View
217
Download
0
Category
Tags:
Preview:
Citation preview
ESC/ENEngineering Process
ComplianceProcedures
August 2002
2
ESC/EN
Engineering Process Compliance
Four major steps to compliance
- Conduct Process Self-Assessment
- Complete Engineering Process Compliance Templates
- Submit Completed Templates and Selected Process Assets
- Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets
ConductProcess
Self- Assessment
PrepareComplianceTemplates
CollectProcessAssets
Submit Templates andSelected Assets
PresentResult to
EN Comp Bd
3
ESC/EN
Engineering Process ComplianceStep 1 - Conduct Process Self-Assessment
Four major steps to compliance
- Conduct Process Self-Assessment
- Complete Engineering Process Compliance Templates
- Submit Completed Templates and Selected Process Assets
- Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets
ConductProcess
Self- Assessment
PrepareComplianceTemplates
CollectProcessAssets
Submit Templates andSelected Assets
PresentResult to
EN Comp Bd
4
ESC/EN
Conducting the Self-Assessment
Complete Program Baseline Questionnaire - Provide an understanding of your program
Unique circumstances or conditions Stakeholders etc.
- Provide data needed to understand the gaps in the ESC/EN Process Concepts when compared to you business model
Complete the Risk Manage Self Assessment Survey- If your program has implemented a risk management process, this checklist can help us decide how well the process meets the CMMI goals and specific practices. - Assist in the adaptation of the ESC/EN Process Concepts to your program.
5
ESC/EN
Risk Management Self Assessment SurveyExample
Complete All Sections:SG 1 - Prepare for Risk Management
SG 2 - Identify and Analyze Risk
SG 3 - Mitigate Risks
GG 1 - Achieve SGs
GG 2 - Institutionalize a Managed Process
GG 3 - Institutionalize a Defined Process
GG 4 - Institutionalize a Quantitatively
Managed Process
GG 5 - Institutionalize an Optimizing
Process
Collect Artifacts Helpful if Completed and Delivered
Electronically
6
ESC/EN
Risk Management Self Assessment Survey Example (Concluded)
Questions
ArtifactsDescribed
YourComments
Specific Goal
SpecificPractice
Collect Artifacts(i.e.Evidence) to
SupportSelf Assessment
7
ESC/EN
Program Baseline Questionnaire (Risk Management)
Example
Complete All Sections:1 - Program Data
2 - ESC/MC POC
3 - MITRE POC
4 - Brief Program Description
5 - Contractor Information
6 - Program Status
7 - Risk Management Process
8 - Risk Management Data
9 - Contracting
10 - Other Comments
Attach Support Material if Necessary Helpful if Completed and Delivered
Electronically
8
ESC/EN
Program Baseline Questionnaire (Risk Management)
Example (Concluded)
DataRequested
UseSpace Needed
CompleteAll
Blanks
Section
ProvideNarratives
Attach Artifacts(i.e.Evidence) as
Applicable
9
ESC/EN
Engineering Process ComplianceStep 2 - Complete Engineering Process Compliance Templates
Four major steps to compliance
- Conduct Process Self-Assessment
- Complete Engineering Process Compliance Templates
- Submit Completed Templates and Selected Process Assets
- Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets
ConductProcess
Self- Assessment
PrepareComplianceTemplates
CollectProcessAssets
Submit Templates andSelected Assets
PresentResult to
EN Comp Bd
10
ESC/EN
Engineering Process Compliance Templates
This template was created to assist in the development of ESC/EN Compliance Board Briefing charts. It is based on the ESC/EN Engineering Process Self- Assessment .
The Chief Engineer should brief, as a minimum, program baseline information, the results of the self-assessment survey and a review of selected process assets.
The Chief Engineer should address the topics as outlined in the Process Compliance Template charts as appropriate for a complete understanding of the state of process implementation in the program.
The template should be tailored to meet your program business environment and practices.
Process Compliance Templates are Shown in the Following xx Charts
11
ESC/EN
x
x
[Program Name][Name of Process]Compliance Status
[Chief Engineer Name]
[Date]
Process Compliance Template - Chart 1
12
ESC/EN
Overview
Part 1 - Program Baseline
- Background
- Program Description
- Contractor Information
- Program Status
- [Process Name] Process Background
- Program [Process Name] Data Part 2 - [Process Name] Self-Assessment
- Assessment Summary
- Process Gaps and Gap Filler Solutions
- Practice Adoptions
- Assessment Details
- Assessment Conclusions Part 3 - Review of Selected [Process Name Assets]
Process Compliance Template - Chart 2
For IllustrationPurposes the
Risk ManagementProcess Self Assessment
Survey will be usedto form Templatesfor Part 2 and 3
13
ESC/EN
Program DataProgram Name:AcquisitionOrganization:Users:
ACAT LevelProgram Manager
NameAddressPhoneFaxE-Mail
Chief EngineerNameAddressPhoneFaxE-Mail
Part 1 - Program BaselineProgram Background
Process Compliance Template - Chart 3
14
ESC/EN
Part 1 - Program BaselineProgram Description
Narrative or Graphic Description
Process Compliance Template - Chart 4
15
ESC/EN
Part 1 - Program BaselineContractor Information
Process Compliance Template - Chart 5
Contractor InformationName Location Role History
Prime
Sub 1
Sub 2
Sub 3
Contracting (indicates types of risk mitigation actions available):Type of contract: duration, basis for payment (include awards and incentives):
Government/Contractor, relationship: CAIV? TSPR? Role and involvement of user organizations:
Any other important features of contract or contracting process
Describe how you incorporate Contractor Risk into your Risk Management Program.
16
ESC/EN
Part 1 - Program BaselineProgram Status
Process Compliance Template - Chart 6
Program Status
PrimaryPurpose
New Start Upgrade Migration Other(Describe
Below)of Acquisition YES YES YES
NO NO NODescription of Other:
Next Major MilestoneMilestone Date
Purpose
17
ESC/EN
Part 1 - Program Baseline[Process Name] Process Background
Process Compliance Template - Chart 7
[Process Name]Describe YourCurrent [ProcessName] Process
(Use additional Charts as Required)
IPT (if so, whichorganizations participateand how often do theymeet?)
(Use additional Charts as Required)
Describe how[Process Name]process data arereported andmanaged.
(Use additional Charts as Required)(Include Internal Program, Contractor, and Cross Programs)
What [ProcessName] Tools areused?
(Use additional Charts as Required)
Is [Process Name]Training given?(If, Yes, describe)
(Use additional Charts as Required)
Does your programhave a [ProcessName] Plan?(Describe)
(Use additional Charts as Required)
Other Commentsabout your [ProcessName] Process.
(Use additional Charts as Required)
18
ESC/EN
Part 1 - Program BaselineProgram [Process Name] Data
Process Compliance Template - Chart 8
[Process Name] DataWhat key metrics are available to you under the contract or otherwise concerning contractorperformance?
What information does the government use regularly to manage the contract and oversee theprogress and direction?
What assessments have been done (Red Teams, other), by whom, and what were the results?
What redirection or replanning has been done, when? (show all replans, schedule slips, whenannounced)?
19
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Summary
Process Compliance Template - Chart 9
YESKEY: NO
Partially
CMMI Description SPOGoal Summary
SG 1 Prepare for Risk Management: Preparation for risk management is conducted.
SG 2 Identify and Analyze Risks: Risks are identified and analyzed to determine their relative importance.
SG 3 Mitigate Risks: Risks are handled and mitigated, where appropriate, to reduce adverse impact on achieving objectives.
GG 1 Achieve Specific Goals. (Capability Level 1 - Performed)GG 2 Institutionalize a Managed Process. (Capability Level 2 -
Managed)GG 3 Institutionalize a Defined Process. (Capability Level 3 -
Defined)GG 4 Institutionalize a Quantitatively Managed Process.
(Capability Level 4 – Quantitatively Managed)
GG 5 Institutionalize an Optimizing Process. (Capability Level 5 – Optimizing)
Fill in Boxes with Appropriate Color
Risk Management Process Example
20
ESC/EN
Part 2 - [Process Name] Self-AssessmentProcess Gaps and Gap Filler Solutions
Process Compliance Template - Chart 10
GAPS GAP Filler
SG1
SG2
SG3
GG1
GG2
GG3
GG4
GG5
Risk Management Process Example
21
ESC/EN
Part 2 - [Process Name] Self-AssessmentPractice Adoptions
Risk Management Process Example
Process Compliance Template - Chart 11
SG1 - Install process support tools (SP1.1 & SP1.2) - Establish Program RMP policy and procedures (SP1.3) - Separate risk management from issue management (SP1.3)
SG2 - Implement standard risk management toolbox (SP2.1)- Implement standard identification and analysis tools. (SP2.2)
SG3 - Formalize the mitigation planning and incorporate into program plans and execution. (SP3.1)- Establish monitoring procedures and regular review cycle for mitigation plans.(SP3.2)
GG1 - Complete RMP Implementation (GP1.1 and GP1.2)- Maintain current RM Team structure and establish recurring training. (GP1.1 and GP1.2)
GG2 - Implement suggested Policy (GP2.1)- Implement suggested Operating Instruction (GP2.2, GP2.4, GP2.5)- Maintain current RMP Team Structure (GP2.3)- Incorporate Risk Management Products into Configuration Management process (GP2.6)- Implement Standard RMP Guide (GP2.7), (GP2.8)- Perform regular RMP Self Assessments (GP2.9)- Incorporate activities, status and results of the RMP in program, directorate, and command reviews. (GP2.10)
GG3 - Implement recommendations of GG2 (GP3.1 and GP3.2)GG4&5 - As GG2&3 is being satisfied, consideration should be given to the GG4&5 goal at the JPO level.
22
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details
Process Compliance Template - Chart 12
Assessment Team:Name Organization Role
Assessment Period:
Assessment Problems:
Recommendations for Future Assessments:
23
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Conclusions
Process Compliance Template - Chart 13
Overall Assessment Rating Level: (e.g. 0,1,2,3,4,or 5)
Summary of Findings:
Corrective Actions Needed:
24
ESC/EN
Part 3 - Review of Selected [Process Name] Assets[Process Name] [Asset Name]
Process Compliance Template - Chart 14
Relates to Goal and Practice: (e.g. SG2, SP2.1)Question Answered: (e.g. If yes, what are the indicators that risks are identified and documented?)
Description of Asset:
How the Asset Answers the Question:
NoteThe Number of Assets to Reviewwill be determine by the EN Compliance Board after Receiptof Templates and Selected Assets
25
ESC/EN
Template Backup Charts
BACKUP CHARTS
Process Compliance Template - Chart 15
26
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details SG 1
Risk Management Process Example
Process Compliance Template - Backup Chart 1
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
SG 1 Prepare for Risk Management: Preparation for risk management is conducted.
SP 1.1 Determine Risk Sources and Categories: Determine risk sources and categories.Do you have an approach to determining risk sources and categories?
SP 1.2 Define Risk Parameters: Define the parameters used to analyze and classify risks, and the parameters used to control the risk management effort.Do you have an approach to defining the parameters used to analyze and classify risks, and the parameters used to control the risk management effort?
SP 1.3 Establish a Risk Management Strategy: Establish and maintain the strategy and methods to be used for risk management.Have you established and are you maintaining a strategy and a set of methods to be used for risk management?
Response
Comments
27
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details SG 2
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
SG 2 Identify and Analyze Risks: Risks are identified and analyzed to determine their relative importance.
SP 2.1 Identify Risks: Identify and document the risks.Do you identify and document the risks?
SP 2.2 Evaluate, Classify, and Prioritize Risks: Evaluate and classify each identified risk using the defined risk categories and parameters, and determine its relative priority.Do you evaluate and classify each identified risk using the defined risk categories and parameters, and determine its relative priority?
Response
Process Compliance Template - Backup Chart 2
28
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details SG 3
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
SG 3 Mitigate Risks: Risks are handled and mitigated, where appropriate, to reduce adverse impact on achieving objectives.
SP 3.1 Develop Risk Mitigation Plans: Develop a risk mitigation plan for the most important risks to the project, as defined by the risk management strategy.Do you develop risk mitigation plans for the most important risks to the project, as defined by the risk management strategy?
SP 3.2 Implement Risk Mitigation Plans: Monitor the status of each risk periodically and implement the risk mitigation plan as appropriate.Do you monitor the status of each risk periodically and implement the risk mitigation plan as appropriate?
Response
Process Compliance Template - Backup Chart 3
29
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details GG 1
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
GG 1 Achieve Specific Goals. (Capability Level 1 - Performed)GP 1.1 Identify Work Scope: Identify the scope of the work to be
performed and work products to be produced for risk management, and communicate this information to those performing the work .Have you identified the scope of the work to be performed and work products to be produced for risk management, and communicate this information to those performing the work?
GP 1.2 Perform Base Practices: Perform the base practices of the risk management process to develop work products and provide services to achieve the specific goals of the process area.Are you performing the base practices of the risk management process to develop work products and provide services to achieve the specific goals of the process area? (Satisfying all of the 3 specific goals and associated practices listed above)
Response
Process Compliance Template - Backup Chart 4
30
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details GG 2
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
GG 2 Institutionalize a Managed Process. (Capability Level 2 - Managed)
GP 2.1 Establish an Organizational Policy: Establish and maintain an organizational policy for planning and performing the risk management process.Have you established and are you maintaining an organizational policy for planning and performing the risk management process?
GP 2.2 Plan the Process: Establish and maintain the requirements and objectives, and plans for performing the risk management process.Have you established and are you maintaining the requirements and objectives, and plans for performing the risk management process?
GP 2.3 Provide Resources: Provide adequate resources for performing the planned process, developing the work products and providing the services for the risk management process.Are you providing adequate resources for performing the planned process, developing the work products and providing the services for the risk management process?
Response
Process Compliance Template - Backup Chart 5
31
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details GG 2 (Continued)
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
GG 2 Institutionalize a Managed Process. (Capability Level 2 - Managed)
GP 2.4 Assign Responsibility: Assign responsibility and authority for performing the process, developing the work products, and providing the services of the risk management process.Have you assigned responsibility and authority for performing the process, developing the work products, and providing the services of the risk management process?
GP 2.5 Train People: Train the people performing or supporting the risk management process as needed.Have you trained the people performing or supporting the risk management process as needed?
GP 2.6 Manage Configurations: Place designated work products of the risk management process under appropriate levels of configuration management.Have you placed designated work products of the risk management process under appropriate levels of configuration management?
GP 2.7 Identify and Involve Relevant Stakeholders: Identify and involve the relevant stakeholders of the risk management process as planned.Have you identified and involved the relevant stakeholders of the risk management process as planned?
Response
Process Compliance Template - Backup Chart 6
32
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details GG 2 (Concluded)
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
GG 2 Institutionalize a Managed Process. (Capability Level 2 - Managed)
GP 2.8 Monitor and Control the Process: Monitor and control the risk management process against the plan and take appropriate corrective action.Are you monitoring and controlling the risk management process against the plan and taking appropriate corrective action?
GP 2.9 Objectively Evaluate Adherence: Objectively evaluate adherence of the risk management process and the work products and services of the process to the applicable requirements, objectives, and standards, and address noncompliance.Do you objectively evaluate adherence of the risk management process and the work products and services of the process to the applicable requirements, objectives, and standards, and address noncompliance?
GP 2.10 Review Status with Higher-Level Management: Review the activities, status, and results of the risk management process with management and resolve issues.Do you review the activities, status, and results of the risk management process with management and resolve issues?
Response
Process Compliance Template - Backup Chart 7
33
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details GG 3
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
GG 3 Institutionalize a Defined Process. (Capability Level 3 - Defined)
GP 3.1 Establish a Defined Process: Establish and maintain the description of a defined risk management process.Has your organization (e.g., ESC) established and is it maintaining the description of a defined (standardized) risk management process?
GP 3.2 Collect Improvement Information: Collect work products, measures, and improvement information derived from planning and performing the risk management process to support the future use and improvement of the organization’s processes and process assets.Is your organization (e.g., ESC) collecting work products, measures, and improvement information derived from planning and performing the risk management process to support the future use and improvement of the organization’s processes and process assets?
Response
Process Compliance Template - Backup Chart 8
34
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details GG 4
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
GG 4 Institutionalize a Quantitatively Managed Process. (Capability Level 4 – Quantitatively Managed)
GP 4.1 Establish a Quality Objectives: Establish and maintain quantitative objectives for the risk management process about quality and process performance based on customer needs and business objectives.Has your organization (e.g., ESC) established and is it maintaining quantitative objectives for the risk management process about quality and process performance based on customer needs and business objectives?
GP 4.2 Stabilize Subprocess Performance: Stabilize the performance of one or more subprocesses of the risk management process to determine its ability to achieve the established quantitative quality and process performance objectives.Has your organization (e.g., ESC) stabilized the performance of one or more subprocesses of the risk management process to determine its ability to achieve the established quantitative quality and process performance objectives?
Response
Process Compliance Template - Backup Chart 9
35
ESC/EN
Part 2 - [Process Name] Self-AssessmentAssessment Details GG 5
Risk Management Process Example
Comments
CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected
GG 5 Institutionalize an Optimizing Process. (Capability Level 5 – Optimizing)
GP 5.1 Ensure Continuous Process Improvement: Ensure continuous improvement of the risk management process in fulfilling the relevant business goals of the organization.Does your organization (e.g., ESC) ensure continuous improvement of the risk management process in fulfilling the relevant business goals of the organization?
GP 5.2 Correct Common Cause of Problems: Identify and correct the root causes of defects and other problems in the risk management process.Does your organization (e.g., ESC) identify and correct the root causes of defects and other problems in the risk management process?
Response
Process Compliance Template - Backup Chart 10
36
ESC/EN
Engineering Process ComplianceStep 3 - Submit Completed Templates and Selected Assets
Four major steps to compliance
- Conduct Process Self-Assessment
- Complete Engineering Process Compliance Templates
- Submit Completed Templates and Selected Process Assets
- Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets
ConductProcess
Self- Assessment
PrepareComplianceTemplates
CollectProcessAssets
Submit Templates andSelected Assets
PresentResult to
EN Comp Bd
37
ESC/EN
Engineering Process ComplianceStep 3 - Submit Completed Templates and Selected Assets
Complete Templates in Step 2 and Submit them to ESC/EN one week prior to the date of the EN Compliance Review
Complete the following Process Assets to ESC/EN two weeks prior to the date of the EN Compliance Review
Electronic Submittal is Preferred
Risk Management ProcessSelected Asset List
Requirements ProcessSelected Asset List
38
ESC/EN
Engineering Process ComplianceStep 4 - Appear Before EN Compliance Board
Four major steps to compliance
- Conduct Process Self-Assessment
- Complete Engineering Process Compliance Templates
- Submit Completed Templates and Selected Process Assets
- Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets
ConductProcess
Self- Assessment
PrepareComplianceTemplates
CollectProcessAssets
Submit Templates andSelected Assets
PresentResult to
EN Comp Bd
39
ESC/EN
Engineering Process ComplianceStep 4 - Appear Before EN Compliance Board
Compliance Board Agenda
- Introductions
- Chief Engineer Presentation
- Comments By Program Management (Optional)
- Question and Answer Period
- Assignment of Action Items Board Duration
- One Process 1 - 2 hours
- Two Processes 2 - 4 hours Participants
- Chief Engineer
- Process Facilitator(s)
- Support (as required)
- Program Management (Optional)
40
ESC/EN
Engineering Process CompliancePoints of Contact
EN Compliance Board Secretary
- Name / Phone / E-Mail EN Compliance Board Members
- Chair: Name / Phone / E-Mail
- Member: Name / Phone / E-Mail
- Member: Name / Phone / E-Mail
- Member: Name / Phone / E-Mail
- Member: Name / Phone / E-Mail EN Engineering Process Improvement Team
- Jeff Higginson / 16137 / higginso@mitre.org
- Mike Bloom / 13387 / mjbloom@mitre.org
- Joe Duquette / 16373 / joe@mitre.org
- Jen Anderson /15466 / jeanders@mitre.org
Recommended