Vendor Technology Oversight - Applications

Executive Sponsor

The Agency Partner representative that has accountability for the strategic direction and budget of the program within the Agency that the application supports

Product Owner

The Agency Partner representative with the authority to determine the business objectives of an application and the priority of the product features that are developed.

Product Manager

The OIT representative who works with the Agency Partner and vendor to ensure that the technology provided adheres to OIT standards and policies.

Subject Matter Expert

The Agency Partner representative, whose responsibilities include articulating the business rules and can speak to the functionality required of the application being developed and maintained.

Data Steward

The agency designee who determines the access rules and security requirements of the data contained in the application. 

Technology Vendor

An entity contracted with the State of Maine that creates, sells, or supports technology solutions that help businesses or individuals operate more effectively. These products or services could include Hardware, Software, Cloud Services, IT Services, Cybersecurity or any other service that leverages technology to deliver services to a State Agency.

Software / Application

A computer program, either specifically created or configured, to assist State of Maine users to perform a useful business function. 

Least Privilege

An information security concept which maintains that a user or entity should only have access to the specific data, resources and applications needed to complete a required task.

Device / Hardware

Any piece of equipment that uses scientific knowledge or electronic components to perform a task or solve a problem. Examples include but are not limited to: smartphones, computers, tablets and e‑readers, smartwatches, routers and modems, cameras, kiosks, drones, smart home devices (like smart thermostats or speakers)

Office of State Procurement Services

A branch of the Bureau of General Services tasked with ensuring that state departments and agencies purchase goods and services in a manner that ensures the greatest possible economy while maintaining quality. The division oversees the competitive bidding process for contracts and grants, ensuring that awards are made based on cost, quality and timeliness of delivery. 

Support Model

A collection of documented methods and resources used by the Application Owners to provide and manage end-to-end service and product delivery following deployment.

• Architectural review of technology included in the procurement.
• Security vetting of the proposed technology.
• Technology requirements for RFP
• Final approval on any technology
• Participant on the RFP scoring panel
• Answer technical questions in Q&A
• Contract review and Technical Policies
• Systems Analysis of requirements

• RFP coordination
• RFP writing
• RFP scoring
• Answer non-technical questions in Q&A
• Draft Contract for Review

• All documentation required to perform architectural and security reviews.
• Submit Bids
• Ask Questions

• Oversee Procurement process
• Provide Guidelines for Contract Construction

• Feasibility analysis: Assessing technical and financial viability of proposed applications.
• Budget Development: creating application budgets for projects and operations.
• Technology Roadmap communication
• Technology planning
• Documenting appropriate application details in the enterprise application repository
• Supervision of technical staff
• Systems Analysis of requirements

• Articulate and Define business processes and business rules to analysts developing requirements.
• Review and sign off on requirement documents to ensure planned functionality meets business needs.
• Prioritize agency needs for technology services by participating in backlog reviews
• Articulate and advocate for appropriate budget for technology needs by participating in and budget development.
• Articulate future technology for planning purposes
• Strategic Plan

• Requirements development: Understanding business needs and translating / documenting them into technical specifications.
• Backlog grooming: Supervision of their technical staff

• Oversee / consult on technical development.
• Provide deployment oversight
• Vetting architecture and toolsets
• Systems Analysis of requirements

• Provide branding graphics and graphic design requirements
• Collaborate with design team on interface requirements
• Provide user acceptance testing on user interfaces
• Review prototypes for suitability to business processes

• User Interface /User Experience design: Creating user-friendly and visually appealing interfaces.
• Architecture design: Defining the structure and technology stack.
• Prototyping: Building interactive mockups to validate design concepts.
• Branding alignment: Ensuring the app reflects the organization’s identity.
• Frontend development: Building the user interface (e.g., using React, Angular, Vue).
• Backend development: Creating server-side logic, APIs, and databases (e.g., Node.js, .NET, Java, Python).
• Mobile development: Native (iOS/Android) or cross-platform (Flutter, React Native).
• Cloud-native development: Leveraging cloud platforms like AWS, Azure, or GCP.

Follow the Data Exchange Policy

• API development & integration: Connecting with third-party services or internal systems. MSB
• Middleware services: Facilitating communication between different applications.
• Data integration: Syncing with databases, data lakes, or enterprise systems in consultation with Enterprise Data Systems (EDS)
• Monitoring and logging of data transfers

Follow the Data Exchange Policy

• Ensure all data exchanges have a signed Memorandum of Agreement (MoA) amongst the Authorized Custodians of the transacted data.

Follow the Data Exchange Policy

• API development & integration: Connecting with third-party services or internal systems. MSB
• Middleware services: Facilitating communication between different applications.
• Data integration: Syncing with databases, data lakes, or enterprise systems in consultation with Enterprise Data Systems (EDS)
• Monitoring and logging of data transfers

• Oversight and agency support for their vendor technology management

• Prioritize agency needs for technology services and issue resolution
• Articulate business needs for availability of production systems
• Assist with the scheduling of system outages for maintenance
• Ensure funds are available to maintain the currency of their application.
• User support: Helpdesk or in-app support services.

• Bug fixes and updates: Ongoing improvements and patching.
• Performance monitoring: Ensuring uptime and responsiveness.
• User support: Helpdesk or in-app support services.
• Issue resolution / escalation

• Ensure security testing is complete and vetted.
• Follow waiver policies.

• Articulate the sensitivity of data and any compliance requirements for the system.
• Articulate access rules for users of the system and data.

• Authentication & authorization: Implementing secure login systems (OAuth, SSO).
• Data encryption: At rest and in transit.
• Compliance: GDPR, HIPAA, SOC 2, etc.
• Follow waiver policies and remediate waivers in a timely fashion.

• Analysis of existing data for purposes of data migration.
• Vet data migration plans for technical viability

• Define business rules for data.
• Review data quality outputs
• Determine acceptable levels of error in data
• Correct any invalid data in source systems.
• Determine scope of data being migrated

• Develop processes for businesses to analyze the quality of data during modernization projects.
• Report on data quality during migrations.
• Develop and execute data migration plan.

• Follow the guidelines of the Chief Data Officer

• Follow the guidelines of the Chief Data Officer
• Establish and document data sharing and access rules

• Follow the guidelines of the Chief Data Officer

• Bring proposed new technology to Enterprise Architecture for vetting.
• Ensure vendor provided technology meets OIT standards for security and reliability.

• Consult with MaineIT on available tools.

• Provide detailed architectural plans and diagrams that can be used for architectural vetting.
• Integrate with MaineIT if hosted in Maine’s environment.

• Participate and Ensure Change Management Policy and Application Deployment Certification Policy are followed
• Determine required tests for Deployment Certification and review results

Follow Change Management Policy and
Application Deployment Certification Policy

• Participate in the Product Owner role as defined in policy
• Perform User Acceptance Testing prior to deployment.
• Regression Test

Follow Change Management Policy and
Application Deployment Certification Policy 
Run the following tests as deemed appropriate by the application director and the CIO.

• Accessibility Test
• Data Conversion and Migration Test
• Interfaces Test
• Security Test
• Performance Test
• Restoration Test
• Regression Test
• End-to End Test

• Assist in the development of a business case with the PMO.
• Engage with the PMO in identifying potential projects.
• Provide & Manage resources to projects to conduct previously outlined services
• Provide a State of Maine project manager if required.
• Provide portfolio management services.

• Engage with the PMO in the execution of projects.
• Supply subject matter expertise.
• Supply user acceptance testing

• Provide a project manager for implementation projects

Follow principles of Least Privilege

• Read data in the database

Follow principles of Least Privilege

• Create objects in the database
• Read data in the database
• Update data in the database
• Delete data in the database