116 STAT. 1240 PUBLIC LAW 107-217—AUG. 21, 2002 (b) CONTENT OF PROCESS. —The process of an executive agency shall— (1) provide for the selection of information technology investments to be made by the executive agency, the management of those investments, and the evaluation of the results of those investments; (2) be integrated with the processes for making budget, financial, and program management decisions in the executive agency; (3) include minimum criteria to be applied in considering whether to undertake a particular investment in information systems, including criteria related to the quantitatively expressed projected net, risk-adjusted return on investment and specific quantitative and qualitative criteria for comparing and prioritizing alternative information systems investment projects; (4) identify information systems investments that would result in shared benefits or costs for other federal agencies or state or local governments; (5) identify quantifiable measurements for determining the net benefits and risks of a proposed investment; and (6) provide the means for senior management personnel of the executive agency to obtain timely information regarding the progress of an investment in an information system, including a system of milestones for measuring progress, on an independently verifiable basis, in terms of cost, capability of the system to meet specified requirements, timeliness, and quality. § 11313. Performance and results-based management In fulfilling the responsibilities under section 3506(h) of title 44, the head of an executive agency shall— (1) establish goals for improving the efficiency and effectiveness of agency operations and, as appropriate, the delivery of services to the public through the effective use of information technology; (2) prepare an annual report, to be included in the executive agency's budget submission to Congress, on the progress in achieving the goals; (3) ensure that performance measurements— (A) are prescribed for information technology used by, or to be acquired for, the executive agency; and (B) measure how well the information technology supports programs of the executive agency; (4) where comparable processes and organizations in the public or private sectors exist, quantitatively benchmark agency process performance against those processes in terms of cost, speed, productivity, and quality of outputs and outcomes; (5) analyze the missions of the executive agency and, based on the analysis, revise the executive agency's mission-related processes and administrative processes as appropriate before making significant investments in information technology to be used in support of the performance of those missions; and (6) ensure that the information security policies, procediu*es, and practices of the executive agency are adequate.