CalPERS IT Leaders Discuss Priorities, Vendor Engagement
CalPERS’ Chief Information Security Officer Liana Bailey-Crimmins and Chief Information Officer Christian Farland discussed how it connects with IT vendors and shared top tech priorities during a recent Techwire Member Virtual Briefing.
CalPERS’ Chief Information Security Officer Liana Bailey-Crimmins and Chief Information Officer Christian Farland took attendees through the history of the entity, during Wednesday’s Techwire Member Virtual Briefing with CalPERS 2020. They also helped attendees understand the intricacies of doing business with an agency that has modern IT values but may sometimes appear opaque where procurements are concerned. Among the takeaways:
• The CIO’s No. 1 priority is security, Farland said: protecting member investments and identities at the nation’s largest public pension fund and second largest public employer purchaser of healthcare services after the federal government. This outlook is at the forefront of the CalPERS’ organization and is incorporated into design. During the historic novel coronavirus (COVID-19) pandemic, when speed remains crucial but employees are teleworking and more is happening in the cloud, CalPERS seeks solutions to make that work more effective – but isn’t always looking for a new solution. The agency also looks to rationalize its portfolio, reducing overlapping products and leveraging automation while improving customer service. CalPERS is looking for solutions to help with workflow; let customers do work for themselves; and to leverage APIs for integration rather than building separate systems, Farland said, noting there’s also a growing need for customer relationship management (CRM) and case management.
“What it comes down to is what I call value solutions. It’s about reducing the cost of delivering retirement and health benefits,” the CIO said.
• That No. 1 priority also explains why vendors may not see CalPERS solicitations – because information security items are all attorney client privileged or attorney work products, Bailey-Crimmins explained. Divulging too much may inform threat actors on potential vulnerabilities and on movement from one privileged access management solution to another.
“And so, we don’t publicize out to the world what security projects and efforts we’re working on. We also don’t openly discuss how much money we’re spending on cybersecurity,” she said.
The agency does, however, look to companies on its approved vendor list, who have signed non-disclosure agreements. And depending upon the status of the pandemic, CalPERS is contemplating holding a vendor meeting in late spring or early summer to discuss upcoming security opportunities.
Her budget and the CIO’s budget were approved internally last week, Bailey-Crimmins said – but she said they have been asked to ensure they’re getting the best value for price, and cautioned vendors: “So, when we come and ask for you to sharpen your pencil, please pay attention to that.”
• CalPERS’ IT and security business model focuses strongly on relying on, and growing internal expertise, its CIO said, pointing out that the agency is proud of being a destination employer – but tries to partner with market leaders and industry specialists on innovative solutions. CalPERS divisions also work together closely, he said, recommending vendors bring solutions to CalPERS that will provide the innovation and security they need – and not a “divide and conquer” perspective. Knowledge transfer is key, Farland said, telling listeners the agency intends to play an active role in maintaining products and solutions it purchases.
“Build with us in mind, so that at the end of the project we can be responsible for maintaining the solution. And focus on the people in delivering that technology. It’s not just about the shiny object,” he said.
• The CIO highlighted three channels through which vendors may engage with the pension fund. The Spring Fed Pool, he said, is probably its biggest and best-known, and its procurements include consulting services. The process, the agency said, saves time by letting it contract with several firms simultaneously. Its Vendor Pool is often leveraged for products and subscriptions, and is used for software, hardware and consulting. Companies don’t need to wait for an active solicitation to apply; and those with current California Multiple Awards Schedule (CMAS) or General Services Administration (GSA) schedules, who meet minimum qualifications and requirements, can be added. And for larger, more complex implementations, Farland said, CalPERS will typically do a full Request for Proposals.