Skip Maine state header navigation

Agencies | Online Services | Help

Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

 

Application Hosting-Customization Policy

 

I. Statement

As OIT continues to explore all available options for application hosting and customization, there exist different requirements for meeting policy and tool specifications. 

 

II. Purpose

This is to document which policies are appropriate for which application hosting and application customization scenario.

III. Applicability

A. This policy applies to the Executive Branch.

 

IV. Responsibilities

A. Associate CIO, Applications: Analyzing the application landscape and judging the suitability of hosting option.

 

B. Associate CIO, Infrastructure: Present OIT hosting capability and fit for any particular application.

 

V. Directives

The directives may best be explained by the following matrix of Application Hosting-Customization options:

 

 

 

 

Application Customization

 
COTS

 

Application provisioning policies do not apply

(see C below)

 

Only deployment[1] [2], remote hosting[3], environments[4], and security[5]-related policies apply

(see D below)

 

 

 

OIT CUSTOM

 

All policies apply

(see A below)

 

Infrastructure provisioning policies do not apply

(see B below)

 

Application Hosting

 
OIT-HOSTED

OTHER-HOSTED

 

                                                                       

 

A. Custom Applications hosted by OIT – All State of Maine policies, toolset requirements, and standards apply.

 

B. Custom Applications hosted by a provider other than OIT – All Application policies apply.  Infrastructure provisioning (how the infrastructure is equipped and maintained) policies do not apply.

C. COTS Applications hosted by OIT – The specifics of the Application provisioning (how the application is built and distributed) may not apply but the general Software Deployment Certification requirements must be met (for example: Accessibility and Security Testing is required but the language the application is written in is not specified as long as it runs on the infrastructure hosted by OIT).

 

D. COTS Applications hosted by a provider other than OIT – Deployment Certifications are required for Applications and Infrastructure.  Remote Hosting requirements must be met.  The Environments, Accessibility[6] and security-related policies must be enforced regardless of the application provider or hosting provider.  This allows a variety of languages and platforms to be used. 

E. OIT-insourcing of an Other-Hosted application must be preceded by migration to OIT-compliant technology. 

F. OIT-Housing is a special case of Other-Hosting where OIT provides rack, power, & connectivity, whereas another party provides equipment and maintenance.  The backup, if provided by OIT, is separately paid for.

G. Regardless of OIT-hosted or other-hosted, OIT built or COTS, Security and Administrative Access requirements must be met. 

H. Interfaces and integration are the responsibility of OIT in partnership with the vendors. 

VI. Definitions

COTS: Commercial Off-The-Shelf application.

 

VII. References

OIT COTS Policy[7]

Remote Hosting Policy[8]

Hosting Location Policy[9]

Application Deployment Certification Policy[10]

Infrastructure Deployment Certification Policy[11]

Application Environments Policy[12].

 

VIII. Document Information

Adoption Date: July 31, 2013

Effective Date: July 31, 2013

Next Review Date: July 31, 2015

Point of Contact:  Paul Sandlin, Associate CIO for Applications, Office of Information Technology, 207-624-9427.

Approved By: James Smith, Chief Information Officer, Office of Information Technology, 207-624-7568.

Position Title(s) or Agency Responsible for Enforcement:  Greg McNeal, Chief Technology Officer, Office of Information Technology, 207-624-7568.

 

Legal Citation:  5 M.R.S.A. Chapter 163 Section 1973 paragraphs (1)B and (1)D, which read in part, “The Chief Information Officer shall:” “Set policies and standards for the implementation and use of information and telecommunications technologies…” and “Identify and implement information technology best business practices and project management.”

 

Waiver Process: See the Waiver Policy[13].

 



[1] http://maine.gov/oit/policies/Application-Deployment-Certification.htm

[2] http://maine.gov/oit/policies/Infrastructure-Deployment-Certification.htm

[3] http://www.maine.gov/oit/policies/Remote-Hosting-Policy.htm

[4] Application Environments Policy

[5] http://www.maine.gov/oit/policies/SecurityPolicy.htm

[6] http://www.maine.gov/oit/policies/ADAeffectivecommunicationpolicy.htm

[7] http://www.maine.gov/oit/policies/cots.htm

[8] http://www.maine.gov/oit/policies/Remote-Hosting-Policy.htm

[9] http://www.maine.gov/oit/policies/Hosting-Location-Policy.htm

[10]  http://maine.gov/oit/policies/Application-Deployment-Certification.htm

[11] http://maine.gov/oit/policies/Infrastructure-Deployment-Certification.htm

[12] Application Environments Policy

[13] http://maine.gov/oit/policies/waiver.htm