Current ITT Projects

These projects will be updated as the IT Transformation Program progresses. Please check back often to find new information about our in-flight projects.

A diverse group of people working together.

Governance 3.0

Governance is all about how an organization is directed and controlled. Governance helps to guide an organization in all circumstances, regardless of changes to goals, strategies, the work being done, or the management structure.

Updating our IT Governance Guidebook will describe the State of Colorado’s IT Governance structure and the associated operational processes for our customers and our teams. The Guidebook is intended to provide project managers, agency leaders and IT users with a holistic view of IT Governance, how it runs and the roles of key stakeholders within the process.

Improving Customer Messaging in Notifications

More information coming soon!

Security Audit Compliance & Governance Program

In March 2023, The Office of the State Auditor (OSA) began working with a vendor to conduct a financial and compliance audit of all state agencies, including the Governor’s Office of Information Technology, for the fiscal year that ended June 30, 2022.

The audit of the cybersecurity resiliency resulted in 12 areas of findings requiring remediation. The findings are the basis of the Security Audit Compliance and Governance Program.

Governance and Oversight
Security Awareness Training
Asset Management
Contingency Planning
Identification & Authentication
Incident Response
Logging and Monitoring
Physical Controls
Risk Management
Security Planning
User Account Management
Vulnerability & Patch Management

The framework for the Security Audit and Compliance Governance Program will be completed by June 30, 2024.

Vulnerability & Patch Management

OIT is responsible for establishing vulnerability and patch management programs that identify and reduce security risks to public agencies by continuously accessing and tracking vulnerabilities on all OIT-managed IT assets within the IT infrastructure.

Vulnerability and patch management can protect endpoints from cyber threats and attacks. It is a proactive way to protect the organization's devices and data. By preventing data breaches and other security instances, vulnerability management can avoid damage to the State's reputation and bottom line. If you only implement one of these processes, it creates a weakness that cybercriminals can exploit. The benefits of vulnerability management include enhanced security, immediate fixes of vulnerabilities, operational efficiencies, visibility and reporting, automated scanning assessment and prioritization, integrated patch remediation, and insightful reporting. Patch management fixes vulnerabilities on assets susceptible to an attack, helping the organization keep its network secure and prevent cyber attacks.

Workplace Transformation

Presently, remote OIT personnel lack a designated workplace for event and classroom training. This project aims to rectify this by establishing a dedicated workplace destination. It will encompass an event center and classroom training environment, along with provisions for hotel and executive spaces.