology for IT Strategic Planning 4 Business/ Operational Strategy Develop HighLevel Target Architecture Plan 1 Summarize Strategic Business/Operational Direction 3 2 Develop HighLevel IT Direction Conduct IT Assessment and Gap Analysis 6 Develop Migration Approach & Roadmap 5 Develop Target Service Delivery Model Technology Trends December 2006 to May 2007 For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 7 7 Develop Communications Plan and Obtain Broad Consensus

Project Phases 1. IT Project Planning and Initiation 2. Business/Operations and IT Environment Discovery Conduct Business/Operational-Focused & IT-Focused Interviews 3. Summarize Strategic Business/Operational and IT Directions Conduct Workshop for Business/Operational Directions and IT Implications Conduct Workshop for IT Strategic Directions and Guiding Principles 4. Conduct IT Assessment and Gap Analysis Assess Alignment of Current IT Initiatives and Portfolio Assess IT Management and Governance Capabilities Assess IT Infrastructure For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 8

Project Phases (Cont) 4. Develop Target IT Environment and Service Delivery Develop High-Level Target Technical Architecture Conduct Workshops for Target IT Environment, Service Delivery Needs, and IT Governance 5. Develop IT Strategic Roadmap and Define IT Support Structure Conduct Strategic Recommendations and Prioritization Discussion Further Define IT Service Delivery Resources Develop IT Roadmap & Communications Recommendations Prepare Final Report and Presentations Conduct Final Briefings and Presentations For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 9

Current Environment Overview Key Organizational Data & Drivers/Challenges For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 10

Key Organizational Data Total FY 2006-2007 Budget: 368M Number of Staff (Budgeted): 2700 Approximately 2100 Sworn Officers Number of Incident Reports: 120,000 per year By Service Area: Staffing By Service Area Patrol Number of Emergency Communications Dept. (ECD) Calls: Investigations Operations & Administration 1,000,000 per year Airport Other Average Per Shift: 800 Sworn Officers & Civilians For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 11

Key Organizational Data: IT Budget (estimated)** 2006-2007 Budget % of IT Budget 5,527,848 58.6% Other Non-Salary MIS Budget 2,080,216 22.1% MIS Staffing (14 FTEs) 1,817,403 19.3% DTIS Work Order ISD Computers - 2,984,978 Telephones: 1,504,694 911 - 650,013 Citywatch – 39,677 Off-Budget 348,486 Sub-total 9,425,467 Project-Based: RMS Project Team (7 FTEs) 749,378 **Total Project Budget: 5.29 Million, excluding SFPD staff costs. DTIS Work Order: Carry forward Grant – Security System TOTAL 11,722,282 **Note: IT Budget figures exclude Airport Bureau. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 1,547,437 31 May 2007 Page 12

Key Organizational Drivers/Challenges External Drivers Public and political expectations for accountability and performance measures Partner agencies’ (e.g., CA DOJ) expectations in information sharing and communications capabilities Increased constituent demand for information (e.g., crime statistics, location) and services For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 13

Key Organizational Drivers/Challenges Internal Drivers Changing workforce due to retirements and growth needs, e.g., annual hiring projection of 250 officers Policy-intensive procedures and processes requiring individual accountability Limited funding and resources for information technology support and capabilities For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 14

Current Environment Overview: IT Environment and Services For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 15

IT Environment: Functional Current Applications/Databases Major Enterprise-wide Applications (SFPD/Public Safety Specific) Major Enterprise-wide Applications (City-wide) Other Applications Used by Multiple Bureaus/Divisions/Units CAD (i-CAD; e-CAD) PeopleSoft HRMS (Public Safety): Scheduling; Interface to CAD IRS: Incident Reporting System CABLE Intranet Web Page CLETS/NCIC (owned/managed by CA DOJ) Lotus Notes: E-Mail Functionality Only PeopleSoft HRMS FAMIS For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 AFIS; Live Scan; TRAK; Crime Mapping; Mug Shots; Voice Box; Pen-Link; Cal-Photo; CARS (CHP); PID 31 May 2007 Page 16

IT Environment: Functional Current Applications/Databases (Cont) Bureau/Division/Unit Specific Applications & Databases External Facing Applications Field Operations: Multiple Traffic DBs, including DABOR DB; UCF Software; Radio and Video Storage Applications; National Incident Management (system in development) Investigations (Property/Personal/Juvenile & Family Services/Narcotics & Vice): Fraud Chronology DB; Multiple Narcotics/Vice DBs; Homicide DB; Sexual Predator DB; Robbery DB; Gang Task Force DB Investigations (Forensic Services): DNA Analysis DB; Firearms Tracking DB; Lab Information Mgmt. System Administration: Backgrounds DB; Firearms Training DB; Other Training/Academy DBs to track training and POST records; Use of Force DB (Word); EEO DB (Excel); Firearms Tracking DB; IKON (Imaging); Inventory and Asset Management (IT); Facilities Mgmt Tracking DB; Claims and Suits (Excel); Laserfiche (Support Services) Airport: Intergraph CAD/RMS; Personnel/Training DB Citizen Website CopLogic (External System) For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 17

IT Environment: Functional Current Applications/Databases (Cont) Other UCS Report Writer: Being Used as Word Processor Tiburon RMS: Limited RMS functionality – captures CAD incidents transfers CARS (owned by OES; data sent to CARS from CAD – SFPD does not have direct access to CARS data). For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 18

IT Environment: Technology Inventory* Personal Computers Server Environment/Mainframe SFPD has approximately 1,250 Personal Computers. Desktops – 1,150 Laptops – 100 SFPD supports roughly 45 servers at HOJ, with additional servers located at non-HOJ locations. CABLE as well as city-wide applications used by SFPD (e.g., payroll, City HRMS system) are located at DTIS data centers (Turk St., and 1 Market St.). DTIS has the primary responsibility for managing the mainframe and server environments. Inventory Age* 5 Yrs Old 5-10 Yrs Old 10 Yrs Old Unknow n * The age of the Operating System is used as a proxy for the system age Network Other Patrol stations are connected to HOJ through the wide area network (WAN), which is managed by DTIS. Most remote offices have T1 connections which, in some cases, carry voice and data transmissions. Local area networks (LANs) and standalone servers, which are not connected to the WAN, are scattered across the department. SFPD has over 550 printers. * All inventory analysis was based on SFPD’s reported inventory. Inventory figures exclude Airport Bureau, whose IT is funded and managed separately. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 19

IT Environment: Technology by Bureau* Inventory by Bureau Administration and Investigations have relatively equal number of computers, approximately 470. Field Operations has a smaller number, approximately 310. The number of printers assigned to each bureau ranges from 160 to 210. There are a limited number of laptops within the department; Investigations has the highest number, with approximately 85. 500 450 400 350 300 250 200 150 100 50 0 Admin. Field Ops. Invest. Laptops Desktops Printers 3500 Inventory Weighted by Bureau Staffing 3000 Administration has the highest inventory of PCs and printers, when adjusted for number of bureau staff. Field Operations has significantly fewer PCs and printers, when adjusted for number of bureau staff. 2500 Admin. 2000 Field Ops. 1500 Invest. 1000 500 0 Computers Age of Personal Computer Inventory by Bureau Administration has the highest percentage of PCs, which are less than 5 years old. Roughly 60% of Field Operations’ Personal Computers are over 10 years old. Printers Invest. Unknow n 5 Yrs Old Field Ops. 5-10 Yrs Old 10 Yrs Old Admin. * All inventory analysis was based on SFPD’s reported inventory. Inventory figures exclude Airport Bureau, whose IT is funded and managed separately. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 20 0% 20% 40% 60% 80% 100%

IT Environment: Average Patrol Station* 35 Patrol Station Inventory 30 An average patrol station has 24 desktop computers and 14 printers. Southern, Mission, Northern, and Taraval have 25 or more PCs. Park has the fewest number of PCs. 25 Personal Computers 20 Printers 15 10 5 0 Inventory Age Approximately 75% of PCs are more than 5 years old. Up to 5 different versions of Windows are currently in use within one station. Taraval and Northern have the highest percentage of PCs, which are less than 5 years old.; Tenderloin and Park have the highest percentage of PCs, which are older than 10 years old. Tenderloin Taraval Southern Unknown 5 Yrs Richmond Park 5-10 Yrs 10 Yrs Northern Mission Ingleside Central Bayview 0% For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 21 20% 40% 60% 80% 100%

IT Roles and Responsibilities Desktop/Printer Support & Maintenance SFPD DTIS Some service support requests are made directly to SFPD IT Staff. Per DTIS, it receives calls from SFPD MIS to log issues into DTIS help desk ticket system. Service support requests via E911 help desk. Comments Desktop installations are performed by SFPD, DTIS or an outside contractor (based on resource availability). SFPD is responsible for procurement of desktops, printers, and other similar devices. SFPD is responsible for configuration management & maintenance. Server Administration and Maintenance SFPD MIS primarily supports Wintel servers that are used for distributed computing. DTIS provides server support for the applications that it maintains (HRMS, CABLE, iCAD). Server support is also provided by external vendors for iCAD and eCAD. Network Communications Infrastructure Support Responsible for the SFPD LANs. (e.g., security, software distribution and patch management). Responsible for citywide WAN; provide some LAN support (e.g., routers and switches); responsible for wireless network including public safety radio system. LAN Local Area Network – is generally the responsibility of the Department Responsible for user ID and password management, desktop management, and LAN management. Responsible for citywide security management pertaining to enterprisewide infrastructure. In general, responsibility for security is split between SFPD MIS and DTIS, based on what IT components that each maintains. For example, DTIS is responsible for security for the WAN and SFPD is responsible for security for the LAN. Security For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 22 WAN Wide Area Network – is the responsibility of DTIS.

IT Roles and Responsibilities (Cont’d) SFPD Disaster Recovery DTIS Offers this service for the applications that it maintains (hosts). Comments DTIS disaster recovery site is in Colorado. Data Center Operations Generally does not support traditional data center related operations but supports those servers that are used for office automation functions such as file and printer sharing. Those servers are located in HOJ. Provides operational support for the CABLE and HRMS servers that host SFPD applications. These servers are in data centers located in Turk St., One Market Place, and HOJ. Application Support SFPD MIS provides support for applications that it maintains, such as IRS (current incident reporting system). DTIS provides support for applications that it maintains, such as the Public Safety PeopleSoft HRMS and CABLE. Includes services, such as application maintenance & development. IT Service Desk Some service requests are made directly to SFPD IT Staff. E911 help desk is primary contact for public safety users. This is staffed 24X7. Depending on priority of issue, access to second level support is limited outside of standard business hours. DTIS has 4 help desks, which it is proposing to consolidate, based on a recent Controller audit. Project Management Provides project management of department-specific initiatives such as the New World System records management project. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Supports SFPD projects but is responsible largely for managing citywide projects. 31 May 2007 Page 23

IT Resource Allocation Ongoing Operations Support and Project Support SFPD and DTIS reported a total of 27 resources allocated to supporting SFPD operational needs. In addition, there are eight (8) SFPD resources supporting the RMS project. Operations SFPD DTIS Comments Desktop/Printer Support & Maintenance 2.5 FTEs 1.0 FTE All FTEs are co-located at HOJ. Supports approximately 1,250 client devices. Server/Mainframe Administration and Maintenance 1.75 FTEs supporting 56 WinTel servers for print and file sharing primarily. 5.5 FTEs total (1.0 for Unix support and 2.5 for mainframe support, 2 for Wintel). Server support is also provided by external vendors for iCAD and eCAD. Local Area Network 1.75 FTEs 4.5 FTEs DTIS 911 Help Desk supports all public safetyrelated departments 24X7, i.e., three shifts. Other Help Desk exists for CABLE application support. 1.5 FTEs SFPD resources are considered “super users” that support management reporting requests. Help Desk Application Maintenance & Support – HRMS, IRS 2.0 FTE Mainframe support is included. DTIS resources provide maintenance & development support. Application Maintenance & Support – CABLE and CLETS coordination. 2.5 FTEs Project Management and Administration 2.5 FTEs Total Allocation 13 FTEs For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 1.5 FTEs DTIS resources are generally focused on maintenance functions. No additional functionality is being developed for CABLE. Includes full time management of MIS section, telecommunications management, and management of LAN/desktop resources. 14 FTEs Does not include external service provider contracts, and DEM-related resources. 31 May 2007 Page 24

IT Environment/Services: Airport Technology Infrastructure LAN (Local area network) maintained by SFPD Airport Bureau. Airport ITT provides support for network connectivity outside of Airport Bureau switches. Services The majority of IT support services (e.g., help desk; application support & maintenance) provided by 3 FTE SFPD resources. In process of developing work order with DTIS to provide application support services that are currently being provided by SFPD resources. SFPD: PeopleSoft HRMS For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 SFPD Airport Bureau: San Mateo County Sheriff: CAD; RMS CLETS; RMS 31 May 2007 Page 25

Operational and Infrastructure Requirements For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 26

Criteria for Prioritization of Operational Requirements Over 150 SFPD stakeholders participated in defining high level operational requirements in December 2006. These requirements were documented in detail, and discussed with SFPD’s leader team. Requirements were prioritized based on the following principles: Align requirements with core mission/values SFPD Statement of Values: Highest Priority is the Protection of Human Life Identify requirements with greatest impact on organizational capabilities Incorporate foundational dependencies (infrastructure) For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 27

Operational Requirements Common Themes Workplace and Office Automation Support Streamline communication processes For example, use of electronic mail for transmission/confirmation of directives. Facilitate access to critical data sources For example, integrated law enforcement and justice databases. Provide the tools necessary for each role and responsibilities For example, sufficient access to computer workstations/printers, which allow officers to efficiently complete their reports. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 28

Operational Requirements Common Themes (Cont) Core Mission and Operational Support Provide consistent and robust access to critical officer safety information For example, ease of access to CLETS information. Facilitate effective information sharing among various divisions For example, integration of data, which is currently stored in multiple, standalone databases and systems. Seamless (and paperless) workflow to support due diligence processes (e.g., incident and arrest reports, traffic reports, evidence tracking, evidence disposal, and records management), with a focus on reducing paperwork workload for patrol officers. Provide decision making and performance reporting tools necessary to support departmental needs For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 29

Infrastructure Requirements Common Themes (Cont) Provide sufficient access to robust, consolidated workstations For example, officers able to use single workstation to access multiple applications, including e-mail and the Internet. Provide the network infrastructure required to support operational requirements For example, enabling the access to/ sharing of data across the department, including in mobile units. Strengthen the management of information security across the department Strengthen department-wide implementation of disaster recovery processes For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 30

Key Findings and Assessment For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 31

Key Findings and Assessment Alignment to Strategic Goals and Directions Current applications and technical infrastructure will not meet long term Department needs. Workplace and Office Automation Capabilities Access to capabilities is not consistently available throughout the department (e.g., e-mail). Communication and data/document exchange within the department, as well as with the public and partner agencies, is often challenging given limitations in automation tools. Insufficient access to robust computer workstations/printers impacts officer efficiency (e.g., increased time spent on completion of incident reports). Real-time data is not easily accessible across the department, for use by officers in the field as well as for purposes of analysis and reporting. “Shadow” and manual functions are in place to meet day-to-day needs for information (e.g., patrol, training, investigations). Concerns raised regarding records management system (RMS) deployment plans. Core Mission and Operations Support For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 32

Key Findings and Assessment (Cont) IT Maintenance and Refresh Cycle Data Communications Infrastructure Backup and Recovery Planning is underway to replace aging personal computer devices (e.g., desktops). Application performance and infrastructure-related security issues would be addressed through consistent technology refresh processes. Concerns raised regarding overall robustness of communications infrastructure to support current and future (e.g., RMS deployment) needs. Planning is underway to upgrade Hall of Justice (HOJ) network infrastructure. Concerns raised regarding ability to successfully recover data should current department HRMS fail. Planning is underway to upgrade HRMS, however, requires further scope and resource definition. Some risks due to inconsistent levels of disaster recovery and back-up support for department data. Efforts are underway to address these risks. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 33

Key Findings and Assessment (Cont) IT Service Delivery Consistent concerns raised in end-to-end delivery of IT services (including training), except for Airport Bureau IT services. IT Help Desks Formal and informal avenues available for resolving computer related issues. Single point of contact established (i.e., 911 help desk) and funded by public safety departments. Impression is that informal avenues (i.e., who you know) generally works better than formal channels. Department of Telecommunications and Information Services (DTIS), the Department’s primary provider of IT services is undergoing three-year transformation initiative. IT service delivery roles and responsibilities have been augmented over the years with use of internal SFPD resources. Opportunities exist to further delineate roles and responsibilities and formalize service level objectives, including accountability for security and disaster recovery. Delineation of Roles and Responsibilities For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 34

Key Findings and Assessment (Cont) IT Project Management IT Decision Making and Governance IT Budget Limited clarity in project scope, benefits, schedule, resources, dependencies, and budget. Stakeholder buy-in and change management are areas requiring further focus. Decision making process is unclear to most department stakeholders, particularly those in day-to-day operations. Some efforts underway to define criteria for making decisions on IT operational and project-related issues. Cost of IT services and resources currently cannot be tightly linked to benefits and outcomes. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 35

Key Findings and Assessment (Cont) Using workload and staffing input provided by SFPD and DTIS, Gartner assessed the current IT staff allocation by comparing the current IT staff allocation with peer averages in the Gartner benchmarking database. In addition, Gartner validated the results from our benchmarking database with first-hand information from similar law enforcement organizations. Help Desk Support LAN Support Help Desk resources appear high and need to be further reviewed. Gartner would anticipate ½ FTE total to support the SFPD-specific help desk needs, based on total annual number of help desk tickets for 2006 provided to Gartner. Total FTE of 3.5 shows under-staffing in this area. Peer comparison shows need for 6 FTEs. Total FTE of 1.75 is below peer comparison point of 2.5 FTEs. Server Support - UNIX Desktop Support Server Support - WinTel Server Support - Mainframe Current FTE allocation to support the Unix environment appears slightly higher than the peer group. Current FTE allocation of 3.75 to support the Wintel environment is lower than the peer group comparison of 6.0 FTE. Current FTE allocation to support the mainframe environment appears slightly higher than the peer group of 1.5 FTEs. As a result of the uniqueness of the Department’s CABLE and Applications Support – CABLE, HRMS, CrimeMapping HRMS applications, Gartner was not able to identify a suitable peer for comparing FTE allocation. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 36

Recommended Initiatives and Supporting IT Service Delivery Organization For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 37

Foundational and Strategic IT Initiatives Discussed on January 31, 2007 1. Strengthen IT Infrastructure Future State Architecture Desktop Upgrade Back Office Server Upgrade Network Rationalization Security And Disaster Recovery 2. Enhance IT Governance and Decision Making 3. Optimize IT Service Delivery and Processes 4. Implement Integrated Records Management and Case Management Capabilities (RMS/CMS) Integrated Document Management Photos, Video 5. Implement Early Intervention System (EIS) 6. Increase Access to Critical Data in Patrol Cars For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 38

Linking Strategic IT Goals and Initiatives “Winning the Race” Strategic IT Goals/ Initiatives Continue to Focus on Operational Effectiveness and Officer Safety Improve Communications and Information Sharing #1: IT Infrastructure #2: IT Governance #3: IT Service Delivery #4: RMS and CMS #5: EIS #6: Mobile Data Computing For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 39 Increase Ability to Manage Operational Performance

Key Recommendations IT Service Delivery Tactical recommendations Stabilize the desktop computing and LAN environment. Current resources are working on day-to-day support as well as deployment of new desktops. The deployment of 550 new desktops should be sourced externally (e.g., DTIS or external contractor). Gartner recommends four (4) additional resources to focus on this service area. Clarify service level objectives with DTIS for Help Desk, applications support, and WAN. Reallocate FTEs as needed. Foundational recommendations Consolidate all SFPD internally sourced IT services reporting to a single manager (i.e., chief information officer). For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 40

Key Recommendations (Cont’d) IT Service Delivery Foundational recommendations (Cont’d) Over time, discontinue practice of using sworn officers in providing day-to-day IT technical infrastructure support. Consider using sworn officers for project-specific tasks Functional scope definition Training manual development and training Functional and integration testing Organization change management agents/leaders For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 41

Key Recommendations (Cont’d) IT Service Delivery Foundational recommendations (Cont’d) Establish and sustain four (4) new positions: Department Chief Information Officer Three business analysts Continue use of external service providers for One-time needs (e.g., project management) or Needs that require specialized expertise (e.g., strategic planning) For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 42

Key Recommendations (Cont’d) IT Service Delivery Strategic Recommendations Over a two-year period, adopt an IT service delivery model that optimizes the Department’s ability to determine, manage, and sustain effective operational processes through improved technology capabilities. Maintain an in-house structure to develop and manage external service provider (ESP) relationships, e.g., DTIS and outsourced contracts. 5 Driving IT innovation in business and aligning 4 IT strategy 3 2 1 Outsourced to ESPs Supporting business change Supplying and supporting the initiatives infrastructure For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 43 Embedded in SFPD business

Key Recommendations (Cont’d) IT Service Delivery Strategic Recommendations (Cont’d) Mature IT service delivery to ensure that end-to-end processes are well-established and repeatable, and outcomes can be effectively measured. See illustration below. Make decision making processes regarding sourcing of IT resources (e.g., in-sourced, DTIS, or outsourced) an integral part of the Department’s ongoing IT governance processes Process "Green" Step 1 Step 2 Step 3 ? Not This! Structure Result Structure For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Result 31 May 2007 Page 44 This!

Five Year Road Map For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 45

Foundational and Strategic IT Initiatives Three to Four Year Road Map Initiative H2 06 H1 07 H2 07 H1 08 H2 08 H1 09 H2 09 H1 10 H2 10 H1 11 H2 11 Initiative #1 – Infrastructure Upgrade, (including DR and Security) -1a Establish Desktop Standards -1b Upgrade Desktops -1c Upgrade Servers -1d Address Network -1e Address Security & DR Initiative #2 - IT Governance and Investment Management Initiative #3 - IT Organization and Service Delivery Model Initiative #4 – Integrated RMS and CMS Initiative #5 - EIS Implementation Initiative #6 - Patrol Car Access For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 46

IT Infrastructure Upgrade For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 47

Develop SFPD Future State Architecture Scope and Objectives Develop SFPD technology architecture to support strategic technology vision as articulated in IT Strategic Plan Determine technology platform standards, including components such as computer hardware, software applications, network standards, middleware, messaging, etc. Develop governance process for deploying standards and for managing exceptions Sponsor/Execution Responsibilities Sponsor: SFPD Senior Leadership Project Manager: TBD Time Frame 3 Months Key Activities Create program office and identify program manager accountable for achieving SFPD future state vision for technology and architecture, including roll-out of new RMS system, new standard email, etc. Identify project manager that is accountable for ensuring completion of the technology architecture in support of the future state vision as identified in the IT Strategic Plan. This project manager will be accountable to the Program manager responsible for development of standard selections for all SFPD technology components, as well as for developing a process for managing exceptions to the standards Develop SFPD IT Architecture to support SFPD IT Strategic Plan and obtain commitment from leadership, stakeholders, and participants Publish SFPD IT Architecture and component standards Publish governance process for decision making regarding deployment of new technologies at SFPD (see IT governance initiative) For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 48

Develop SFPD Future State Architecture Organization Implications Development of a departmental architecture for SFPD will require coordination amongst architecture team members representing multiple disciplines, technologies and functions The City is implementing a City-wide technology architecture that will include provision for Departmental technology architectures that are specific to individual City departments such as SFPD. There are de-facto standards already inuse by SFPD and these must become part of the City’s technology architecture All SFPD key stakeholders, IT staff, and leadership must agree to be bound by the architecture standards developed as a result of this initiative Technology Considerations In order to ensure success of subsequent roll-out/deployment of information technology, avoid unplanned outages and impacts to department business functions, SFPD must select technology solutions that are compatible with current and future technical components employed by the department. As such, the development of an enterprise technical architecture is foundational to subsequent infrastructure related initiatives. Standards must be established for technology components such as: Platform and storage components such as Desktop Workstations, laptops, and PDAs, Enterprise Servers, Mid-range Servers, Enterprise OS, Mid-range OS, Storage Area Networks, etc. Data Management Technologies including Enterprise RDBMS, Extract/Transfer/Load Tools, Data Cleansing Tools Enterprise Systems Management tools such as Job Schedulers and Storage Management utilities The Enterprise Technology Architecture combines five key disciplines for ensuring that technology enables the business: Enterprise Architecture—links IT strategy to IT execution across the enterprise Enterprise Information Management—ensures that data/content environment enables the business’s information needs Solution Architecture—ensures that solutions address process/data/technology requirements Enterprise Solutions—leverages Business Process Reengineering (BPR)-based solutions to transform the business Infrastructure Management—ensures that technology infrastructure deployed (networks, security, servers, desktops) enables all the above For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 49

Develop SFPD Future State Architecture Risk Factors Need cooperation from several different organizations and technical disciplines Mitigating Factors Work with City IT architects to develop standard architecture Employ solid project management discipline Need buy-in and commitment from department leadership and all IT stakeholders to establish a common Determine which de-facto standards will be retired or set of technology standards contained over time, which ones will need to be There are several in-progress initiatives that will result in supported de-facto standards due to the technology choices having already been made. Cost Factors Critical Success Factors 1 FTE for project management and coordination for project duration Strong program and project governance required to ensure success of this initiative 16-20 hours for each SFPD team member involved in architecture development workshops 125K to 150K external consulting Commitment from leadership, key stakeholders, and all project participants will be required in order to achieve goals and objectives Adequate budget and resources For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 50

Desktop Upgrade Scope and Objectives Upgrade department PC workstations to support future state Upgrade PC software to levels supportable by software vendors Upgrade desktop clients to enable use with new RMS system Ensure that security considerations for the desktop are satisfied, including antivirus, anti-spam, disaster recovery, etc. Sponsor/Execution Responsibilities Sponsor: SFPD Senior Leadership Project Manager: TBD Time Frame Describe Time Frame: 3 Months Key Activities Create program office and identify program manager accountable for achieving SFPD future state vision for technology and architecture, including roll-out of new RMS system. Identify project manager that is accountable for ensuring completion of the desktop upgrade project and for meeting all requirements (business and technology) associated with this effort. This project manager will be accountable to the Program manager responsible for implementation of the SFPD future state vision and will coordinate with other project managers and technical leads, as appropriate. Develop detailed implementation plan and schedule; obtain commitment from leadership, stakeholders, and participants Assemble desktop project team and implement desktop upgrade. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 51

Desktop Upgrade Organization Implications Coordination of team members representing multiple disciplines, technologies and functions will be required in order to build a team that will function as a cohesive unit Sourcing of desktop upgrade, installation, and support functions must be considered. Extensive training will be required for end users, as well as the SFPD Service Desk, in order to ensure successful deployment Scripts will need to be developed for the SFPD Service Desk to enable rapid troubleshooting and problem resolution Security for the desktops should be managed and administered centrally in order to ensure consistently of operation Technology Considerations Desktop images for all workstations that will be used to access RMS, CLETS, E-mail, and other future state applications will need to be upgraded to levels of the Operating System (OS) software that are currently supported by the manufacturer All program products and desktop software applications, whether Commercial off the Shelf (COTS) or in-house developed, will need to be certified for use with the new OS. This includes anti-virus, firewall, anti-spam, anti-spyware, 3 rd-party client and other desktop and server-based software packages Server software will need to be upgraded in order to support the upgraded desktop environment and the upgrades of both environments will need to be coordinated so as to minimize system downtime and subsequent impact to end users Network traffic between servers and desktops will need to be regularly monitored with response times and performance measured at the end user desktop. Network utilization will increase along with demand for bandwidth-intensive services such as digital imagery, streaming video feeds, etc. The network may need to be upgraded in phases, as these anticipated demands are realized Good software configuration management and change control procedures and tools will be required to maximize system availability and minimize disruption System backup and recovery will need to be addressed for all servers and desktop computers For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 52

Desktop Upgrade Risk Factors Potential for suboptimal coordination between multiple resources from different organizations or technical disciplines Schedule and timing of all supporting activities Potential for insufficient network bandwidth at some locations where transaction volumes are exceptionally high Mitigating Factors Employ solid project management discipline Simulate network utilization during pilot implementation phase; continue to monitor network utilization as new desktops are rolled out; phase upgrade network circuits as necessary Cost Factors Critical Success Factors 1 FTE for project management and coordination for project duration Strong program and project governance required to ensure success of this initiative 250K to 400K for one-time costs Commitment from leadership, key stakeholders, and all project participants will be required in order to achieve schedule and budget requirements Adequate budget and resources For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 53

Back Office Server Upgrade Scope and Objectives Upgrade and Install Servers required to support future state Deploy the City-wide Email standard for all SFPD personnel (maintained by DTIS) Upgrade server software to levels supportable by software vendors Ensure that security considerations for servers are satisfied, including antivirus, anti-spam, disaster recovery, etc. (Note: It is assumed that server upgrades/installations to enable new RMS system will be performed by RMS project/initiative) Sponsor/Execution Responsibilities Sponsor: SFPD Senior Leadership Project Manager: TBD Time Frame Describe Time Frame: 3 Months to coincide with Desktop upgrade Key Activities Create program office and identify program manager accountable for achieving SFPD future state vision for technology and architecture, including roll-out of new RMS system and standard Office suite. Identify project manager that is accountable for ensuring completion of this initiative and for meeting all requirements (business and technology) associated with this effort. This project manager will be accountable to the Program manager responsible for implementation of the SFPD future state vision and will coordinate with other project managers and technical leads, as appropriate. Develop detailed implementation plan and schedule; obtain commitment from leadership, stakeholders, and participants Assemble desktop project team and implement server upgrades. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 54

Back Office Server Upgrade Organization Implications Coordination of team members representing multiple disciplines, technologies and functions will be required in order to build a team that will function as a cohesive unit Sourcing of server upgrade, installation, and support functions must be considered. Training will be required for system administrators and system users, as well as the SFPD Service Desk, in order to ensure successful deployment Scripts will need to be developed for the SFPD Service Desk to enable rapid troubleshooting and problem resolution Security for the servers should be managed and administered centrally in order to ensure consistency of operation Technology Considerations Images for all servers that will be used to access RMS, CLETS, and other future state applications will need to be upgraded to levels of the Operating System (OS) software that are currently supported by the manufacturer All program products and other software applications, whether Commercial off the Shelf (COTS) or in-house developed, will need to be certified for use with the new OS. This includes anti-virus, firewall, anti-spam, anti-spyware, 3rd-party client and other server-based software packages Server software will need to be upgraded in order to support the upgraded desktop environment and the upgrades of both environments will need to be coordinated so as to minimize system downtime and subsequent impact to end users Network traffic between servers and desktops will need to be regularly monitored with response times and performance measured at the end user desktop. Network utilization will increase along with demand for bandwidthintensive services such as digital imagery, streaming video feeds, etc. The network may need to be upgraded in phases, as these anticipated demands are realized Good software configuration management and change control procedures and tools will be required to maximize system availability and minimize disruption System backup and recovery will need to be addressed for all servers and desktop computers For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 55

Back Office Server Upgrade Risk Factors Potential for suboptimal coordination between multiple resources from different organizations or technical disciplines Schedule and timing of all supporting activities Potential for insufficient network bandwidth at some locations where transaction volumes are exceptionally high Mitigating Factors Employ acceptable project management discipline Simulate network utilization during pilot implementation phase; continue to monitor network utilization as new desktops are rolled out; phase upgrade network circuits as necessary Cost Factors Critical Success Factors 1 FTE for project management and coordination for project duration Strong program and project governance required to ensure success of this initiative TBD Commitment from leadership, key stakeholders, and all project participants will be required in order to achieve schedule and budget requirements Adequate budget and resources For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 56

Network Rationalization Scope and Objectives Document network current state capability and performance Rationalize future state network requirements, including RMS roll-out, etc. Determine sourcing for on-going network services and support Sponsor/Execution Responsibilities Sponsor: SFPD Senior Leadership Project Manager: TBD Time Frame Describe Time Frame: 12 Months Key Activities Identify project manager that is accountable for ensuring completion of this effort. This project manager will be accountable to the Program manager responsible for implementation of the SFPD future state vision and will coordinate with other project managers and technical leads, as appropriate Develop detailed implementation plan and schedule; obtain commitment from leadership, stakeholders, and participants Assemble project team and perform tasks associated with this initiative For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 57

Network Rationalization Organization Implications Coordination of team members representing multiple disciplines, technologies and functions will be required in order to build a team that will function as a cohesive unit Sourcing of network services in consideration of the SFPD future state must be determined. Technology Considerations Network traffic patterns and transaction volumes Network response times and performance measured at the end user desktop. Network utilization impacts due to demand for bandwidth-intensive services such as digital imagery, streaming video feeds, etc. Emerging or future state network technologies Potential role of VoIP (Voice over IP) Strategies for phased implementation of new or improved network technologies or capabilities For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 58

Network Rationalization Risk Factors Mitigating Factors Competing priorities for resources and/or funding Ensure that network rationalization is considered as precursor to roll-out of RMS and other SFPD future state initiatives Cost Factors Critical Success Factors 1 FTE for project management and coordination for project duration 170K to 220K for external assessment Other cost factors to be determined based on results of assessment For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Commitment from leadership, key stakeholders, and all project participants will be required in order to achieve schedule and budget requirements Adequate budget and resources 31 May 2007 Page 59

Address Security and Disaster Recovery Scope and Objectives Address information security and disaster recovery for SFPD information technology Ensure that security considerations for the IT infrastructure are satisfied, including governance, administration and management of security and disaster recovery Sponsor/Execution Responsibilities Sponsor: SFPD Senior Leadership Project Manager: TBD Time Frame Describe Time Frame: 6 Months Key Activities Create chief information security officer (CISO) role that would be accountable and have overall responsibility for Information Security and Disaster Recovery for SFPD. (This role could potentially be subsumed in current staffing. Important consideration is single point for accountability.) Create information security policy and procedures and ensure compliance Commission risk assessment and business impact analysis (BIA) for disaster recovery Determine DR plan and strategy Implement DR Plan For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 60

Address Security and Disaster Recovery Organization Implications Coordination of team members representing multiple disciplines, technologies and functions will be required in order to build a team that will function as a cohesive unit Sourcing of risk assessment and business impact analysis must be considered. Use of 3 rd party for DR testing and fail-over must also be considered. Each station or major SFPD location should have Information Security Officer (ISO) function DR must be considered when performing new project implementations or developing new IT initiatives Security for the desktops should be managed and administered centrally in order to ensure consistently of operation Good hardware and software configuration management and change control procedures and tools will be required to maximize system availability and minimize disruption Technology Considerations System backup and recovery will need to be addressed for all servers and desktop computers Location and handling of backup media to be used for system recovery Technology utilized for disaster recovery should be determined by ability to meet validated Recovery Time Objectives (RTOs) as established by a BIA. Location/placement of primary and backup data center locations Amount of available network bandwidth between primary and backup sites 3rd party options for DR Use of automated notification system during disaster situation For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 61

Address Security and Disaster Recovery Risk Factors Potential for suboptimal coordination between multiple resources from different organizations or technical disciplines Integration of DR and Security with design and implementation of IT initiatives Potential for insufficient network bandwidth or other resources to meet RTO requirements Insufficient budget or personnel resources Mitigating Factors Employ solid project management discipline Ensure that security and disaster recovery initiatives are adequately planned and funded Cost Factors 1 FTE allocation for ongoing security and disaster recovery planning and implementation (as part of recommended staffing) Critical Success Factors Strong program and project governance required to ensure success of this initiative Commitment from leadership, key stakeholders, and all project participants will be required for success External consulting for Risk Assessment & BIA: 150K to 175K Adequate budget and resources Funding for backup site: TBD based on results of BIA For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 62

IT Service Delivery and Governance For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 63

Enhance IT Service Delivery Capabilities Scope and Objectives Provide enhanced and responsive support for IT services needs including project management, desktop support, management reporting, functional requirements definition, and vendor/supplier management. Ensure agility to address changing department/operational needs, including partner agency and City requirements. Meet mission-critical and day-to-day IT operational requirements while providing for capabilities to upgrade department’s strategic IT capabilities. Ensure Department ability to attract and retain IT professionals, provide for growth opportunities, and sustain highlevel of IT performance. Sponsor/Execution Responsibilities Sponsor: Chief Keohane Project Manager: TBD Time Frame Twelve to 24 Months Key Activities Develop detailed program plan to transform IT service delivery capabilities. Two-year program plan should encompass phasing of the activities included below. Establish a Department chief information officer position focused on strategic IT leadership, including coordination with DTIS, vendor/supplier management, IT investment and portfolio management, IT procurement, and security and disaster recovery. Establish three (3) business/systems analyst positions to support report writing, crime analysis, and management/decision support reporting. Augment current desktop and server resources with four additional staff. Further clarify and document roles and responsibilities for IT staff, and define plan for continuing to leverage sworn officers in key IT-related roles. Need to ensure that institutional knowledge on systems and projects is preserved. Develop IT project management capabilities through use of external resources and mentoring of internal resources. A project manager role should be defined. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 64

Enhance IT Service Delivery Capabilities Key Activities (Continued) Monitor desktop and local area network administration functions closely – these may need to transition to other IT service providers that can provide “bench strength,” e.g., DTIS (assuming 3-year transformation is complete) or externally sourced desktop services (e.g., for installation, refresh, and moves, adds, and changes - MACs). Establish service descriptions and service level objectives with DTIS on their enterprise-wide services, e.g., wide area network support; application hosting support for CABLE and HRMS; 911 Help Desk. Since 911 Help Desk is a shared function among public safety departments, need to coordinate discussions with DEM and SF Fire regarding enhancing help desk services beyond “in-take” and “dispatch” of service tickets. Build IT service delivery capabilities initially through use of trusted external service providers – in order to address inprogress initiatives and day-to-day operational needs. Guiding Principles SFPD core mission and strategy is in public safety and preservation of human life – not IT service delivery. Information technology is viewed a strategic asset to “win the race” – i.e., operational enablement (vs. utility function). Strong and sustainable IT leadership for SFPD is essential in order to meet its IT strategic vision. Focusing on IT “business enablement” functions (i.e., “winning the race”) is key to sustainable IT services performance and business value contribution. To successfully provide these enablement functions, key IT service delivery staff need to be tightly integrated with operational functions of the Department, i.e., having intimate knowledge of Department operational priorities and requirements. For sustainability and continuity, build IT services capability with civilian resources who know and have an interest in the operational requirements of SFPD, and have sufficient background and education in IT. Other IT service delivery staff – those performing infrastructure-related functions – could be externally sourced either through DTIS or external service provider. Efficiencies and economies-of-scale could be gained by “sharing” or centralizing these services. Also, the services are often available in the market place with distinct pricing structures. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 65

Enhance IT Service Delivery Capabilities Risk Factors Mitigating Factors Disruption in IT project and day-to-day operational activities as result of low morale with current IT staff. Potential lack of political and citywide support for externally-sourced resources. Buy-in and commitment from SFPD business unit leaders. Attracting and retaining IT professionals. Limited pool of City and County of San Francisco resources from which to draw qualified candidates. “We/them” culture as result of sworn vs. civilian IT staff. Address organization change management needs, including communicating key objectives and guiding principles for the initiative throughout Department, and with other City stakeholders (e.g., DTIS) Ensure common understanding of program plan, milestones, and schedule as this is projected to be a twenty four (24)-month process. Focus recruitment on behavioral and business competencies – technical competencies should be a given. Use Gartner and other industry best practices in establishing service catalog and service level objectives with DTIS. Use Gartner and other industry resources to compare compensation requirements. Cost Factors Critical Success Factors Position classification based on SF City and County structure for following: Department CIO, (3) Systems/Business Analyst Desktop, server, and local area network specialists 250K to 350K external consulting assistance to provide oversight, industry best practices guidance, organization structure roles and responsibilities, compensation data, and others. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Strong SFPD and City executive level support. Human Resources department commitment to address unique SFPD requirements. Excellent organization change management and communication. Adequate budget and resources. 31 May 2007 Page 66

Establish IT Governance Program Scope and Objectives Provide enhanced and streamlined decision making capabilities pertaining to IT investments and resources, vendor/supplier management, etc. resulting in cost-effective use and prioritization of scarce department budget. More collaborative decision making processes pertaining to IT investments, including input from all business units, e.g., field operations, support services, etc. Improve monitoring and communications of IT projects and investments. More transparent decision making processes leading to shorter timeframes to deploy and implement recommendations/initiatives. Sponsor/Execution Responsibilities Sponsor: Chief Fong Project Manager: TBD Time Frame Three to 6 Months Key Activities Develop detailed program plan to establish enhanced IT governance and decision making capabilities. Establish a program manager responsible for planning, piloting, and finalizing governance process. Revisit current and previous IT decision making processes – key successes and lessons learned. Determine key decisions to be made – e.g., IT strategic investments, technical standards, resource priorities, operational changes, etc. Define governance charter including scope and decision rights, i.e., who needs to make decisions, who recommends decisions, who has input rights, and who should be informed. Establish governance bodies needed with appropriate representatives. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 67

Establish IT Governance Program Key Activities (Continued) Pilot IT governance processes for three months, including ensuring clarity on “owners” of key IT decisions. Refine IT governance structure and processes as appropriate with clearly defined scope, roles and responsibilities. Define processes for capturing progress of IT initiatives, as well as for effectively escalating issues to appropriate governance bodies. Fully deploy IT governance process and optimize on an ongoing basis. Organization Implications While IT governance processes often reflect the decision making style and culture of the organization, it should be noted that the SFPD “chain of command” decision making structure for law enforcement and policing needs may impede IT related decisions. Therefore, proactive definition of required IT decisions and decision rights is essential (for example, not all IT decisions need “chain of command” sign-off). Establish common business/operational goals for IT governance with Department management and leadership team (for example, ensuring the prioritization, execution and benefits realization from IT-related investment projects). Without these common goals, the value of the IT governance process is not realized. Develop a common agenda that operational and administrative business unit leaders see as adding value but also addresses IT concerns (for example, review and approval of key personnel assignments to critical projects). Implementing effective IT governance requires defining IT governance as a decision-making process with well-defined outputs, process steps and roles and responsibilities. IT governance will be more successful on a sustained basis the more it can be integrated into the current Department decision-making processes. Where additional steps, participants or components (for example, steering committees) are required, the more they match the decision-making style and culture of the Department, the more likely IT governance is to be successful. Ensure that IT project goals are related to “winning the race” or "changing the race" — not just implementing technology — and develop plans that share responsibility for outcomes between IT and the business/operational units. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 68

Establish IT Governance Program Risk Factors Mitigating Factors Time investment required from key decision makers is not viewed as priority – delegates without decision making rights are sent to IT governance discussions. IT governance processes, including decision rights are not practical or “right sized” for department needs. Processes viewed as “overhead,” and do not get support from Department business unit leaders and staff. Decision making process is not congruent with Department culture. Address organization change management needs, including communicating key goals for the initiative throughout Department, and with other City stakeholders (e.g., DTIS) Establish processes that are consistent with Department culture, and ensure that decision rights, inputs, and outputs are understood. Develop IT principles and policies that define the role of IT in the Department. Policies spell out what desirable behavior is in the usage of IT and policies are the rules required to be followed to reach a similar goal. They are the fundamental building blocks of IT governance. Organizations that can secure agreement about the role of IT generally require simpler and more efficient governance mechanisms. Cost Factors Critical Success Factors Staff time invested in establishing governance charter, roles and responsibilities – estimated to be 4 to 6 weeks. 25K to 50K external consulting assistance to provide oversight, best practices guidance, develop charters, governance structure roles and responsibilities, and others. Ongoing investment in time by Department leaders and managers, as well as Department representatives. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Strong SFPD and City executive level support. Buy-in from all business units to ensure representation of decision makers to governance bodies. Clearly defined decisions and decision criteria. Ongoing re-fresh and evaluation of processes to optimize use of executive and staff resources. Strong IT leadership to link operational and investment requirements to IT investment and resource/funding needs. 31 May 2007 Page 69

Records Management, Case Management, Executive Information System, Mobile Data Capabilities For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 2007 Gartner, Inc. and/or its affiliates. All rights reserved. 31 May 2007 Page 70

Integrated Records Management and Case Management Capabilities Scope and Objectives The scope of this initiative includes integrated capabilities to support various core mission functions including incident reporting, reports and records management, investigations, case management, forensics, lab information management, property and evidence, training, and other core functions. This is envisioned to be an integrated system that supports the Departments operational and management needs including electronic review and approval of incident reports, reporting of key statistical information, interfaces for geographic mapping and analysis, and storage and retrieval of digital photos, documents, and videos. The key objective is to facilitate information sharing and overall Department operational effectiveness with the overall goal of ensuring that the Department continues to achieve its core mission and objectives. In addition, this initiative is will provide an integrated source of data, which crosses all bureaus as well as other CCSF criminal justice agencies. Sponsor/Execution Responsibilities Sponsor: Deputy Chief Charles Keohane Execution: Lt. Greg Yee Time Frame INITIATIVE IN PROGRESS Time Frame: Three-year initiative Key Activities Infrastructure Upgrade, including desktop roll-out and network upgrade. Design Review/Walk-through and Approval Custom Development/Interface Development (e.g., interface to Tiburon CAD) System Testing, including Integration Testing; Performance Testing; User Acceptance Testing. End-User Training Data Conversion (see Master Project Plan for other Key Activities) For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 71

Integrated Records Management and Case Management Capabilities Organization Implications This is an automated system that would impact the entire SFPD organization and beyond (e.g., partner agencies). Change management including consistent communications is needed. Changes in workflow, processes, and operational policies are critical considerations. Ongoing training and training refresher courses are essential. Multi-year effort requires solid end-to-end plan for completion, including staging or phasing of all capabilities. As this is an in-progress initiative, need to re-evaluate original scope and objectives to ensure that all the operational requirements from the IT strategic planning process have been assessed for potential inclusion in the overall scope of the system capabilities. Department practices will need to be revisited, for example, system currently requires 12 to 15 staff members to manage the process for merging data from the field incident reporting module to the RMS. Technology Considerations Need to ensure that overall application and technical architecture provides for scalability and can interface/integrate with current and future SFPD systems. Requires desktops with minimum Windows XP operating system. Sufficient data communications speed/bandwidth is required. Planning effort is underway to address technical infrastructure considerations. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 72

Integrated Records Management and Case Management Capabilities Risk Factors Mitigating Factors Insufficient project team resources Conflicting operational priorities for end users (e.g., unable to participate in training) Assess current skills requirements and availability of resources. Source externally as necessary. Revisit project plan and governance to identify communications and decision needs. Insufficient infrastructure (including network and desktop) Inability to “sell” required organizational changes within the Department. Continue to have strong executive sponsor, backed by solid execution team. Insufficient on-going resources to support the merging of data from field incident reporting to RMS. Develop deployment readiness checklist and proactively address resource and capacity issues. Cost Factors Critical Success Factors One-Time Only 4M to 4.5M (encompasses RMS/CMS and LIMS projected funding needs) On-Going NWS external services - 325K annually – contract for years 2 to 5 ( 1.3M annually; year 1 is warranty) SFPD internal support - TBD Hardware refresh – TBD DTIS application hosting/data center operations – TBD For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Strong program and project governance required to ensure success of this initiative. Commitment from leadership, key stakeholders, and all project participants will be required in order to achieve schedule and budget requirements. Adequate budget and resources. Project Dependencies Successful implementation of desktop upgrade initiative. Successful implementation of network upgrade initiative. 31 May 2007 Page 73

Implement EIS Scope and Objectives The scope of the EIS is the following functionality: a) Investigations module for OCC complaints; MCD Investigations, and EEOC complaints; b) Incident module for collection and analysis of data regarding Use of Force, Officer Involved Shootings, Civil Suits, Tort Claims, Vehicle Accidents, Vehicle Pursuits & other associated data; c) Early Intervention Interface/Module to provide a employees access to self-intervention status. The objective of the EIS is to provide guidance to the Department to assist sworn personnel in overcoming problems and improving performance before a potentially detrimental or dangerous situation develops. Sponsor/Execution Responsibilities Time Frame Sponsor: Chief Heather Fong Project Manager: Capt. Anna Brown INITIATIVE IN PROGRESS Vendor Selected; Contract Negotiations in Process Implementation: (On Target/AIM Proposal) 3/1/07 to 11/12/07 Key Activities Finalization of Contract Procurement and Installation of EIS-required hardware. Installation/Configuration/Customization of Software Interface Development Data Conversion Business Process Review Acceptance Testing Training For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 74

Implement EIS Organization Implications Requires organizational changes related to the collection and analysis of data related to Early Intervention, such as Use of Force Data, impacting entire organization (from field to administration). Need to identify and budget resources to provide on-going support, including system administration; server maintenance/back-up; report development (utilizing AIM report design tool), etc. Technology Considerations Integration/Interface via JUSTIS Hub with: PeopleSoft; New World RMS Requires E-Mail for E-Mail Notification from Early Intervention Processing System. Requires desktops with Windows 98 or higher (Windows XP recommended) Sufficient network infrastructure Per EIS RFP, the application must be compatible with Citrix environment. On Target has indicated in its proposal that its application is certified as compatible with Citrix. Requires high levels of security. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 75

Implement EIS Risk Factors Mitigating Factors Insufficient project team resources Conflicting operational priorities for end users (e.g., unable to participate in training) Insufficient infrastructure (including network and desktop) Delayed roll-out of RMS Delayed upgrade/re-implementation of Public Safety PeopleSoft HRMS Inability to “sell” required organizational changes within the Dept. Clearly defined responsibilities within contract. Assess current skills requirements and availability of resources. Source externally as necessary. Revisit/establish project plan and governance to identify communications and decision needs. Continue to have strong executive sponsor, backed by solid execution team. Develop project readiness checklist and proactively address resource and capacity issues. Cost Factors Critical Success Factors One Time Costs 1.1M to 1.5M On-going Costs 30,000 Annual Software Maintenance/Tech Support from vendor (5 years) Other Maintenance Costs SFPD/DTIS (include hardware refresh; application of service packs; etc.) 25K Application Development - TBD For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Strong program and project governance required to ensure success of this initiative Commitment from leadership, key stakeholders, and all project participants will be required in order to achieve schedule and budget requirements Adequate budget and resources Project Dependencies Successful implementation of desktop upgrade initiative Successful implementation of network initiative. Successful implementation of NWS RMS. Roll-out of E-mail to sergeant level and above 31 May 2007 Page 76

Increase Access to Data in Patrol Cars Scope and Objectives As part of the City’s 911 project in 1999, the SFPD upgraded its mobile computing capabilities. Officers currently have access to dispatch and other vital information from their laptops in the patrol cars. This initiative is focused on enhancing the officer’s ability to quickly retrieve essential information from the Department and other law enforcement agency systems, including access to photos and other digital information that is essential in quickly assessing situations and identifying individuals (e.g. persons of interest, notifications required). Example requirements include: 1) single query - ability to run one name and access all databases, including RMS; 2) access to department bulletins with wanted photos; 3) access to investigations data to identify “persons of interest” ; 4) warnings regarding location and addresses; 5) Cal-Photo (DMV) Objective of this initiative is to maximize access by officers in the field to critical data, which can enhance officer safety. Sponsor/Execution Responsibilities Sponsor: Deputy Chief David Shinn Execution: TBD Time Frame Two to three-year effort Key Activities An overall program plan should be developed to encompass the activities below. Develop more detailed functional and technical requirements. Coordinate with Department of Emergency Management (DEM) and other City stakeholders for funding, and implementing higher bandwidth and security for wireless data access from patrol cars (i.e., wireless data communication infrastructure strategy and implementation is a huge dependency). Ensure that current initiatives such as the JUSTIS project and RMS project allows for access from the field. Determine Department practice and policy needs pertaining to access of other agencies’ data. Determine procurement and implementation needs. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 77

Increase Access to Data in Patrol Cars Organization Implications Reduces need for officers to return to stations in order to access data. Need to identify and budget resources for on-going support. Changes in Department practices and operational policies are critical considerations. Ongoing training and training refresher courses are essential. Multi-year effort requires solid end-to-end plan for completion, including staging or phasing of all capabilities. Ensure that all the operational requirements from the IT strategic planning process have been assessed for potential inclusion in the overall scope. Technology Considerations Requires wireless infrastructure that will provide bandwidth necessary for encrypted transmission of large volumes of data. Security and privacy requirements must be met per Department of Justice, for data being transmitted over wireless networks Need to determine implications of Level II implementation to enable access to multiple databases (ie. Level II implementation may result in double encryption of data transmitted. Will this negatively impact application performance?) Upgrade to laptop devices, and mounting equipment should be part of evaluation. Assess need for using personal digital assistants (PDAs) and other types of mobile devices. For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 31 May 2007 Page 78

Increase Access to Data in Patrol Cars Risk Factors Insufficient wireless infrastructure. Delay in roll-out of RMS system. Delay in roll-out of Level II. Inability to maintain/support wireless infrastructure. Mitigating Factors Develop detailed implementation plan that encompasses wireless network infrastructure. Establish project governance that includes external stakeholders such as DEM and DTIS as scope and funding source may be broader. Assess skills requirements and availability of resources. Source externally as necessary. Strong SFPD executive sponsor, backed by solid execution team and citywide support. Develop project readiness checklist and proactively address resource and capacity issues. Cost Factors One-Time Costs 200K to 250K external consulting for planning 500K budgeted for in-car camera pilot Additional costs TBD after pilots and detailed planning are complete On-Going Costs TBD based on the results of further detailed planning For internal use of City and County of San Francisco Police Department only. Engagement: 221255031 Critical Success Factors Strong program and project governance required to ensure success of this initiative Commitment from leadership, key stakeholders, and all project participants will be required in order to achieve schedule and budget requirements Adequate budget and resources Project Dependencies High speed wireless networking with encryption. 31 May 2007 Page 79

Contact Information Gartner Contact Irma J. Fabular Vice President Telephone: 1-619-542-4811 E mail: [email protected]