Upload
vanthien
View
219
Download
1
Embed Size (px)
Citation preview
Overview findings Assurance areasAssuranceArea Health* RelatedFindingNumber(s)*
FUNDING 001
ARCHITECTURE 002,003,004
SUPPORT 005,006,007,008
KNOW-HOW 009
CONTRACTS 010
PROCESS&TOOLS 011,012,013,014,015
RISK MANAGEMENT(SECURITY) 016
CUTOVERPLAN N.A.
*(R)ed, (A)mber, (G)reen** See Slides 9 to 15 detailed findings
2Sept 2017 – v1.1
Conclusion & RecommendationThe CONSLUSUION \ You will be operational ready or not , because of xyz
Our Recommendation \ Must-do actions regardless what and alternative approaches
3Sept 2017 – v1.1
Contents
• Scope, background & current status of the application• Objectives & Approach of the Readiness Scan• Findings in detail• Overview findings KEY assurance areas• Conclusion & recommendation• APPENDIXES
4Sept 2017 – v1.1
Scope, background & current status of the serviceThe BACKGROUND \.. In2014individualinitiativesintheSolarpower(SP)and ZeroPointEnergy(0P)divisionswerestartedtodevelopanddeliveranewtoolforcostestimating:
• SP: GlobalnormsProject
• 0P: ReplacementofcurrentMTOtypeofestimatingtool(s)
Main reason for change \.. thedirectivefromGlobalIT4IT, Energy.Corp isnolongersupportingDbaseandspreadsheetapplications(obsoletetechnologyandsecurityweakness).Itisacknowledgedthatlegacysystemshaveflaws,aresecurityweak,areinconsistentandneedtobereplaced.Similarrequirementshavebeenidentifiedinbothsectorstostore/maintainnormsandtoprovideestimating/contractingfunctionalityforEnergy.Corp andhercontractors,resultedinajointdevelopmentofagroupIT4ITsolution.
5Sept 2017 – v1.1
Scope, background & current status of the serviceInvestment Proposal \.. SolarPowerhasan(14MUSD)investmentproposalalreadyinplaceandthetooldevelopmentwasdoneincloseconjunction(sharingcosts)withZeroPointEnergyonthebackofit.TheInvestmentproposalcalledTheGlobalScheduleofNormsprojectwasfor:
• 1.DevelopmentofGlobalNormsforkeydisciplines
• 2.DevelopmentofContractTemplatestoexecutethosenorms
• 3.Deliveryofaweb-basedContractCostEstimatingSystem(CCES)toholdandmaintainthenormsandtocalculatethecostoftasksexecutedthroughthecontracts.(Estimating)
ThedevelopmenthasalwaysbeenanjointmanagementbetweenSPand0P.OverallownershipremainedinSP,thesupportmodelisalsoSPwhereastheGlobalfunctionalknowledge(GlobalSME)resideswith0P.SPmanagestheIM/ITportfolio.Tool.ltd,thevendorownstheIntellectualProperty,thesystemwillbeusedbyotheroperatorsthanEnergy.Corp.
6Sept 2017 – v1.1
Scope ,background & current status of the serviceThe Scope \.. CCES(ContractCostEngineeringSystem)ispredominantlyaMTO(MaterialTakeOff)estimatingsystemforthecreationofType3and4estimates
• ThesystemisaEnergy.Corp supportedsystemforestimating(andcontrol),anditprogressivelyreplacesexistingapplicationsforbothSolarparkandResearchfacilitymaintenance,turnaroundandprojecttasksinbothSPand0P,andinsomeplacesisusedtointroducetransparencyincontracts(utilizationofnormsandCostItems)
• 3rdpartypersonnelarethemainusersofthesystem,andthisisreflectedinthefunctionalarea’sandbusinesscontrolsetup,Energy.Corp staffapprovestheestimatesandprogressforpaymentpurposes
• CCESisaWebbasedapplication,aEnergy.Corp IT4ITsolutionwithcommonITstandardandGroupITarchitecture
• Uponcompletionofanestimatefromwithinacontract,subsequentapprovaloftheestimate,andafterexecutionoftheworktheprogress/payment,adownloadcanbegeneratedtofeedtheServiceentryrequirementsintheERPsystem.
7Sept 2017 – v1.1
Scope ,background & current status of the serviceCurrent status:
• VersionB.1.27issuccessfullyrolledoutallovertheGlobewithtodatesome6000estimatesinthesystem.BothSPand0PandtheircontractorsarewithinEnergy.Corp themajorusersofCCES.17000licenseshavebeenpurchasedtodatebutthisisagrowingscenario.
• Energy.Corp andTool.Ltd arecurrentlyintheprocessoffinishingdevelopment/testingVersionB.2ofCCESenhancingfunctionalitytobusinessrequirements
• AnumberofInterfaceshavebeendeployedandarebeingsupported.Howeverinterfacesinitiallyhavebeendeployedisolatedwithoutanyrealarchitecturalconsiderationfortheoverallsolution.Architectureoptimizationandinterfacerationalizationprojectsareplannedfor2018and2019.
8Sept 2017 – v1.1
Objectives & Approach of the Readiness Scanthe OBJECTIVE\ .. ofthisReadinessScanistoassestheOperationalReadinessoftheServiceandestimatetheeffortrequiredtotransitiontheServicefromtheOldManagedServiceProvidertotheNewManagedServiceProviderthe APPROACH\ .. TheresponsibilityofthetheNewServiceProviderforservicesintheircareprimarilylieswithensuringthattheapplicationavailabilitycanbeassuredaccordingtotheagreedservicetier(Continuity)andtheadherencetoInformationRiskManagementRequirements(Compliance).Inordertoensurethisevery(new)applicationhastomeetapre-definedsetofrequirementsdescribedintheOPSASTOworkbook.Thoughinterviewsandbyscanningdocumentationandit’savailabilityweassesthecapabilityoffulfillingtheOPSASTOassurancesandregistertheGAP’s.* Asthisisanpre-projectduediligence,theassessmentofProjectDeliveryassurancesforanin-flightprojectisoutofscopeandnotincluded.
9Sept 2017 – v1.1
Budget
Health ID Finding Detail
001 Budget- OperationalExpenses(OPEX)
WehavenotbeenabletogetanclearandcomprehensiveoverviewoftheOPEX of theCCESservice.
Wehaveidentifiedfourmaincostelements.
1. (thevendor)whochargesthecostsforusageoftheirplatformandasapercentageofthedollarvalueofthetransactions.Butthisdoesnotincludethedata storageandbandwidthcosts, forwhichconsumptioncostsarechargedadditionally.
2. BusinessSupport>>noindicationofchargingmodel,probablyrollupatgrouplevel.
3. InterfaceSupport>>ERP,MiddlewareandOther– noindicationofchargingmodel,probablyrollupatgrouplevel.
4. Energy.Corp GovernancecostsforCCES.Thesecostshavenotbeenestimatedandarenotincludedinthebudgetestimates.
10Sept 2017 – v1.1
Architectural Assurance
Health ID Finding Comments
002 SingleSign-on SingleSign-onmechanismmightbreakafteranCCESupgrade(Tool.Ltdcannot/doesnottest this).However userscancontinuetologinbymanuallyenteringtheircredentials
003 UnknownInterfaces Itcouldbethereareinterfaceswecurrentlydonothaveontheradar.f.i. itisnotclearwherethecrystalinterfaceshouldfitincurrentlandscape.
004 Test/AcceptanceEnvironment
Tool.Ltd usesatest/acceptanceenvironmentfortestingnewrelease,butthisenvironmentisdifferentfromtheproductionenvironment.Onseveraloccasionsanewreleasehasledtosignificantdisruption duetoerrors, eventhoughinacceptancenoerrorswherefound.It issuspectedthatpartofthedifference istobeexplainedbynothavingaproperestablishedtestapproach(fullintegration,unittest, etc).Tool.Ltd wouldf.i.generatetestfileswithhumanintervention andTool.Ltd doesnotreallydouserregressiontesting.
11Sept 2017 – v1.1
Support Model
Health ID Finding Comments
005 SuperUserFunction(SupportModel)
thereisansuperuserfunctionpresentwhichisstaffedbySolar Power personnel.TheSuperusersareabletosolvearound70– 80%ofthefunctionalsupportrelated
006 Tier1technicalsupport(SupportModel)
Tier1supportfunction\..IsprovidedbytheOldServiceProviderServiceDesk.Issues canberaisedviaphone,emailorawebform andServiceNow isusedasticketingsystem.Knowledgeand/orpersonnelwillneedtobetransferredtoNewManagerServiceProvider ServiceDesk.NewManageServiceProviderServiceDeskdoesnotprovidePhoneSupport
007 Tier3supportfunction ATier3supportfunctionisprovidedbytheapplicationvendorsTool.LtdTool.ltd usesit’sownticketingsystem.Tool.ltd hasrepeatedlynotbeenabletomeetKPI’s.Tool.ltd holdsIPoftheapplicationhenceitwillbedifficulttochangethesupportproviderforthisfunction.
008 Tier2Support aTier2supportfunctionisprovidedbyan3rd partyoffshoreteam.Theteamisworkingintwoshiftsintwolocations.OnBrazil,andoneIndiabasedshiftbothworkingonlocalofficehours.The3rd partyiscurrentlynotoneoftheNewServiceProviderPartners,KnowledgewillneedtobetransferredtotheNewServiceProvider.
12Sept 2017 – v1.1
Know-How
Health ID Finding Comments
009 Documentation Wehaven'tbeenabletofindalmost*anytechnicaldocumentation,architectureordesigndocumentationfortheinterfaces(*wehavebeenabletofindandarchitecturediagramwithaas/isoverviewandaroadmapfor2016&2017,howeverthearchitectindicatedthattheas/isdrawingcouldbeincomplete.
13Sept 2017 – v1.1
Contracts
Health ID Finding Comments
010 EndToEndaccountability
ThereisnoEndtoEndresponsibilityforservicelevelsandlimitedintegrationbetweentheindividualsupportfunctions.TheTransitionprojectwillneedtodevelopandagreeaviewontheextendoftheNewManagedServiceProvider responsibilityandtherequiredlevelofintegration.
14Sept 2017 – v1.1
Processes and Tools
Health ID Finding Comments011 Ticketing Tool TheBusinessSupportFunctiondoes nothaveaproperticketingsystem inplace.
Currentlyarudimentarysolutioninsharepoint isused.
012 Ticketing Tool Tool.Ltd usesit'sownticketingsystem. ThereisnoagreementabouthowticketsshouldflowbetweenTool.Ltd andtheEnergy.Corp supportfunctionsisinplace.Thetransitionprojectwillneed todevelopandagreeasolutionforthis
013 KPIReporting ThereisnoKPIreportinginplace. Dependingontheoutcomeofthelevel(E2E)responsibilityoftheNewManagedServiceProviderasolutionwillneedtobedeveloped.
014 ServiceManagementProcesses
Therearenostructured processesinplaceforincident,changeproblemandreleasemanagement.ItisadvisabletohavetheTransitionprojecttaketheremediationintoit’sscope,howeverstrongcommitmentfromthebusinesssupportfunctionsisrequiredinorderforthistobesuccessful.
015 Release testing Tool.Ltd doesthreemajorreleasesperyearandseveralminorreleases.Theimpactontheinterfacesisnotincludedinthe testingactivities.Tool.Ltd usesa"pushandaccept"releaseapproach,thereisalimitedtimewindowtotestthereleaseandEnergy.Corp hasnooptiontohaltarelease.
15Sept 2017 – v1.1
Risk Management (Security)
Health ID Finding Comments
016 BusinessImpactAnalysis(BIA)
TheonlyinformationIhavebeenabletofindwasfromtheinitialreleaseprojectfolders.
ThisholdsanBIAdatedDecember2014. AsthisBIAisalmostthreeyearsoldtheassessmentneedstobeupdatedagainstcurrentstandardandsituation.HoweverInthe2014BIAconfidentialityandintegrityareratedashighandthereisafootnoteaboutbusinessriskswithregardstoreputation,deliveryandcontractmanagement.
thereisexternalaccessfromvendorstotheapplication.
ItisassumedthattheapplicationisbusinesscriticalhoweverIhavenotbeenabletoconfirmthis
Ina2017BIAthiswillverylikelybeamidorhighriskapplicationandandcontrolswillneedtobeinplace.Ihavenotbeenabletoassesifcontrolsareinplace.
16Sept 2017 – v1.1
list of interviewed people and consulted information sources • Lee Brown – Service Desk Lead - 3rd Company• Karla Gelb – IT Manager Energy.Corp• Natasha Martinoska – Service Delivery Manager, New
Managed Service Provider• Wah Leng Tan – Business Process Owner• Michael Warren – Developer Tool.Ltd• Project and Service Management documentation
17Sept 2017 – v1.1