Citizen Portal
Sign In

Arkansas Department of Information Systems outlines modernization, cybersecurity and data projects

2226284 · January 29, 2025

Loading...

AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

DIS officials briefed the joint committee on completed data center modernization, a statewide ServiceNow rollout, K‑12 network upgrades, a Cyber Center of Excellence, a virtual CISO program, advanced endpoint protection, the Arkansas Data Hub, LAUNCH/CIVI Form citizen services and an AI Center of Excellence.

Jay Harton, acting director and chief operating officer of the Arkansas Department of Information Systems (DIS), told the Joint Advanced Communications and Information Technology committee that DIS has completed key data‑center modernization work, is beginning a statewide ServiceNow rollout for incident and change management, and is proceeding with K‑12 and agency network upgrades.

The department outlined a three‑part modernization push: shared technology services (an internal “private cloud” spread across two state data centers and a disaster recovery site), a phased network refresh that raises K‑12 guidance from 1 Mbps per student to 3 Mbps, and a planned statewide help‑desk and change management system using ServiceNow.

Why it matters: The initiatives aim to consolidate duplicated agency IT efforts, reduce costs through enterprise procurement, and improve cybersecurity posture and service delivery across executive‑branch agencies.

Harton described completed work to stand up shared technology services using CARES Act funding and a disaster recovery site at the Department of Public Safety’s troop headquarters in Lowell. He said DIS maintains connectivity to public cloud providers (AWS, Azure, Google Cloud) and encourages modernization and “right‑sizing” before migrating workloads to commercial clouds.

Fred Grigg, chief enterprise architect, and other DIS staff answered technical questions during the briefing. Harton said the department is staging the ServiceNow rollout as a pilot and intends to use it as a centralized incident, request, and change management platform for executive branch departments.

Gary Vance, chief cyber officer, described cybersecurity initiatives including the Cyber Center of Excellence, a mandatory annual cybersecurity awareness program with phishing emphasis, a virtual chief information security officer (vCISO) program to provide departmental cybersecurity coordination, and a 24x7x365 advanced endpoint monitoring capability. “My focus is to ensure that we are protecting Arkansas State resources and Arkansas citizen data,” Vance told the committee.

Vance said DIS currently triages roughly 20 to 50 meaningful threat events per week — identity threats, attempted ransomware, malware and credential compromises — and that the state has matured its endpoint protections and monitoring to detect and respond to those events more quickly. He acknowledged that enterprise‑level penetration testing and formal red‑team exercises are priorities to establish going forward.

Heather Sacco, chief administrator of the Arkansas Data Office (part of DIS), described data initiatives driven by legislation: Act 936 of 2019 (Statewide Longitudinal Data System) and Act 634 of 2023 (statewide data hub). Sacco said the Data Hub functions as a systems integrator and includes an enterprise data catalog and data quality tools. She outlined citizen‑facing platforms built on the hub: LAUNCH (a workforce marketplace for jobseekers and employers) and CIVI Form, a referral and intake tool that can reuse user-entered data across applications to reduce repeat form‑filling.

Sacco said the AI Center of Excellence, established by the governor, is developing guidelines, pilot projects and a September report of recommendations on secure, ethical, and effective AI deployment in Arkansas.

Committee members asked whether DIS performs mandatory cybersecurity reviews for new projects. Harton and Vance said the vCISO model and voluntary departmental coordination exist today, but there is not yet an enterprise, mandatory cyber sign‑off for all projects; enterprise governance and a central cybersecurity office are among the Arkansas Forward recommendations DIS plans to implement. Harton said IT governance will review projects to reduce duplicative systems and prioritize high‑value work.

Representative Richardson asked about the ServiceNow rollout and current change‑management practice; DIS staff said departments handle their own change processes today and DIS publishes internal change calls and inter‑agency change meetings. Harton said a centralized ServiceNow instance is being rolled out starting with a pilot and will eventually be available across the executive branch.

Representative Mayberry expressed interest in CIVI Form and asked about including aging and developmental‑disability services on the platform; Sacco said the platform was developed with in‑kind support from the Google Foundation, is hosted in the state data center, has been piloted with workforce programs, and will be brought to additional programs such as WIC and DHS offerings.

Ending: Committee members thanked DIS staff for the briefing and noted ongoing oversight and potential legislation on AI and cybersecurity; DIS officials said they will continue work on governance, ServiceNow rollout, cybersecurity hardening and data‑hub deployments.