CIO-CISO Strategic Alignment Creates Organizational Stability

Virginia Department of Behavioral Health and Developmental Services

The Virginia Department of Behavioral Health and Developmental Services (DBHDS) oversees behavioral health systems for 12 state-operated facilities, 40 community service boards and 800 private providers with 24/7 operations. These systems provide timely and consistent access to recovery and wellness services for Virginia citizens with mental illness, developmental disabilities or substance-use disorders. The 6,000 DBHDS employees rely on efficient, effective information technology to meet vital clinical needs, and provide financial resources, policy direction, automation, risk management and oversight for the entire system. With 24/7 system support required at all facilities, the Office of Technology and Office of Information Security aligned during COVID-19 for a partnership to infuse a security mindset and culture in the organization, while maintaining consistent operations in the process.

Mission-critical priority

With both the CIO and CISO new to the organization in 2020, the first priority was to solve the issues causing weekly network outages across multiple healthcare facilities impacting uptime rates for patient care and delivery of services. The central IT infrastructure, Virginia Information Technology Agency (VITA), in the state was identified as a priority partner that is critical for providing 24/7 patient care. VITA was underutilized before 2020 and was essential for the authentication process for the enterprise electronic health record (EHR) rollout. The CIO and CISO recognized the importance of partnering with VITA, and through multiple meetings, agreed on a prioritization list to establish a good partnership going forward. Over the following months, DBHDS completed application review/reduction and equipment evaluations, updated network communication and conducted workshops to solidify a positive working relationship with VITA.

Understanding the responsibility and level of effort required to digitally transform DBHDS, the strategic partnership between IT and security included:

  • Restructuring IT positions and responsibilites

  • Establishing work profiles to improve productivity

  • Introducing ticketing system with integrated metrics

  • A full-view project management system

  • Implementing IT investment board across the department

  • Effective communication to executive staff with security as an enabler

We are attached at the hip. Anytime I walk into a room they ask me: ‘Where is Robert?’” Glendon Schmitz | CISO

How Gartner helped

Vendor procurement process optimization:

  • Develop frameworks for CIO and CISO to be viewed as enablers for procurement process, not blockers

  • Establish a secure culture with CIO and CISO; review for all IT procurement must be reviewed and approved by CIO and CISO

  • Alignment through multiple departments with security and IT representative assigned on every procurement meeting 

  • Faster implementation of projects with security built along the way

  • Lowered risk of security breach

CIO initiatives:

  • Create an IT strategic plan for multiyear prioritization planning

  • Implement IT organization structure across multiple facilities with new team

  • Guidance for standing up data governance and identifying automation processes and tools

CISO initiatives:

  • Engage on Gartner analyst calls to create a Vulnerability Management Program with robust standardized process of remediation of high and medium vulnerabilities

  • Remove production data from the dev and test environments utilizing AI and synthetic datasets

  • Use Gartner research as a foundation to launch a three-year strategic plan that implements cybersecurity champions across the organization

Business impact

With Gartner’s support, DBHDS:

  • Decreased from 2-3 outages/week down to minimal outages, <1%:
    • Implemented duplicate network systems with VITA
    • Updated communication plan across all facilities for scheduled outages

    • Instituted a biweekly IT facility meeting with CIO and CISO teams

  • Completed a business impact analysis process to go from 400+ applications down to 102, resulting in:
    • Reduced audit findings

    • Reduced number of workloads for DBHDS

    • Solidified secure environment

    • Matured team security culture of knowing the responsibilities for each application 

  • Established a highly effective remote workforce culture with proven higher quality outcomes
  • Documented with Gartner a Memorandum of Accountability (MOA) process of IT roles and responsibilities between three main parties: VITA, state facilities and central office

Achieve your mission-critical priorities with Gartner for IT Leaders

Without Gartner and its advisory services, we would not be where we are today.

Robert Hobbelman

CIO, Virginia Department of Behavioral Health and Developmental Services

We’ve based a lot of our strategic direction and decisions on the research and insight that Gartner provides for us.

Glendon Schmitz

CISO, Virginia Department of Behavioral Health and Developmental Services

Related Public Sector Assets

Gartner is a trusted advisor and an objective resource for more than 15,000 enterprises in 100+ countries.

Learn more about how we can help you achieve your mission-critical priorities.