Federal Deposit Insurance Corporation

________________________________________________________________

Information
Technology
Strategic Plan

2008 - 2013

________________________________________________________________
CIO Council
Version 2.8 January 23, 2008
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

Table of Contents

Message from the Chief Information Officer 3

I. Introduction 4

II. Mission, Vision, Strategic Direction 5

III. FDIC Environment 7

IV. Information Technology Resources 7

V. Gap Analysis of Technical Support for Major Initiatives 10

VI. Technical Solutions for Evolving Employee Needs 12

VII. Five-Year Technology Roadmap 14

2
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

Message from the Chief Information Officer

We are in a challenging environment, dealing with all the changes in

technology, the financial industry, and the workplace. The expectations of
what information technology (IT) can do to benefit the Federal Deposit
Insurance Corporation (FDIC) and its customers continue to grow. We've
been working hard to provide day-to-day IT services, while keeping our eye
on where the Corporation is headed strategically, and also transforming the IT
organization to meet future requirements.

The FDIC IT Strategic Plan continues to serve as a valuable planning tool and
an effective communications vehicle. It integrates the business and IT visions
and has been an important instrument in facilitating the dialogue between the IT community and
the business leaders across the Corporation.

The importance of planning, in this fast-paced environment, has never been more critical. The
Chief Information Officer (CIO) Council, comprised of business executives, defines the IT strategy
for the Corporation. The technical and business segments have worked closely to identify the
impact of external drivers, clarify the business needs, and ultimately determine how IT can best
help in achieving the business goals.

Through the CIO Council, we determined that IT can best support business operations by
focusing on a simplified architecture, fiscal discipline, and vigilant security and privacy programs.
The target architecture will be implemented in a three- to five-year time frame with cost savings
gained by focusing on a more streamlined environment with fewer applications and platforms.
After much research and an assessment of the current architecture, the FDIC has chosen a
service-oriented approach for transitioning outdated legacy applications and for application
development.

While the target architecture offers cost efficiencies for the computing environment, additional
fiscally responsible action can be adopted to reduce the cost of IT. We feel that, by establishing
cost baselines and measurements, reviewing service level agreements, and leveraging existing
cost management systems, we can implement a disciplined approach that will yield future cost
savings.

The final component of the IT strategy is the FDIC’s commitment to security and privacy
initiatives. The FDIC is keenly aware of its responsibility to secure sensitive data and ensure the
integrity of corporate information. The FDIC will not only focus on the Government Accountability
Office (GAO), Office of Management and Budget (OMB), and National Institute of Standards and
Technology (NIST) guidance, it will also take additional precautions, such as automating controls,
expanding monitoring capabilities, and assessing risk in a continuous cycle. The Corporation has
increased the staff devoted to the IT security and privacy areas who will address any future
requirements of federal security mandates and needs of the FDIC.

Much work has been done, but much still remains. I am pleased to present the FDIC IT Strategic
Plan, 2008 – 2013. I look forward to your support in carrying out this plan, which will help assure
the Corporation's continued success.

Michael E. Bartell
Chief Information Officer and
Director, Division of Information Technology

3
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

I. Introduction

IT Governance

The Federal Deposit Insurance Corporation (FDIC) Chief Information Officer (CIO) Council
advises the CIO on all aspects of adoption and use of information technology (IT) at the FDIC.
The CIO Council members are senior executives representing the FDIC’s divisions and offices.
Because accomplishing the Corporation’s strategic goals and business objectives depends on
achieving successful results from IT initiatives, the CIO Council functions as a leadership forum
and is part of a governance structure for discussing and resolving IT issues across organizational
boundaries. The CIO Council is responsible for setting the strategic direction for IT and, in concert
with the Corporation’s Capital Investment Review Committee (CIRC), reviews and recommends
IT investments to be made by the Corporation.

The Council is working to improve corporate practices related to the development, modernization,
and allocation of FDIC’s information resources. The Council will be drawing on industry and
government best practices and guidance to assist them in meeting their chartered responsibilities.

Purpose

The purpose of the IT Strategic Plan (“Plan”) is to integrate each division’s IT needs with
corporate strategy and to comply with legislative mandates. By reviewing the FDIC mission and
vision and then aligning the Plan with the short-term and long-term divisional goals, the
foundation for the Plan was established. Each CIO Council member provided input into the goals
through his or her division’s IT initiatives, strategic plan or roadmap. This Plan reflects the
integration of ideas and needs for a comprehensive corporate view of how to manage the IT
resources.

This Plan’s development is also in response to the legislative mandate in the Paperwork
Reduction Act of 1995, which specifies that agencies shall “develop and maintain a strategic
information resources management plan that shall describe how information resources
management activities help accomplish agencies’ missions.” Numerous other existing Federal
laws and regulations prescribe, influence, and guide the development and execution of IT policy,
programs, and projects. In addition, new guidance is being prepared and implemented to further
mandate the need for better and more common IT architectures across the Federal government
to support better decision-making, increase security and reduce risk, and to provide more
effective information exchange. Taken together, these laws, regulations and guidelines work to
improve enterprise strategic planning, enhance IT acquisition practices, measure IT performance,
report results, integrate new technology, and improve overall IT management.

Organization of the Plan

Section II of the Plan begins by outlining the FDIC’s and the IT division’s mission and vision.
Then the Corporate strategic goals and the IT strategic imperatives are listed. The mission,
vision and goals provide the foundation for the IT strategic plan, while the IT strategic imperatives
guide the development of the objectives and the selection of projects.

Sections III and IV summarize the current view of the banking industry as well as the current
FDIC IT environment. With the assessment of the current environment, work load assumptions
are developed for each line of business - supervision, insurance and resolutions. Then the IT
Resources section shows the IT spending, internal systems environment, and staffing trends from
2004 through 2008.

4
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

The analysis in Section V shows where the gaps exist between the anticipated business needs
and the current IT capabilities. Sections VI and VII show the IT plan for meeting the employee
and business needs for the next five years. The Technical Solutions section presents the
technology needs from the employees’ perspective, while the Technology Roadmap shows the
projected time frame for implementing the technology.

II. Mission, Vision, Strategic Direction

Technology has become the foundation for achieving many business goals, especially those
goals addressing efficiency and effectiveness in an industry where timely and accurate
communication and data are paramount for supervising institutions and monitoring risks. To
ensure that IT is positioned to meet the needs of the business, a direct line-of-sight between IT
and the business must be monitored and periodically recalibrated. The comparison between the
Corporate and IT mission, vision and goals are shown below.

Mission and Vision

FDIC Corporate Mission
The Federal Deposit Insurance Corporation
(FDIC), an independent agency created by the
Congress, contributes to stability and public
confidence in the nation’s financial system by
insuring deposits, examining and supervising
financial institutions, and managing
receiverships.
FDIC IT Mission
To exceed our customer’s expectations by
providing innovative, timely, reliable, and
secure information technology services to
FDIC. Provide business value through
understanding, knowledge, communication,
agility and a strong customer focus, and
enhance the FDIC’s role of protecting deposits
and improving the safety and soundness of our
nation’s banking system.

FDIC Corporate Vision FDIC IT Vision

The FDIC is a leader in developing and
implementing sound public policies, identifying
and addressing new and existing risks in the
nation’s financial system, and effectively and
efficiently carrying out its insurance,
supervisory, and receivership management
responsibilities.
To be a strategic and capable business
partner. We help shape corporate strategy
though a keen understanding of the business
goals and strategies. We partner with our key
business lines and contribute to the strategies
and goals of the Corporation by leveraging
technology to achieve clear business results.

Strategic Goals and Imperatives

The following Corporate Strategic Goals and IT Strategic Imperatives describe the drivers that
determine IT activities throughout the year. These goals and imperatives rarely change from year
to year and represent the fundamental drivers for determining appropriate projects and activities.

Corporate Strategic Goals

ƒ Insured depositors are protected from loss without recourse to taxpayer funding.
ƒ FDIC-supervised institutions are safe and sound.
ƒ Consumers’ rights are protected and FDIC-supervised institutions invest in their
communities.
ƒ Recovery to creditors of receiverships is achieved.

5
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

IT Strategic Imperatives
ƒ Customer Service – responds to customer needs in a timely and effective manner
and maintains effective communication.
ƒ Alignment and Agility – sets priorities based on business drivers and adapts to
changing needs.
ƒ Financial Stewardship – demonstrates how IT spending contributes to business
value, estimates costs accurately, and provides resources efficiently and effectively.
ƒ Predictability – accurately projects costs, schedule and scope.
ƒ Workforce Excellence – recognizes and rewards exceptional employee
performance, communicates effectively, and develops skills to meet changing
business needs.
ƒ Innovation and Entrepreneurship – encourages risk taking for strategic partnering
and leverages technology for solving business problems.

Corporate Strategic Direction – Communication and Preparedness

Since the Corporation’s four strategic goals listed above are legislatively mandated, the goals of
what we do generally do not change from year to year; however, how we achieve those goals
does change according to the economic, financial, and regulatory environment. Accordingly, the
FDIC will focus its resources, in the near-term, on communication and preparedness. The
communication effort will target all employees as well as external stakeholders, since both are
critical to fulfill its mission. In turn, the information shared between internal and external
stakeholders will prepare the FDIC to effectively deal with emerging risks, supervisory changes,
consumer issues, and resolutions of any size.

The general activities to support the strategic direction of communication and preparedness for
2008 are listed below. These activities can also be found in the FDIC’s Annual Performance
Plan, which is available at www.fdic.gov.

• Completing the implementation of the Deposit Insurance Reform Act signed into law in
early 2006.
• Developing further the Basel II and Basel IA capital frameworks to ensure that they do
not result in substantial reductions of capital or competitive inequities within the banking
industry.
• Maintaining the safety and soundness of the banking system through effective oversight
in its roles as primary and backup federal supervisor, deposit insurer, and receiver for
insured depository institutions, while continuously improving its capabilities to respond to
changing economic conditions and growing concentration in the industry.
• Continuing to protect our national security by ensuring institutional compliance with the
Bank Secrecy Act and anti-money laundering regulations as well as counter-financing of
terrorism requirements.
• Continuing to expand the FDIC’s leadership role on consumer protection issues,
including new efforts to promote economic inclusion.

FDIC Planning Process

The mission, vision and goals described above are the underpinnings for the development of the
Corporate, division and office five-year strategic plans, annual objectives and corresponding
performance measures. Chart 1 below shows the relationships between the various entities
within the Corporation and how they drive the development of the IT Strategic Plan. The Plan
integrates the division and office objectives to develop a corporate-view of the technology needs.

Once the strategic direction is established, IT development projects are chosen annually based
on meeting a strategic objective. FDIC executives comprise governing boards for capital projects
and other IT projects. The criteria for choosing the projects are based on factors that include
business benefit, risk mitigation, cost analysis, and technical feasibility.

6
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

Chart 1 - Planning Process

Corporate Divisions & Offices Information

Technology

FDIC Mission, Vision, IT Mission, Vision,

Values Imperatives

FDIC Strategic Plan

2008-2013

IT Strategic Plan
2008-2013

Corporate
Annual Performance
Performance Division/Office
Plan
Objectives Objectives
(external publication)
(internal publication)

III. FDIC Environment

The banking business model has become more complex, giving rise to financial instruments such
as collateralized debt obligations (CDOs) and structured investment vehicles (SIVs) to manage
risk. These instruments have created greater dependencies between the domestic and
international financial markets. Financial institutions must, therefore, strike a balance between
regulatory, legislative and banker concerns while appropriately managing risk. Basel IA and
Basel II shows the diligence and thought that the international and U.S. regulators put forth to
strike a balance between market and regulatory concerns. The more complex environment also
affect other bank-related issues including mortgage loan bailouts, small-dollar lending, overdraft
fees, and Bank Secrecy Act and Anti-Money Laundering (BSA/AML) monitoring.

While bank transactions are becoming more complex, the number of FDIC-insured institutions
has declined by 7 percent since 2002. As consolidation continued, total assets increased 42
percent since 2002. 1 The FDIC, as insurer, must monitor potential risks to the Deposit Insurance
Fund (DIF), and work with other regulatory agencies if an institution should fail. In addition to its
receivership responsibilities, the timely and accurate sharing of information between the
regulators will be crucial for fulfilling its mission of insurance, supervision, and consumer
protection responsibilities.

IV. Information Technology Resources

Spending
The cost of the IT operations has remained relatively stable since 2006, with slight fluctuations in
the client allocation and capital investment spending. (See Chart 2.) Although the operations
budget has had a year-over-year increase for 2007 and 2008 of only about 2 percent, the
operations costs, or steady state, accounted for about 69 percent of the total IT budget in 2007.
In order to understand the costs and gain efficiencies, an in-depth study of steady-state costs and
staffing was conducted in 2007. Further analysis and recommendations are slated for 2008.
Since the FDIC is committed to decreasing IT costs, efforts to simplify the IT infrastructure,

1
Federal Deposit Insurance Corporation. Third quarter 2007. Quarterly Banking Profile.

7
 Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

decrease the number of application systems, and streamline processes are underway, which
should decrease operating costs over time.

Staffing
The workforce planning study conducted by the FDIC’s Human Resources Branch in 2007
indicated that almost 90 percent of the IT workforce is over 40 years old. By 2011, 80 percent of
the IT executive managers will be eligible to retire, while 40 percent are projected to retire. Of the
corporate managers, 62 percent are eligible to retire, while 50 percent are projected to retire. 2

The study also found that competition in hiring and retaining highly skilled staff will continue to
increase as the growth of computer technology occupations outpaces other occupations through
2014. The FDIC’s target architecture will also increase the competition for certain IT skills, such
as object-oriented programming in Java, operating and troubleshooting UNIX platforms,
managing Oracle databases, developing and managing service-oriented architecture (SOA)
services, and developing the appropriate security infrastructure. The FDIC plans to obtain these
desired skill sets through training, outsourcing, and new hires. IT will partner with the training and
human resources departments to ensure a capable workforce.

Chart 2

IT Spending Distribution, 2004 - 2008

$250.0

$216.0 $213.6 +8.2%

$197.3 +5.1%
$187.7 +4.9% $15.5 +37.2%
$200.0 $178.9 -17.2%
Capital $11.3 +20.0%
$61.2 $9.4 -20.4%
Investment
$11.8 -80.7%
$57.3
$49.1
$43.5
Millions of Dollars

+16.7%
$150.0 $47.8 +13.0%
Client % year-over- -9.0%
Allocation +11.9% year change
$42.7

$100.0

$134.8 $136.9 $140.8

IT
$112.1 $119.3
$50.0 Operations +1.5% +2.8%
+13.1%
+6.4%

$0.0
$-
12/31/04 12/31/05 12/31/06 12/31/07 12/31/08*

Actuals / Budget* 2004 2005 2006 2007 2008*

Capital Investment $ 61.2 28.3% $ 11.8 6.6% $ 9.4 5.0% $ 11.3 5.7% $ 15.5 7.3%

Client Allocation** $ 42.7 19.8% $ 47.8 26.7% $ 43.5 23.2% $ 49.1 24.9% $ 57.3 26.8%
IT Operations $ 112.1 51.9% $ 119.3 66.7% $ 134.8 71.8% $ 136.9 69.4% $ 140.8 65.9%

Total IT $ 216.0 100% $ 178.9 100% $ 187.7 100% $ 197.3 100% $ 213.6 100%
IT Environment 2004 2005 2006 2007
Number of Application
Systems (excl. COTS**) 342 280 270 216
Data Storage (terabytes) Not avail. 3.6 17 18.9
*Budget; **COTS-commercial off-the-shelf software
Sources: FDIC Annual Report, FDIC Summary Statistics, EA Repository

2
Federal Deposit Insurance Corporation. August 2007. Human Capital Planning Discussion.

8
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

Self-Funding IT Paradigm
As cost savings are realized from a simplified IT environment and more efficient processes, the
savings will be reinvested for IT improvements or accrue to the Corporation. This self-funding
model is shown below.

Chart 3 – Self-Funding Model for Future IT Development

The Self-Funding Ideal

c Invest in “Breakthrough”
Strategic Projects
Multi-year
Strategic Initiatives
f Use efficiency-
d Realize Business driven cost-savings
Productivity Gains to subsidize next-
Business-Led generation projects
Discretionary Projects

e Streamline IT
Operations

Core Infrastructure and Applications

Source: CIO Executive Board

9
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

V. Gap Analysis of Technical Support for Major Initiatives

The following gap analysis shows current IT capabilities and the target capability for each
business initiative. The following initiatives support the FDIC strategic direction to improve
communication and preparedness as described in Section II. These major initiatives are also
discussed in the FDIC Annual Report, annual objectives, or the Chairman’s Letter to
Stakeholders.

The levels in the table below differentiate the technical capability that may be required to support
the initiative. Level 1 is generally a manual process; whereas, level 4 represents the use of state-
of-the-art in technology, which may not be necessary for the FDIC’s business line at this time.

Table 1 – Gap Analysis between Major Initiatives and Current IT Capability

Major Initiative Level 1 Level 2 Level 3 Level 4

Minimal Moderate Advanced Highly Advanced
Sophistication Sophistication Sophistication Sophistication

Able to mitigate No secure access to Secure access to Real-time access to

Anti-Money risks but confidential confidential enforcement and
Laundering identification and information from information shared regulatory data to monitor
(AML) /Bank monitoring of enforcement by enforcement risks. Ability to identify
Secrecy Act activity is manual. agencies. agencies. suspicious activity
An effective but not An effective and between financial
(BSA) timely process timely process that institutions.
identifying and is used for
monitoring mitigating AML/BSA
AML/BSA risks and risks and also
transactions. provides the ability
to identify possible

√
transactions related
to AML activities.

Manually gather Electronically share Securely access Securely collaborate with

Basel IA & II information on the information in a non- and share data with other regulators on issues
financial institutions secure manner with other regulators in concerning Basel 1A
opting for Basel IA other regulators on the United States. institutions. Integrate data
or Basel II Basel institutions. and analyze information on

√
compliance. potential risks that span
both Basel 1A and Basel II
institutions in the United
States and abroad.

Identify target An effective but not Timely automated Access to geospatial data
Economic groups and develop timely process used reports with and real-time monitoring of
Inclusion materials and to identify effective display targeted group information.
guidelines. opportunities options for different Collaborative capabilities
through outreach user groups. with other regulators,
and other data legislators, and industry
analysis efforts and interest groups.
for delivering
materials and
guidelines on a
case-by-case basis.

√
Legend

Current Business Capability Target Business Capability √ Current IT Capability

10
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

Major Initiative Level 1 Level 2 Level 3 Level 4

Minimal Moderate Advanced Highly Advanced
Sophistication Sophistication Sophistication Sophistication

Tracking ILC ILC information is Executives are able Real-time holding

Industrial Loan applications and maintained by point to track ILC activity company and ILC market
Companies changes in of contact who through real-time information are fed into
(ILCs) management plans manually inputs the monitoring. day-to-day business
is a manual process information. The processes, such as policy
and creates some database can be analysis, risk monitoring
lag time in securely accessed and application approval.
communication through the Web. Secure online
between the collaboration occurs

√
regional, between all FDIC offices,
headquarter, and ILC, and the holding
executive offices. company. Board members
Manual access to have a real-time
holding company dashboard that shows
information. changes in ILC activity.
Reporting is paper-
based.

Maintain static Access and send Share information Create a community of

International information pages secure documents, through secure users where collaboration
Initiatives – on a Web site. such as policy portals. and communication occurs
International proposals and sub- worldwide regardless of
Association of committee time zones. Access to
documents. real-time data and
Deposit streaming information.
Insurers
√
Able to close small- Can process a large Able to process Able to process millions of
Large Bank to medium-sized number of insurance insurance insurance determinations
Failure financial institutions. determinations and determinations and and claims in a weekend.
claims, but will take claims for most of FDIC's dependence on
several weeks. the top 100 largest other Federal Agencies for
institutions, and will supporting large bank

√
be able to scale up failure is clearly
for the largest documented and
institutions. Policy repeatable with cross-
issues related to agency procedures and
systemic risk relationships. Real time
promote efficiencies monitoring of market data.
between regulators,
the Department of
Treasury and the
Federal Reserve.

Legend

Current Business Capability Target Business Capability √ Current IT Capability

Source: FDIC Annual Report, project proposals
(Gap analysis framework was developed by AT Kearney.)

11
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

VI. Technical Solutions for Evolving Employee Needs

While the gap analysis above describes how technology should evolve to support business
initiatives, the FDIC employees’ needs are also changing. Through executive year-end reviews
and project proposals, employee needs were identified and aligned with the Corporate strategy to
improve communication and preparedness. Table 2 outlines the current employee needs and lists
the changes to the enterprise architecture that should address those needs.

The majority of the architectural solutions will be implemented by year-end 2009, although the
data migration will continue through 2012.

Table 2 – Architectural Changes to Address Employee Needs

Employee Technical Architectural Expected

Needs Limitation Change Completion

Examiners need to Currently UNIX Access to the servers will December 2008
share information servers are being be increased and other
between regional accessed by the data sets will be
offices, field offices regional and field migrated.
and with other offices to help with
regulators. data analysis and The interagency exam
reporting, and with the repository (IER) project
large institution data will improve the ability to
sharing. share information
between the regulators.
Examiners need Currently limited Roll out capabilities to all December 2009
mobile capabilities. access to high-speed examiners and provide
Internet and sharing 24-hour access. All new
of wireless laptops are wireless
capabilities. enabled.

A .NET platform will be

an option that may be
used for examiner-related
applications.

A mobile pattern, a
standard template used
for writing the program
code, will be used for
faster deployment of
mobile applications.
Examiners need to Currently many paper- Upgrading the current June 2009
conduct e-exams. based processes. document management
system and installing
scanner/copiers in the
field and regional offices.
Examiners and Currently the Upgrading the corporate December 2009
accountants need applications running financial system and
access to online exam on the mainframe are migrating to a strategic
tools and the timing out. mid-tier relational
corporate financial database management
system, respectively, system (RDBMS) for
in a reliable manner. better performance.

12
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

Financial analysts, Currently too much of Creating standards, December 2009

economists & the analysts’ time is processes and services
examiners need to spent manipulating to manipulate large data
analyze large the data instead of sets. Migrating data to a
datasets and create analysis. strategic mid-tier
reports. RDBMS.
Data is siloed and
may cause
differences in results.
Need an enterprise
view of the data.

Financial analysts, Currently limited Install geospatial data Planning -

economists & access to geospatial capabilities for access to December 2008
examiners need to capabilities. all analysts.
create geospatial
(mapping) data for
analysis.
Financial analysts, Currently market data Subscribe to or create ongoing
economists, is batched overnight services to access market
examiners and and rendered through data in real time.
resolution Web pages or
specialists need purchased through
access to real time servicers.
market data.
Executives need Currently portal Provide portal capability 2008/2009
real-time information capability not and create dashboards depending on
for more informed available. for executives. client need
decision-making.
Resolution Currently access to Migrating data to a Role-based
specialists need open bank data is strategic mid-tier access control –
access to open-bank limited. Permissions RDBMS. Preparing the December 2009
information. to shared folders are foundation for role-based
granted on a per- access to sensitive data. Data migration
name basis. through 2012

13
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

VII. Five-Year Technology Roadmap

The technology roadmap outlines the major initiatives for standardizing the IT environment and
increasing IT’s efficiency and effectiveness over the next five years. The initiatives were
determined by various sources including business-side IT roadmaps, executive management
planning meetings, client planning sessions, and client year-end reviews. The three major
initiatives identified are enterprise architecture, security and privacy programs, and fiscal
discipline.

The enterprise architecture initiative will focus on simplifying the environment to ensure stable
and economical performance for mission-critical applications. Simplifying the environment to
decrease costs will include activities, such as decreasing the number of application systems and
migrating applications off the mainframe. Efficiencies will also be gained by expanding
capabilities for manipulating large data sets and storing traditional paper-based files
electronically. The SOA service center will manage code (or services) for all development teams
to discover and use, which will save time and costs in application development, testing and
deployment.

The Corporation will continue to enhance IT security and privacy programs to address new and
evolving risks by improving controls over sensitive data. In some cases, technology, such as
scanning outgoing e-mail for sensitive information and encrypting removable storage devices, can
mitigate potential risks. The other cornerstone of mitigating risk is educating employees of
emerging security and privacy issues.

Lastly, in order to continue sound fiscal discipline and responsibility, the Corporation will establish
IT baselines and metrics, study steady-state costs, manage service level agreements, and more
judiciously choose new development projects. These three areas – enterprise architecture,
security and privacy programs, and fiscal discipline – are shown below with the estimated time
frames.

14
Federal Deposit Insurance Corporation Information Technology Strategic Plan
_________________________________________________________________________________________________

Chart 4

Five-Year Technology Roadmap

2008 2009 2010 2011 2012

Expand capabilities for

large data sets
Expand the corporate-wide use of electronic document storage
Enterprise Migrate off the mainframe
Architecture
Analyze business processes

Establish SOA service center

Expand use of technology to ensure privacy, security and data integrity

Security &
Privacy
Continue security & privacy education

Establish cost metrics, baselines, and targets

Fiscal Use cost management systems to identify

Discipline possible reductions in steady-state costs

Manage service level agreements

Conclusion
The IT strategy outlined in this Plan should provide the underpinnings for an effective and efficient
IT response to business goals and objectives. The IT division, with the guidance of the CIO
Council, will focus on the enterprise architecture, security and privacy programs, and fiscal
discipline over the next five years.

Progress will be monitored by the CIO Council throughout the year with annual updates to the
Plan. The objectives, milestones, and metrics will be calibrated as needed to respond to changes
in the regulatory, legislative, and operational environment.

15