Project Initiation. ProPath. Office of Information and Technology

Transcription

1 Project Initiation ProPath Office of Information and Technology

2 Table of Contents Project Initiation Process Maps... 1 Process: Project Initiation Project Initiation and Goals Goals Project Initiation RACI Information Project Initiation Process Process Activity Name: PRI-1 Define Business Requirements Process Activity Name: PRI-1.1 Identify Needs and Capabilities Process Activity Name: PRI-1.2 Identify EA Content Process Activity Name: PRI-1.2-DEC01 Segment Level Content? Process Activity Name: PRI-1.3 Identify Segment Content Process Activity Name: PRI-1.4 Update Business Requirements with EA Traceability Process Activity Name: PRI-2 Create QUAD Chart Process Activity Name: PRI-3 Develop Initial Infrastructure Rough Order of Magnitude Process Activity Name: PRI-4 Create Project Charter Process Activity Name: PRI-5 Evaluate Enterprise Shared Services Process Activity Name: PRI-5.1 Submit IAM Service Request Process Activity Name: PRI-5.2 Receive IAM Service Request Process Activity Name: PRI-5.3 Determine Need for IAM Service Request Process Activity Name: PRI-5.3-DEC01 IAM Required? Process Activity Name: PRI-5.3-DEC02 Additional Services? Process Activity Name: PRI-5.4 Schedule IAM Service Request Review Meeting Process Activity Name: PRI-5.5 Review IAM Service Request Package Process Activity Name: PRI-5.5-DEC01 Concur? Process Activity Name: PRI-5.6 Schedule Governance Review Intake Team Meeting Process Activity Name: PRI-5.7 Obtain IAM MOU Signatures Process Activity Name: PRI-5.8 Review IAM Service Request Process Activity Name: PRI-5.8-DEC01 Approved? Process Activity Name: PRI-5.9 Assign IAM Team Members Process Activity Name: PRI-5.10 Create IAM Change Requests Process Activity Name: PRI-5.11 Notify IAM Project Manager Change Requests Created Project Initiation i

3 Process Activity Name: PRI-5.12 Notify Project Manager Service Request Approved Process Activity Name: PRI-5.13 Receive IAM Change Requests Process Activity Name: PRI-5.14 Receive IAM Service Request Decision Process Activity Name: PRI-5.15 Close IAM Service Request Process Activity Name: PRI-6 Register Project with Enterprise Systems Engineering Process Activity Name: PRI-6.1 Complete ESE Registration Form (Initial) Process Activity Name: PRI-6.2 Set Up ESE Process Initiation (PI) Meeting. 51 Process Activity Name: PRI-6.3 Conduct PI Meeting and Confirm Preliminary Requirements Process Activity Name: PRI-6.4 Update Work Breakdown Structure Process Activity Name: PRI-7 Establish and Resource Integrated Project Team Process Activity Name: PRI-7.1 Determine IPT Resource Requirements Process Activity Name: PRI-7.2 Submit HPS Intake Form Process Activity Name: PRI Populate HPS Intake Form Process Activity Name: PRI Determine Tier 2 IPT Member Process Activity Name: PRI Create Intake Tracker Record Process Activity Name: PRI Review Intake Form Process Activity Name: PRI Create Intake Assessment Findings Report Process Activity Name: PRI Update Intake Tracker Process Activity Name: PRI Communicate Intake Assessment Findings Report Process Activity Name: PRI Receive Intake Assessment Findings Report Process Activity Name: PRI-7.3 Submit Request for ISO Support Process Activity Name: PRI Submit Request for ISO Support Form Process Activity Name: PRI Perform Security Review Process Activity Name: PRI Receive Security Review Findings Process Activity Name: PRI-7.4 Conduct Security Impact Analysis Process Activity Name: PRI Initiate Security Impact Analysis Process Activity Name: PRI DEC01 Health Product? Process Activity Name: PRI Assign HCSR Resource Process Activity Name: PRI Conduct Security Impact Analysis Process Activity Name: PRI Communicate Security Impact Analysis.. 70 Process Activity Name: PRI-7.5 Submit Privacy Threshold Analysis Process Activity Name: PRI Submit/Update Privacy Threshold Analysis Request Project Initiation ii

4 Process Activity Name: PRI Review Privacy Threshold Analysis Process Activity Name: PRI DEC01 Complete? Process Activity Name: PRI Review Privacy Threshold Analysis Request Process Activity Name: PRI DEC01 Approved? Process Activity Name: PRI Accept Privacy Threshold Analysis Process Activity Name: PRI DEC01 Accepted? Process Activity Name: PRI Receive Completed Privacy Threshold Analysis Process Activity Name: PRI-7.6 Submit SDE PAO New Project Request Form Process Activity Name: PRI-7.7 Submit ASD IPT Support Request Process Activity Name: PRI-7.8 Submit Privacy Officer Support Request Process Activity Name: PRI-7.9 Receive Notifications of IPT Member Assignments Process Activity Name: PRI-7.10 Form Integrated Project Team Process Activity Name: PRI-PR1 Conduct Peer Review of the Business Requirements Document Process Activity Name: PRI-FR1 Conduct Formal Review of the Business Requirements Document Process Activity Name: PRI-FR1-DEC01 Requirements Sufficient? Process Activity Name: PRI-8 Elaborate Business Requirements Process Activity Name: PRI-9 Select Design Approach Process Activity Name: PRI-MS0 Conduct Milestone 0 Review Project Initiation iii

5 Project Initiation Process Maps Project Initiation Office of Responsibility home overview MS0 raci help PRI-9 Select Design Approach Project Manager PRI-5 Evaluate Enterprise Shared Services PRI-4 Create Project Charter PRI-6 Register Project with Enterprise Systems Engineering PRI-7 Establish and Resource Integrated Project Team F P Yes Requirements Sufficient? No PRI-3 Develop Initial Infrastructure Rough Order of Magnitude Business Analyst PRI-1 Define Business Requirements PRI-2 Create QUAD Chart PRI-8 Elaborate Business Requirements The links in this process map are inactive. Please scroll to view activity data. 1

6 Project Initiation: PRI-1 Define Business Requirements home proc ess overview raci help Segment Architect PRI-1.3 Identify Segment Content Yes EA Architect PRI-1.2 Identify EA Content Segment Level Content? No Business Analyst PRI-1.1 Identify Needs and Capabilities PRI-1.4 Update Business Requirements with EA Traceability The links in this process map are inactive. Please scroll to view activity data. 2

7 Project Initiation: PRI-5 Evaluate Enterprise Shared Services IAM Governance Review Intake Team No Yes Approved? PRI-5.8 Review IAM Service Request home process overview PRI-5.9 Assign IAM Team Members raci help IAM Governance Manager PRI-5.3 Determine Need for IAM Service Request PRI-5.2 Receive IAM Service Request PRI-5.4 Schedule IAM Service Request Review Meeting Yes IAM Required? No PRI-5.5 Review IAM Service Request Package Concur? No Yes PRI-5.7 Obtain IAM MOU Signatures PRI-5.6 Schedule Governance Review Intake Team Meeting PRI-5.11 Notify IAM Project Manager Change Requests Created PRI-5.10 Create IAM Change Requests PRI-5.12 Notify Project Manager Service Request Approved IAM Project Manager PRI-5.13 Receive IAM Change Requests Project Manager PRI-5.1 Submit IAM Service Request Additional Services? Yes No PRI-5.14 Receive IAM Service Request Decision To: RFSC Request for Service Consumption PRI-5.15 Close IAM Service Request From: RFSC Request for Service Consumption The links in this process map are inactive. Please scroll to view activity data. 3

8 Project Initiation: PRI-6.0 Register Project with Enterprise Systems Engineering home process overview raci help Project Manager PRI-6.1 Complete ESE Registration Form (Initial) PRI-6.4 Update Work Breakdown Structure ESE Release Readiness Officer PRI-6.2 Set Up ESE Process Initiation (PI) Meeting PRI-6.3 Conduct PI Meeting and Confirm Preliminary Requirements The links in this process map are inactive. Please scroll to view activity data. 4

9 Project Initiation: PRI-7 Establish and Resource Integrated Project Team home process overview raci help PRI-7.2 Submit HPS Intake Form PRI-7.6 Submit SDE PAO New Project Request Form Project Manager PRI-7.1 Determine IPT Resource Requirements PRI-7.3 Submit Request for ISO Support PRI-7.4 Conduct Security Impact Analysis PRI-7.7 Submit ASD IPT Support Request PRI-7.8 Submit Privacy Officer Support Request PRI-7.9 Receive Notifications of IPT Member Assignments PRI-7.10 Form Integrated Project Team PRI-7.5 Submit Privacy Threshold Analysis The links in this process map are inactive. Please scroll to view activity data. 5

10 Project Initiation: PRI-7.2 Submit HPS Intake Form home process back overview raci help Project Manager PRI Populate HPS Intake Form PRI Receive Intake Assessment Findings Report Tier 2 (T2) Helath Product Support Specialist PRI Determine Tier 2 IPT Member Tier 3 (T3) Sustainment Manager PRI Create Intake Tracker Record PRI Review Intake Form PRI Create Intake Assessment Findings Report PRI Update Intake Tracker PRI Communicate Intake Assessment Findings Report The links in this process map are inactive. Please scroll to view activity data. 6

11 Project Initiation: PRI-7.3 Submit Request for ISO Support home process back overview raci help Project Manager PRI Submit Request for ISO Support Form PRI Receive Security Review Findings Information Security Officer PRI Perform Security Review The links in this process map are inactive. Please scroll to view activity data. 7

12 Project Initiation: PRI-7.4 Conduct Security Impact Analysis home process back overview raci help Project Manager PRI Initiate Security Impact Analysis Health Product? Yes No PRI Conduct Security Impact Analysis PRI Communicate Security Impact Analysis Director Health Care Security Requirements PRI Assign HCSR Resource The links in this process map are inactive. Please scroll to view activity data. 8

13 Project Initiation: PRI-7.5 Submit Privacy Threshold Analysis home process back overview raci help Privacy Services PRI Accept Privacy Threshold Analysis Accepted? No Yes System Owner Yes Approved? No PRI Review Privacy Threshold Analysis Request Privacy Officer PRI Review Privacy Threshold Analysis Yes Complete? No Project Manager PRI Submit/Update Privacy Threshold Analysis Request PRI Receive Completed Privacy Threshold Analysis The links in this process map are inactive. Please scroll to view activity data. 9

14 Process: Project Initiation Overview: The process map for Project Initiation cycles through the following process and review activities: PRI-1 Define Business Requirements PRI-1.1 Identify Needs and Capabilities PRI-1.2 Identify EA Content PRI-1.2-DEC01 Segment Level Content? PRI-1.3 Identify Segment Content PRI-1.4 Update Business Requirements with EA Traceability PRI-2 Create QUAD Chart PRI-3 Develop Initial Infrastructure Rough Order of Magnitude PRI-4 Create Project Charter PRI-5 Evaluate Enterprise Shared Services PRI-5.1 Submit IAM Service Request PRI-5.2 Receive IAM Service Request PRI-5.3 Determine Need for IAM Service Request PRI-5.3-DEC01 IAM Required? PRI-5.3-DEC02 Additional Services? PRI-5.4 Schedule IAM Service Request Review Meeting PRI-5.5 Review IAM Service Request Package PRI-5.5-DEC01 Concur? PRI-5.6 Schedule Governance Review Intake Team Meeting PRI-5.7 Obtain IAM MOU Signatures PRI-5.8 Review IAM Service Request PRI-5.8-DEC01 Approved? PRI-5.9 Assign IAM Team Members PRI-5.10 Create IAM Change Requests PRI-5.11 Notify IAM Project Manager Change Requests Created PRI-5.12 Notify Project Manager Service Request Approved PRI-5.13 Receive IAM Change Requests PRI-5.14 Receive IAM Service Request Decision PRI-5.15 Close IAM Service Request PRI-6 Register Project with Enterprise Systems Engineering PRI-6.1 Complete ESE Registration Form (Initial) PRI-6.2 Set Up ESE Process Initiation (PI) Meeting PRI-6.3 Conduct PI Meeting and Confirm Preliminary Requirements PRI-6.4 Update Work Breakdown Structure PRI-7 Establish and Resource Integrated Project Team PRI-7.1 Determine IPT Resource Requirements PRI-7.2 Submit HPS Intake Form PRI Populate HPS Intake Form PRI Determine Tier 2 IPT Member PRI Create Intake Tracker Record PRI Review Intake Form PRI Create Intake Assessment Findings Report Project Initiation 10

15 PRI Update Intake Tracker PRI Communicate Intake Assessment Findings Report PRI Receive Intake Assessment Findings Report PRI-7.3 Submit Request for ISO Support PRI Submit Request for ISO Support Form PRI Perform Security Review PRI Receive Security Review Findings PRI-7.4 Conduct Security Impact Analysis PRI Initiate Security Impact Analysis PRI DEC01 Health Product? PRI Assign HCSR Resource PRI Conduct Security Impact Analysis PRI Communicate Security Impact Analysis PRI-7.5 Submit Privacy Threshold Analysis PRI Submit/Update Privacy Threshold Analysis Request PRI Review Privacy Threshold Analysis PRI DEC01 Complete? PRI Review Privacy Threshold Analysis Request PRI DEC01 Approved? PRI Accept Privacy Threshold Analysis PRI DEC01 Accepted? PRI Receive Completed Privacy Threshold Analysis PRI-7.6 Submit SDE PAO New Project Request Form PRI-7.7 Submit ASD IPT Support Request PRI-7.8 Submit Privacy Officer Support Request PRI-7.9 Receive Notifications of IPT Member Assignments PRI-7.10 Form Integrated Project Team PRI-PR1 Conduct Peer Review of the Business Requirements Document PRI-FR1 Conduct Formal Review of the Business Requirements Document PRI-FR1-DEC01 Requirements Sufficient? PRI-8 Elaborate Business Requirements PRI-9 Select Design Approach PRI-MS0 Conduct Milestone 0 Review Project Initiation 11

16 Project Initiation and Goals Project Initiation is the process by which a project transitions from the Project Management Accountability System (PMAS) state of "New Start" into the state of "Planning". A project New Start state is a candidate for Planning once the project has been added to the Business Operating Plan and the Enterprise Project Structure identifies the funds released by the Information Technology Resource Management (ITRM). Projects require a Milestone 0 review to establish if in full compliance before transitioning to Planning. The Project Manager is responsible for establishing the Milestone 0 review through the applicable Office Of Responsibility. Goals The Goals of Project Initiation are as follows: - To determine if the business requirements are sufficient - To determine if the service level requirements are sufficient - To create a high level spend plan - To identify the project team - To ensure privacy requirements are determined - To ensure identity and access management requirements are determined - To ensure security and if needed, Compliance, Advising and Security Engineering (CASE) management requirements are determined - To identify the integrated project team - To ensure design pattern guidance is reviewed for the project's development activity types when determining the overall design approach - To determine if the project is ready for the planning state Project Initiation 12

17 Project Initiation RACI Information The following describes the RACI information for this process: PRI-1.1 Identify Needs and Capabilities : Business Analyst Accountable Role: Business Unit Lead Consulted Role: Business Analyst, Stakeholder(s), System Owner PRI-1.2 Identify EA Content : Enterprise Architect Accountable Role: Business Unit Lead PRI-1.2-DEC01 Segment Level Content? : Enterprise Architect Accountable Role: PRI-1.3 Identify Segment Content : Segment Architect Accountable Role: Business Unit Lead Informed Role: Stakeholder(s) PRI-1.4 Update Business Requirements with EA Traceability : Business Analyst Accountable Role: Business Unit Lead Informed Role: Stakeholder(s) PRI-2 Create QUAD Chart : Business Analyst Project Initiation 13

18 Accountable Role: Business Unit Lead Consulted Role: Office of Responsibility Informed Role: Stakeholder(s) PRI-3 Develop Initial Infrastructure Rough Order of Magnitude : Project Manager Accountable Role: Program Manager Consulted Role: Enterprise Operations Storage Management Informed Role: Stakeholder(s) PRI-4 Create Project Charter : Project Manager Accountable Role: Program Manager Consulted Role: Business Sponsor, Integrated Project Team Member, Program Manager Informed Role: Stakeholder(s) PRI-5.1 Submit IAM Service Request : Project Manager Accountable Role: Program Manager PRI-5.2 Receive IAM Service Request : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team PRI-5.3 Determine Need for IAM Service Request : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team Informed Role: Project Manager Project Initiation 14

19 PRI-5.3-DEC01 IAM Required? : Identity and Access Management Governance Manager Accountable Role: PRI-5.3-DEC02 Additional Services? : Project Manager Accountable Role: PRI-5.4 Schedule IAM Service Request Review Meeting : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team Consulted Role: Project Team PRI-5.5 Review IAM Service Request Package : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team Consulted Role: Project Team PRI-5.5-DEC01 Concur? : Project Manager Accountable Role: PRI-5.6 Schedule Governance Review Intake Team Meeting : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team Consulted Role: Project Manager Informed Role: Business Sponsor Project Initiation 15

20 PRI-5.7 Obtain IAM MOU Signatures : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team Consulted Role: Stakeholder(s) PRI-5.8 Review IAM Service Request : Identity and Access Management Governance Review Intake Team Accountable Role: Identity and Access Management Governance Review Intake Team Consulted Role: Business Sponsor, Governance Review Intake Team, Project Team PRI-5.8-DEC01 Approved? : Identity and Access Management Governance Review Intake Team Accountable Role: PRI-5.9 Assign IAM Team Members : Identity and Access Management Governance Review Intake Team Accountable Role: Office of Responsibility PRI-5.10 Create IAM Change Requests : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team PRI-5.11 Notify IAM Project Manager Change Requests Created : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team Informed Role: Identity and Access Management Project Manager PRI-5.12 Notify Project Manager Service Request Approved Project Initiation 16

21 : Identity and Access Management Governance Manager Accountable Role: Identity and Access Management Governance Review Intake Team Informed Role: Project Manager PRI-5.13 Receive IAM Change Requests : Identity and Access Management Project Manager Accountable Role: Identity and Access Management Governance Manager Informed Role: Governance Review Intake Team PRI-5.14 Receive IAM Service Request Decision : Project Manager Accountable Role: Program Manager Informed Role: Project Team, Stakeholder(s) PRI-5.15 Close IAM Service Request : Project Manager Accountable Role: Program Manager PRI-6.1 Complete ESE Registration Form (Initial) : Project Manager Accountable Role: Product Manager PRI-6.2 Set Up ESE Process Initiation (PI) Meeting : Enterprise Systems Engineering Release Officer Accountable Role: Deputy Director, Enterprise Systems Engineering Informed Role: Capacity and Performance Management Analyst, Enterprise Systems Engineering Capacity Planning and Engineering Operational Readiness Review Analyst, Health Product Support Release Coordinator, Enterprise Systems Engineering Test Analyst, Release Readiness Office POC, Service Delivery and Engineering Point of Contact, VHA Release Management Team Project Initiation 17

22 PRI-6.3 Conduct PI Meeting and Confirm Preliminary Requirements : Enterprise Systems Engineering Release Officer Accountable Role: Deputy Director, Enterprise Systems Engineering Consulted Role: Capacity and Performance Management Analyst, Enterprise Systems Engineering Capacity Planning and Engineering Operational Readiness Review Analyst, Health Product Support Release Coordinator, Release Readiness Office POC, Service Delivery and Engineering Point of Contact, 508 Reviewer, VHA Release Management Team PRI-6.4 Update Work Breakdown Structure : Project Manager Accountable Role: Program Manager Informed Role: Project Team PRI-7.1 Determine IPT Resource Requirements : Project Manager Accountable Role: Program Manager Informed Role: Stakeholder(s) PRI Populate HPS Intake Form : Project Manager Accountable Role: Program Manager Informed Role: Health Product Support Release Coordinator PRI Determine Tier 2 IPT Member : Tier 2 (T2) Health Product Support Specialist Accountable Role: Tier 2 (T2) Health Product Support Division Director Informed Role: Tier 2 (T2) Health Product Support Specialist Project Initiation 18

23 PRI Create Intake Tracker Record : Tier 3 (T3) Sustainment Manager Accountable Role: Director, Health Product Support PRI Review Intake Form : Tier 3 (T3) Sustainment Manager Accountable Role: Director, Health Product Support PRI Create Intake Assessment Findings Report : Tier 3 (T3) Sustainment Manager Accountable Role: Director, Health Product Support PRI Update Intake Tracker : Tier 3 (T3) Sustainment Manager Accountable Role: Director, Health Product Support PRI Communicate Intake Assessment Findings Report : Tier 3 (T3) Sustainment Manager Accountable Role: Director, Health Product Support Informed Role: Project Manager PRI Receive Intake Assessment Findings Report : Project Manager Accountable Role: Program Manager Informed Role: Business Sponsor, Integrated Project Team, Stakeholder(s) PRI Submit Request for ISO Support Form : Project Manager Project Initiation 19

24 Accountable Role: Director, Software Development Informed Role: Information Security Officer PRI Perform Security Review : Information Security Officer Accountable Role: Director, Office of Cyber Security Informed Role: Project Manager, Stakeholder(s) PRI Receive Security Review Findings : Project Manager Accountable Role: Director, Software Development Informed Role: Integrated Project Team, Project Team, Stakeholder(s) PRI Initiate Security Impact Analysis : Project Manager Accountable Role: Director, Software Development Consulted Role: Information Security Officer, Privacy Officer, Privacy Services Informed Role: Integrated Project Team PRI DEC01 Health Product? : Project Manager Accountable Role: Director, Software Development PRI Assign HCSR Resource : Director, Health Care Security Requirements Accountable Role: Project Manager Consulted Role: Information Security Officer, Privacy Officer Informed Role: Health Care Security Requirements (HCSR) Security Specialist, Integrated Project Team Project Initiation 20

25 PRI Conduct Security Impact Analysis : Project Manager Accountable Role: Director, Office of Cyber Security Consulted Role: Health Care Security Requirements (HCSR) Security Specialist, Information Security Officer, Privacy Officer Informed Role: Integrated Project Team PRI Communicate Security Impact Analysis : Project Manager Accountable Role: Director, Software Development Consulted Role: Integrated Project Team, Information Security Officer, Privacy Officer, Privacy Services Informed Role: Health Care Security Requirements (HCSR) Security Specialist, Stakeholder(s) PRI Submit/Update Privacy Threshold Analysis Request : Project Manager Accountable Role: Director, Software Development Informed Role: Integrated Project Team, Privacy Officer, System Owner PRI Review Privacy Threshold Analysis : Privacy Officer Accountable Role: Director, Office of Cyber Security PRI DEC01 Complete? : Privacy Officer Accountable Role: Director, Office of Cyber Security PRI Review Privacy Threshold Analysis Request Project Initiation 21

26 : System Owner Accountable Role: System Owner PRI DEC01 Approved? : System Owner Accountable Role: Project Manager PRI Accept Privacy Threshold Analysis : Privacy Services Accountable Role: Director, Office of Cyber Security PRI DEC01 Accepted? : Privacy Services Accountable Role: Director, Office of Cyber Security PRI Receive Completed Privacy Threshold Analysis : Project Manager Accountable Role: Director, Software Development PRI-7.6 Submit SDE PAO New Project Request Form : Project Manager Accountable Role: Program Manager PRI-7.7 Submit ASD IPT Support Request : Project Manager Accountable Role: Program Manager PRI-7.8 Submit Privacy Officer Support Request Project Initiation 22

27 : Project Manager Accountable Role: Program Manager Consulted Role: Administrations and Staff Offices Leadership Informed Role: Privacy Officer, Stakeholder(s) PRI-7.9 Receive Notifications of IPT Member Assignments : Project Manager Accountable Role: Program Manager Informed Role: Integrated Project Team, Stakeholder(s) PRI-7.10 Form Integrated Project Team : Project Manager Accountable Role: Program Manager Consulted Role: Integrated Project Team, Stakeholder(s) PRI-PR1 Conduct Peer Review of the Business Requirements Document : Project Manager Accountable Role: Program Manager Consulted Role: Integrated Project Team, Project Team PRI-FR1 Conduct Formal Review of the Business Requirements Document : Project Manager Accountable Role: Program Manager Consulted Role: Stakeholder(s) PRI-FR1-DEC01 Requirements Sufficient? : Project Manager Accountable Role: Program Manager Project Initiation 23

28 PRI-8 Elaborate Business Requirements : Business Analyst Accountable Role: Business Unit Lead PRI-9 Select Design Approach : Project Manager Accountable Role: Program Manager PRI-MS0 Conduct Milestone 0 Review : Office of Responsibility Accountable Role: Deputy Assistant Secretary/Deputy Chief Information Officer Consulted Role: 508 Reviewer, Office of Responsibility, Stakeholder(s) Project Initiation 24

29 Project Initiation Process Process Activity Name: PRI-1 Define Business Requirements Note: This activity is performed concurrently with: PRI-2 Create QUAD Chart PRI-3 Develop Initial Infrastructure Rough Order of Magnitude None PRI-4 Create Project Charter The sub-process map PRI-1 Define Business Requirements process cycles through the following dependent activities: PRI-1.1 Identify Needs and Capabilities PRI-1.2 Identify EA Content PRI-1.3 Identify Segment Content PRI-1.4 Update Business Requirements with EA Traceability Process Activity Name: PRI-1.1 Identify Needs and Capabilities None PRI-1.2 Identify EA Content The Business Analyst ensures the Business Requirements document (BRD) is created in draft form by the Enterprise Systems Manager, Office of Business Process Integration, or Corporate Business Analyst to capture and describe the business needs of the customer/business owner and identifies the needs and reviews the capabilities the stakeholders and the target users identify and why these needs exist, providing a focused overview of the requirements, constraints, and Information Technology options considered, including insight into the current state, current capabilities and proposed business area or process and identifies stakeholders and profiles primary and secondary user communities. The business analyst also specifically addresses requirements for identity and access service needs. Business Needs Documents New Service Request Project Initiation 25

30 Service Level Requirements Artifacts Created Business Flow Diagrams Business Requirements Document Business Analyst IBM Rational Requirements Composer IBM Rational RequisitePro VA EA Enterprise Technical Architecture (ETA) Compliance Criteria Requirement Level Guide VA Identify Management Policy (VAIQ ) All community generated Open Source products (products developed by anyone outside the VA national development resources) that are identified as viable candidates to be used within VA must be reviewed by the business community to assure that stakeholders approve all of the functionality that is provided in any such product. For VHA, contact Health Systems staff to ensure the proper Program Offices are engaged. The project team may use either IBM Rational RequisitePro or IBM Rational Requirements Composer until IBM Rational RequisitePro is officially discontinued. Process Activity Name: PRI-1.2 Identify EA Content PRI-1.1 Identify Needs and Capabilities PRI-1.2-DEC01 Segment Level Content? The Enterprise Architect (EA) identifies EA content and determines if the business needs fall within the current Business Reference Model and Service Reference Model and if the capability to meet the needs currently exists. Business Requirements Document Project Initiation 26

31 Artifacts Created Updated Business Requirements Document Enterprise Architect Business Reference Model VA Systems Inventory Requirement Level Guide All community generated Open Source products (products developed by anyone outside the VA national development resources) that are identified as viable candidates to be used within VA must be reviewed by the business community to assure that stakeholders approve all of the functionality that is provided in any such product. For VHA, contact Health Systems staff to ensure the proper Program Offices are engaged. The Feedback section of the VA Systems Inventory can be used to provide update for existing system or Register new system. Process Activity Name: PRI-1.2-DEC01 Segment Level Content? PRI-1.2 Identify EA Content If Yes, PRI-1.3 Identify Segment Content If No, PRI-1.4 Update Business Requirements with EA Traceability Note: There is a decision dependency that determines the next activity: The EA Architect determines if there is segment level content. If Yes, the next activity is PRI-1.3 Identify Segment Content. If No, the next activity is Update Business Requirements with EA Traceability. Project Initiation 27

32 Enterprise Architect Process Activity Name: PRI-1.3 Identify Segment Content PRI-1.2-DEC01 Segment Level Content? is YES PRI-1.4 Update Business Requirements with EA Traceability The Segment Architect identifies and articulates the changes the business needs drive to the target business and information architectures by: - Analyzing the gap between current and proposed business information environments in the context of business needs, - Determining which elements within the current state business and information environment must change to meet desired improvements, - Describing required changes to the business and information environment and whether these changes are currently addressed with - planned initiatives or investments, - Ensuring that both functional and non-functional requirements are identified. As-is Business Function Model As-is Business Value Chain Diagrams As-is Key Business Process Models As-is Key Business Process Swim Lane Diagrams As-is Key Information Sources Qualitative Assessment Business Requirements Document Common/Mission Services Maturity Levels Existing documentation on current business and information environment (practices, rules, PAR, applicable PART) Segment Scope and Strategic Intent Artifacts Created Updated Business Requirements Document Segment Architect IBM Rational Requirements Composer Project Initiation 28

33 IBM Rational RequisitePro Requirement Level Guide All community generated Open Source products (products developed by anyone outside the VA national development resources) that are identified as viable candidates to be used within VA must be reviewed by the business community to assure that stakeholders approve all of the functionality that is provided in any such product. For VHA, contact Health Systems staff to ensure the proper Program Offices are engaged. The project team may use either IBM Rational RequisitePro or IBM Rational Requirements Composer until IBM Rational RequisitePro is officially discontinued. Process Activity Name: PRI-1.4 Update Business Requirements with EA Traceability PRI-1.3 Identify Segment Content Or PRI-1.2-DEC01 Segment Level Content? is NO PRI-4 Create Project Charter The Business Analyst updates the Business Requirements Document (BRD) providing documentation at a maturity level of 2 (at a minimum) sufficient to support subsequent IT Project Planning. Business Requirements Document Artifacts Created Updated Business Requirements Document Business Analyst IBM Rational Requirements Composer IBM Rational RequisitePro Project Initiation 29

34 Requirement Level Guide All community generated Open Source products (products developed by anyone outside the VA national development resources) that are identified as viable candidates to be used within VA must be reviewed by the business community to assure that stakeholders approve all of the functionality that is provided in any such product. For VHA, contact Health Systems staff to ensure the proper Program Offices are engaged. The project team may use either IBM Rational RequisitePro or IBM Rational Requirements Composer until IBM Rational RequisitePro is officially discontinued. Process Activity Name: PRI-2 Create QUAD Chart Note: This activity is performed concurrently with: PRI-1 Define Business Requirements PRI-3 Develop Initial Infrastructure Rough Order of Magnitude None PRI-4 Create Project Charter The Business Analyst is responsible for the creation of the QUAD Chart which is a formal document that summarizes the high level scope, deliverables, schedule, and planned budget for a set of business requirements. The Business Analyst collaborates with the Office of Responsibility and assigned support staff to create the QUAD Chart and to obtain the Enterprise Project Structure (EPS) Number for the project. The QUAD Chart is used as a communication tool across organizations and is designed to support the decision making and prioritization process. Business Requirements Document Office of Responsibility and Support Staff Designation Artifacts Created Quad Chart Business Analyst Project Initiation 30

35 PMAS Dashboard QUAD Information Change to Project Management Accountability System (PMAS) Guide V5.0 (VAIQ ) Project Management Accountability System (PMAS) Guide Please the VA OIT PD PPO IM mail group if you have specific questions or concerns. Please the VA OIT PD PPO EPS mail group if you have specific questions or concerns about EPS numbers. The EPS number is located under the EPS tab on the PMAS Dashboard menu. Process Activity Name: PRI-3 Develop Initial Infrastructure Rough Order of Magnitude Note: This activity is performed concurrently with: PRI-1 Define Business Requirements PRI-2 Create Quad Chart None PRI-4 Create Project Charter The Project Manager develops an initial rough order or magnitude (ROM) infrastructure and sustainment cost estimate for budget request purposes using the Government-Hosted Cloud/Shared Infrastructure Estimating Tool. The ROM is used to create a high level spend plan. The ROM estimates are not binding. Precise infrastructure and sustainment cost information are formulated by Enterprise Operations when the requisite project artifacts are submitted and the Systems Engineering and Design Review (SEDR) is completed later in the system development life cycle. To request an architected solution, a request to VAITSDEEOIntakeArchitecturalServicesAllStaff. Business Requirements Document (BRD) QUAD Chart Artifacts Created Corporate Data Center Operations (CDCO) Pricing Matrix, if used Infrastructure ROM Project Initiation 31

36 Updated Quad Chart Project Manager Government-Hosted Cloud/Shared Infrastructure Estimating Process Activity Name: PRI-4 Create Project Charter Note: The following activities are performed concurrently. PRI-1 Define Business Requirements PRI-2 Create QUAD Chart PRI-3 Develop Initial Infrastructure Rough Order of Magnitude PRI-5 Evaluate Enterprise Shared Services The Project Manager creates the Project Charter. If an existing Project Charter was created, it should be updated to include any revisions such as scope, etc. The revised Project Charter is signed by the Business Sponsor, Program Manager, Project Manager, and Integrated Project Team Chair. Business Requirements Document Artifacts Created Project Charter Project Manager Project Initiation 32

37 Communications Services Technical Services Project Repository (TSPR) Change to Project Management Accountability System (PMAS) Guide V5.0 (VAIQ ) Project Management Accountability System (PMAS) Guide VA EA Enterprise Technical Architecture (ETA) Compliance Criteria For information on how to set up a project folder on the PMAS portal, the Project Manager contacts the Communications Representative. If the Communications Representative is not known, then the Project Manager contacts the OIT PD Communications Managers mail group for assistance or goes to the Communication Services web site to view the current list of representatives. The OneVA EA ETA Compliance Criteria document establishes minimum compliance criteria for a product or product release. Process Activity Name: PRI-5 Evaluate Enterprise Shared Services PRI-4 Create Project Charter PRI-6 Register Project with Enterprise Systems Engineering The sub-process PRI-4 Evaluate Enterprise Shared Services process cycles through the following dependent activities: PRI-5.1 Submit IAM Service Request PRI-5.2 Receive IAM Service Request PRI-5.3 Determine Need for IAM Service Request PRI-5.4 Schedule IAM Service Request Review Meeting PRI-5.5 Review IAM Service Request Package PRI-5.6 Schedule Governance Review Intake Meeting PRI-5.7 Obtain IAM MOU Signatures PRI-5.8 Review IAM Service Request PRI-5.9 Assign IAM Team Members Project Initiation 33

38 PRI-5.10 Create IAM Change Requests PRI-5.11 Notify IAM Project Manager Change Requests Created PRI-5.12 Notify Project Manager Service Request Approved PRI-5.13 Receive IAM Change Requests PRI-5.14 Receive IAM Service Request Decision PRI-5.15 Close IAM Service Request Process Activity Name: PRI-5.1 Submit IAM Service Request PRI-4 Create Project Charter PRI-5.2 Receive IAM Service Request The Project Manager submits the Identity and Access Management (IAM) Service Request following the guidance available in the IAM Service Request Submission User Guide. The IAM Service Request, the Business Requirements Document, and the Business Flow Diagrams are submitted together as the IAM Service Request Package. The Business Requirements Document and Business Flow Diagrams must accompany the submitted service request. Within the attached BRD, highlight the business requirements sections applicable to the IAM request, and note the sections in the IAM Service Request online tool. For requests linked to an existing BRD, ensure the functionality within the BRD describes: - As is state - To be state - Expected benefits Business Process Models Business Requirements Document IAM Service Request Package Artifacts Created IAM Service Request Updated IAM Service Request Package Project Manager Project Initiation 34

39 Identity and Access Management Central Home IAM Service Request Submission User Guide The IAM Service Request form identifies business needs and specific IAM services required. The IAM Service Request allows the IAM Service Request Team to review and track the request from submission through implementation. The requester only fills out Sections 1.0 and 2.1 of the IAM Service Request. Within the attached BRD, highlight the business requirements sections applicable to the IAM request and note that section in the Service Request online tool. The project manager can provide a link to the project's Technical Services Project Repository (TSPR) site. If you have any questions regarding the IAM Governance process or need assistance with completing the Service Request form, please contact IAM Governance at the IAM Service Request mail group. Process Activity Name: PRI-5.2 Receive IAM Service Request PRI-5.1 Submit IAM Service Request PRI-5.3 Determine Need for IAM Service Request The Identity and Access Management (IAM) Governance Manager receives the IAM Service Request and IAM Service Request Package and enters the IAM Service Request into the IAM Service Work Plan. IAM Service Request IAM Service Request Package Artifacts Created Updated IAM Service Work Plan Identity and Access Management Governance Manager Identity and Access Management Central Home IAM Service Request Submission User Guide Project Initiation 35

40 The IAM Governance Manager is the project manager's point of contact for the request for questions and status updates regarding the IAM Service Request. Process Activity Name: PRI-5.3 Determine Need for IAM Service Request PRI-5.2 Receive IAM Service Request OR PRI-5.8-DEC01 Approved? is NO PRI-5.3-DEC01 IAM Required? The Identity and Access Management (IAM) Governance Manager determines the need for an Identity and Access Management (IAM) Service Request. If a determination is made that submission of an IAM Service Request is not necessary, the Identity and Access Management (IAM) Governance Manager documents that decision with a memorandum for the record and notifies the Project Manager Business Flow Diagram Business Requirements Document Artifacts Created IAM Service Request Package Memorandum for the Record, if needed Updated Business Requirements Document (if needed) Identity and Access Management Governance Manager Identity and Access Management Central Home Identity and Access Management Services Master Glossary Technical Services Project Repository (TSPR) IAM Service Request Submission User Guide VA EA Enterprise Technical Architecture (ETA) Compliance Criteria Project Initiation 36

41 VA Identify Management Policy (VAIQ ) The IAM Central Website provides guidance regarding business processes and the specific IAM services that enable project teams to satisfy the VA enterprise requirements. The requester is only required to fill out Sections 1.0 & 2.1 of the Service Request. If there are any questions regarding the IAM Governance process or assistance needed with completing the Service Request form and Service Request Package, please contact IAM Governance at the IAM Service Request mail group. Process Activity Name: PRI-5.3-DEC01 IAM Required? PRI-5.3 Determine Need for IAM Service Request If Yes, PRI-5.4 Schedule IAM Service Request Review Meeting If No, PRI-5.3-DEC02 Additional Services? Note: There is a Decision Activity that determines the next activity: If the Identity and Access Management Governance Manager determines IAM is required the next activity is PRI-5.4 Schedule IAM Service Request Review Meeting. If the Identity and Access Management Governance Manager determines IAM is not required the next activity is PRI-5.3-DEC02 Additional Services? Identity and Access Management Governance Manager Process Activity Name: PRI-5.3-DEC02 Additional Services? PRI-5.3 DEC01 IAM Required? is NO If Yes, there is a flow to the Request for Service Consumption Process. If No, PRI-6 Evaluate Enterprise Shared Services. Note: There is a decision dependency that determines the next activity to complete: Project Initiation 37

42 If the Enterprise Shared Services are required the next activity to complete is a flow to the Request for Service Consumption Process. If the Enterprise Shared Services not required the next activity to complete is PRI-6 Register Project with Enterprise Systems Engineering. Project Manager Process Activity Name: PRI-5.4 Schedule IAM Service Request Review Meeting PRI-5.3-DEC01 IAM Required? is YES PRI-5.5 Review IAM Service Request Package The Identity and Access Management (IAM) Governance Manager schedules a review of the IAM Service Request Package with the Project Manager to ensure all materials are complete and ready for continued submission to the IAM Governance Review Intake Team (GRIT). IAM Service Request IAM Service Request Package IAM Work Plan Artifacts Created Updated IAM Work Plan Identity and Access Management Governance Manager Identity and Access Management Central Home IAM Service Request Submission User Guide Project Initiation 38

43 Any questions regarding the IAM Governance process or assistance needed with completing the IAM Service Request form, please contact IAM Governance at the IAM Service Request mail group. Process Activity Name: PRI-5.5 Review IAM Service Request Package PRI-5.4 Schedule IAM Service Request Review Meeting PRI-5.5-DEC01 Concur? The Identity and Access Management (IAM) Governance Manager and Project Team representatives meet to review the IAM Service Request and IAM Service Request Package and ensure that IAM services are required and that all materials are ready for submission to the IAM Governance Review Intake Team (GRIT) for their review and approval. If the IAM Governance Manager concurs with the need for the IAM Service Request, the IAM Service Request Package is passed for scheduling to the IAM GRIT for review. If the IAM Governance Manager does not concur with the need for the IAM Service Request, the IAM Service Request is returned to the Project Manager with the Meeting Agenda and Minutes explaining the decision. IAM Service Request IAM Service Request Package IAM Work Plan Artifacts Created Artifact Review Agenda and Minutes Updated IAM Service Request Package Identity and Access Management Governance Manager Identity and Access Management Central Home Technical Services Project Repository (TSPR) IAM Service Request Submission User Guide Project Initiation 39

44 Process Activity Name: PRI-5.5-DEC01 Concur? PRI-5.5 Review IAM Service Request Package If Yes, PRI-5.6 Schedule Governance Review Intake Team Meeting If No, PRI-5.14 Receive IAM Service Request Decision Note: There is a decision dependency that determines the next activity to complete. If the IAM Governance Manager determines the need for an IAM Service Request the next activity to complete is PRI-4.6 Schedule Governance Review Intake Team Meeting. If the IAM Governance Manager determines there is no need for an IAM Service Request the next activity to complete is PRI-4.14 Receive IAM Service Request Decision. Project Manager Process Activity Name: PRI-5.6 Schedule Governance Review Intake Team Meeting PRI-5.5-DEC01 Concur? is YES PRI-5.7 Obtain IAM MOU Signatures The Identity and Access Management (IAM) Governance Manager, in conjunction with the Project Manager, schedules the IAM Governance Review Intake Team (GRIT) Meeting when the Business Sponsor, or designated representative, and the respective project team members can be available to discuss the content of the IAM Service Request and IAM Service Package. IAM Work Plan Project Initiation 40

45 Artifacts Created Updated IAM Work Plan Identity and Access Management Governance Manager Identity and Access Management Central Home The GRIT meets weekly. Any questions regarding the IAM Governance process please contact IAM Governance at the IAM Service Request mail group. Process Activity Name: PRI-5.7 Obtain IAM MOU Signatures PRI-5.6 Schedule Governance Review Intake Team Meeting PRI-5.8 Review IAM Service Request The Identity and Access (IAM) Governance Manager proceeds with preparing and obtaining necessary signatures on the Memorandum of Understanding defining the services and actions required of all parties. IAM Service Request IAM Service Request Package Artifacts Created IAM Memorandum of Understanding, signed Identity and Access Management Governance Manager Project Initiation 41

46 Identity and Access Management Central Home Technical Services Project Repository (TSPR) IAM Service Request Submission User Guide Process Activity Name: PRI-5.8 Review IAM Service Request PRI-5.7 Obtain IAM MOU Signatures PRI-5.8-DEC01 Approved? The IAM Governance Review Intake Team (GRIT) meets to review the IAM Service Request, IAM Service Request Package and Memorandum of Understanding. The entire requesting team (all POCs listed in the IAM Service Request POC listing) is required to attend the IAM GRIT meeting. The Business Sponsor or designated representative presents the business requirements and business flow diagrams from the IAM Service Request Package. The GRIT Team collectively determines to approve or disapprove IAM Service Request. If the IAM Service Request is disapproved, it is returned to the Project Manager with the Meeting Agenda and Minutes explaining the decision. If the IAM Service Request is approved, the IAM Governance Manager is notified to create and monitor the appropriate change requests. IAM Memorandum of Understanding, signed IAM Service Request IAM Service Request Package Artifacts Created Artifact Review Agenda and Minutes Identity and Access Management Governance Review Intake Team Identity and Access Management Central Home Technical Services Project Repository (TSPR) Project Initiation 42

47 Process Activity Name: PRI-5.8-DEC01 Approved? PRI-5.8 Review IAM Service Request If Yes, PRI-5.9 Assign IAM Team Members If No, PRI-5.3 Determine Need for IAM Service Request Note: There is a decision dependency that determines the next activity to complete: If the IAM Governance Review Intake Team approves the IAM Service Request the next activity to complete is PRI-4.9 Assign IAM Team Members. If the IAM Governance Review Intake Team does not approve the IAM Service Request the next activity to complete is PRI-4.3 Determine Need for IAM Service Request. Identity and Access Management Governance Review Intake Team Process Activity Name: PRI-5.9 Assign IAM Team Members PRI-5.8-DEC01 Approved? is YES PRI-5.10 Create IAM Change Requests The Identity and Access Management (IAM) Governance Intake Review Team (GRIT) assigns IAM Team Members to create the appropriate IAM Change Requests associated with the specifications contained in the approved IAM Service Request and IAM Service Request Package. Project Initiation 43