|
SYSTEM DESIGN AND PROTOTYPE
Step 2: System Design and Prototype
In Step 2, the predominate IPMC process groups are Executing and Controlling. (See Appendix B for a detailed discussion of the Executing and Controlling process groups.) At the completion of Step 1 and as a result of the Milestone I briefing, approval is received to proceed forward with Step 2 tasks to design and prototype the system. As an outcome of this approval, planning artifacts are established as baselines and provided to the project team to guide the work effort.
During Step 2 the project manager begins executing the approved project management plan and manages work efforts to design the system. These design activities will result in a validation of the approved and published baseline, as each component is detailed and vetted with the appropriate stakeholders. Typically, there are numerous requests for change during this phase, and the project team utilizes the change control procedures in the scope management plan to assess, decision and implementation change proposals. The project manager is required to report the impact of scope changes in the project Milestone II briefing.
The system design may take the form of a prototype system, proof of concept, a demonstration or, depending on complexity, the first production article. Step 2 tasks lead to the Milestone II briefing where the results of the initial design effort are reported and the decision is made to continue the project into system development.
Milestone II: System Development Approval
If the prototype development funding is approved, the system development effort is authorized and begins. During System Definition a prototype is tested and further refinements are made to the various plans and documents based on information learned from the prototype.
Once system development is approved, it will be funded and the systems life‑cycle development and testing can begin.
IT Security
It is critical that security be included in the design stage of a new application or information system. Security can be designed into a new system at a lower cost in the design phase than attempting to “paint it on” later in the life cycle. The security Certification and Accreditation (C&A) process is a formal methodology that examines security risks, threats, and vulnerabilities, as well as sensitivity and criticality of information, to determine what security controls are necessary to mitigate risk to an acceptable level. The process is established in many organizational directives and During this phase of the project, security documentation should continue to be updated as necessary. The following documents and processes, should be addressed:
▲ |
Updated System Security Plan (SSP) |
▲ |
Security Risk Assessment (RA) |
▲ |
Contingency Planning (CP) and Disaster Recovery Plans (DRP) |
▲ |
Configuration Management Plan (CMP) |
▲ |
Interconnection Security Agreements (ISA) for systems that interconnect to other systems |
▲ |
An Interim Authority to Operate (IATO) which may be required if the prototype or test system will attach to a production network or use live test data during its development |
▲ |
Security Controls Assessment (SCA, a.k.a., Security Test and Evaluation, or ST&E) |
Organizational Enterprise Architecture
At Milestone II, to gain approval for full-scale systems development or acquisition, PMs are expected to focus primarily on rows 3 and 4 of the Framework. This is largely addressed in Chapter 5 of version 2.1 of the One Enterprise Architecture. PMs are expected to revalidate the information addressed at Milestones 0, I, and II.
IT Operations Considerations
Projects that will involve organizational telecommunications and operations infrastructure should consider the following questions leading up to Milestone II:
Network Capacity Planning:
▲ |
What are the project’s performance requirements: |
■ |
Average expected volume of traffic? |
■ |
Expected peak volume of traffic? |
■ |
Average expected network latency? |
■ |
Maximum network latency allowed? |
▲ |
What are the project’s availability requirements: |
■ |
Classes of service for different types of traffic? |
■ |
Different availability areas? |
▲ |
What are the project’s scalability requirements: |
■ |
Expected extensions or addition of sites through life cycle? |
■ |
Expected volume of new users? |
■ |
Expected traffic volume change? |
▲ |
What existing applications will be phased out by this project? |
▲ |
Has the project provided software and scripts to model the application(s)? |
▲ |
What are the special network management features required by the project: |
■ |
Can the project be supported with existing tools? |
■ |
Is training required to support this project? |
■ |
Is new staff required to support this project? |
Step 2: Significant Project Management Activities
The following is a summary listing of the significant project management activities and outputs for Step 2.
▲ |
Updated system security documentation |
▲ |
Monthly Performance Reports |
▲ |
Milestone II Briefing and Decision Memo |
Step 2: Responsibility Assignment Matrix
The Responsibility Assignment Matrix below is provided as a “best practices” tool that the PM can adapt and fill out for the appropriate tasks and responsibilities of his or her project. For additional guidance, the PM should refer to the appendices of this guide and consult his or her Administration or Staff Office PMO.
|
|
|
|
|
|
|
|
|
Step 2 – System Design and Prototype |
Deliverable
/Artifact |
Task |
Responsible |
D = Develop or Designate, S = Support,
C = Concur, A = Approve |
Business Sponsor |
Program Manager |
Project Manager |
Project Team |
Stakeholders / OI&T |
EIB / SMC |
Updated Project Plan |
Develop and implement a process to insure the project management plan and the subsidiary plans are continuously updated and kept current. |
|
|
|
|
|
|
Change Control |
Review the change control process and requests to insure that project changes in scope, schedule, cost, quality, and risk are being captured, assessed, reported, and approved. |
|
|
|
|
|
|
Monthly Performance Reports |
Prepare and score template for the Office of Information and Technology. |
|
|
|
|
|
|
Consolidate project data for presentation to SMC |
|
|
|
|
|
|
Act on decisions and direction received as a result of the monthly performance review. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Step 2 – System Design and Prototype (continued) |
Deliverable
/Artifact |
Task |
Responsible |
D = Develop or Designate, S = Support,
C = Concur, A = Approve |
Business Sponsor |
Program Manager |
Project Manager |
Project Team |
Stakeholders / OI&T |
EIB / SMC |
Milestone II Briefing |
Create briefing slides |
|
|
|
|
|
|
Seek Administration or Staff Office approval |
|
|
|
|
|
|
Schedule EIB briefing with OI&T |
|
|
|
|
|
|
Present briefing to EIB |
|
|
|
|
|
|
Milestone II Decision Memo |
Draft Decision Memo |
|
|
|
|
|
|
Sign Decision Memo |
|
|
|
|
|
|
Accomplish Decision Memo tasks |
|
|
|
|
|
|
|
