Anticipated projects, but charters not yet received:
AD architecture migration - will fund a consultant (security)
May pause to support prioritization of other security work
5 Onbase projects, 2 RMP focused
EVC Collective Impact - implement mechanism to track event attendance w/ one card
Would be a budget ask for next FY; software and physical devices that are used to scan the onecards; reintegrate back into SAH
Upgrades
Definitions for when an upgrade is maintenance/operations vs enhancement; being applied differently by different service owners (if >1k hours or otherwise risky/significant, chartered as an official project)
If upgrade is not optional (pushed from vendor), vulnerability patch or other security patch → maintenance
If upgrade is a choice, we can pick when we do it → discretionary
Find patterns, where is it working well, upgrades are happening consistently, no security issues
Why? SO manages a certain way or the vendor does it a certain way?