This March, the Department of FISCal (FI$Cal) hosted the first in an ongoing series of monthly vendor days. These events are an opportunity for FI$Cal leadership to learn about trends, best practices and solutions in information technology (IT) through dedicated days of presentations to FI$Cal staff by different vendors. Vendor day also gives FI$Cal the opportunity to develop vendor relationships, learn about new technology, and improve productivity.
By streamlining the process of gathering information though vendor days, FI$Cal is able to increase its capacity to provide continuous improvement within the FI$Cal system, while minimizing the impact of meeting with multiple vendors throughout the year. “This approach will optimize both vendor’s and FI$Cal’s valuable time,” said FI$Cal Chief Information Officer, Toquyen Collier, “it will cultivate a higher level of collaboration.”
The first vendor day was held virtually on March 23, with the topics of Governance, Risk and Compliance (GRC). Governance refers to ensuring that IT activities are aligned in a way that support the organization’s business goals; risk includes having a comprehensive IT risk management process that rolls into an organization’s enterprise risk management function; and compliance ensures that IT systems and the data contained in those systems, are used and secured properly.
Eight companies presented their ideas to FI$Cal leadership and partner staff, where they provided solutions, from technology tools to frameworks, that would allow the department to enhance its GRC capacity. The FI$Cal team provided a list of parameters for a required GRC solution, so vendors could focus on their needs. Some of the requirements included:
- The ability of the solution to categorize assets, systems and data according to federally recognized rating systems.
- Integrated risk assessment, vulnerability response, security incident response, and audit compliance.
- Policy, standards and procedure management and tracking, aligned with existing policy.
- The ability to assign security-related findings from start to finish for remediation and progress reporting.
Setting out expectations from the onset allowed for both vendors and the FI$Cal team to focus on only the most important information, saving time for all involved. The vendors came prepared to share and explain how their products and services would benefit FI$Cal in particular, ensuring that conversation was focused and productive.
“There is a saying that ‘a rising tide lifts all boats,” Collier said, “by setting out expectations early on, we’re able to identify solutions and vendors that can go above and beyond just an implementation of yet another piece of technology.”
The next vendor day will be held virtually on April 27, on the subject of software testing tools. Registration closes on April 18. To learn more and register to present at a future event, visit https://vendorday.fiscal.ca.gov.