Testimony by Sean Brune, Chief Information Officer, Social Security Administration,
before the House Committee on Oversight and Reform, Subcommittee on Government Operations
July 28, 2021
Chairman Connolly, Ranking Member Hice, and Members of the Subcommittee, thank you for inviting me to discuss information technology (IT) at the Social Security Administration (SSA). I am SSA’s Deputy Commissioner for Systems and Chief Information Officer (CIO). As a former Regional Commissioner, I saw firsthand how essential modern technology solutions are to delivering Social Security Services. I also appreciate the importance of managing and monitoring IT investments—a key tenet of the Federal Information Technology Acquisition Reform Act (FITARA)—to ensure they provide value and measurable results. I look forward to sharing an overview of IT at SSA, and the role FITARA plays in carrying out our mission securely and efficiently.
For more than 80 years, Social Security has provided income protection for retirees, individuals with disabilities, and for families that lose a wage-earner. Today, almost 90 percent of seniors over the age of 65 receive Social Security benefits, and in fiscal year (FY) 2020, we paid more than one trillion dollars in benefits to over 70 million Social Security beneficiaries and Supplemental Security Income (SSI) recipients. While issuing benefit payments is one of our most important jobs, the work we do extends much further. For example, in FY 2020, we also:
- Completed over 8 million claims for benefits;
- Served approximately 20 million visitors in field offices;
- Handled over 34 million calls on our 800 number;
- Posted 289 million earnings items to workers’ records;
- Processed 13 million original and replacement Social Security card applications;
- Processed over 220 million online transactions; and,
- Completed over 463,000 full medical continuing disability reviews and over 2.15 million non-medical redeterminations of eligibility.
Additionally, we work collaboratively with claimant advocates nationwide to serve those most in need. Our field offices serve a critical role for individuals experiencing homelessness, those with mental illness, people transitioning between incarceration and temporary living arrangements, and those in need of Federal, state, and local benefits. Our programs are also a gateway to healthcare, including Medicare and Medicaid.
IT is a foundation of nearly every aspect of our work; it allows us to collect and store information in our records, calculate and pay benefits, and identify and prevent fraud and improper payments. It also allows us to offer new and innovative service delivery options, and provides opportunities to improve and streamline our processes.
We have known for many years that we must modernize our IT—including phasing out legacy systems and aligning our IT infrastructure with FITARA requirements—to bring it into the 21st century and meet the evolving needs of the public. Long before the pandemic, we began efforts to modernize our IT infrastructure. For example:
- After September 11, 2001 we built a virtual private network (VPN) into our infrastructure for Continuity of Operations Planning purposes.
- Beginning in 2015, we replaced desktop computers with laptops, and issued employees a single device—one laptop they could use to access our systems, either onsite or through VPN.
- In October 2017, we released a comprehensive, five-year IT Modernization Plan focused on replacing aging systems with more effective software, retiring old technology, improving our IT development processes, exploring how technology could improve customer service, and migrating applications to a modern cloud platform.
- In 2019, to improve mobility and public service, we began the conversion to softphones to allow employees to answer their office phone using their laptop, facilitating remote work.
- In 2019, we established a Chief Business Officer (CBO) to work in partnership with the CIO and the Deputy CIO for IT Modernization. The CBO helps ensure IT investments are customer-focused and deliver improved customer service.
- In June 2020, we updated our IT Modernization Plan1 to accelerate the delivery of modern software and provide more, better self-service options.
The 2020 IT Modernization Plan Update continues to be our roadmap, and we will remain flexible and nimble. We will use the Plan to guide our use of new technologies, but will update it and prioritize IT initiatives based on changes in our business environment, availability of new technologies, and legal requirements, such as FITARA.
IT During the Pandemic
The COVID-19 pandemic underscored how important IT is to our service delivery, and highlighted the successes of our IT Modernization efforts, as well as areas for improvement. For example, the effectiveness of our existing IT infrastructure allowed us to quickly and successfully move to a maximum telework posture. However, the pandemic also emphasized the need to expand availability of secure self-service options for our customers, and to restructure outdated work processes, like debt remittances, using modern technology.
In March 2020, we made the unprecedented decision to direct employees to work from home to keep the public and our employees safe. Previous work to modernize our IT infrastructure allowed us to remain open for business through our online and telephone services while we limited in-office appointments for critical situations that required in-person services. Three key IT modernization efforts described above—VPN, laptops, and softphones—gave us the foundation to continue service remotely.
We quickly overcame procedural and supply chain challenges, procured and deployed additional equipment, expanded bandwidth, purchased software licenses and provided training and IT support to transition over 90 percent of SSA employees across the country to telework. We also helped transition to telework the thousands of state employees at the Disability Determination Services who make medical determinations for our disability programs. These service successes would not have been possible without our existing IT infrastructure.
We continue to expand electronic and automated customer service options, and work to establish IT-based options to help the public get the help they need. For example, we:
- Are testing new business models for handling formerly in-person workloads, like an online process we began in May 2020 for handling Medicare Part B Supplemental Medical Coverage (Form CMS-40B) applications, which more than 300,000 seniors have used;
- Continue working with the States to expand availability of our internet SSN replacement card application. As of July 2021, 44 states and the District of Columbia participate in the application;
- Began offering an online video solution for hearings conducted in our Office of Hearings Operations. As of July 9, 2021, we have held nearly 580,000 cumulative online video and telephone hearings;
- Implemented an online application for representatives and their clients to complete the entire representative appointment process online, including accepting electronic signatures on notices of Appointment of Representative (Form SSA-1696);
- Began offering a new service in our online mySocial Security portal that delivers a PDF copy of disability claimants’ electronic medical folders;
- Improved delivery of Social Security notices online and expanded the types of customer notices delivered online;
- Implemented a mobile check-in process that allows visitors to check in for their scheduled field office appointment from their personal mobile device without the need to touch a kiosk. The new service also incorporates a COVID-19 health screening page for customers to complete before they enter an SSA facility; and
- Enhanced our online claim status system by providing customers more detailed information, including what to expect next and an estimated claim processing time.
The pandemic has also driven acceleration of smaller, incremental IT updates that improve our behind-the-scenes processes. These changes, while not visible to our customers, help our employees provide streamlined and more efficient service. For example, during the past year, we:
- Worked to expand Enumeration Beyond Entry through a collaboration with the Department of Homeland Security to process requests for Social Security cards for legal permanent residents without having them visit their local field office. We expect the service to go live later this year;
- Redesigned the Disability Case Processing System for hearings and appeals and improved analytical tools to provide decision support through predictive analytics;
- Improved our claims-taking process by adding key information—such as SSI payment history, earnings, and Medicare data—to one central location, saving time for our employees so that they do not have to search for this information in multiple places;
- Enhanced the Technician Experience Dashboard by improving the Customer Verification, Customer View, and Benefit Verification features used by our technicians to efficiently manage customer service requests; and
- Implemented an electronic transfer of non-medical paper appeals from our field offices to the Office of Hearings Operations for processing.
Future IT-Based Service Enhancements
As we emerge from the pandemic, we plan to use the lessons we have learned to build back better. We will continue to provide in-person service to people who need to see us in our field offices. For the many customers who would prefer the convenience of automated services like they experience with other businesses, we must continue to explore expansion of additional online and remote services, such as online appointment-making capabilities, online payment options, and streamlined, secure customer communication options. We will continue to use technology to expand streamlined and automated services, which will allow us to provide people multiple service delivery options and to better focus in-office services on those who need to see us in person.
Telephone Service Improvements
Telephone service has been critical during the pandemic. Between our local offices and our National 800 Number (N8NN), we are on pace to handle over 90 million phone calls in FY 2021. Despite the high volume of calls, we have been steadily improving wait times, busy rates, and overall service; in fact, through June 2021, our N8NN busy rate for this FY is less than one half of one percent. To improve telephone service, we are working to implement the Next Generation Telephony Project (NGTP). NGTP will replace our three current telephone systems with a single platform.
NGTP will provide callers additional information, improve their experience, and reduce wait time. It will provide information about expected wait times and scheduled callbacks, and include automated options for inquiries regarding Medicare replacement cards, 1099s, and claim status. Additionally, NGTP’s modern telecommunications design and management information tools will help us simplify training for new hires, prepare them more quickly to handle calls, and improve our ability to measure performance.
SocialSecurity.gov Website Redesign
To improve customer’s online experience, we are redesigning our website. In FY 2021, we implemented a beta site for SocialSecurity.gov that includes streamlined content and a redesigned home page. We will use customer feedback from online surveys and focus groups to make adjustments to the beta site. We expect to increase the customer satisfaction score for the redesigned test site by two points compared to the ssa.gov satisfaction score for the prior year. In FY 2022, we plan to transition the final redesigned ssa.gov website into production.
FITARA: IT Investment and Monitoring
FITARA aims to improve IT management across the government to eliminate duplication and waste in Federal Government IT acquisitions. By putting Federal agency CIOs in control of IT investment, FITARA requirements seek to help agencies reduce duplicative IT systems, examine software licensing options, make a business case for IT acquisitions, and consolidate data centers. More broadly, FITARA outlines specific requirements related to:
- CIO authority enhancements;
- Enhanced transparency and improved risk management in IT investments;
- Portfolio reviews;
- Expansion of training and use of IT cadres;
- Federal Data Center Consolidation Initiative, more recently known as the Data Center Optimization Initiative;
- Maximizing the benefit of the Federal strategic sourcing initiative; and
- Government-wide software purchasing program.
To meet FITARA requirements, agency CIOs must provide documented approval of IT purchases. The Committee’s FITARA Scorecard, which reflects agencies’ compliance with these requirements over time, serves an important role in our IT modernization progress. We use it as a general tool to measure IT performance and as a guidepost for our technology developments.
Investing wisely in technology is one of our top priorities as we work to deliver smarter, secure, and more efficient service. We have used the authorities within FITARA to improve how we acquire, manage, and organize our IT investments. For example, the increased CIO authority provided under FITARA has helped improve coordination between the CIO, Chief Financial Officer (CFO), and the CBO, which has in turn strengthened our customer-focused IT Modernization Plan.
We have also established procedures for all IT-related procurement, mandating that the Office of the CIO review and approve all IT acquisitions. Additionally, IT investments are now reviewed by an executive Information Technology Investment Review Board (IT IRB) composed of the CIO, CFO, and our Deputy Commissioners. The IT IRB ensures transparency, strategic alignment, and executive oversight.
Throughout the pandemic, we funded IT projects that provided the greatest benefit to our mission. We also continue to make informed funding decisions on IT projects to maximize available resources, and use Agile development and commercial off-the-shelf solutions when it makes sense to do so. As a result, we have been able to quickly expand electronic and automated services on my Social Security and establish other new, electronic service options, like online forms and electronic signatures. Not only do these investments align with FITARA requirements and investment principles, they provide improved customer experience for the public we serve.
Twice a year, this Committee assembles a FITARA Scorecard with support from the Government Accountability Office (GAO). The Scorecard helps assess Federal agencies’ progress on IT reforms. We appreciate the work the Members of this Committee and GAO have done to help ensure transparency and Federal agency compliance with FITARA requirements. At SSA, we take the Scorecard seriously and have actively engaged with GAO and this Committee to help continue to refine the FITARA process.
While the Scorecard is a useful tool, it constantly evolves; new items are regularly added and scoring methodologies change. The changing nature of the Scorecard can be challenging, but it has proven valuable by identifying gaps in our processes. For example, on the Scorecard released in December 2020, SSA’s score dropped2 from a B+ to a C+ although our scores for each individual category were consistent with the August 2020 Scorecard. Upon review, we discovered that the updated score reflected the limited availability of source data to support our responses. We have since worked to address this data availability issue and expect improved scores to follow.
FITARA and FISMA
Congress enacted the Federal Information Security Modernization Act of 2014 (FISMA) to improve federal cybersecurity and clarify government-wide cybersecurity responsibilities. The FITARA Scorecard also now includes a cybersecurity score reflecting FISMA and Presidential Cross Agency Priority goal compliance. We constantly strive to improve our effectiveness and achieve higher FISMA maturity levels3. As part of our cybersecurity planning, we continuously identify the required resources and prioritize programs and activities that will assist us in reaching our goals. Through FY 2021, we will continue to support multiple investments in key areas of Risk Management, Configuration Management, Identity Management, and Continuous Monitoring.
Our cybersecurity program continues to increase our detection, protection, and intelligence capabilities for strengthening the agency’s defenses against evolving threats and cyber-attacks, such as the recent SolarWinds attack. Although SSA was involved in the SolarWinds attack, we have no evidence that any of our systems were compromised, nor was any information that we possess revealed to any external entity. As we continue to provide new opportunities for better customer service through new online services, we will remain vigilant in continuing to strengthen our cybersecurity program capabilities.
Continued IT Investment
The need for sustained IT modernization and investment has never been more apparent than during the pandemic. We must continue to modernize our legacy systems before institutional staff knowledge is gone. And we must continue to work to build back better—to use technology to expand streamlined and automated self-service options for those who want to do business with us remotely, and to provide in-person service to those who need to see us in our offices.
The FY 2022 Budget requests $14.2 billion will help us strengthen our service to the public during and after the pandemic. Support from Congress will be pivotal to our ability to provide vital Social Security services to the American public.
Thank you for inviting me to testify today. I am glad to highlight the importance of IT to our mission. I want to close by thanking my colleagues and our amazing employees who have continued to carry on during the pandemic with resilience and dedication to our mission. I also want to thank the public and the Members on the Subcommittee for the opportunity to be here today.
I look forward to answering any questions you may have.
1 Our 2017 IT Modernization Plan and the 2020 Update are available at https://www.ssa.gov/open/plans/.
2 SSA was one of five agencies to drop in overall score. Three agencies improved and sixteen stayed the same.
3 A higher compliance/FITARA score generally indicates a higher maturity level, which should indicate a lower organizational cybersecurity risk.