CDCR Technology Landscape
Systems Inventory
The Mandate: EO N-30-25
Governor Newsom signed Executive Order N-30-25 in July 2025 β "Efficient and Effective Government" β directing every state agency to streamline operations, improve performance, and cut red tape.
Three tracks are converging on CDCR:
- Governor's Innovation Fellows β embedded in departments to identify and fix systemic inefficiencies from the ground up
- BCG / Dept. of Finance β 3-month scoping contract evaluating HQ operations, contract management, overtime, and healthcare delivery; $20M follow-on requested for on-site implementation
- California Breakthrough Project β tech industry task force (Snap, Instacart, Twilio, Anduril) advising on procurement modernization and AI strategy
Note: Full EO text: gov.ca.gov/wp-content/uploads/2025/07/2025-7-15.Efficient-and-Effective-Government-EO.FINAL_.signed-1.pdf
What Cohort 1 Discovered
Two PODs worked August 2025 through February 2026 across hundreds of documents of discovery, interviews, and site visits:
- "Digitize Paper Records" β ducats, scheduling, movement passes
- "Digitizing Internal Processes" β grievances, temperature monitoring, internal workflows
Core Finding
Fragmented legacy systems that don't talk to each other. SOMS, BIS, and SAP each operate independently. Five separate Wi-Fi networks per institution, none communicating. Paper forms everywhere.
Cohort 1 Deliverables
- Piloted: Temperature Log App (Microsoft Power Apps, replacing paper Forms 2030/2031)
- Established: Governance frameworks, steering committee cadence, Incarcerated Technology Governance Charter
The Landscape at a Glance
System Architecture Overview
CDCR Data Architecture β The Silo Problem
The SOMS Problem
CDCR's 800-lb gorilla: 42 modules, one vendor, one-way data.
- Sole vendor: Marquis Software Development β builds, maintains, and controls the entire platform
- One-way API: Data can be pushed out of SOMS, but the vendor will not allow writes back in. This is the single most cited technical blocker across all digitization initiatives.
- Staffing crisis: Only 5 FTE + 6 contractors to support the entire platform
- Infrastructure complexity: 11 environments managed by 3 vendors (Marquis, Quest, Red River)
- Version backlog: Team wants to upgrade but lacks capacity (estimated 1 year to convert)
- Update cadence: 4β6 updates per year
Currently Implemented (~30 modules)
| Acronym | Module Name |
|---|---|
| ICC | Inmate Custody Classification |
| PCA | Parole Commission Actions |
| CHS | Common Health Services |
| IMT | Inmate Monitoring & Transfer (partial) |
| IJP | Inmate Jobs & Programs |
| IRH | Inmate Restrictive Housing |
| IVT | Inmate Visitation Tracking |
| ISS | Inmate Security Status |
| ISC | Interstate Compact |
| IPM | Inmate PREA Management (recently added) |
| IPT | Inmate Population Tracking |
| IPI | Inmate Property Inventory |
| ISA | Inmate Services Administration |
| IBS | Inmate Banking System |
| PPS | Probation & Parole Supervision (partial) |
| ODA | Offender Data Administration |
| INT | In-Touch Mobile Suite |
| ACE | Application Configuration Engine |
| GDM | Geospatial Data Mapping |
| PBA | Pentaho Business Analytics (purchased, never deployed) |
| HWD | Holds, Warrants & Detainers |
| OTC | Offender Time Computation |
| STG | Security Threat Group |
| RNA | Risk & Needs Assessment |
| CSR | Corrections Statistics Reporting |
| ORP | Offender Reception Process |
| IAI | Internal Affairs Investigations (recently implemented) |
| OGT | Offender Grievance Tracking (recently implemented) |
| ITS | Investigation Tracking & Statistics |
| EOI | External Operating Interface |
| OTR | Offender Tracking & Release |
| VSA | Victim Services Administration |
| CSS | Court Case Sentencing |
| ODS | Offender Decision Support |
| IRT | Incident Report Tracking |
| COP | Court Ordered Payments |
In Contract β NOT Implemented (5 modules)
| Acronym | Module Name |
|---|---|
| DSS | Dental Services System |
| MSS | Medical Services System |
| MHS | Mental Health Services |
| OCS | Outside Care Services |
| FAC | Facility Access Control |
NOT In Contract (3 modules)
| Acronym | Module Name |
|---|---|
| FSO | Food Service Operations |
| FSR | Facility Staff Reference |
| CIS | Canteen Inventory & Sales |
eOMIS Module Status
The bulk of the honeycomb β custody classification, population tracking, banking, visitation, grievances, investigations, time computation, reception, release, and more. Pentaho (PBA) is technically "implemented" but was never deployed with CDCR data β Power BI is the de facto analytics tool.
- IPM β Inmate PREA Management (grant-funded)
- IAI β Internal Affairs Investigations
- OGT β Offender Grievance Tracking
- ITS β Investigation Tracking & Statistics
All healthcare-related: Dental (DSS), Medical (MSS), Mental Health (MHS), Outside Care (OCS), and Facility Access Control (FAC). These represent untapped contract value.
Food Service Operations (FSO), Facility Staff Reference (FSR), Canteen Inventory & Sales (CIS). Would require new contract negotiations with Marquis.
Enterprise & Analytics Silos
Today: Three Independent Systems
BIS β Legacy enterprise data. Does not talk to SAP or SOMS.
SAP / HANA β Enterprise resource planning. AASPS went live January 2026. Does not talk to BIS or SOMS.
SOMS β Offender management. Does not talk to BIS or SAP.
Each product line manages its own infrastructure independently. No shared data layer.
Pentaho was purchased as an eOMIS analytics module but never deployed. Power BI is the active reporting tool.
The Vision: Unified Data Architecture
- Consolidated data warehouse β single source of truth replacing fragmented silos (Snowflake being evaluated; "a few years down the road")
- Cross-system APIs β real-time data exchange between SOMS, SAP, BIS, and tablet platforms instead of nightly batch exports
- System consolidation β reducing redundant platforms and eliminating manual re-entry across systems
- Automated alerting β event-driven notifications replacing manual monitoring and paper-based escalation
- Modern analytics β Power BI is already the de facto reporting layer; a unified data layer unlocks cross-departmental dashboards
BCG's efficiency review may surface additional consolidation opportunities as part of the Department of Finance engagement.
Healthcare Systems (CCHCS)
CCHCS operates completely separate IT infrastructure β own network, own ServiceNow instance, own CIO.
Core Systems
- EHRS β Central electronic health record system
- Quality Management Portal β Heat Medications Registry, Heat Meds Custody Report
- CCHCS Lifeline Patient Safety β Heat Alert Medication List
- Cerner / HealtheLife β Patient portal (voted approved for tablets, 3/7/2024)
Emerging Healthcare Tech (September 2025 Tech Fair)
- Oracle Health Clinical AI Agent β Streamlined medical request processing
- Ameelio Connect β Secure video medical consultations
- UniDoc Virtual eHealth Clinics β Remote health delivery
Temperature Monitoring
- SensoScientific β Automated sensors, piloting at Calipatria and Mule Creek (~$1.3M for all 30 institutions)
- Astute / DwyerOmega β Alternative at 1/3 to 1/2 the cost, still being evaluated
- Temperature Log App β Microsoft Power Apps pilot (May 2025), replacing paper Forms 2030/2031
Tablet Platforms
Incarcerated Tablets
Securus IC+ Platform
- $189M contract through February 2031
- Leased Android tablets, phones, kiosks, video calling, e-messaging
- Replacing ViaPath/GTL (contract voided by CA Supreme Court)
- 14 proposed apps not yet evaluated (scheduling, grievances, canteen, TRUST, and more)
- CONNECTUS β Marquis app pushing scheduling data to tablets
- Investigative suite: Command, VTrack, Word Watch, voice biometrics
Warning: Vendor lock-in risk β complete rebuild required at re-bid. 3-year contract cycles.
Staff Tablets
Samsung Hardware
- ~7,170 tablets deployed statewide (~$600/unit + $85 license)
- Cell Search App β shipped statewide, built internally by EIS (reduced cell search documentation from ~3 hours to ~20 minutes)
- Mental Health Checks β next app in the pipeline
- Progressive web app architecture
- Meta Quest 3 β Mixed reality headsets for immersive staff training (Sept 2025 tech fair)
Tip: The Cell Search App proves EIS can build and ship internally. This is the model to scale.
The Wi-Fi Problem
5 siloed networks per institution β none communicate with each other
Emerging Solutions
- Starlink β Satellite connectivity for conservation camps and remote facilities
- WAN Transformation β Wide Area Network overhaul across institutions, in progress
- LoRa (Long Range) β Low-power mesh networking for data coverage in areas where Wi-Fi cannot reach (thick concrete, outdoor yards, remote buildings)
Security & Data Protection
Any cross-boundary data exchange between CCHCS and CDCR must meet strict security requirements:
- HIPAA compliance is non-negotiable β all Protected Health Information (PHI) remains under CCHCS governance and CIO authority
- Role-based access controls (RBAC) β clinical data visible only to authorized healthcare staff; custody staff see only what's operationally necessary (e.g., heat alert medication schedules), never diagnostic or treatment data
- End-to-end encryption for all data in transit between systems
- Full audit trails β every access logged, reviewable, and auditable
- Zero Trust architecture β already being piloted at CDCR (per September 2025 tech fair); continuous verification of every user and device
- Firewall segmentation β strict separation between clinical and custody networks is maintained
- CCHCS retains governance authority β no integration bypasses their approval chain; their CIO and IT team approve all data sharing decisions
Tip: Any proposed cross-system data exchange goes through CCHCS IT governance first. Clinical data stays clinical.
Vendor Ecosystem
18+ vendors across six categories. The two largest contracts dominate the landscape:
Securus Technologies (IC+)
- $189,360,000 through February 2031 (four 1-year extension options)
- Leased Android tablets, phones, kiosks, video, e-messaging, investigative tools
- Untapped: scheduling app, grievance app, third-party app hosting
Marquis Software Development
- Sole vendor for eOMIS/SOMS (42 modules)
- Also provides CONNECTUS incarcerated tablet app
- 11 environments across 3 infrastructure vendors
BCG (Boston Consulting Group)
- Hired by Department of Finance for 3-month scoping contract
- Focus: HQ efficiencies, contract management, overtime, healthcare delivery
- $20M follow-on requested for on-site implementation support
Key Barriers for Cohort 2
- One-Way API β SOMS vendor will not allow writes back into the system. Every integration is read-only. This blocks real-time scheduling, grievance auto-population, and tablet-to-SOMS data flow.
- Network Segmentation β Five Wi-Fi silos per institution with no cross-network communication. Any integration requires firewall changes, security review, and cooperation across organizational boundaries.
- Vendor Lock-In β Securus operates on 3-year contract cycles with complete rebuild required at re-bid. Marquis is the sole SOMS vendor. Mitigation: EIS builds internal proof-of-concepts, then vendors scale proven designs β already demonstrated with Cell Search App and Temperature Log App.
- Organizational Boundaries β EIS and CCHCS IT are completely separate organizations with separate infrastructure, governance, and compliance requirements (HIPAA). Cross-boundary work requires dual approval chains.
- Union Resistance β Technology changes that affect staff workflows (digital ducats, tablet-based reporting, automated scheduling) can trigger union pushback if labor representatives are not engaged early. Mitigation: Bring union stakeholders to the table during design, not after deployment. Frame changes as reducing administrative burden on officers, not replacing roles.
Warning: SOMS is supported by only 5 FTE + 6 contractors for the entire platform. Any initiative touching SOMS competes for this scarce capacity.
Opportunities Aligned to EO N-30-25
Prioritized opportunities for Cohort 2, mapped to Executive Order pillars:
- Streamline Operations: Grievance digitization β 602-1 submission via tablet, auto-populating OGT metadata, eliminating manual data entry
- Improve Service Delivery: E-Ducating and incarcerated scheduling on tablets; leverage CONNECTUS and Securus platform capabilities
- Modernize Infrastructure: Snowflake data warehouse evaluation; WAN transformation; Zero Trust security rollout
- Reduce Paper: Ducat digitization (movement passes β barcode/RFID scanning at checkpoints)
- Secure Cross-Boundary Data: HIPAA-compliant, RBAC-protected data exchange between CCHCS and CDCR β under CCHCS governance authority, with end-to-end encryption and full audit trails
- Build Internal Capacity: Expand EIS's proof-of-concept development capability β prototype solutions in-house, then hand proven designs to vendors for enterprise scaling. Reduces lock-in, accelerates innovation, retains institutional knowledge. The Cell Search App is the model.
- Leverage BCG Findings: Align GIF digital transformation priorities with BCG's HQ efficiency recommendations for maximum combined impact
What's In Place & Next Steps
What's Already In Place
- Governance frameworks β Incarcerated Technology Governance Charter established
- Steering committee β cadence already running with Directors-level participation
- Relationships β SME network and department contacts preserved in Cohort 1 handoff documents; Cohort 2 will not be first contact with key stakeholders
- BCG engagement β $20M implementation phase may create parallel workstreams; coordinate early
The Model Going Forward
EIS builds the proof-of-concept. Vendors scale the proven design. CDCR retains the IP, the knowledge, and the leverage.