RFP Response Form

Information Technology Support and Professional Services

PROPOSER INFORMATION

Proposer Name: Deloitte Consulting LLP

Authorized Representative Name & Title: Nagen Suriya, Managing Director

Address: Suite 2600 One PPG Place, Pittsburgh, PA 15222-5433

Telephone: +1 412 402 5265

Email: [email protected]

Website: www.deloitte.com

Legal Status: ☐ For-Profit Corp. ☐ Nonprofit Corp. ☐Sole Proprietor ☒Partnership

Date Incorporated: 1995

REQUIRED CONTACTS

Name Phone Email

Chief Executive Officer Janet Foutty +1.571.882.6700 [email protected]
Contract Processing Contact Nagen Suriya +1.412.402.5265 [email protected]
Chief Information Officer Candice Philbrick +1.408.704.1073 [email protected]
Chief Financial Officer Kristy Pipes +1.212.492.4000 Click here to enter text.
Administrative Contact Nagen Suriya +1.412.402.5265 [email protected]

BOARD INFORMATION

Provide a list of your board members as an attachment or in the space below.

Deloitte Consulting is a partnership and as such, we have not included Board of Directors information

Board Chairperson Name & Title: Janet Foutty, CEO

Board Chairperson Address:

Board Chairperson Telephone:

Board Chairperson Email:

REFERENCES

Provide the name, affiliation and contact information [include email address and telephone number] for
three references who are able to address relevant experience with your organization.
Please do not use employees of the Allegheny County Department of Human Services as references.

1
 RFP Response Form
Information Technology Support and Professional Services

Name Affiliation Contact Information

Name: James A. Weaver State of Pennsylvania
Role: Chief Technology Office of Administration
Officer Office for Information Technology
1 Technology Park
Harrisburg PA 17110
Name: Laurie Snow State of New Hampshire
Role: Project Manager Department of Health and Human
Services
7 Eagle Sq. Suite 301
Concord, NH 03301
Name: Linda Pung State of Michigan
Role: General Manager Department of Technology
Management and Budget
235 South Grand Avenue,
Lansing, MI 48933

PROPOSAL INFORMATION

Date Submitted 2/24/2017

Amount Requested: This is a unit rate proposal

Proposal Abstract:
Please limit your response to 750 characters
Deloitte is proposing IT Support and Professional Services for all 7 RFP Service Area categories to support DHS in
your critical mission of human service delivery to residents of Allegheny County. We offer DHS a unique
combination of national HHS and Allegheny County DHS specific experience, world-class technology expertise, and
a track record of successful IT delivery to support DHS in meeting your programmatic objectives. Our proposal
also describes additional process and technology enhancements we will bring to continue supporting DHS in your
position as a national HHS leader, while efficiently delivering technology innovations, helping maximize return on
investment, and supporting a reliable and secure technology infrastructure.

CERTIFICATION

Please check the following before submitting your Proposal, as applicable:

☐ My firm is registered with the Allegheny County Department of Minority, Women and Disadvantaged
Business Enterprises.

☒ I have read the standard County terms and conditions for County contracts and the requirements for
DHS Cyber Security, EEOC/Non-Discrimination and HIPAA.

☒ By submitting this proposal, I certify and represent to the County that all submitted materials are true
and accurate, and that I have not offered, conferred or agreed to confer any pecuniary benefit or other
thing of value for the receipt of special treatment, advantaged information, recipient’s decision, opinion,
recommendation, vote or any other exercise of discretion concerning this RFP.

2
 RFP Response Form
Information Technology Support and Professional Services

ATTACHMENTS

Please submit the following attachments with your Response Form. These can be found at
http://www.alleghenycounty.us/dhs/solicitations.
• MWDBE Participation Statement or MWDBE Participation Statement and Waiver Statement
• Allegheny County Vendor Creation Form
• 3 years of audited financial reports
• W-9

REQUIREMENTS

Please respond to the following. The maximum score a Proposal can receive depends on the service
areas proposed. Please note the page limits for each numbered response item – responses exceeding
these limits may be discarded.

All Proposers must complete the Organizational Experience and Financial Management and Budget
Sections. Please complete these sections only once, regardless of the number of service areas
proposed. The score from these sections will be added to the score for each service area proposed.

3
 RFP Response Form
Information Technology Support and Professional Services

Organizational Experience (30 points) Your response to this section must not exceed 3 pages.

1. Describe your experience providing IT and/or Professional services to human services agencies and/or
other public sector clients. (15 points)
Allegheny County Department of Human Services (DHS) seeks
a professional services firm focused on its future providing the
full spectrum of expertise and experience required in the RFP
Focused
service area categories, along with deep knowledge of Health on Your Future
and Human Services (HHS) to enable its continued success.
You also seek a partner that is committed to your long-term
success, is not transactional, and is flexible in meeting mission • Increased value through deep and broad
requirements and demands of new legislation. Deloitte is that understanding of DHS and national HHS
partner – we have demonstrated a track record of partnering eminence and experience
with you for technology and program success, understanding
• We are intimately familiar with your
your agency and its data systems, helping you maximize your
systems and process, and have tailored
return on investment in technology and software, successfully
our methods and approach to your
managing numerous projects with tight deadlines and
specific needs
attention to detail, being highly flexible, and bringing
exceptional overall value to DHS. • Deloitte's relationships serving PA state
government agencies benefit DHS
Deloitte enables you to focus on your mission and objectives
while leveraging rapidly evolving technologies. We will • Committed to DHS and the local
continue to provide cost effective IT and professional services community bringing latest ideas and
and innovative future focused business and technical solutions experiences
across the seven RFP service area categories. We provide • Increased quality and accelerated
value to DHS through our scale and our unparalleled focus implementation due to eminence and
delivering talented resources. We evaluate current process and experience in DHS technologies
technology, monitor industry trends and assist DHS in
emerging needs, technology products and platforms. We will partner with you to provision and deploy end to end
solutions to drive value and achieve the business outcomes you desire.
Our ability to deliver IT and/or Professional services to HHS clients
We bring program and IT transformation and delivery experience to HHS state and local clients throughout the
nation, locally in Pennsylvania
and right here in Allegheny
County. Our services span a wide
variety of technologies from legacy
to cutting edge digital, analytics
and cloud services. We possess a
deep understanding of Allegheny
County business issues and have
executed over 1000 Public Sector
engagements in HHS agencies
across the US. We are active in
national HHS conferences, driving
policy, producing papers, and
developing new view points and
we are deeply committed to
community. Along with our clients,
our work has been recognized
through national awards and
recognition.
For example, we were recently
recognized by Kennedy as “THE
Leader in State and Local
Government Consulting.” We are
actively involved in influencing
legislative and fiscal landscapes
throughout the United States and
Figure 1. Deloitte’s broad Health and Human Service Experience.
understand the ongoing need for
public sector organizations to
operate leaner and optimize resources to the fullest while delivering high quality services to their constituents.

4
 RFP Response Form
Information Technology Support and Professional Services

Our HHS practice has over 5,000 dedicated practitioners delivering successful Information Technology (IT)
engagements throughout the nation. We have delivered more large-scale system implementation projects for HHS
clients than any other vendor. These systems span the entire depth and breadth of HHS programs in state and
local government and we bring this experience to DHS to support your culture of innovation.
To meet DHS’ business and technology needs, we provide the right mix of practitioners with technical and industry
experience. Our team includes highly motivated individuals who possess an unparalleled understanding of your
organization, processes and applications. We bring a collaborative approach to solving your business challenges.
We are a full-service, multidisciplinary firm that provides a broad range of capabilities to DHS; as a result, we are
prepared to address your needs today and into the future.
Our Continued Service to DHS
We will draw largely from HHS focused resources based in our local Deloitte Pittsburgh office but will also augment
from our PA, national and global practice to achieve DHS’ goals and objectives across the seven categories of
service: Project Management & Administration, Project Development, Reporting, Data Management and ETL
Operations, Operations, System Maintenance & Support Functions, IT Procurement Support and Security and
Privacy. We propose to deliver the current DHS team, which has over 300+ years of cumulative Allegheny
County DHS experience. The team provides significant experience and expertise in operations and systems
maintenance with a focus on improving data quality and improving integrity. We bring tremendous value
maintaining and enhancing existing applications, while simultaneously introducing innovation and new solutions.
Our 15+ years of experience working with you helps us manage short-term risks and deliver long term value to
you in the role of a trusted advisor. With deep technology capabilities, world-class human capital services,
unparalleled security and privacy capabilities, proven methodologies and tools, we accelerate timelines and achieve
quality of service for DHS, its provider network and its clients.
2. Describe your experience working closely with staff at customer host sites, including a description of
your communication skills. (15 points)
We understand that DHS desires to find a collaborative partner that effectively communicates with DHS, keeps
DHS informed of business and technology innovations and opportunities to improve current systems and processes,
and alerts DHS project leads to risks and issues while working to avoid delays through proactive communication.
With many challenges facing today’s human services and IT organizations it is critical to find a vendor that has the
ability to co-locate staff, working side by side with DHS staff to drive value and produce a results oriented set of
services across all seven service area categories.
Working at Customer Host Sites - Onsite, Offsite, Never Out of Sight
Just as at DHS,
Deloitte projects
nationwide
typically include
an onsite
component, some
entirely onsite
while others
employ a mix of
onsite and offsite.
Our onsite
component brings
our staff together
with client staff to
effect strong
communication
and collaboration,
minimizing risks
to all phases of
the project. We
integrate with our
clients to deliver
to their key
business needs as
we’ve done with
you over the
years. We
embrace and Figure 2. Our team has specific experience with all of DHS’ IT service areas.

5
 RFP Response Form
Information Technology Support and Professional Services

employ communication approaches that bring transparency across all aspects of project planning and execution.
Methods and best practices such as Agile, ITIL and PMP provide process, objectives, artifacts and communication
milestones that give structure and improve clarity to complex initiatives and organizations. Tools, such as
SharePoint, are leveraged to provide quick access to project documentation, coordinate meetings and testing
sessions, and distribute information consistently to stakeholders.
Deloitte has delivered
and continues to
deliver numerous
projects across the
nation and globally
with onsite presence
similar to how we
support DHS today,
and what the RFP
seeks going forward.
Our team will work
side by side with you
in delivery of critical
services and projects.
The onsite, offsite and
never out of sight
model provides the
greatest level of
collaboration,
communication, and
innovation, while
providing cost
effective and high
value solutions for
Figure 3. Our experienced team aligns with your organization to assist DHS in achieving
you. Our team will
your desired vision of integrated service delivery.
continue to work
onsite with DHS and leverage offsite capabilities and skills as appropriate, including 24x7 coverage for your critical
business needs.
Deloitte is uniquely positioned to provide a DHS-experienced combined onsite and offsite team which is intimately
familiar with your agency’s vision and culture. With this rare insight, our team partners with DHS to effectively
manage IT projects to deliver high ROI IT solutions.
Seamless Integration with Our Clients Enables Collaboration and Communication
Working with you at DHS develops a culture that promotes strong working relationships and drives innovation and
value. Building on our current model, with our full-time team assigned to your organization, we consider business
risks and IT challenges in advising DHS on the highest ROI IT solutions. We leverage learnings from our prior work
that resulted in more effective and streamlined processes, a better prepared support team and a more productive
and confident user group. Furthermore, we have collaborated to improve operations for the expanding DHS
application footprint and support infrastructure and policy changes to provide a stable, secure and high performing
environment. Many of these changes that are established continue to provide a foundation for DHS to utilize
emerging technologies and innovative approaches to expedite further interoperability, performance and cost
improvements with no interruption to service delivery. We work with our clients to develop a culture that fosters
trust, collaboration, innovation and excellence. Our communication plans are based on rigorous methods and best
practices which lead stakeholders into structured communications. The methods we use cross the 7 service area
categories and connect the stakeholder communities across multiple program areas.
From DHS leadership to program and IT stakeholders, we inform and manage through status reports, monthly
steering team meetings, formal and informal touchpoints, and Deloitte tools such as PMC, to ensure that project
issues, risks, schedule and vision are known and discussed.
Deloitte and our public sector leaders take great pride in our firm’s collaboration with DHS. We bring a continued
culture of transparency, open and honest relationships as our overall style and fabric of engagement to DHS – and
we are focused on your future and your success.

6
 RFP Response Form
Information Technology Support and Professional Services

Financial Management and Budget (60 points, not included in page count)

1. Provide evidence of your organization’s financial health by attaching its most recent audit or other
financial documentation. (10 points)
Deloitte LLP and its subsidiaries (the “U.S. Firms”) provide audit, advisory, tax, and consulting services through
over 78,000 people in 94 U.S. cities. For the most recent fiscal year ended May 28, 2016, the U.S. Firms had
revenue of U.S. $17.5 billion. See more detailed information in the chart below. Since the U.S. Firms are privately
owned partnerships, they do not have audited financial statements nor do they file other corporate financial
information such as a 10- K. Should you have additional questions regarding the financial information, please
contact John Peirson, Deputy Chief Financial Officer of Deloitte LLP, at (612) 397-4714 or Graham Cowie, U.S.
Firms’ Controller of Deloitte Services LP, at (615) 882-7270.
Further, although the U.S. Firms do not have a rating from one of the nationally recognized credit rating agencies,
their privately placed debt is assigned a designation by the National Association of Insurance Commissioners
(“NAIC”). The U.S. Firms’ privately placed debt carries an NAIC 1 designation; NAIC’s highest designation, which is
comparable to an A or better rating from one of the nationally recognized rating agencies.

Detailed information regarding Deloitte LLP in the U.S. is provided in the chart below:
Deloitte LLP and Subsidiaries – By The Numbers
U.S. Firms
2016 2015 2014
($ U.S. billions)
Offices (national and regional) 113 108 107
People 78,642 70,603 64,884
Consolidated Revenues $ 17.5 $ 16.1 $ 14.9
Current Assets $ 4.6 $ 4.9 $ 4.1
Other Assets 6.2 5.2 4.6
Total Assets $ 10.8 $ 10.1 $ 8.7
Current Liabilities $ 2.6 2.5 $ 2.0
Other Liabilities 3.8 3.4 2.9
Partnership Equity 4.4 4.2 3.8
Total Liabilities and Partnership Equity (US$) $ 10.8 $ 10.1 $ 8.7
Working Capital $ 2.0 $ 2.4 $ 2.1
Current Ration 1.8:1 2.0:1 2.0:1
Consolidated Revenue by Business
Audit and Enterprise Risk Services 29.3% 29.4% 29.4%
Consulting 48.4% 48.4% 47.7%
Financial Advisory Services 4.7% 4.7% 5.0%
Tax 17.6% 17.5% 17.9%
Source: Deloitte LLP, New York
The above financial information was prepared for internal purposes. This financial information has not been audited
and does not present the financial position, results of operations, or other financial information in accordance with
generally accepted accounting principles.
The use of this information is restricted to your consideration in providing you professional services. Any other use
or circulation of this information is prohibited.
We have attached a copy of our latest Dun & Bradstreet financial report for Deloitte Consulting LLP to provide
additional information regarding our financial health (See Attachment - Other Financial Documentation). Because
Deloitte LLP is a privately-held organization, it does not disclose certain financial data. As such, the attached report
may be based on incomplete information.

2. Attach a detailed annualized budget that clearly supports the Contract Services and the
implementation plan. (20 points)
Deloitte has carefully reviewed the 7 service areas per the RFP and developed the most cost effective price option
for DHS. Using current and historical metrics of staffing deployed at DHS, type of work performed and the
associated hours, and also using our experience with similar engagements at other HHS clients, we have proposed
a set of roles that we believe may be required to complete tasks in each service area. As requested in the RFP Q&A
(question 27, published on February 10, 2017), we have included below the individual rate tables for each service
area. Furthermore, our rates are inclusive of associated expenses.

7
 RFP Response Form
Information Technology Support and Professional Services

Each role included in the rate tables has an hourly rate range associated with it. We took the following into
consideration when determining the rate ranges.
• Range of skills, experience, qualifications and certifications required
• The primary work location of each role (onsite or offsite)
Using these parameters, below are the proposed potential roles for each service area and rate ranges for the
duration of the 3 year agreement. The actual rate within the range for each Deloitte team member staffed at DHS
for a specific role will be based on the required skill level, experience, qualifications and resource location needed
to deliver on the scope and requirements associated with a specific task order. Please note that several of the roles
are marked as “Offsite Only”, assuming that this role is generally not required to be staffed onsite. The remaining
roles can be staffed either onsite or at our offsite Development Centers, as required to deliver the task order. As a
reference point, our current DHS project team has an optimally balanced ratio of onsite staff to offsite staff, which
is majority offsite. We continually seek to provide cost savings to DHS from offsite resources while retaining an
optimal level of onsite presence to provide best overall value for DHS.
Category 1 - Project Management and Administration
Role Name Fully Loaded Hourly Rate Range
Program Manager $85 - $195

PMO Analyst $40 - $110

PMO Tools (e.g. PMC) / Administrative Support $20 - $30

Category 2 - Project Development

Role Name Fully Loaded Hourly Rate Range
Application Development Manager $80 - $225

Project Lead / Scrum Master $55 - $180

Technical Architect (Offsite Only) $45 - $65

Functional Analyst $38 - $130

Technical Analyst $39 - $136

Application Developer $30 - $115

Middleware Developer $37 - $130

Reports / Dashboards Developer $30 - $120

Infrastructure Lead $68 - $145

Configuration/Build Analyst $38 - $108

DBA $40 - $135

Software Product Administrator $50 - $120

Testing Lead (Offsite Only) $40 - $60

Tester (Offsite Only) $27 - $45

Technical Writer $30 - $76

Mobile Developer $42 - $140

User Experience Specialist $50 - $195

Administrative Support $20 - $30

Category 3 – Reporting
Role Name Fully Loaded Hourly Rate Range
Reports / Dashboards Lead $80 - $190

Visual Designer $60 - $145

Reports / Dashboards Developer $30 - $120

Tester (Offsite Only) $27 - $45

Technical Writer $30 - $76

8
 RFP Response Form
Information Technology Support and Professional Services

Category 4 - Data Management & ETL Operations

Role Name Fully Loaded Hourly Rate Range
Data Management and ETL Lead $70 - $180

ETL Developer $35 - $115

Data Analyst $50 - $136

Tester (Offsite Only) $27 - $45

Technical Writer $30 - $76

Category 5 - Operations, System Maintenance and Support Functions

Role Name Fully Loaded Hourly Rate Range
Maintenance and Operations Manager $70 - $210

Maintenance Application Lead $40 - $165

Functional Analyst $38 - $130

Technical Analyst $39 - $136

Application Developer $30 - $115

Middleware Developer $37 - $130

Reports / Dashboards Developer $30 - $120

Infrastructure Lead $68 - $145

Configuration/Build Analyst $38 - $108

DBA $40 - $135

Software Product Administrator $50 - $120

Testing Lead (Offsite Only) $40 - $60

Tester (Offsite Only) $27 - $45

Technical Writer $30 - $76

Mobile Developer $42 - $140

Network Specialist $60 - $160

Storage/Cloud Specialist $55 - $190

Batch Administrator $42 - $99

Administrative Support $20 - $30

Category 6 - IT Procurement Support

Role Name Fully Loaded Hourly Rate Range

IT Procurement Lead $90 - $190
IT Procurement Specialist $80 - $185
IT Procurement Analyst $39 - $136
Technical Writer $30 - $76

9
 RFP Response Form
Information Technology Support and Professional Services

Category 7 - Security and Privacy

Role Name Fully Loaded Hourly Rate Range
Cybersecurity and Privacy Manager $137 - $225

Cybersecurity and Privacy Architect $118 - $199

Security Specialist (e.g. Cloud, Mobile, Compliance, IAM, BCP/DR, Privacy) $111 - $186

IAM Developer $71 - $127

Security Analyst $49 - $107

Additionally, we would like to discuss the opportunity to provide DHS with a tiered volume discount structure based
on annual spend on Deloitte services. We anticipate providing the volume discount via service credits for the
subsequent year.
Furthermore, we acknowledge that proposers must be willing to comply with DHS’ contracting terms in order to
enter into an agreement with DHS. We are proud of our long history of serving DHS and are committed to working
with DHS to reach agreement on the final contract terms and approach to the work. As part of that process, we
will want to review and validate the contract terms and conditions as applied to the work as awarded, including for
example, the addition of a mutually acceptable limitation of liability and other clarifications. We are committed to
working in good faith to reach mutual agreement on the final contract terms and conditions and other
requirements.

3. Provide a budget narrative that reflects a realistic estimate of the costs associated with
implementing the Contract Services. (30 points)
Deloitte realizes that DHS has invested significant time and resources in advanced IT systems serving the
Department, other County departments, numerous service providers, and clients in Allegheny County. We
understand that DHS is seeking a partner(s) to cost effectively maintain what you have built and to enhance and
extend your current IT systems by leveraging the organizational momentum you have gained as an innovative and
highly technology savvy government agency.
We believe that Deloitte is well qualified and uniquely positioned to deliver required services at DHS, across all 7
RFP service areas. Below are some of the ways we enable this for DHS:
• Our team is productive day 1 of the contract / SOW / work order with no transition costs or loss of productivity
and quality due to required transition.
• When staffing projects, working with DHS, we develop an optimal ratio of onsite to offsite that provides the
benefit of lower offsite rates for DHS. We understand that there has to be a critical mass of staff onsite for
strong communication and collaboration, risk minimization, and to support around the clock operational
coverage. Through our experience working in this model with DHS over the past several years, we have
optimized our methodology to balance onsite vs Deloitte development center presence in order to maximize
delivery quality and cost efficiency to DHS.
• Working with DHS, over a period of time, we have now developed and implemented the most effective data
connectivity, physical space and support infrastructure at our offsite development centers to optimize the
onsite - offsite model for DHS, in order to provide you with high value, reliable, highly knowledgeable and
dedicated staffing at very competitive rates.
• We use mature and proven estimation tools and methods coupled with our knowledge of DHS operations and
organization to estimate the effort required to deliver a given initiative. We have a proven record of providing
value outcomes for DHS on time and budget. We take great pride in staffing the DHS team with efficient
resources who have appropriate knowledge of the business domain and the correct technical skills and
experience, including those with specializations such as BizTalk development, cloud storage specialization, etc.
Our staff have the necessary certifications in the multiple technologies required at DHS. These skills and
experiences enable our team to deliver greater output, with higher certainty of achieving the business
outcomes and objectives required by DHS. These efficiencies are further enhanced by the fact that our staff
understand the DHS organizational structure and operational methods as well as your programs and practices.
• Our proposed rate card provides DHS with a comprehensive set of potential staff capabilities and levels of
experience. We have included multiple potential roles for each service area and an associated rate range for
each role, where the rate is to be determined by the required qualifications, skills, experience and location.
The rate card provides DHS flexibility to staff effectively to perform various types of work within each service

10
 RFP Response Form
Information Technology Support and Professional Services

area, even when scope needs to be re-defined quickly, in order to accommodate DHS priorities that may
change based on external and internal factors or the availability of the DHS resources working on the project.
• We staff our team primarily with Deloitte employees instead of subcontractors. Our team is well versed in
Deloitte methods, tools, communities of practice, and project experience and continuously receive Deloitte
mandated trainings on an annual basis to stay ahead of the HHS program and technology curve as consulting
professionals. While we augment our team with a very limited number of subcontractors when necessary, a
majority Deloitte team enables us to deliver personnel committed to longer term engagement at DHS and
focused on best quality, low risk and high value to successfully deliver complex initiatives in a mature IT
environment at DHS.
• Our offsite development center is CMMI Level 5 certified, which affords DHS additional confidence in Deloitte’s
delivery quality and efficiency.
• We provide DHS with an annual audit conducted by an independent auditor to review controls and verify the
annual billings to DHS. The audit is conducted in accordance with the attestation standards for agreed-upon
procedures engagements of the American Institute of Certified Public Accountants.

In addition to the above considerations, procuring Deloitte services across all 7 service areas enables a long-term
commitment of our DHS business and technology knowledgeable key resources to your organization and would
allow DHS to achieve further economies on initiatives that require staff roles from multiple service areas in order
to cost effectively implement end to end solutions. Generally, sharing resources sourced from a single vendor like
Deloitte, who has the proven skills and DHS specific experience, consequently minimizes the need for multi-
vendor initiatives, reduces delivery risk, minimizes the burden on DHS to coordinate accountability across multiple
vendors, and allows a single vendor to deliver at relatively lower cost to DHS by realizing economies of scale.
Overall cost savings resulting from using Deloitte across all service areas would be derived from:
• Sharing experienced technology resources across service areas and initiatives
• Sharing Deloitte functional analysts and Subject Matter Experts across service areas and initiatives
• Sharing project management and support resources across projects/initiatives
• Reducing blended rates per initiative or service area through the higher proportion of resources offsite based
on our optimized ratios for onsite and offsite, which are specifically tailored to DHS
• Avoiding costs for DHS in knowledge transfer activities, lost productivity and duplication of efforts between
multiple vendors
• Reducing inefficiencies, rework and cost to DHS of increased coordination between maintenance, operations
and development teams from different vendors in addition to Deloitte
• Eliminating costs associated with the duplication of effort and additional coordination of multiple methodologies
and tools by utilizing Deloitte’s integrated methods and tools across all 7 service areas and initiatives
Budget Narrative by RFP Service Area Category
The following sections of the budget narrative describe the activities within each RFP service area which we used as
the basis for determining the roles and rate ranges described in our proposed rate card, presented in question 2.
I. Project Management and Administration
To consistently deliver successful, concurrent and often complex IT projects, DHS requires strong program / project
management and administration. Deloitte brings leading methodologies, expertise and best practices from our
broad portfolio of projects where we perform these functions and in combination with our DHS experience, we are
able to provide you effective and tailored services in this area. In response to question 2 above, we have defined a
set of roles needed to deliver initiatives which achieve the goals you have laid out in the Project Management and
Administration service area. Through a team which leverages these roles based on the requirements in the
eventual scope for this RFP service area, we will support the below outlined activities, as described in the response
to I. Project Management and Administration on page 17-21 of this response form.
Activity Description
Program Management Deliver project management services such as project planning, project tracking, budgeting, and
Assistance scheduling across DHS IT projects. Our experienced team manages IT projects through a set of DHS-
tailored methodologies, drawing upon our deep knowledge of your existing business and culture, as well
as industry leading project management approaches.
Operate within a framework that guides which stakeholders to notify if deviations occur across a given
project’s schedule, budget, quality, or scope.
Assist with operational management and administrative support for IT operations.
Advise DHS as requested during business process and program management assessment activities. This
may include modifying or developing policies and procedures to support DHS program management
requirements.
Evaluation and We bring a flexible, adaptive, and iterative approach to continually evaluate our current management
Recommendation of approaches at DHS. For example, over the last year we’ve partnered with DHS on a journey to adopt a

11
 RFP Response Form
Information Technology Support and Professional Services

Activity Description
Management more agile development methodology and have recommended and implemented an agile approach to
Approaches M&O and enhancements.
Assess current project management approaches, taking into consideration our understanding of DHS,
experience from Deloitte’s Public and Private sector projects, and advances in leading management
frameworks. Preference is given to processes that foster adaptability and flexibility.
Implement and maintain processes based upon management frameworks, such as traditional project
management approaches (e.g., “waterfall”), agile methodologies, Information Technology Infrastructure
Library (ITIL), Project Management Body of Knowledge (PMBOK), and Capability Maturity Model
Integration (CMMI).
Project Management Provide various project management support services, such as business case analysis support, project
Support Services communication planning and execution, stakeholder management, quality management, and scope
management.
Bring a unique blend of skills, administrative and program domain knowledge, and expertise in new
strategic technologies, together with an understanding of DHS business and technical operations.
Software Development Establish governance throughout the software development lifecycle, as our experienced team strives to
Lifecycle Management deliver additional value add management services throughout analysis, design, development, testing,
hosting, and implementation of IT projects.
Provide development planning management efficiencies as our team has extensive knowledge of your
current IT environment and thus can best consider impacts to infrastructure capacity and efficiencies,
such as coordination of secure SDLC implementation on interrelated IT components.

II. Project Development

DHS is passionate about delivering the highest quality human services to residents of Allegheny County and has a
desire to stay current with technology trends, so as to benefit from the latest technical capabilities in the market to
meet your business objectives. To achieve this goal, DHS requires a trusted partner who is experienced at
surveying the vast technology landscape and providing cost-effective and value based IT development options,
integrating a wide range of technical products, platforms, programming languages, existing DHS IT artifacts, and
open source packages. Deloitte brings deep proficiency across various domains, such as IT product and
infrastructure assessments, application development, technology integration and user experience and in our
response to question 2 above, we have defined a set of roles needed to deliver initiatives which achieve the goals
you have laid out in the Project Development service area.
Through a team which leverages these roles based on the requirements in the eventual scope for this RFP service
area, we will support the below outlined activities, as described in our response to II. Project Development on page
22 – 26 of this response form.
Activity Description
Product and Evaluate the best holistic solution to achieve your business objectives using our deep knowledge and
Technology Evaluation expertise across various technology package offerings. These solutions could be implemented through
different approaches, from a pure product implementation, to a custom solution augmented by existing
technology packages.
New Software Assess products, packages, and different development languages and approaches to determine the best
Development & plan for implementing the most effective IT solutions at DHS.
Product Integration Design, develop, test and implement solutions which leverage existing IT artifacts, include configurable
components, and optimally integrate products and open source packages.
Knowledge Transfer Evaluate your specific knowledge transfer needs and develop relevant knowledge transfer documentation.
Documentation This allows DHS to independently use IT solutions on an ongoing basis.
Mobile Strategy and Evaluate the current mobile environment and develop an enterprise wide mobile IT roadmap. Guided by
Implementation this strategy, our team delivers upon agreed upon milestones to help DHS realize the full potential of
mobile solutions in delivering outstanding client service in “on-the-go” scenarios.
Cloud Evaluation and Incorporate infrastructure and architecture evaluations as a standard aspect of project planning phases,
Implementation to confirm that a given project’s development plan considers what would deliver the most value to DHS
with special consideration to cloud hosting services and available software as a service packages.

III. Reporting
DHS has created a reporting environment that provides the ability to make insight driven decisions to answer an
array of critical business questions with a focus on helping to improve human service delivery and outcomes for
Allegheny County residents. Deloitte brings deep subject matter expertise in Health and Human Services (HHS),
specific functional understanding of DHS, and deep technical skill sets in designing and developing reporting and
analytics solutions. This combination of subject matter knowledge and technical expertise allows us to understand
and translate your business questions into reporting solutions designed specifically for the user and provides the
ability for DHS to make fact based decisions.

12
 RFP Response Form
Information Technology Support and Professional Services

In our response to question 2 above, we have defined a set of roles needed to deliver effective application, ad hoc,
and dashboard reporting. These roles are to be filled by practitioners with experience in the reporting and
dashboard development tools in use at DHS and in the underlying data and systems, which increases efficiency and
reduces risk for your reporting initiatives. We will support the below outlined activities, as described in our
response to III. Reporting on page 27-29 of this response form.

Activity Description
Application Work with DHS to determine which type of reporting solution best meets business needs.
Reporting Create new reports to meet DHS’ business needs, such as when a new system or module is implemented.
Update existing reports for required enhancements or issue resolution, as necessary.
Conduct ongoing tuning and optimization of reports.
Provide application reporting end user support, as required.

Ad Hoc Develop customized ad hoc reports to meet user needs utilizing one or multiple data sources such as the Data
Reporting Warehouse, Analytics Cluster, or transactional systems. Prepare presentations and/or custom charts and maps
as necessary. Collect and interpret data as requested.
Develop solutions to provide DHS users with the ability to conduct their own ad hoc reporting and analyses.

Dashboard Create new dashboards to meet DHS’ operational, fiscal, and program evaluation needs.
Reporting Update existing dashboards for required enhancements or issue resolution, as necessary.
Conduct ongoing tuning and optimization of dashboards.
Provide additional dashboard end user support, as required.

IV. Data Management & Extract, Transform and Load (ETL) Operations
DHS has created a robust analytics environment that provides valuable insight and facilitates key management and
programmatic decisions at various levels of the organization. Deloitte is best positioned to efficiently support,
maintain, and grow this complex environment based on our qualifications, capabilities, and 17 years of direct
experience. Equipped with these qualities, DHS benefits from high-impact data management and ETL solutions.
In our response to question 2 above, we have defined a set of roles needed to deliver initiatives which achieve the
goals you have laid out in this service area. These roles are to be filled by practitioners with not only the right skill
sets to deliver on the requested contract services, but who also have experience successfully delivering at DHS.
This team is intimately familiar with your analytics environment, your overall IT architecture, and your business.
Through a team which leverages these roles based on the requirements in the eventual scope for this RFP service
area, we will support the below outlined activities, as described in our response to IV. Data Management & Extract,
Transform and Load (ETL) Operations on page 30-35 of this response form.

Activity Description
Execute and Execute and monitor daily, weekly, monthly, yearly, and other ad hoc load processes for the Data
Monitor ETL Warehouse, Analytics Cluster Data Layers, KIDS Data Mart, Tableau dashboards, and other similar
Processes analytics systems (e.g., Medical Examiner, Schools, and MPER Data Marts). Troubleshoot load process
warnings or failures and resolve as necessary.

Maintain and Resolve ETL process defects as necessary. Conduct ongoing tuning and optimization of ETL load processes,
Enhance ETL queries, and report/extract processes. Design and execute historical data fixes as necessary. Provide
Processes support for DARE or other DHS users by answering questions, providing clarifications, and/or researching
potential issues related to IDM assets.
Update ETL processes (and associated data structures) for required enhancements such as the addition of
new source systems to the Data Warehouse, Analytics Cluster, or Data Marts.

Perform Regular Validate the DW load process by comparing client/service aggregate counts on a month-to-month basis per
Quality Assurance source system to identify potential issues. Research alerts, potentially working with the source owner, to
Checks determine if the alert is actually an issue that needs to be rectified or if it is a natural change in the source
data. Perform validations for known data quality issues and rectify as necessary.
Validate ETL load process results for the Analytics Cluster through a series of monitoring reports that
compare the number of records in the source table to the target tables and flag potential issues for
research.
Work with DHS to define additional data quality checks. Activities include:
• Perform Data Profiling and Discovery process to identify data anomalies and outliers
• Design and develop quality rules to perform checks and balances between source and target warehouse
system
• Design and develop data quality monitoring plan (including reports and dashboards) to define personnel
and frequency in which the reports will be reviewed
• Define the process for taking remediation action in case of anomalies and data quality issues

13
 RFP Response Form
Information Technology Support and Professional Services

Activity Description
Conduct Ongoing Work with internal and external source owners to identify planned changes to IDM source systems (e.g.,
Impact Analysis enhancements to internal or external sources), or to the IDM infrastructure (e.g., Oracle database
upgrade). Research these to determine if the change would have a technical or functional impact on IDM
assets. Document confirmed impacts and resolve these by conducting appropriate enhancements and/or
testing to IDM assets.

Evaluate Utilize Deloitte’s Value Scan Framework to complete a full or partial assessment of the performance and
Performance of effectiveness of the Data Warehouse or other analytics solutions from a technology and a process
Existing Systems, perspective. Identify process maturity and improvement opportunities. Work with DHS to evaluate and
Make implement these opportunities as appropriate.
Recommendations

Maintain Continue to maintain a history of data changes in the client population through the use of “slowly
History/Audit Trail changing” dimensions and maintaining snapshots in fact tables. Implement additional solutions to
of Data standardize the process of maintaining history of data changes, such as maintaining an implementation log
and augmenting the existing fact and dimension tables to add metadata attributes.

Communication Conduct regular update meetings with DARE to review current status of in-process work items and discuss
and Collaboration risks, issues, and schedules. Prioritize new work items based on DARE’s business priorities. Additionally,
communicate relevant IDM status updates to Executive Sponsor, Executive Steering Committee, and other
DHS stakeholders as appropriate.

V. Operations, Systems Maintenance and Support Functions

A stable, optimized, cost-efficient and secure production infrastructure and IT application and analytics
environments are critical for DHS stakeholders to best serve the residents of Allegheny County. Deloitte brings
expertise in operations, system maintenance and support functions at hundreds of organizations across the globe
and specifically at DHS and other HHS agencies nationwide. This expertise combined with Deloitte’s mature
Maintenance and Operations methodologies which have been tailored for the DHS organizational environment,
along with our staff who know your production applications and infrastructure both functionally and technically
bring you the highest value option for Maintenance, Operations and Support. We are able to perform operations,
maintenance and support functions with less resources, better quality, higher speed and reduced risk.
In our response to question 2 above, we have defined a set of roles needed to deliver effective and quality
Operations, Maintenance and Support at DHS. Through a team which leverages these roles, we will support the
below outlined activities.

Activity Description
Application and Application maintenance for the 16 production applications identified in RFP Appendix (RFP page 17-21),
Data Warehouse associated internal and external interfaces (e.g., CWIS, CPCMS, Orphan’s Court, Provider Data Exchange,
Maintenance JDE, Onbase, etc.) and the Data Warehouse. Maintenance activities include:
• Incident/Task Analysis
• Service Desk Support
• End User Communications
• SME Support
• Data/Application Fixes
• PRT and Ad-hoc Request
• Training Support
• Data Duplication for Training
• Release Planning & Scheduling
• Release Regression Testing
• Maintenance Release Notes

Infrastructure Activities include:

Support Services • Configuration management and build support as applications transition between environments
/ Operations throughout Software Development Life Cycle phases and in the production environment
• Database administration across production and lower environments
• Administration of middleware and other software products in the DHS infrastructure including BizTalk,
Cognos, Tableau, DataStage and multiple other software products (listed in RFP appendix - RFP page
17)
• Support of maintenance monitoring and documentation of the above software products, including
version control, licensing, developer advisories, training updates and license renewals
• Batch schedule creation / optimization and ongoing batch operations and monitoring
• Database tool installation / support for DHS analysts
• Ongoing capacity planning

14
 RFP Response Form
Information Technology Support and Professional Services

Activity Description

• Analysis and resolution of outages, congestion and performance related issues

• Creation, ongoing updates to and implementation of infrastructure related documentation and
procedures, such as system performance analysis reports, batch run book, troubleshooting procedures,
and other documentation to support DHS IT operations
• Ongoing environment monitoring, performance tuning, and database optimization
• Consultation and support in other infrastructure related activities, as requested by DHS, such as
network support, software and hardware infrastructure support, support with system
upgrades/patches/ reconfigurations, and more

Infrastructure Ongoing planning, consultation on, and implementation of infrastructure enhancement activities to keep
Enhancements DHS infrastructure aligned with DHS business needs and latest industry trends and best practices. For
FY16-17, these activities include data storage / cloud options assessment, .Net framework upgrade across
production applications, Microsoft SCOM installation / configuration, Mobile Device Management
implementation support, transition and optimization of data feeds / loads to prevent negative impact on
data warehouse performance, enterprise service alert mechanism, service account password
management, and Tableau upgrade to version 10

For FY17-18, we have assumed that DHS may require support similar to FY16-17, in addition to the following:
• Enterprise Fiscal / Claims Management system with Program Funded and Fee for Service functionality,
scheduled to go live June 2017
• Integrated Housing Portal, scheduled to go live June 2017
• Synergy expansion, including Family Support Centers and Behavioral Health Residential
• Expanded mobile environment
• Expanded analytics and reporting environment (e.g., additional data warehouse sources, data layers,
dashboards, Tableau user base expansion, etc.).
At the same time as DHS end user support needs expand, we are committed to continue maximizing operational
efficiency in order to control costs, as we have done in the past and continue to do today. As described in our
response to V. Operations, System Maintenance and Support Functions, we will continue to take every possible
step to this end, such as:
• Getting to the next DevOps maturity level
• Increasing automation in testing and deployments
• Leveraging new tools and technologies (e.g., OpInsights) to maximize operational efficiencies
• Bringing the latest and greatest industry thinking in Maintenance and Operations to DHS
• Continuing to increase self-service functions for Service Desk to perform independent issue resolution
• Looking for additional opportunities for preventative maintenance

VI. IT Procurement Support

DHS needs proven methods to help drive efficiency in the IT Procurement process, including market analysis,
planning support, opportunity identification, SOW and task order creation support and effective criteria and tools
for evaluation. The process has to be smooth, involving necessary stakeholders while delivering efficiently to
deliver business objectives. Deloitte will leverage our methodologies, expertise and premier relationships with
product vendors and collaborate with DHS to develop successful IT procurement strategies and execute those
strategies.
In our response to question 2 above, we have defined a set of roles needed to deliver initiatives which achieve the
goals you have laid out in the IT Procurement Support service area. Through a team which leverages these roles
based on the requirements in the eventual scope for this RFP service area, we will support the below outlined
activities, as described in our response to VI. IT Procurement Support on page 42-43 of this response form.
Activity Description
Prepare • Drive industry & vendor research
• Bring to DHS technology innovation and Tech Trends
• Conduct stakeholder interviews
Discover • Conduct current state assessment
• Define technology & operations drivers
• Document selection criteria and evaluation tool aligned with DHS needs
Analyze • Complete product assessment and comparison using selection criteria
• Assist DHS in making product selection based on assessment results
• Provide an implementation roadmap and playbook

15
 RFP Response Form
Information Technology Support and Professional Services

Activity Description
Procure • Assist in preparing RFP or task orders
• Document comparisons for DHS to objectively evaluate vendors
• Assist in creating Statement of Work (SOW)
• Coordinate or provide support for Product demo for DHS, as required
• Assist with Product Proof of Concept, as required
• Support in instantiating product for consumption
• Assist in developing standards and guidelines (SAG) for consistency in use

VII. Security and Privacy

DHS manages a large amount of sensitive information (PII/PHI) for its clients and effectively managing security
and privacy is critical across the Agency. This includes analyzing IT systems for security considerations, providing
recommendations to comply with HIPAA requirements, enhancing the DHS infrastructure by leveraging Identity and
Access Management capabilities of Commonwealth of Pennsylvania and protecting DHS communications. Deloitte
brings to DHS the expertise and track record of success to serve as your strategic advisor and support you in this
business critical area.
In our response to question 2 above, we have defined a set of roles needed to deliver initiatives which achieve the
goals you have laid out in the Security and Privacy service area. Through a team which leverages these roles based
on the requirements in the eventual scope for this RFP service area, we will support the below outlined activities,
as described in our response to VII. Security and Privacy on page 44-48 of this response form.

Activity Description
Information Analyze and provide recommendations on the design for information technology and systems security. A
Technology and sample list of tasks to analyze system enhancement options required to accomplish compliance requirements
Systems Security in alignment with industry standards includes:
Analysis and • Develop Disaster Recovery and Business Continuity Plans
Recommendation • Review security of infrastructure and applications
• Identify gaps and recommend remediation plans
• Implement secure SDLC processes
• Coordinate and conduct annual disaster recovery test

Security Assist with security remediation efforts, including Health Insurance Portability and Accountability Act (HIPAA)
Remediation security. A sample list of the implementation tasks to support HIPAA security remediation and compliance
Support are listed below:
• Implement Enterprise Governance, Risk and Compliance (eGRC) Solution to manage risk and exceptions
• Implement data encryption for laptop and smartphone devices
• Implement Data Loss Prevention (DLP) solution and Security Information and Event Management (SIEM)
solution
• Conduct annual internal and third party risk assessments.

IAM Integration Implement Identity Access Management (IAM) integration. A sample list of tasks to integrate Commonwealth
of Pennsylvania IAM are listed below:
• Implement provider self-service registration, employee and contractor provisioning, privileged user
management for administrators and risk-based authentication
• Onboard DHS applications to single sign-on, web access management, privileged user management and
access certification campaigns for periodic review of application and infrastructure access
Communications Provide support to protect communications to ensure the integrity, availability and confidentiality of
Security Support communications. A sample list of tasks to meet the objective of integrity, availability and confidentiality of
communication and to protect communications are listed below:
• Development of processes and systems to protect communication within DHS, within the county, with
state agencies and external third parties
• Network configuration enhancements, IPS/IDS implementation, wireless network security and branch
office communication security and performing maintenance and operation of IT Network Security and
Vulnerability Management

For the items below, complete only the sections for the service areas you wish to propose. Service
areas not included in your proposal may be left blank.

16
 RFP Response Form
Information Technology Support and Professional Services

I. Project Management and Administration (50 points) Your response to this section must not exceed 5
pages.

1. Describe your plan to provide program management assistance, including project planning, tracking,
budgeting, scheduling and quality management. (10 points)
DHS continues to improve critical human service delivery to
Allegheny county residents through technology innovation and
you require a collaborative and detail-oriented partner to Focused
successfully manage numerous projects. Deloitte relies on a on Your Future
proven set of project management methods and tools, and
leverages these, along with our knowledge of your
organization and business, to implement a tailored DHS project • Our team continuously benefits from
management framework. This reduces risk to DHS as proven industry certifications and applies these
processes are defined to govern across project planning, frameworks through our lens of DHS
issues, communication, dependencies, scheduling, and quality expertise
domains.
• DHS benefits from the full breadth of
Deloitte draws upon various industry leading frameworks to Deloitte’s capabilities, continuously
apply best-of-breed project management methodologies to improving processes to achieve better
DHS’ unique environment. For example, we have facilitated outcomes
your adoption of agile methodologies by implementing a hybrid
agile approach. This results in DHS benefiting from many of • Comprehensive communication planning
Agile’s advantages, such as improved transparency in regards provides full transparency and enables
to tracking and development planning, while being mindful of DHS to provide input through various
your organization’s existing culture. touchpoints

Along with providing governance to the various projects and

threads within the program, we work with you to structure
project communication mechanisms, manage overall program
risk, and coordinate between various stakeholders. Utilizing
proven tools, including the Project Management Center (PMC)
tool which we bring to you at no cost, Deloitte facilitates the
best possible results for DHS across multiple work streams.
Communication, encouraging continuous feedback, and transparency supports the best results and manages
toward on time and on budget delivery. Using proven project management methods Deloitte focuses on
maximizing your rate of return, meeting your business needs, and achieving your business outcomes. Below are
examples of how we provide program management assistance to DHS, including proposed future enhancements to
current processes.

17
 RFP Response Form
Information Technology Support and Professional Services

Figure 4. Deloitte provides DHS with effective program management assistance.

2. Describe your plan for evaluating current process management approaches and recommending and
implementing flexible, adaptive, iterative approaches to development. (15 points)
DHS vision and program goals shape the processes employed at DHS; working toward these goals requires an
understanding of the present state. Our plan is to work alongside DHS staff on a continuous basis to review current
project management, business, and development processes. We leverage our knowledge of your current systems
and processes, mapping and correlating them to project goals, while recommending and implementing cost-
effective, flexible, adaptive and iterative agile approaches to development. We bring our breadth of knowledge and
experience in best practices and methodologies, as well as our understanding of the DHS culture and environment,
to aid in the assessment, recommendation, documentation and implementation of agreed upon method changes.
We have a proven track record both nationally and at DHS in adapting development methods and process over
time to reduce cost, increase quality and improve outcomes. Research shows that flexible, adaptive, and iterative
approaches create the most valuable features, delivered at the earliest possible moment in a ready-to-use state. In
the recent past, we have worked collaboratively with DHS to move from a waterfall lifecycle to a hybrid Agile based
lifecycle and moving forward, we will focus on continuing to mature our agile processes. The agile approach centers
on a sprint structure which allows for the Product Owner to select which features are built and reviewed every 2-3
weeks, shortening the feedback loop between the team and the Product Owner/Stakeholders.
As DHS has transitioned to a hybrid agile development approach, we have leveraged our expertise and worked with
you to develop an agile methodology most suited to your organization. Deloitte has a practice focused on Delivery
Methods and Tools, and one of the specializations in that practice is Agile. When DHS was in its early phases of
Agile transition, we brought to you a method coach from the Methods and Tools practice, who is solely focused on
helping Public and Private Sector organizations to tailor Agile approaches specific to their unique characteristics. By
partnering our Agile certified DHS practitioners with this dedicated expert, we worked with DHS to refine the
method for DHS and then train your project stakeholders. As Agile maturity grew across DHS, we brought you
additional recommendations for enhancing the Agile process and applying it to new areas, such as application
maintenance and enhancements. The results have been positive. Flexibility has increased as requirements have
become a starting point that can shift based on user needs. Additionally, transparency and feedback have

18
 RFP Response Form
Information Technology Support and Professional Services

increased throughout the

project development
process. At the same time,
we have continued refining
the hybrid Agile method
used at DHS based on an
ongoing assessment of
what’s working well and
what can be improved.
As DHS continues to expand
on the use of hybrid agile
project management
methodologies, Deloitte will
continue to support you in
this endeavor - finding ways
Figure 5. Scrum Project Management for Agile Development employed at DHS. to pull in the best of the
agile process which fosters
innovation, encourages collaboration, and enables quality along with speed to market. The goal is to create value-
based, leaner, high quality products and the best project management approach which helps govern the delivery of
these products.
On an ongoing basis, we will continue assessing the effectiveness of the Agile development method in use today
and recommend and implement ongoing enhancements. During this journey, you will have at your disposal our
Agile practice and the practitioners on the DHS Deloitte team who are Certified Scrum Masters and Certified
Product Owners. We also provide extensive Agile training to our practitioners through a Deloitte Agile Method Boot
Camp. In addition, Deloitte can provide a customized Agile Method Boot Camp and additional Agile training to
DHS staff.
Furthermore, we will explore other opportunities to implement flexible and adaptive approaches throughout your
organization, such as extreme programming, test driven development or pair programming. In an effort to
continuously improve, we take the same agile principles and apply them to project management processes and
business process reengineering. We hold periodic retrospectives, identify areas of improvement, and implement
those improvements immediately. Through subsequent retrospectives, we measure the effectiveness of
improvements and adjust accordingly, always continuously improving. As another recent example of this
continuous improvement cycle, we have brought to DHS ideas and recommendations to continue making your
Maintenance and Operations processes more agile, flexible and efficient.
While Agile is today’s most flexible and adaptive methodology, we know that continuous improvement is critical to
DHS and drives the IT industry. As new methods and tools emerge, Deloitte will assist DHS to adopt the next
generation of methods and tools, just as we have with agile. We are the partner for DHS that has the breadth and
depth of IT innovators that can take you to that next generation.

3. Describe your ability to provide effective consultation and efficient project management support
services, including ongoing communication with the user community and development team throughout
a project’s life cycle. (15 points)
Deloitte brings a team with deep expertise in consultation and project management support services. Our
practitioners have industry certifications, such as PMP and ITIL, and they are trained on and experienced in Deloitte
project management methods and tools, which have been developed over thousands of successful project
implementations. Our DHS project leadership team has over 50 years of combined experience consulting on and
providing efficient project management support services in Human Services organizations. We combine our
methods, HHS expertise and DHS experience to bring you consultation services that will provide best value
specifically in your environment.
Our approach in this area enables successful systems development and maintenance of new technologies and
operating models at low risk to DHS. We infuse rigor and discipline consistently throughout project task groups in
the form of structured controls to manage risk, monitor quality, measure performance, and maintain schedules.
Management controls also provide visibility into our processes, which allows us to apply continuous process
improvements. We leverage our knowledge and experience from DHS and HHS projects nationwide to:
• Support DHS’ long term vision and goals
• Maximize the effective use of IT by embracing and driving efficiency across DHS
• Meet the needs of the program offices

19
 RFP Response Form
Information Technology Support and Professional Services

Deloitte brings to DHS a unique

blend of skills, administrative and
program domain knowledge and
expertise in new strategic
technologies (such as mobile
applications, cloud computing, and
real time analytics), together with an
understanding of DHS business and
technical operations. We have
experience putting together teams
that incorporate a variety of skill sets
based on the needs throughout a
project lifecycle. Our joint team is
likely to include a mixture of people
at peak points across the multitude
of projects, to work together to
achieve the desired outcomes.
Coordinating this large number of
team members across projects,
programs and offices, confirming that
everyone understands their role and
deadlines, and using the same
consistent approach to manage the
project requires an over-arching
program and portfolio management Figure 6. Deloitte practitioners with previous Human Services experience,
approach and methodology. We working knowledge of DHS, and industry-leading management frameworks
bring this structure which helps result in a team that provides efficient and cost-effective management
everyone understand their key support services and communication to your organization.
responsibilities and in what order
critical project tasks and initiatives must be accomplished. In addition we have the ability to support you in
performing business case analysis for any planned projects and help you prioritize across your initiatives.
Ongoing Communication
Stakeholder groups are critical to the success of DHS projects. A full analysis of who those stakeholders are, how to
best communicate with them, when to best engage them, and what kinds of messages they need to encourage the
greatest collaboration and process adoption are critical and increase buy in as well as improve the end product. A
detailed communication plan, which defines when tailored messaging needs to be delivered to different
stakeholders, supports the goals of DHS by fostering a sense of control and camaraderie as the team works to
improve systems for the user community. Messages are carefully tailored to be inclusive and useful for the
stakeholders involved. Guidelines are defined to clearly indicate what type of communications are required and
which DHS stakeholders should receive these communications. This approach brings order to a potentially chaotic
situation, given the sheer number of key DHS stakeholders involved in a given project. We have a demonstrated
track record supporting DHS project leads in conducting such communication analyses and creating effective
stakeholder communication plans. As an example, we have recently worked with DHS on a provider engagement
and communication strategy for the Enterprise Fiscal project. This project impacts all DHS contracted providers,
and effective engagement and communication is critical to a successful rollout. We have partnered with DHS to
define and execute a communication strategy, keeping the providers informed and engaged throughout the project
lifecycle.
In addition to having an effective communication plan, another way our approach promotes transparency and
strong cross-stakeholder communication is the way we organize our teams. Each project is organized to meet the
needs of the specific project goals and objectives taking into consideration the tasks, activities, resources and staff
required. To do this, we adopt a consistent project team approach that includes IT as well as Program staff from
Deloitte and DHS. The DHS Product Owner helps set the goals, objectives, requirements and general direction of
project activities. This approach promotes transparency and communication throughout the project team at every
point in the project to continuously track, monitor, report progress and take corrective action when necessary. In
the Agile method, communication is further enhanced directly with the development team through daily stand-up
calls. Furthermore, our approach makes effective use of the fact that our team’s key resources have long-standing
relationships at Allegheny County in addition to understanding your administrative and management structure.
Our management team, which is responsible for project management and contract management will perform at an
overall Program Management Office (PMO) level as well as at the individual project level for projects in scope. The
management team is able to assess overall project operations to make critical business decisions to enable service
delivery that is in line with the project goals. The project team is then split into domain teams, providing the ability

20
 RFP Response Form
Information Technology Support and Professional Services

to effectively match resources by skill level and expertise to the areas where those resources can add the most
value. Such an approach removes overhead, increases transparency, and provides for a consistent and responsive
management team that understands your organization.

4. Describe your plan for performing software requirements elicitation and analysis, design,
development, testing, hosting and implementation tasks. (10 points)
Deloitte brings to DHS an extensive track record of working with complicated data systems. Our firm has depth of
experience in capturing requirements that meet the user needs and using disciplined software lifecycle and process
to implement those requirements. We leverage our hybrid agile process, infused with industry best practices and
Deloitte expertise, to successfully manage projects through requirements, design, development, testing, hosting
and implementation tasks. The following table describes some of the key activities in each task.

Task Description of Project Activities Deloitte Delivers Outcomes

Requirements • Requirements are gathered in a collaborative manner with DHS Product Create and/or update
Elicitation and Owner and other stakeholders throughout the lifecycle of the project. requirements documentation
Analysis • Whenever possible, we bring to you already available business process and throughout the project,
IT assets as inputs into the IT requirements process. providing DHS with increased
• Gathered requirements are analyzed for completeness and fit into the DHS flexibility to manage change in
environment, including Security and Infrastructure considerations. scope

Design • Design focuses on meeting requirements through best value technology Leverage existing DHS
solution and optimal use of DHS enterprise assets, reducing enterprise artifacts greatly
implementation risk and effort reducing IT solution
• Functional and technical designs are formulated during development development effort
sprints. These include application design, data model, data definitions,
technical specifications, technical architecture, business logic diagrams,
screen flows, screen mockups, business roles, and interface designs.

Development • Developed Code follows generally accepted coding practices and DHS DHS benefits from complete
standards following a 3 week agile development life cycle while meeting transparency to our
quality management standards development activities through
• Allow for and incorporate frequent feedback from DHS Product Owner our hybrid agile approach and
throughout development process, including sprint planning, daily standup gains confidence that security
calls and sprint demos vulnerabilities are being
• Follow Security standards incorporated into Secure Software Development automatically identified and
Lifecycle (SSDLC) resolved

Testing • Develop test case scenarios and update existing test scripts that will be With our extensive knowledge
reviewed and validated; look for opportunities to create automated test of your existing IT solutions
scripts and business, unique scenarios
• Plan and execute the following: System Integration Testing, Performance are identified and tested,
Testing, Security Testing, Regression Testing, and when applicable, improving overall quality
Conversion Testing
• Plan and assist with User Acceptance Testing

Hosting • Conduct capacity planning activities early in the development process Capacity plans include
• Work with DHS to determine the software hosting plan innovative options, such as
• Work with the DHS infrastructure team to make available necessary hosting on cost-effective cloud
hardware and other infrastructure components and perform any other platforms
infrastructure activities such as providing connectivity with external
partners
• Develop code migration plan that includes migration tasks and activities to
lower and production environments
• Execute plan and host the solution

Implementation • Develop implementation plan to include schedules, dependencies, Solution implementations are
resources, and contingency plan for production implementation; look for successfully planned for,
opportunities for rolling deployments to allow for increased uptime monitored, and supported to
• Support DHS training activities, as required, including environment provide seamless software
preparation and Subject Matter Expertise deployments
• Conduct Knowledge Transfer activities and provide post go-live end user
support

Figure 7. Deloitte delivers key activities in requirements elicitation and analysis, design, development, testing,
hosting and implementation tasks.

21
 RFP Response Form
Information Technology Support and Professional Services

II. Project Development (50 points) Your response to this section must not exceed 5 pages.

1. Describe your ability to evaluate new software products and technologies and provide
recommendations for enhancing existing systems or building new systems. (20 points)
DHS seeks to continuously evaluate and identify efficient
and innovative IT solutions in order to support the delivery Focused
of quality, comprehensive and integrated human services to
its clients. DHS’ strategy is to leverage best of breed
on Your Future
products and technologies that enable DHS to remain
flexible, to maximize IT investments, and minimize total
cost of ownership of your IT solutions and infrastructure. • Best positioned to assess greatest ROI
Deloitte understands that this strategy is crucial to ensure solutions for DHS, given our experience of
that DHS benefits from the rapid advancement in your existing enterprise IT footprint
technology, packages, and products. • The breadth of Deloitte’s expertise, across
DHS’ complex IT needs require a partner with a successful both the public sector industry and
track record as an integrator of various types of solutions, unmatched technical capabilities, are at DHS’
such as COTS, SaaS, existing DHS IT artifacts, and transfer disposal
solutions from public sector agencies across the nation. We • Proven capabilities in integrating and
bring our diverse technology practices to focus on your maintaining solutions comprised of both
most challenging business issues in order to deliver the custom and product components
utmost value to DHS. As part of our partnership, DHS can
engage our various product practitioners across technology capabilities, as depicted in Figure 8, who can help
inform how DHS
could leverage
specific products or
services across
business scenarios.
We evaluate different
technical solutions to
achieve a given
business case
objective utilizing our
Product and
Technology
Evaluation
Framework. This
proven methodology
prescribes specific
tasks to consistently
weigh various factors
in determining the
best technical
solution to achieve
specific business
objectives. The
framework requires a
Total Cost of
Ownership (TCO) to
be calculated per IT
solution option to
consider not only the
effort required to
Figure 8. Deloitte supports DHS using our diverse technology capabilities. implement an IT

solution, but also the relative effort

required to maintain, scale, and
enhance the solution as DHS needs
grow.

22
 RFP Response Form
Information Technology Support and Professional Services

The framework includes numerous technical approaches and options, such as software-as-a-service, open source
development packages, existing DHS IT enterprise components, products, and others. In collaboration with DHS,
we analyze these options across various functional and non-functional domains, such as functional requirements,
user experience, security, performance, disaster recovery, TCO, and infrastructure needs. We make value based
recommendations after the various options have been vetted and compared against one another.
Based upon these evaluations, we consider the total cost of ownership of a given solution and work with you to
determine the best way forward, whether that be to integrate a package, implement a product, or to incrementally
migrate from custom developed platforms. When presenting options, we consider emerging technologies, and how
new products could ultimately translate into a greater flexibility for DHS and a high rate of return on your IT
investments.
We have worked with you on multiple occasions to help you make the right, DHS-focused decisions, from
conducting a middleware platform evaluation and working with you to select BizTalk, to supporting you in the
selection of the CoPA IAM platform, to leveraging DHS custom enterprise components to support various program
needs while reducing development effort, to bringing you ideas around utilizing Nudging concepts to solve your
business challenges. We believe that we are best positioned to evaluate and guide the most impactful integrated
solutions to DHS moving forward, combining our global technology and Public Sector capabilities and expertise and
our DHS knowledge and experience, and we are committed to working with you to make the best decisions for
DHS.

2. Describe your plan for developing new software solutions utilizing a wide range of programming
languages. Development plan must include opportunities for DHS to provide feedback on in-process
plans. (5 points)
Deloitte acknowledges that DHS seeks to have flexibility in its technology and programming choices and the
opportunity to provide feedback. In addition, DHS’ partner must have the capability to develop solutions across the
technical spectrum, from legacy, to web, to mobile, to analytics, as well as have the ability to integrate and
capitalize on near-future technologies such as virtual reality, internet of things, and robotics.
Our Plan to Develop New Software and Incorporate DHS Feedback
We create a development plan which outlines the basic technical platform, approach, technical products, and
program languages that are leveraged to deliver the IT solution. Figure 9 summarizes how we build a Development
Plan.
With our development process,
we assess new development
opportunities to support DHS’
business objectives with a mind
towards utilizing the most
effective COTS, tools, and
languages. We find
opportunities to develop
solutions that are enabled and
accelerated by various
programming languages,
frameworks, and technical
products – across both products
and open source offerings.
Aligned with our belief that
continual collaboration is a
necessity for software
development efficiency, we
facilitate multiple checkpoints
with DHS to gather timely
feedback, which is ultimately
incorporated into the
development plan. This is
especially evident in the hybrid
agile development approach,
which we now utilize for the
Figure 9. Developing New Software Solutions at DHS.
majority of our software
development projects, as DHS is able to provide feedback at various points. In this manner, DHS feedback can be
immediately incorporated, regardless of project phase.

23
 RFP Response Form
Information Technology Support and Professional Services

The table below summarizes just some of the wide variety of development languages and tools Deloitte has
leveraged and continues to leverage at DHS:
Development Examples of Languages &
Benefits to DHS
Approach Tools Utilized
COTS Based • BizTalk, PostMan, Data • Reduces implementation risk and development effort for functions where
Development Integrator, Group1, IBM products are available on the market
Security AppScan, Cognos, • DHS’ external interfaces are implemented via a common approach, using
Tableau tools which provide critical capabilities, such as queuing, error handling and
HIPAA transaction support
• Other business critical functions, such as security scanning and address
validation are available in COTS
Leverage • MVC, XML, XAML, VB.NET, • Leveraging existing enterprise IT artifacts provides for streamlined solutions
Existing Microsoft Web API 2.0, and common data storage, supporting DHS’ overall agency objective of
Enterprise Visual Studio 2015 providing integrated services to their clients
Artifacts • Overall development effort is reduced when standardized enterprise
modules, like MCI or DHS Assessment Tool, are integrated
Custom • ASP.NET, C#, JavaScript, • Existing, industry-supported frameworks leveraged to accelerate
Development JSON, jQuery, Boostrap, development
CSS3, Xamarin, Xcode, • Utilizing proven frameworks translates into reducing overall risk, effort, and
Swift, vis.js, PL/SQL, maintenance costs to DHS
HTML5, Oracle tools, Visual • When appropriate, solutions are developed with end user configuration
Studio 2015, TestFlight, capability which reduces reliance on IT and empowers the business (e.g.
inTune ClientView Admin Module, Predictive Analytics Configuration Tool, Build-a-
Tile in KIDS, workflows in Synergy, self-service functions for Service Desk,
etc.)
Figure 10. The Deloitte team has broad experience at DHS across numerous programing languages and IT tools.
Another important aspect of our value proposition is that each of our staff are experienced in multiple technologies
utilized at DHS. This means that each team member can effectively play multiple roles within a development
initiative or can be deployed across multiple initiatives, resulting in increased speed of delivery and reduced cost to
DHS. Further, our DHS team has deep experience with the various development technologies utilized in your
development initiatives (listed in RFP Appendix Applications and Systems Currently Used by DHS). Deloitte has
proven to have the skills to be your system integrator, with the ability to integrate between existing systems, new
systems, IT products, and open source packages.

3. Describe your plan for creating and maintaining appropriate documentation to facilitate effective
knowledge transfer so that DHS can fully use any solutions developed by Successful Proposer(s). (10
points)
Deloitte understands that creating and maintaining appropriate documentation is crucial so that DHS may fully
utilize any IT solution. Documentation supports DHS in numerous ways, such as facilitating effective knowledge
transfer and confirming that various roles and specialists have the necessary tools to support effective training. We
leverage our proven Knowledge Transfer (KT) Playbook to support DHS’ objective in fostering a collaborative
environment where anyone can benefit from, or improve, DHS’ IT solutions.
Creating Knowledge Transfer Documentation
Deloitte’s Knowledge Transfer Playbook prescribes a specific KT Plan Development Methodology, as summarized in
Figure 11. Based upon the KT Plan, knowledge transfer documentation is created and shared with DHS
stakeholders through the most effective channels, based upon the assessed DHS staff needs. Involving DHS
throughout a project’s lifecycle has proven to be one of the most effective means to achieve knowledge transfer.
Based upon this, our Knowledge Transfer Playbook suggests that DHS stakeholders be involved throughout the
project lifecycle.
Below is a summary of the formal and informal KT Documentation approaches that could be used to spread
knowledge to various DHS stakeholders.

24
 RFP Response Form
Information Technology Support and Professional Services

Figure 11. Knowledge Transfer Plan Development Process.

Knowledge Transfer
How Our Knowledge Transfer Approach Benefits DHS
Documentation
System Documentation Different system documentation artifacts are developed to help support different DHS stakeholder
needs:
• Technical User Manual: Provides information that would enable DHS staff to maintain and enhance
the IT solution components. Serves as a resource in the ongoing maintenance, support, and
enhancements
• System Operations Manual: Provide the operations staff details about IT solutions, its components
and dependencies so they can support the application from an infrastructure and system
administration stand point
• System Standard Manual: Comprehensive guide containing development and coding standards,
database conventions and data dictionary guidelines for application developers (e.g., error handling
standards, etc.)
• Requirement Documents: Includes both functional and non-functional requirement artifacts, as well
as test scenarios, so that comprehensive system documentation can be referred to by end users at
any time
Technical Code Targeted to technical staff, developers provide a live demo and review of the developed code and
Walkthroughs associated unit testing. This is a key transfer activity as DHS ultimately owns any developed source
code.
Functional Knowledge Targeted to functional staff, the solution is demonstrated to end users so that they can best utilize the
Transfer Sessions application to realize benefits. From these sessions end user training materials could be developed.
Mentorship / One or more mentors are identified and available to provide support either onsite or on an as needed
Shadowing basis. Further, mentors could provide on the job shadowing if additional high-touch support is
determined to be beneficial.
Lunch & Learns Informal knowledge sharing sessions, where basic concepts and functions are presented and
demonstrated (e.g., application data structures, Non-Placement Referral functionality, etc.)

Figure 12. A wide variety of Knowledge Transfer activities to meet DHS’ specific needs.
Maintaining Knowledge Transfer Documentation
A repository of system documentation is most valuable when care is taken to keep the documentation maintained.
Our KT Playbook prescribes that as part of any project development initiative, we take time to analyze existing
system documentation, share the documents that require updates, and update where necessary.
Maintaining system documentation is less likely to become an afterthought and greatly increases DHS’ ability to
realize maximum potential from your IT investments.

25
 RFP Response Form
Information Technology Support and Professional Services

4. Describe your ability to provide support services to enhance mobile and wireless technology use as
well as use of cloud solution(s). (15 points)
DHS wishes to continue exploring the latest technologies to
discover innovative and cost-effective tools that increase your Analyst
operational efficiency and improve client service. Deloitte is
committed to use our expertise in mobile, wireless, cloud and Accolades
other emerging technologies guiding DHS to make investments
in technologies that pay dividends for years to come.
Deloitte has received the following accolades
Our Ability to Enhance Mobile and Wireless from ALM Intelligence (formerly Kennedy):
Technologies
Deloitte has the required experience to further define your • “Global Leader in Digital Innovation”,
enterprise-wide mobile computing plan and then execute on 2016
that plan. Our Deloitte Digital practice specializes in various • “Global Leader in Cloud Consulting”, 2016
digital technologies, including mobile and wireless. With • “Global Leader in Mobility IT Strategy”,
expertise implementing mobile solutions for both public and 2014
private sector clients, Deloitte has a wide range of capabilities
and expertise in mobile, from strategy services around overall agency mobile plans, to user experience, to mobile
application development using a variety of technologies such as Xamarin, to mobile infrastructure support. For
example, when the US Department of State’s Information Resource Management agency needed a platform to
provide IT services to globally deployed diplomats, they partnered with Deloitte to develop a mobile roadmap. With
this strategy in hand, Deloitte assisted in implementing mobile and remote access to technology services,
ultimately enabling diplomats to share critical information in a timely manner.
DHS has already benefited from these capabilities through DHS QuikCase, a cross program case management
mobile app that has been well received by your on-the-go workforce. Deloitte proactively identified two functions
widely used throughout DHS which could greatly benefit from a mobile technology approach – contacts and photos
– and we then made an internal investment to develop and roll out this mobile application. Further, DHS benefited
from our specialists in Mobile Device Management, who assisted DHS by drawing on their experiences rolling out a
suite of apps to thousands of employees distributed across the globe. We would build upon this momentum as we
collaborate with DHS to develop an enterprise-wide mobile computing plan and continue expanding your mobile
and wireless footprint.
Our Ability to Leverage Cloud Solutions for DHS
DHS has been a pioneer in driving the vision of cloud enablement in their technology landscape, even ahead of the
Commonwealth and many other agencies. A recent cloud assessment completed for DHS provides a realistic
roadmap in driving the Hybrid Cloud vision forward while lowering the implementation risk and operating cost. The
assessment shows 17 specific domains where DHS can effectively leverage the cloud and save over 25% in
operations cost over time. Deloitte provides a migration methodology and accelerators tailored to DHS’ workload
and existing datacenter construction with defined template migration methods for effective VtoAWS and VtoAzure
adoptions. These are critical for DHS as it helps drive the cloud migration quicker with reduced cost footprint and
increase in application agility, infrastructure and capacity flexibility. While there are benefits of moving to the
cloud, Deloitte also understands DHS’ landscape to highlight areas of risk like constrained exit strategy and storing
of sensitive data containing PII, PHI or FTI data. To address these risks, Deloitte provides options to move to a
private secure cloud instance or collaborate with the State leveraging their highly scaled, optimized and cost
effective Datacenter. In this and other examples, Deloitte’s expertise in cloud solutions, including the unique
challenges faced by government agencies in this space, combined with our cloud vendor relationships and
understanding of DHS makes us uniquely positioned to be your strategic partner on your cloud adoption journey.
Beyond Mobile and Cloud
DHS is an innovator among human service agencies, in part because of a wide array of technologies used to
support delivery of mission critical and holistic human services. In addition to mobile and cloud, additional
opportunities exist today to use emerging technologies at DHS with the goal of improving client service and
increasing organizational efficiency. Examples include augmented reality environments for caseworker training,
unstructured data analysis and prescriptive analytics for making best fit service suggestions, and Everything-as-a-
service (XaaS) for driving more cost efficiencies. Utilizing our breadth of emerging technology expertise, Deloitte
stands ready to help you continue identifying the right opportunities to utilize innovative technology solutions that
allow you to meet your program objectives and to remain at the forefront of leading change in the marketplace.

26
 RFP Response Form
Information Technology Support and Professional Services

III. Reporting (30 points) Your response to this section must not exceed 3 pages.
1. Application Reporting: Describe your ability to conduct analyses using a series of concise, interactive
long-term reporting solutions. (10 points)
Clear and concise application reporting positions DHS with the requisite information to analyze operational and
strategic business decisions. In addition, it provides DHS with the ability to make insight driven decisions to answer
an array of critical business questions with a focus on helping to improve human service delivery and outcomes for
Allegheny County residents. Deloitte brings expertise in Health and Human Services (HHS), specific functional
understanding of DHS, and deep technical skill sets in designing and developing reporting and analytics solutions.
This combination of subject matter knowledge and technical expertise allows us to understand and translate your
business questions into reporting solutions designed specifically for the users in order to support the intended level
of analysis and provide the ability for DHS to make fact based decisions.
Deloitte is well positioned to continue to be your application reporting partner. Our team is staffed from our world-
class Analytics and Information Management (AIM) practice which includes more than 1,100 consultants, many
with public sector experience, who specialize in techniques and technologies relevant to DHS. Through our AIM
practice our staff stay up to date on the latest reporting trends and technologies utilizing industry alliances with
major reporting vendors such as IBM Cognos and Tableau.
Our DHS reporting team has significant expertise in the reporting tools in use at DHS and in the underlying data,
which increases efficiency and reduces risk for your application reporting initiatives. We have collaborated with DHS
over the past 15+ years to deliver a myriad of application reporting solutions to support a multitude of DHS
program areas. A few of the recent reports we have delivered for DHS and their business impact are highlighted in
the table below.
Report Description Business Value to DHS
KIDS The Supervisor Log is a dynamic report that Supervisors now have a better pulse on the quality of their
Supervisor quickly identifies any compliance risk areas for a staff’s service delivery and can more efficiently monitor their
Log given CYF case. unit. This report has become the cornerstone of supervisor and
case worker compliance meetings.
Allegheny The Allegheny Link Contact Summary Report Workers are able to quickly view contacts that have been
Link Contact provides a view of the most recent contacts made made with a consumer to help understand the consumer’s
Summary with a consumer and the details of the contact. situation and the best way to contact them. This expedites
Report their business process and ability to reach clients who are in
need of services.
Transition Transition Planners, Education Liaisons, and 412 Workers are able to share a physical version of a youth’s
Plan for Youth Zone workers are responsible for creating Transition Plan that is presented in an intuitive and easy to
Independent Transition Plans for youths involved with understand format. This allows the youth to more easily
Living Report Independent Living. The Transition Plan report understand their plan and work towards achieving their goals.
was implemented for DHS that summarizes a
youth’s accomplishments, strengths, goals and
action steps.
Figure 13. Recent application reports created for DHS.
For conducting analyses Deloitte brings a proven framework which consists of five phases: Define, Gather, Explore,
Analyze and Deliver. This framework is depicted in Figure 14.
In addition to our analysis framework, Deloitte can also help DHS accelerate future application reporting through
our proprietary HHS reporting and analytics solution, HHS Interactive. HHS Interactive is a full scale, enterprise
reporting platform that provides stakeholders with a myriad of out-of-the-box reporting and analytic capabilities
ranging from application reporting, cubes, and ad hoc to interactive dashboards, GIS, and predictive analytics.

27
 RFP Response Form
Information Technology Support and Professional Services

Figure 14. Deloitte’s Data Analysis Framework.

2. Ad hoc Reporting: Describe your ability to prepare customized ad hoc reports, presentations, custom
charts and maps, as well as data collection and interpretation upon request. (5 points)
Ad Hoc reporting is critical to providing DHS with the flexibility to expediently respond to on-demand requests. In
addition, ad hoc reporting helps empower business users to understand, analyze, and mine their own data. Deloitte
brings extensive experience and knowledge implementing ad hoc reporting solutions for HHS clients. These
solutions provide intuitive, concise, easy to use ad hoc packages for data analysis and reporting. We have
partnered with numerous HHS organizations to deliver ad hoc solutions which provide users with the ability to
create and run business queries. This empowers users with the ability to create, run, and reuse their own queries
as new business questions arise.
At DHS we have created data analytics layers, Cognos cubes, and Query Studio frameworks to allow for DHS to
perform self-service ad hoc reporting without reliance on IT. We have also provided queries and packages for DHS
to build upon to answer business questions. In addition to the ad hoc self-service solutions, we work collaboratively
with DHS to create custom ad hoc reports, presentations, charts and maps, data collection, and data interpretation.
We leverage our extensive expertise in DHS IT applications and analytics environment to produce accurate ad hoc
reports in an efficient and expedient manner. In the past year alone, we have delivered over 100 ad-hoc reports for
DHS. The table below presents a few examples of our recent experience working with DHS.
Requirements Deloitte’s Experience Working Collaboratively with DHS
Prepare Deloitte often prepares customized ad hoc reports from the Data Warehouse or the other application
customized ad hoc databases. For example, each year DHS publishes statistics regarding clients served and services provided
reports across Allegheny County communities. Deloitte assisted DHS by compiling data from the Data Warehouse
using reusable and fully documented scripts.
Presentations Deloitte creates presentations by exporting existing reports or ad hoc query results into PowerPoint. For
instance, as part of the process to import four new Courts-related source systems into the Data Warehouse,
we recently prepared presentations that included a summary of data quality of demographic fields related to
each source.
Custom charts and Deloitte has delivered numerous charts and maps to DHS as part of several dashboards. For example, the
maps recently implemented Dragonfly Dashboard includes several line charts, bar charts, and other innovative
visualizations (including maps) that provide the manager with at-a-glance insights into the program.
Data collection and Deloitte works with DHS to collect data across systems and assist in analysis and interpretation as needed.
interpretation upon We recently assisted DHS in preparing an analysis of homeless recidivism for a meeting with external
request stakeholders. We worked together to define detailed logic to identify and measure recidivism considering the
time between homeless episodes, if the case was actively managed by a Homeless Service Coordinator, the
type of housing the client had previously exited from, and the household size and type.
Figure 15. Examples of Deloitte’s ability to create ad hoc reports, presentations, charts, maps, and analyses.
In addition to delivering the above reporting capabilities to DHS, Deloitte can help enhance ad hoc functionality by
leveraging the innovative capabilities currently available in HHS Interactive. HHS Interactive provides users with
the ability to quickly and efficiently design and develop their own reports by dragging and dropping a series of data
elements. Once the data elements are selected, HHS Interactive has an in-built data exploration tool which
automatically recommends graphs and chart type options based on the user selected data. Using data exploration
users can compare and contrast data in various different graph formats ranging from bar charts and line charts to
maps, scatter plots, and tree maps. This helps to ensure that the developed ad hoc report provides end users with
an impactful and intuitive visualization.

28
 RFP Response Form
Information Technology Support and Professional Services

3. Dashboard Reporting: Describe your ability to develop and maintain existing dashboards using
Tableau and Cognos reporting tools to support operational, fiscal, evaluation and other reporting needs.
(15 points)
Dashboard reporting capabilities are critical to drive informed
decision making at DHS. Having the ability to view the right Key
data at the right time can help DHS stakeholders make
decisions to proactively manage and improve program
Benefits
operations. Deloitte provides DHS with extensive expertise in
developing and maintaining intuitive dashboard solutions using
• Enhance data driven decisions by
both Tableau and Cognos for program administrators and
visualizing data in an intuitive and easy
supervisors. Deloitte has built hundreds of dashboards to
to understand format
support a myriad of HHS business needs. From improving staff
allocations to identifying abuse/neglect, we bring multiple • Enhance collaboration by leveraging
dashboard visualization examples which can help serve as dashboard sharing to send custom
accelerators when building dashboards for DHS. snapshots to other users in your
We understand that Tableau is the DHS dashboard platform of organization
the future. Deloitte is Tableau’s largest customer. Deloitte and • Improve operations by near real-time
Tableau have developed a partnership that has embedded monitoring to track critical operations and
Tableau skills throughout our organization. Over 5,000 of our identify bottlenecks
practitioners use Tableau to deliver data based decisions and • Increase transparency by
visualizations. We bring to you our Insight Studio team for consolidating, aggregating, and
dashboard development and support, which specializes in user- standardizing data to continuously
centered dashboard reporting. Our approach is based on user-
monitor cross-program metrics
centered design, rapid and collaborative prototyping, and co-
creation of solutions to facilitate actionable insights. We are
able to create a vision and develop wireframes of the prototype early in the process, which drives collaborative,
iterative development of a project. This provides proactive time management, risk mitigation, and tracking of
functionality and data incorporation into our prototypes, ultimately resulting in reduced cost and timelines to
deliver dashboards solutions. In addition to bringing the right approach to design, develop, and maintain
dashboards, we also have the ability to make our solutions interactive. By applying a series of custom measures,
dimensions, filters, and calculations into dashboards, users are given enhanced interaction with data. Through
dynamic filtering users can view both aggregate cross-program metrics and drill-downs to view client or case level
details. Our dashboards incorporate a series of innovative APIs which allows us to embed predictive analytics,
advanced geospatial tracking, and text / sentiment analysis directly into the visualization. Whether leveraging
dashboards to understand the past, analyze the present, or predict the future, DHS will be positioned with the right
insights to improve the lives of Allegheny County residents.

Figure 16. Deloitte has developed and maintained hundreds of dashboards at HHS agencies across the country
both in Tableau and Cognos.

29
 RFP Response Form
Information Technology Support and Professional Services

IV. Data Management & Extract, Transform and Load (ETL) Operations (60 points) Your response to this
section must not exceed 6 pages
Planning/Design
1. Describe your ability to develop ETL process for new source systems, including conducting regular
update meetings. (10 points)
Reporting and analytics capabilities are critical for DHS to drive informed decision making. Over the past 15+ years
DHS has established a nationally
leading human services information
platform with the Data Warehouse
at the foundation. This platform has
been continuously expanded with
new source systems and
architectural enhancements, such as
the Analytics Cluster. ETL processes
are a critical component of the
information platform, as they
integrate various source data into
your information platform helping
the Department achieve your
reporting objectives. Given the
criticality of this data platform to
achieving your mission, DHS needs
an experienced vendor to develop
ETL processes. Through our
extensive national and DHS specific
experience, Deloitte is well
positioned to develop new ETL
processes while working Figure 17. Public Sector Data Management and ETL Experience.
collaboratively with DHS to ensure
effective delivery through regular update meetings.
Deloitte’s team of ETL specialists at DHS is staffed from our Analytics and Information Management (AIM) practice.
Our AIM practice includes more than 1,100 consultants, many with public sector experience, who specialize in
techniques and technologies relevant to DHS. This includes general data warehouse design and management, ETL
technologies such as IBM DataStage, and reporting technologies such as Cognos. We have demonstrated the
benefits of this deep bench over the course of our long term partnership with DHS to define, develop, and optimize
the ETL. We continue to support the development of new ETL processes that integrate additional data sources to
the current environment.
As highlighted in Figure 17, Deloitte has more than 35 years of experience delivering Information Management and
Analytics solutions to an array of government agencies. We design, develop, and implement integrated data
management, data warehousing, and reporting solutions that allow our clients to derive insight from their
information. This experience positions Deloitte with the knowledge, scale, scope, and capabilities to help DHS
expand their information platform through the development and enhancement of ETL processes.
Our ability to develop and maintain ETL process for new source systems
Our ability to develop and maintain ETL processes for new source systems is proven by our extensive experience
delivering data warehouse solutions for a wide array of clients, including DHS. For more than 15 years we have
assisted DHS in creating a comprehensive and robust Data Warehouse to support reporting and analysis needs.
During this time, the Data Warehouse has expanded to include 24 active source systems that represent 37
different human service program areas or school districts as listed in Figure 18. In addition, since 2015 Deloitte has
designed and developed fourteen Analytics Cluster Data Layers for DHS to support an environment for data
exploration, ad hoc reporting, and dashboards. Other
analytics solutions such as the KIDS, Schools, Medical
Examiner, and MPER Data Marts have also been
created. We have designed and developed hundreds
of ETL processes using PL/SQL and IBM DataStage to
load source details into the Data Warehouse and
other analytics solutions.

30
 RFP Response Form
Information Technology Support and Professional Services

Together these analytics solutions

provide DHS with the tools to analyze
client and service utilization data within
and across programs. Insights from
analyses inform policy and day-to-day
program management. The platform
also provides DHS with the
infrastructure necessary for advanced
analytics solutions such as child welfare
predictive analytics risk scoring model.
Deloitte utilizes our in-depth
understanding of the environment as
well as our established and proven
Enterprise Value Delivery for
Information Management (EVD for
Analytics) methodology to integrate
new source data into the DHS Data Figure 18. Current Data Warehouse Source System Integration.
Warehouse (and other analytics solutions). New sources are efficiently added to the Data Warehouse by leveraging
custom created accelerators and the reuse of common ETL components, resulting in lower implementation risk and
cost savings to DHS. In the past six months Deloitte has added two new sources to the Data Warehouse: Birth
Certificates and HealthChoices Eligibility, and completed a major redesign of the Schools Data Mart. The team is
also currently working on adding four new Courts-related sources to the Data Warehouse. We recognize that DHS
desires to continue expanding the Data Warehouse’s analytical capabilities by adding more programs. The table
below includes a few of these additional program areas. Deloitte brings added value to integrating these program
areas due to our understanding of these programs through our work with DHS as well as with the Pennsylvania
Departments of Human Services and Labor and Industry, along with other state agencies.

Program Area Relevant Data Sets

Additional DHS Programs Synergy (case management system) and IRES (emergency services) data
Workforce State or local level Workforce data
Medicaid Physical Health Medicaid data

Figure 19. Potential new source data that can be integrated into the Data Warehouse.

Our ability to conduct regular update meetings with stakeholders

DHS and Deloitte together have developed a process that is working well to provide regular updates. Every two
weeks the Deloitte team conducts a status meeting with DARE Data Leads and Analysts. This meeting is to provide
updates on in-process strategic and operational work items (or “tickets”) as well as other maintenance and
operations activities. In addition to status, issues and risks are discussed, as well as the schedule. Course
corrections are noted and subsequently implemented. The agenda also includes identifying new tickets that should
be added to the product backlog and a prioritization discussion. Prioritization is conducted in this group setting to
ensure that the Deloitte team is working on the strategic enhancements and operational activities with high priority
and business value. In addition to this meeting, there is also a meeting with the Executive Sponsor and subsequent
reports to the Executive Steering Committee. These meetings provide transparency, clear communication, and
collaborative prioritization across multiple stakeholder needs. To further enhance this process, Deloitte will develop
a dashboard that provides up-to-date status on the work items and requests to various DHS stakeholders.

2. Describe your ability to evaluate performance of existing systems and make recommendations for
enhancements and corrective actions. (10 points)
Robust data management capabilities are critical to drive informed decisions at DHS. Having the ability to leverage
the right data at the right time helps DHS leadership and stakeholders to achieve desired outcomes. As the
information platform continues to expand, it is critical to continuously evaluate the current state and implement
enhancements and/or corrections that maximize the value of your investment while maintaining data accuracy and
integrity. Additionally, due to DHS’ maturity level it is important to work with a partner like Deloitte that brings
information management and analytics thought leadership and significant expertise. Deloitte will leverage our
proven methodologies and framework to evaluate the performance of the existing systems and provide tailored
recommendations to DHS.

31
 RFP Response Form
Information Technology Support and Professional Services

Our approach and ability to evaluate the performance of existing systems

Our overall approach to evaluate performance of existing systems for DHS will be governed by Deloitte’s Value
Scan Framework (Figure 20) - our proprietary current state and future state data gathering and assessment toolkit
and questionnaire specific to assessing the performance and effectiveness of data platforms from both a technology
and process perspective. As part of the framework, existing technology and processes related to data collection,
data analysis, and other data management areas are assessed against benchmarks to identify process maturity
and improvement opportunities.
The opportunities identified using the Value Scan Framework assessment lay the foundation for the business and
technical architecture and key use case design. These use cases are then validated against the modern analytics
capabilities and Deloitte’s industry proven Reference Analytics Architecture Framework (Figure 21) to identify

Figure 20. Value Scan Framework.

potential gaps. Based on the gap

analysis, Deloitte will work closely with
DHS to identify and evaluate
opportunities to enhance different
aspects of DHS existing systems such
as infrastructure, data quality
management, and level of data Figure 21. Reference Analytics Architecture.
integration across systems.
Recommendations for enhancements and corrective actions
At any time we can leverage the Value Scan Framework and Reference Analytics Architecture to either conduct a
comprehensive data platform assessment or to do a mini-evaluation in a specific area within the analytics
architecture. These tools and frameworks are very important to our ability to conduct strong evaluations, but the
“Secret Sauce” lies not just in the tools but also in our experienced practitioners in Analytics and Information
Management who are well versed in DHS business objectives and information technologies and who can apply
Deloitte’s tools in a manner that brings maximum value to DHS.
Deloitte has identified several potential opportunities to modernize and enhance the current environment.
Data Warehouse
Details
Recommendation
Data Integration Hub Establish a centralized, and unified data repository that can support publishing and subscription of data
across stakeholders to support their data analysis.
Data Governance Establish overall policies and procedures for data management including data storage, collection,
integrity, process, quality, manipulation, security, publish, and retire.
Unstructured Data Leverage Big Data technologies to process both structured and unstructured data (e.g., case comments,
Integration service notes, assessment details etc.) into the analytics environment for additional data analysis.
Additional Automation Automate the ETL testing and data quality validation process to speed up test case implementation and
in ETL improve data integrity.
Maximize parallelism Maximize the ETL and database parallel execution and partition options for data-intensive ETL processes
and partitioning to reduce response time.
Figure 22. Potential opportunities to enhance the current Data Warehouse Environment.

32
 RFP Response Form
Information Technology Support and Professional Services

Operations and Maintenance

3. Describe your ability to perform ETL functions for scheduled refresh from source systems, including
maintaining a history and audit trail of all changes to data. (20 points)
We understand the importance of keeping the Data Warehouse and analytics solutions up-to-date with current,
accurate data from the respective source systems for timely reporting. Deloitte has supported DHS and numerous
other HHS agencies to achieve this goal and has provided support to maintain audit trail information of data
changes by leveraging our proven, mature data management processes and solutions.
Our ability to support ETL for DHS
Through our analytics operations capabilities and DHS Did You
experience, Deloitte is best positioned to effectively perform Know?
your ETL functions. As part of supporting DHS, Deloitte is
currently loading millions of records into hundreds of staging,
dimension, and fact tables each month. Through these ETL On a monthly basis, Deloitte executes and
processes disconnected raw data are cleansed, transformed, monitors more than 750 ETL processes that
and unified to populate the Data Warehouse and other perform thousands of individual operations
analytics assets. to efficiently load data from over 30 source
Deloitte has continuously maintained and enhanced the systems into the DHS Analytics
analytics environment and associated ETL processes for the environment.
last 17 years to meet DHS’ maturing needs. The below graphic
and table (Figure 23 and 24) provide a summary of the Data
Warehouse and overall DHS analytics environment.
We have a detailed understanding of
the complexities and
interdependencies of the Data
Warehouse, Analytics Cluster Data
Layers, Data Marts, Dashboards, and
relevant Reports, as well as their
relationships to the source systems.
For example, we understand:
• How to accurately update the
Data Warehouse to account for a
source extract file that was
provided after the monthly load
process was completed
• How to process an extract
provided by a source with
historical data fixes to be applied
to the Data Warehouse
• When an ETL process, if
interrupted, can be safely rerun
versus when data must first be
deleted or altered in staging
tables (potentially in multiple
analytics solutions) prior to
rerunning the process.
Additionally, we know what
downstream processes must also
be rerun
• Which ETL processes can be
safely run during business hours
because they don’t impact system
performance or data that DARE
analysts may be accessing versus
what processes must be executed
and monitored overnight
• How to utilize our accelerators
and reusable ETL components to
Figure 23. DHS Analytics Environment Overview.
efficiently integrate new source
systems into the Data Warehouse

33
 RFP Response Form
Information Technology Support and Professional Services

This significant experience and understanding allows Deloitte to provide DHS with a stable environment with high
quality data.
Data Warehouse Metric Metrics Count
Number of DW Active Source Systems 24

Years of Historical Data 17

Number of Staging Tables More than 450

Number of Warehouse Tables More than 180

Number of Unique Clients 1.5 million

Number of Monthly Duplicated Client “Snapshot” records 243 million total records
2 million records loaded per month
Number of Monthly Unduplicated Client “Snapshot” records 116 million total records
1 million records loaded per month
Number of Service Records 54 million total records
270,000 records loaded per month
Figure 24. Data Warehouse Profile.

Our ability to maintain a history and audit trail of changes to data

As part of supporting DHS, Deloitte is currently maintaining a
history of data changes within the Data Warehouse environment
through the use of “slowly changing” dimension techniques as
well as maintaining snapshots of data in Fact tables. This design
allows DHS to review data changes that have occurred within
the client population over time and provides the ability to
analyze this data as needed. In addition to the current
implementation, Deloitte recommends a Data Audit Framework
solution (Figure 25) to standardize the process of maintaining
the history and audit trail of changes to data in the Data
Warehouse environment. The following are the key activities
that will benefit DHS:
• Maintain the implementation log information as part of
metadata management including data source additions,
data fixes, and other enhancements that have been
implemented in the Analytics environment.
• Create a common data model across the service program
areas to capture and store audit trail information of the
batch jobs, manual processes, and other routines that
could update key dimensions and facts.
• Define a historical retention policy and purging strategy for
major objects in the DHS data warehouse in adherence Figure 25. Data Audit Framework.
with compliance and regulatory requirements.
• Augment the existing facts and dimensions to add metadata attributes that capture audit trail information.

4. Describe your plan for performing regular quality assurance checks and conducting ongoing impact
analysis, as well as continuously monitoring existing processes to prevent and address anomalies,
aberrations and inconsistencies. (20 points)
We understand the importance of quality assurance checks on data to maintain the integrity and accuracy of the
DHS analytics environment. A process should be defined to continuously monitor data after any solution is
implemented or an ETL process is completed to prevent and address anomalies, aberrations, and inconsistencies.
This involves defining the data quality rules, data quality dashboards, designating a team of individuals who will
review the results of data quality reports, and a process for taking remedial action.
ETL Quality Assurance and Monitoring at DHS Today
Deloitte monitors the daily, weekly, monthly, yearly, and other ad hoc load processes related to the Data
Warehouse, Analytics Cluster Data Layers, and the various Data Marts. The team is alerted to any failures through
the ad tempus batch scheduling tool or through the IBM DataStage ETL or Oracle PL/SQL process itself. The team
works diligently to research and resolve issues. This may require implementing fixes to ETL code or working with

34
 RFP Response Form
Information Technology Support and Professional Services

the source owner to resolve data quality issues, invalid extract files, access to data structures, etc. After the code,
data, or other fix has been implemented the process is then rerun and validated. Any related downstream
processes (e.g., Tableau extracts) are also rerun. The team keeps the appropriate DHS stakeholders informed
throughout this process.
To identify any data quality anomalies within the Data Warehouse, Deloitte conducts a series of validations after
the monthly load is complete. Client and service aggregate counts are compared on a month-to-month basis.
Differences above a certain threshold are flagged as an “alert”. Alerts are researched, potentially working with the
source owner, to determine if the alert is actually an issue that needs to be rectified or if it is a natural change in
the source data. If an alert is confirmed as a data quality issue, it is then resolved. The solution may be a simple
tweak to a job or it could be more involved, such as in the case of requiring the historical restatement of monthly
snapshot data. As part of this process, validations are also run for prior known data quality issues and corrected if
necessary. The alerts, alert resolutions, and other validations are documented in a Monthly Data Warehouse Load
Report that is published to DHS.
Our approach and plan for performing additional quality assurance checks and monitoring
Deloitte will work with DHS to define a robust data quality process to improve the quality of data and thereby the
decision making. This process incorporates a comprehensive approach to data cleansing and broader data quality
management. This approach is based on our proven Data Quality Framework that assesses the data risks and
health, analyzes and provides insights into the root causes, and provides appropriate remediation to enhance data
standardization activities.
The framework customized for DHS takes into consideration the requisite tasks and deliverables required to meet
the overall objectives, including aligning to and promoting data migration requirements and standards and
structures that aid in consistent reporting at an organization level. The high level process flow for implementing the
quality assurance checks and monitoring along with the key steps have been illustrated in Figure 26.
The following are the key steps for implementing data quality assurance and monitoring process:
• Perform Data Profiling and Discovery process to identify data anomalies and outliers
• Design and develop quality rules to perform checks and balances between source and target warehouse
system
• Design and develop data quality monitoring plan (including reports and dashboards) to define personnel and
the frequency in which the reports will be reviewed
• Define the process for taking remediation action in case of anomalies and data quality issues
Conducting ongoing impact analysis
Deloitte has
implemented a
robust process to
identify and
remediate technical
and functional
source application
changes that
impact the Data
Warehouse,
Analytics Cluster
Data Layers, Data
Marts, Dashboards,
and Reports. This is
a streamlined
process which is
taken care of
internally within the Figure 26. Process for the Data quality assurance and monitoring.
Deloitte team, as
Deloitte also performs the majority of DHS’ application development. Any required changes in any of the data
assets are typically addressed at the same time the application change is implemented. For example, if a source is
undergoing data structure changes that would impact the load process of the related data layer, this process is
typically updated at the same time as a maintenance and operations activity. A monthly report of the application
changes and IDM impact/remediation is produced and shared with DHS.

35
 RFP Response Form
Information Technology Support and Professional Services

V. Operations, System Maintenance and Support Functions (60 points) Your response to this section
must not exceed 6 pages
1. Infrastructure (40 points)
Describe your plan for performing all of the following functions:
• Ongoing evaluation of infrastructure to ensure that infrastructure aligns with business practices;
recommendations for optimization and support for implementation of recommendations where
appropriate
• Ongoing network planning and support; hardware and software infrastructure support,
including troubleshooting, analysis and resolution of outages, congestion and other problems
• Database administration including creating backup procedures, managing integrity, logging and
managing recovery procedures
• Maintenance and support for existing applications, application transitions, and Data Warehouse
Ongoing operations, system maintenance, and support for
an enterprise, business critical DHS IT environment must
focus on maintaining system stability, maximizing reliability Focused
and minimizing downtime, while allowing DHS to reduce on Your Future
system support efforts over time. Achieving this takes more
than a vendor who understands how to provide Maintenance
and Operations (M&O) and infrastructure services; it takes a Our approach, differentiated by our unique
vendor who also has the breadth and depth of knowledge of blend of infrastructure expertise between DHS
your critical business functions and your specific
and Public and Commercial agencies in the US
infrastructure environment.
and globally, allows DHS to:
Our approach to operations, system maintenance and
• Reduce overall application support effort over
support leverages the rigor and discipline of our Enterprise
the life of the project
Value Delivery (EVD) for Maintenance and Operations
(M&O) methodology and combines it with our expertise in • Incorporate ITIL-based maintenance and
developing, maintaining and supporting the operations of operations best practices
the DHS systems and infrastructure as well as similar • Achieve more transparency and flexibility in
systems/infrastructure throughout the country. We build responding to business-critical issues
upon the effective IT maintenance and operations processes
• Leverage industry-leading tools and
that DHS has already established while also leveraging
industry-standard mechanisms and processes that Deloitte technologies to keep your infrastructure
has developed and proven across our successful large stable and current with latest technology
application development and M&O projects. • Make the best value decisions specific to the
We bring new ideas, best practices, and proven approaches DHS environment and needs
to enhance the existing methodology within DHS. Our
overall approach to this area has been and will continue to
be governed by Deloitte’s EVD for M&O methodology which provides industry leading processes that consistently
deliver value on our M&O
engagements. Our EVD for
M&O approach for DHS is
further enhanced by several
industry leading methods and
tools, as shown in Figure 27.
Along with our proven
Figure 27. Deloitte pulls the best of breed from various industry best practice methodology, we bring to
methodologies and tailor approaches for DHS’ unique environment. DHS a team and a Deloitte
technology practice with an
unparalleled combination of expertise in
Operations, Maintenance and Support in Human
Services agencies nationwide, as well as DHS
specifically. Our people know your core
infrastructure, application landscape, and
processes, are certified on your core tools and

36
 RFP Response Form
Information Technology Support and Professional Services

technologies and are

experienced with
DHS and the human
services program
areas. Furthermore,
we bring to you
infrastructure
support staff not
only dedicated to
DHS but also staff
who support multiple
other State and
Local Government
agencies. This
combination of
methodology and
expertise has
allowed us to
successfully support
your mission critical
technology
infrastructure which
is relied upon by
nearly 10,000
production
application users
within DHS, other
County departments
and provider
agencies to deliver
critical services to Figure 28. Deloitte Demonstrates Our Capability to Deliver RFP Tasks.
County residents.
At the same time, we are committed to continue supporting you to stay on the cutting edge of technology
innovation while maximizing your operational efficiency and stability. Below is our plan for doing just that in each
of the areas you’ve requested.
Ongoing Infrastructure Evaluation and Implementation
We understand and acknowledge the importance of ongoing evaluation of infrastructure, and the need to
continually look for opportunities to optimize assets, in order to minimize costs and take advantage of the latest
technology and industry best practices. In these trying economic times, HHS agencies across the nation are looking
for opportunities to rationalize their IT spends, reduce waste and focus on what’s truly essential. We will work side
by side with the DHS infrastructure team and executive leadership to evaluate the infrastructure on an ongoing
basis to ensure alignment with business needs, make recommendations for optimization and provide support for
implementation. Below is our current approach to this task, along with recent examples, and approach
enhancements for the future.
Area Current Approach Looking to the Future
Annual / As we plan each Statement of Work, we evaluate DHS’ In addition to this ongoing planning and evaluation
Ongoing current infrastructure and bring to you infrastructure process, we propose a quarterly “Technology
Infrastructure enhancement mandates and opportunities, based on latest Trends” workshop. This would be an additional
Planning technology trends, technology product support timelines, ongoing opportunity for DHS to be aware of
and your current and future business needs. We work with relevant new technology trends, using best
DHS to prioritize and plan the enhancements for the year practices from private and public sector projects
and then revisit and reprioritize the plan throughout the across the world. The workshop can be focused
year in order to optimize the infrastructure components around any relevant topic of interest to DHS or it
and ensure business needs are supported. We also can be a general trends overview.
periodically make DHS aware of any opportunities to use
Commonwealth assets to meet your business needs. This
approach provides for the infrastructure to consistently
meet the business needs, while making sure DHS realizes
maximum return on investment.

37
 RFP Response Form
Information Technology Support and Professional Services

Area Current Approach Looking to the Future

Capacity We work with DHS to perform capacity planning at the As an enhancer to the capacity planning process,
Planning beginning of the year and then on a quarterly basis, as well we are proposing our innovative OpInsights tool as
as prior to go live of large initiatives and enhancements. an additional value add for DHS. This tool will
We help DHS plan for capacity not just for Deloitte projects allow DHS to be more proactive and aware of your
but also other projects throughout DHS. This allows DHS to capacity needs and overall infrastructure health,
plan for adequate infrastructure availability to support all therefore increasing efficiency for ongoing
projects. infrastructure maintenance.
Optimization We have been working side by side with DHS to optimize By providing increased automation in testing and
Through the infrastructure on an ongoing basis. One of the ways to build/deployment, we will reduce build and
do that has been through increased automation throughout deployment time, increase test resiliency and
DevOps
the infrastructure processes, which is a key tenet of increase overall infrastructure efficiency. We will
DevOps, and ultimately drives efficiency. A recent further work with DHS to optimize through
workshop conducted with DHS stakeholders assessed emerging technology trends in infrastructure, such
current DevOps maturity levels and identified improvement as leveraging additional cloud services.
opportunities.
Ad-Hoc From time to time, DHS has had critical planning needs Leveraging new tools, such as Google Analytics
Infrastructure which have come up on short notice. We have always been and OpInsights, additional predictive indicators
able to leverage our vast pool of expertise both on the DHS can be identified and monitored, which would
Planning
team and our broader practice to support mission critical assist DHS in identifying infrastructure risks and
Support needs to make the best decisions. resolving them before issues impact end users.
Figure 29. Current Approach and Looking to the Future.
Ongoing Network, Hardware and Software Infrastructure Planning & Support
We understand that DHS is supported by a complex architecture of hardware, software, and network components
which forms the backbone of DHS’ sizable IT footprint. Our team has a deep understanding and appreciation of the
critical business processing, customer usage, system management, and infrastructure administration that is
required to support the day to day operations of DHS staff and its partners.
Deloitte brings the right balance of DHS specific and national experience, expertise, and methods to support in the
areas of network, hardware / software infrastructure, as well as troubleshooting, analysis and outage resolution.
Using our deep, experienced pool of resources in these areas, we support DHS in effectively aligning network
impacts and upgrade needs to DHS initiatives and we have a demonstrated track record of effectively supporting
DHS to analyze and resolve hardware and software issues anytime they occur. Furthermore, we have staffed our
production support team in a way as to be able to support DHS around the clock, with the understanding that
many DHS program areas rely on
DHS IT applications and
infrastructure 24x7. The team has
expertise not just in effective
production issue resolution support
but it also has irreplaceable
expertise in DHS specific production
applications and environment,
which allows them to resolve issues
faster and more effectively. In fact,
many of our production support
staff were involved in the initial
development and configuration of
your production assets (applications
and COTS) and this allows them to
support those assets in production
more effectively, with lower risk to
DHS.
While we understand that issues Figure 30. Example of OpInsights Performance Dashboard.
will inevitably occur in a large, complex IT infrastructure such as DHS, and we have both the expertise and support
staff in place to perform corrective actions, it is also critical to put in proactive measures to identify issues before
they impact production users and we have also done that across the board. For example, we have set up multiple
proactive monitoring mechanisms including service alerts, production application availability monitoring and
multiple other methods. We have consistently looked at ways to improve these methods and we are proposing to
further enhance your proactive monitoring capabilities through Deloitte’s innovative OpInsights tool, which is
currently being used at the Commonwealth of PA and which we include as part of our proposed M&O services for
DHS.

38
 RFP Response Form
Information Technology Support and Professional Services

OpInsights is a comprehensive suite of IT operations monitoring capabilities, tailorable to DHS’ own technical
infrastructure, to deliver a data-driven, analytics-infused platform for Infrastructure, System and Application
operational intelligence. OpInsights will enhance DHS’ ability to monitor your critical infrastructure assets and
identify proactive improvement and optimization measures.
We recognize the value in operational data not only for reviewing historical events but also for predicting and
quickly responding to outages and congestion issues and being able to anticipate future issues. OpInsights features
analytical data modeling that not only provides early warning alerts for outages and congestion but can predict the
probability of future system behavior.
For example, OpInsights can be used to continually monitor an application server and provide alerts if the CPU
usage exceeds a certain threshold. In addition, it can use the rates of data for a given batch job, and the
processing duration of that job to predict the future point at which the allotted batch cycle time is no longer
sufficient for the batch process to run to completion without impacting the online schedule. This type of insight
allows DHS to transition from reacting to system and application events, to proactively addressing them before
they happen.
Database Administration
DHS collects significant amounts of data about its consumers,
DHS DB Stats Metric
providers, services and outcomes; data that is vital for delivering
high quality and targeted services to your clients. Deloitte brings the Databases 86
expertise to administer an optimized, reliable and secure database
Replicated databases 12
environment where this data is housed, which is critical for a
successful operation of DHS business applications and analytics. We Unique schemas 175
bring to DHS the experienced staff and reliable methods and we have Tables 13,998
demonstrated our significant capabilities in this area by setting up
Unique rows 6.3 billion
and maintaining an DHS database environment which was referred to
by an Oracle evaluation team as “possibly the best setup Transactions per minute 300
virtualized environment” examined by the team. Batches 150
Over the past several years, we have created and executed plans to
streamline key database administration tasks such as creating Figure 31. DHS Database Environment.
backup procedures based on the criticality of the system, managing
data integrity by creating strict controls on the data that is stored in the tables, and developing comprehensive
recovery procedures including monitoring, logging, and based on data analysis, storage, data manipulation and
archiving. We have also kept your databases up to date with the latest versions, allowing DHS to take advantage of
latest database features while maintaining and improving application stability. By continuing to introduce a number
of improvements in database operations, like additional automation and putting targeted DevOps best practices
into action, our team is poised to take your database operations to the next level.
We will continue assessing DHS’ database environment across various domains and capabilities, such as seeking
out opportunities to make existing backup procedures more efficient, supporting the existing solution framework to
ensure only applications or approved database administrators have access to update sensitive client data, and
periodically validating recovery procedures. Based upon these assessment findings, further plans will be developed
in coordination with DHS to improve existing database administration processes or to mitigate potential risks.
Application Maintenance and Support
Deloitte’s approach to maintenance and support builds upon the effective IT Maintenance and Operations (M&O)
processes that DHS has already established while also leveraging industry-standard mechanisms and processes
that Deloitte has developed and proven across our successful large M&O projects. These industry best practices
and key principles are encompassed in Deloitte’s Enterprise Value Delivery (EVD) for M&O methodology, which is
our framework for consistently delivering value on M&O engagements. EVD for M&O provides a scalable approach
to deliver M&O engagements that includes a set of step-by-step repeatable tasks using industry-leading tools,
standardized practices, and process insights to provide Deloitte’s clients with effective and efficient support of
business-critical technology assets. Figure 32 describes the 6 domains in EVD for M&O. Guided by this framework,
our approach to maintenance and support is collaborative, repeatable, and customized for DHS based on lessons
learned and best practices derived from public sector projects across the nation.
We understand that application and data warehouse maintenance is critical to enabling DHS and its partners to
serve your most vulnerable citizens. Timely resolution of application problems, through secure SDLC processes,
serves as the foundation of maintenance activity, and is supplemented by performance tuning, monitoring, and the
addition, deletion, or change of data elements within application code or reference tables. Furthermore, we seek to
perform preventative maintenance as much as possible, putting in measures for problems to be identified before
they occur and creating self-service tools and features for end users and/or Service Desk to resolve issues on their
own without IT involvement. In addition, the Deloitte team that would be executing maintenance plans is

39
 RFP Response Form
Information Technology Support and Professional Services

comprised of experienced and skilled resources that have years of experience maintaining DHS’ applications,
infrastructure, and data warehouse.

Figure 32. As a multidisciplinary service organization, we have incorporated our wealth of experience and
knowledge into our EVD for M&O method to address the various components of Operations, Maintenance and
Support
Our approach to transitioning application ownership to DHS is informed by our Knowledge Transfer Plan. This plan
is developed considering the specific needs and objectives of DHS, with the overall goal to enable DHS to
autonomously maintain, support and enhance your own applications. Based upon the assessment of needs, some
artifacts that the Knowledge Transfer Plan might prescribe could be system documentation, code and database
walkthroughs, mentoring, and Lunch & Learn sessions.

2. Planning (20 points)

Describe your plan for performing the following functions:
• Assessment of current data storage needs and recommendation for cloud storage technology
• Scheduling of data feeds/loads to minimize negative impact on Data Warehouse performance
As DHS continues on its path to becoming a fully digitized agency, keeping DHS data storage reliable, cost effective
and secure is a significant challenge and a business-critical priority. Another business critical challenge for DHS is
to optimize Data Warehouse performance, as it is a key asset for the Department to make data driven decisions
and is also relied upon by multiple systems and processes. We have extensive experience in conducting cloud
storage assessments and optimizing data warehouse performance for organizations with similar challenges and we
are poised to support DHS in developing and implementing effective plans to resolve these challenges.
Our approach to managing data storage includes monitoring the ongoing capacity growth rate, monitoring the
growth introduced by new initiatives implemented during system releases, and sharing this information with DHS
stakeholders for the final capacity outcome.

40
 RFP Response Form
Information Technology Support and Professional Services

We realize that in these

pressing times agencies
all over the country are
looking for ways to reduce
costs and increase the
effectiveness of their IT
spend. Adopting a cloud
storage technology is one
such strategy but needs a
careful and measured
approach to fully analyze
the cost benefits and
flexibility of the
technology. Deloitte uses
our proven Product and
Technology Evaluation
Framework to conduct a
data storage assessment
and provide cloud
recommendations. The
graphic to the right Figure 33. Sample of Cloud Assessment Platform Comparison.
shows a sample of the in-
progress cloud storage assessment we’re currently conducting for DHS.
In addition to the assessment, our ongoing approach to planning data storage includes monitoring the ongoing
capacity growth rate, monitoring the growth introduced by new initiatives implemented during system releases,
and sharing this information with DHS stakeholders for the final capacity outcome.

Activities Details
Quarterly Data Storage The DHS infrastructure landscape is monitored and assessed for growth every quarter in areas such as
Growth data storage, server disk space, system and infrastructure logs, and network bandwidth usage
Data Storage Demand As part of our development plan, new functionality introduced with each initiative is assessed to consider
Growth Due to New data storage capacity impacts. Changes in system user base, new data storage requirements, and other
Initiatives similar areas are closely reviewed to address data storage capacity impacts
Communicating the Our team will meet with DHS stakeholders on a regular basis to review Data Storage needs, both
Impact existing as well as projected. We will use our team’s expertise and experience to come up with
reasonable estimates on the Data Storage Capacity that would be required, and work with DHS on
acquiring the required capacity in the most cost effective way possible

Figure 34. Data Storage Planning Activities.

Delivering high levels of overall system availability requires more than reliable facilities, infrastructure, and
applications – it also requires a proactive approach for measuring, reporting on, and improving system
performance. The Deloitte team’s methodology for managing data storage delivers such an approach.
The DHS Data warehouse is a critical asset used by multiple stakeholders to obtain meaningful and authoritative
insight into the clients served and the services provided by DHS and its providers. The Deloitte team is aware of
the negative impact that large data feeds and loads have on Data Warehouse performance. To resolve this issue,
our team works with DHS to implement and constantly improve a plan which prevents negative performance
impact.
This plan includes using Active Data Guard to replicate a fully synchronized environment that would allow users to
run Data Warehouse based utilities in one instance, while the second instance is used for regular data load. Other
options include multiple optimization strategies that can be deployed to improve the performance of the data load
scripts, thereby shortening the duration of any performance impact. In combination with these measures, our team
collaborates with DHS to schedule data loads at a time when anticipated usage of the data warehouse is at its
lowest, which is made possible through our around the clock support model. We also keep open lines of
communication to keep users informed of any demands on data warehouse resources.
We understand that technology is a key component of DHS’ established position as a national Human Services
leader. We expect for DHS to continue digitizing your Agency while implementing additional innovation in self-
service, analytics, mobile, social and other digital technologies, with the goal of more quality, integrated and
efficient human service delivery. We are committed to continue supporting a stable and reliable production
environment in which to operate these technologies, while continuing to increase efficiency and control support
costs.

41
 RFP Response Form
Information Technology Support and Professional Services

VI. IT Procurement Support (20 points) Your response to this section must not exceed 2 pages

1. Describe your ability to assist with market analysis, planning and acquisitions, including systems
research to identify opportunities to meet the requirements of the Enterprise Architecture for the long-
and short-term, while maintaining operational efficiency. (10 points)
IT Procurement is an important function for DHS that drives the
next generation infrastructure to support the delivery of
comprehensive human service capabilities to Allegheny County
Focused
residents. Deep understanding of the infrastructure and on Your Future
software topology at DHS combined with our experience in IT
assessments and procurements, provides you with the ability to
drive successful product implementations and stay ahead of the • Deep understanding of DHS business
market technology trends to support business needs. Deloitte and IT infrastructure so the
collaborates with DHS to develop successful IT strategies assessment and procurements can be
and implement systems that drive human service capabilities appropriately tailored to meet your
in a high performing infrastructure. We leverage our proven specific needs
tools and methods for conducting market analysis, planning
• A team of technology specialists that
and acquisitions. We lead with a team that has a clear
understand market trends and product
understanding of DHS infrastructure landscape and an ability to
capabilities to help develop a continued
leverage our premier relationships with product vendors.
roadmap for DHS
Together we drive comprehensive product lifecycle
management required for maintaining a functional, scalable • Complete understanding of an end-to-
and compliant system. end procurement process from
product assessment to procurement and
Our onsite team is supported by a team of product specialists
finally the instantiation process
from across our firm and through our product alliance partners.
As an example, Deloitte Digital assists in market analysis for all
things digital whether that be user experience, portal design
and development, mobile or cloud solutions. We stay current on
emerging technologies and leading products in the market. Our
team provides the right depth in market analysis and design,
and aids the overall procurement process using our robust
Product and Technology Evaluation Framework which provides
DHS with the ability to analyze market trends, develop
technology roadmaps, drive product vendor relationships, and mature a next generation enterprise architecture.

Deloitte’s Enterprise Architecture (EA) framework provides a starting

point for DHS to assess the current state of its EA initiatives. It
leverages industry leading practices to perform a holistic assessment
Organization Governance
& Skills & Metrics of EA within the organization. DHS receives the following from the EA
tool:
• Leading industry practices from around the globe
Guiding • A standard, objective means to assess the maturity and suggest
Architecture EA Function Principles & appropriate measure to your desired investment
Print Maturity Standards • Alignment with your EA and strategic and tactical business goals
Dimension
• Increased value and reduced operating costs as opportunities are
identified
Architecture Architecture • Low risk, low cost assessment with a tangible deliverable
Process Tools
• A reusable tool and dataset for future evaluations within DHS
Knowledge
Management
ACDHS-038

Figure 35. A framework grounded on

market analysis, planning, system research,
acquisition and next generation Enterprise
Architecture.

42
 RFP Response Form
Information Technology Support and Professional Services

2. Describe your ability to develop criteria and tools to ensure efficient and effective source selection, as
well as developing statements of work, descriptions, task orders and supporting specifications and
standards. (10 points)
A Next Generation infrastructure and system capability must be optimized, high performing, scalable, maintainable
and cost-efficient. We understand that DHS seeks a partner capable of developing evaluation criteria coupled with
evaluation accelerators and tools to drive source selection. To deliver an infrastructure and system environment
that continues to drive high performance applications, it is essential for DHS to maintain a current product stack
that’s not only aligned to the enterprise vision, but is also efficiently procured using established frameworks and
leverages best practices.
Ability to drive a cost effective procurement process
Deloitte brings to DHS a proven process for product selection that helps objectively assess different products in the
market and align them against key criteria driven by DHS business and technology needs. We have already applied
this process at DHS on several occasions, including the Cloud Infrastructure Assessment and Identity Access
Management platform evaluation.

Figure 36. Deloitte’s Product and Technology Evaluation Framework.

We leverage Deloitte’s Product and Technology Evaluation Framework to accelerate and bring structure to your
procurement process. Figure 36 outlines the four phases of the evaluation framework, from evaluating the current
state (Evaluate situation) through product deployment and instantiation (Plan transformation). The activities
include conducting market analysis, planning the process flow in product and vendor selection, systems research to
make sure the product aligns with needs, opportunities for enablement and driving emerging methods to keep DHS
ahead of market curve. The framework brings process and structure to the assessment ending in developed
SOWs/Task Orders and supports creation of specification and standard. It allows us to drive an objective
assessment based on facts and DHS needs and also keeps an eye on the Technology Trends in the market which
are important as products are evaluated and considered by DHS.

Figure 37. A proven Product and Technology Evaluation Framework for cost effective procurement process.

43
 RFP Response Form
Information Technology Support and Professional Services

VII. Security and Privacy (50 points) Your response to this section must not exceed 5 pages

1. Describe your ability to analyze and provide recommendations on the design for IT and systems
security, as well as assist with security remediation efforts; this includes ensuring compliance with
HIPAA security regulations.
Today’s interconnected IT infrastructure exists in an environment that is under increasing threat of unauthorized
access or disclosure of sensitive data and attacks originating
from cyber-criminal groups and hackers. DHS is progressing
towards a future of internet-hosted applications to conduct Focused
government business and continues to grow electronic on Your Future
repositories of valuable citizen data. Hence, it becomes
imperative to integrate security as part of IT system design and
compliance to security regulations such as HIPAA, HITECH, etc
in order to protect DHS’ digital assets. In general, the • Increased value through deep expertise
government sector has experienced a steady increase in the with Federal, State and County security
volume of records exposed, and a number of data breach policies and procedures
incidents over the years due to increasingly sophisticated • Largest pool of certified professionals
methods involving rapidly evolving technologies to target with more than 2,000 CISAs, CISSPs,
government IT assets. Deloitte has the demonstrated and CISMs
capabilities to assist DHS in analysis, recommendation, design,
• Improved efficiency with the breadth,
remediation and reduction of potential security risk exposure
depth, and insight to help DHS become
and compliance with HIPAA security regulations.
secure, vigilant, and resilient
Deloitte Cyber Risk Services is an established practice with over
• Extensive track record of delivering over
25 years of experience and has the largest concentration of
1000 cybersecurity projects in the US
certified security professionals in the US. Our track record in the
just in the past year
security and privacy domain demonstrates our ability to provide
DHS with leading security and privacy recommendations and • Brings leading industry trends through
implementations. Furthermore, Deloitte understands DHS’ strong partnerships with industry forums
specific environment and supports it across a wide spectrum of including NGA and NASCIO
security and privacy services. Our leadership in the
cybersecurity market combined with our technical capabilities and deep DHS experience make us the right choice
to assist you in safeguarding DHS data. Deloitte has the right people, relevant experience and a rigorous technical
approach focused on DHS. Those characteristics are clear differentiators to be your teaming partner in this
important DHS initiative. Qualifications that demonstrate our leadership and ability to deliver this project include:
• The right team and commitment. We bring a strong team of certified security professionals well versed in
state and local government cybersecurity and data protection programs.
• Consistent track record working with DHS. We have successfully executed multiple cyber risk projects for
DHS including developing and executing a HIPAA remediation roadmap, implementing a formal Secure
Software Development Lifecycle (SSDLC), and integrating with the Commonwealth Identity Access
Management (IAM) platform. Our team's knowledge of the DHS environment will help us "hit the ground
running".
• Market-leading Cyber Risk Services practice. Our practice is considered a leader in Security and Risk
Consulting by several leading industry analyst organizations, including Gartner, Kennedy Consulting and
Forrester Research. With the largest pool of certified information security resources, complemented by sector
focused leaders, we are poised to provide high quality professionals tasked with supporting DHS’ cybersecurity
needs.
• Our leadership in public sector cyber security. Deloitte is a leader in providing cybersecurity assessment
and consulting services to the public sector including federal, state, and local agencies for more than 25 years.
In the United States, Deloitte serves 47 of the 50 US states as well as the District of Columbia.
• Knowledge of how government agencies work. We are the only security consulting firm with a dedicated
state and local security practice. Our practice has demonstrated state and local government knowledge
through the publication of the biennial Deloitte National
Association of State Chief Information Officers (NASCIO)
Cybersecurity Study publications - highlighting the
challenges states and localities face and approaches for
overcoming them. We also recently collaborated with
the National Institute of Standards and Technology
(NIST) to develop their new Framework for Improving
Critical Infrastructure Cybersecurity.

44
 RFP Response Form
Information Technology Support and Professional Services

Analyze and provide recommendations on the design for information technology and
systems security
Deloitte brings its Cyber Risk framework which encompasses a four part process of Analysis and Evaluate, Design
and Architect, Remediate and Implement, and Sustain to analyze and provide recommendations on the design for
information technology and system security. Using our framework, we bring to DHS our demonstrated, robust
methodologies and accelerators to provide recommendations on the design of information technology and system
security. In addition, we bring experienced and knowledgeable specialists in each of these areas to help DHS
accomplish its wide range of security needs. Our approach for effective security is to make it transparent to the end
user. At the same time, we understand the importance of integrating and implementing a broad security
framework into the system development life cycle in support of DHS’ business application solutions. Our security
design approach incorporates DHS security and privacy standards, Commonwealth of Pennsylvania security and
privacy ITBs, and Security requirements from Federal/State regulations, such as HIPAA, IRS 1075, and SSA. Our
approach is to infuse secure design principles throughout the application development cycle to proactively identify
and mitigate potential threats.

Figure 38. Deloitte’s Cyber Risk Framework.

We “build in” security from the early stages of the application development lifecycle rather than retrofit security
capabilities in downstream software development processes. We define and catalog Personally Identifiable
Information (PII) and Personal Health Information (PHI), map the flow of sensitive data and design appropriate
technical security controls to prevent inadvertent exposure of DHS’ PII and PHI. Figure 39 illustrates a sample list
of activities to analyze and recommend design of DHS applications and IT systems.

Deloitte’s Activities Meet DHS Future Analyze and Recommend Needs Benefits for DHS
• Analyze security objectives, regulatory requirements and goals for the critical DHS application • Enhances efficient design
components. process by proactively
• Analyze use cases, critical components, user roles to access them, trust boundaries for identifying security threats
information domain and related use case scenarios. early in the SDLC process
• Analyze potential vulnerabilities that may impact the DHS applications. for “built in” security.
• Analyze threats related to recognized vulnerabilities based on damage potential, ability to • Simplifies and introduces a
reproduce the attack, ability to exploit affected user(s), and ability to discover the vulnerability. business centric approach
• Recommend application security controls based on DHS standards and applicable Federal/State to access management.
regulations. • Provides a secure solution
• Collaborate with the application stakeholders to analyze and recommend user roles and page that meets the applicable
level permission levels. Federal, State, and DHS
legal/regulatory security
• Recommend Identity and Access Management controls including authentication, authorization,
requirements.
and user management.
• Analyze applicable DHS standards and Federal/State regulatory requirements including HIPAA.

Figure 39. Key Security Design Threads and Activities.

45
 RFP Response Form
Information Technology Support and Professional Services

Assist with security remediation efforts, including Health Insurance Portability and
Accountability Act (HIPAA) security.
Deloitte has substantial knowledge and experience in
assisting our clients with addressing applicable
federal and state regulations including HIPAA privacy
and security requirements from both a business and
technical standpoint. We bring to DHS our extensive
experience in providing security remediation
assistance including integration of security testing as
part of application software development life cycle.
Deloitte brings broad experience in using
vulnerability scanning techniques with application
security assessments. In fact, in the past year,
Deloitte has performed application security
assessments for more than 18 public sector clients
that included security controls and regulatory
compliance assessments. Additionally, Deloitte has a
team of cybersecurity professionals that not only
specialize in performing these complex scans but
also bring in-depth experience with application
dynamic and secure code analysis, false positive
analysis, contextual interpretation of findings,
identifying recommendations to address
vulnerabilities and working with the developers to
remediate the applications to address the findings
and revalidate them to check the resolution. The
following table illustrates additional sample activities
to assist DHS with security remediation efforts
including HIPAA security: Figure 40. Deloitte’s approach to security and interface
security testing.

Deloitte’s Activities Meet DHS Remediation Future Needs Benefits for DHS
• Assisting with security remediation efforts to enhance policies, standards, • Enhances design compliance with applicable
and procedures security compliance including HIPAA.
• Remediate by developing and delivering HIPAA privacy and security • Provides periodic reports and alerts to track
training content violations to Federal and State legal/regulatory
• Assisting in selecting and implementing technical and procedural solutions requirements.
to address applicable federal and state regulations including HIPAA privacy • Enhances security by preventing users from
and security requirements unauthorized access to citizen information.
• Remediate by enhancing incident response procedures and implementation • Provides centralized management of user roles
of monitoring technologies and user permissions.
• Design and Remediate application audit logs including application-level fine • Provides a secure solution that meets the
grained access control logs to record user access to sensitive PII. applicable Federal, State, and DHS
• Remediate by integrating the COPA IAM Access Controls into the DHS legal/regulatory security requirements.
Application Security Integration Architecture.

Figure 41. Sample activities to remediate security efforts.

Implement Identity and Access Management Integration
The DHS systems and IT resources contain sensitive PII and PHI data which is accessed by DHS employees,
contractors, providers, and clients (constituents or citizens). It is essential to have strong Identity and Access
Management (IAM) processes and systems to govern the access in accordance with HIPAA and other applicable
security requirements. DHS benefits from Deloitte’s experience to implement Identity and Access Management
(IAM) integration with the Commonwealth of Pennsylvania (CoPA) IAM solution. As the original architect and
implementer of the CoPA IAM solution, we bring hands-on knowledge coupled with our deep understanding of IAM
processes, Commercial of The Shelf (COTS) technologies, industry demonstrated methodology, tools and
accelerators to achieve the desired objectives of integration with the CoPA IAM. Recently we have integrated the
DHS Client View application with the CoPA IAM solution to provide DHS clients direct access to view their service
history. To meet DHS future needs, we propose to integrate Business Partner IAM, Access Recertification,
Privileged User Management and Services security with the DHS Information Technology environment. The
following diagram illustrates a conceptual integration design of the DHS environment with the CoPA IAM solution:

46
 RFP Response Form
Information Technology Support and Professional Services

Figure 42. Identity and Access Management Architecture.

2. Describe your ability to support DHS in protecting communications to ensure their integrity,
availability and confidentiality.
Deloitte understands that protecting communications to ensure confidentiality, integrity and availability of DHS
data is required for DHS to meet regulatory compliance requirements and for information protection. Our approach
is to integrate applicable security requirements into a centralized and rationalized program to help DHS minimize
the risk of data loss while also driving the necessary compliance activities. We build upon our expertise with
applicable Federal, State, and County regulatory policies, standards, and guidelines combined with extensive
experience providing security and privacy services to DHS and other Public Sector agencies.
The approach focuses on data protection controls including data at rest, data in motion, data in use and data
redaction, limiting data collected to that which is required, PII Inventory and control, web service security, field
level security and message security to name a few. The following table illustrates a sample list of activities to
support DHS in protecting communications to ensure confidentiality, integrity and availability of DHS data.

Deloitte’s Activities Meet DHS Future Needs Benefits for DHS

• Design and implement data protection controls to secure: • Prevent unauthorized access to data
− Data at Rest using database encryption, Database user roles and configure by encryption of sensitive database
native user activity monitoring and logging. fields.
− Data in Motion using at the minimum, 128-bit key encryption through HTTPS • Helps reduce attacks on
with TLSv1/SSLv3 technology and IPsec communication channels.
− Data in Use using coarse grained and fine grained access controls, user role • Helps prevent malicious users from
management and segregation of duties and user activity monitoring to log user retrieving PII data from browser
access to sensitive data cache through masking techniques
on web pages and documents.
− Data redaction (data de-identification) to restrict replication of production
data in lower environments (during production refresh) • Helps protect data through use of
data scrambling techniques in lower
− Data destruction to secure the data no longer needed including archiving, data
environments.
purging and media sanitization
• Prevents sensitive data from being
disclosed

47
 RFP Response Form
Information Technology Support and Professional Services

Deloitte’s Activities Meet DHS Future Needs Benefits for DHS

• Perform data handling analysis to limit the collection and identify the flow of PII • Enhances efficiency of design by
through the proposed business processes. identifying and addressing data
• Create a PII inventory to categorize and catalog PII privacy risks early in the DHS
• Design and develop suitable technical and process controls to safeguard PII data. application development process.
• Assist DHS to identify, evaluate and select suitable data privacy tools such as Data • Provides data flow mapping that
Leakage Prevention and Information Rights Management solutions to secure citizen represents the flow of PII across the
information. data life cycle – collection, storage,
use, sharing and destruction.
• Enable web service authentication, authorization, monitoring and audit services
• Helps design privacy technical and
along with functionality for XML validation, conversion and threat scanning.
processing early in DHS application
• Implement message confidentiality using SSL, authentication & authorization development process.
using COPA IAM solution, field-level security, data validation and message security.
• Enhances security of communication
• Develop and update policies, standards, guidelines, procedures and training and data exchanges between county
materials covering protection of communication channels such as email, fax, paper, and state systems.
scanners and multi-function devices.

Figure 43. Deloitte supports DHS in protecting communications.

By using the above approach, Deloitte can help protect and secure the communications and data not just within
DHS but also with other county and state agencies, third party providers and partners and DHS clients.
DHS benefits from Deloitte’s experience to accomplish the security of DHS IT infrastructure and applications. Our
hands-on knowledge coupled with deep industry experience across various County, State and Federal government
agencies qualifies us to bring leading practices and emerging trends to provide security, regulatory compliance, and
process efficiencies while reducing the overall security risk of DHS.

48