evolvent - ManTech International Corporation

Transcription

evolvent - ManTech International Corporation
SECURING BUSINESS INTELLIGENCE
EVOLVENT
MAGAZINE
BUILDING A
Crossing Time and Space:
The Networked Virtual Organization
– Page 4
Collaboration: The Keystone of a
High Performance Workplace
– Page 7
Evolvent Knowledge Management
Discovery Toolset
– Page 24
FALL 2005
NETWORKED
VIRTUAL
ORGANIZATION
About Evolvent
Evolvent is a mission-focused federal technology services firm with corporate offices in Falls
Church, Virginia and San Antonio, Texas. Evolvent currently supports technology services engagements with federal agencies including: the US Air Force, the US Army, the US Navy, the
Department of Agriculture, the Department of Commerce, the Department of the Interior and
the Department of Veterans Affairs. Evolvent’s areas of expertise include the company’s Enterprise Information Management group that has designed, developed and implemented the AF
Surgeon General’s Enterprise Knowledge Exchange serving 44,000 medical personnel worldwide. Additionally, the company’s Cybersecurity practice also supports the US Army Medical
Information Technology Center (USAMITC) with integrated Information Assurance services and
provides computer network defense expertise to the Department of Veterans Affairs. Evolvent
is a partner to large organizations such as General Dynamics, SAIC, SI International and NCI. A
prime contractor on the Department of Defense D/SIDDOMS III contract, partner to SI International on the recent Army HR Solutions award, and a partner to SAIC and NCI on the recent VA
GITSS award, the company offers a broad spectrum of e-business solutions and services to both
federal and commercial customers.
• Technical Services
Content Management System (CMS) & Web Engineering
Enterprise Information Management (EIM)
EJunctionTm EIM suite built on Knowledge Junction concept
Total Cost of Ownership
Telemedicine Support
Outsourced Support Services – On-shore & Off-shore
• CyberSecurity Services
DITSCAP Accreditation
Information Assurance (Computer Security)
Security Audits
Incident Response Center and Network Security Ops Center
Contingency Planning and Business Resumption
Vulnerability Assessment
• Contracting Vehicles
VA GITSS
D/SIDDOMS III (D3)
HR Solutions
AF NETCENTS
SeaPort
GSA IT Schedule 70 Contract: GS-35F-0364M
VA BPA Contract: VAO797-02-A0048
Cleared and Uncleared Resources Available
Evolvent offers a variety of Thought Leadership publications.
For information on these publications, please visit www.evolvent.com or
call the Marketing Department at 703.379.2146. To be added to our mailing list,
email info@evolvent.com.
S
m
s
p
IN THIS ISSUE:
Evolvent Magazine
4
Page 4
Fall 2005
editors
Crossing Time and Space:
The Networked Virtual Organization
Bill Oldham, Chief Executive Officer, Evolvent
7
Page 7
Collaboration:
The Keystone of a High Performance Workplace
Paul Ramsaroop, President & COO, Evolvent
Jennifer Cupka
Stella Ramsaroop
10
Page 10
•
Networked Virtual Organizations and
Building an IT Support Services Group
Evolvent
Contributing Writers
Bill Oldham
14
Page 14
Geoff Howard
Evolvent
Paul Ramsaroop
Guy Sherburne
Networked Virtual Organizations and
a Business Case for the Capability Maturity
Model (CMM)
19
Page 19
Knowing the Legal Requirements for Security
Guy Sherburne, VP Security Practice, Evolvent
•
Design
24
Page 24
ben.verlinde@gmail.com
Evolvent Knowledge Management
Discovery Toolset
Evolvent
Evolvent Magazine,
published by Evolvent Press
32
Page 32
Agile Devolopment
Geoff Howard, Chief Technology Officer, Evolvent
•
Statements contained herein
may constitute forward-looking
statements that involve risks
and uncertainties. Due to
such uncertainties and risks,
readers are cautioned not to
place undue reliance on such
statements.
Copyright © Evolvent,
2005 All rights reserved.
FALL | 2005
3
Crossing Time and Space:
The Networked, Virtual Organization
Beyond demographics…the transition from an industrial age to a post-industrial or information age has
been discussed so much and for so long that we may not have noticed that we are passing into a postinformation age. The industrial age, very much an age of atoms, gave us the concept of mass production,
with the economies that come from manufacturing with uniform and repetitious methods in any one given
space and time. The information age, the age of computers, showed us the same economies of scale,
but with less regard for time and space…in the same ways that hypertext removes the limitations of the
printed page, the post-information age will remove the limitations of geography.
BILL W. OLDHAM
Chief Executive Officer, Evolvent
— excerpt from Being Digital, pp. 163-165, 1995.
ore than a decade ago, thought
leader
and
guru
Nicholas
Negroponte posited the above
describing a working world less enslaved
by notions of time and space. Not even
a guru of Negroponte’s stature however
could have envisioned the brave new world
of what we discuss in this edition of the
Evolvent Magazine—the Networked Virtual
Organization.
and its diminished sense of space constraints
or physical location. Cisco identifies three
main NVO strategies in their landmark paper,
The Bridge, Making Money the NVO Way
(Cisco, 2003):
of working as an NVO. Feature articles
include:
■
Collaboration: The Keystone of a
High Performance Workplace
■
■
NVOs: a Business Case for the
Capability Maturity Model
■
Security Column:
Knowing the Legal Requirements
Management notions come and go like
fashions or fads, yet it is undeniable that
organizations of all shapes and sizes,
industries and cultures, are less restricted
by industrial age notions of time and space.
The enhanced power of technology and the
growth in information sciences has replaced
in large measure the ancient problems of
time and space with newer problems of how
to cope with working environments that
exist round the clock and span the globe.
■
■
Agile Development Part II
■
NVOs and Building an IT Support
Services Organization
■
White Paper: Evolvent’s Knowledge
Management Discovery Toolset
Our friends at Cisco Systems call the
new organization a “networked, virtual
organization” or NVO, highlighting both the
power of the modern network infrastructure
In this
writers
several
clients
M
■
“An NVO responds rapidly to
customers’ needs, putting the
customer at the center of the value
chain, not at the end.
An NVO concentrates on those
elements of functions where it adds
the most value or has the greatest
skills, and turns over to multiple
partners who compete to provide
those elements that are not core.
NVOs adopt standard business
processes, standard sets of data and
standard IT systems throughout the
organization.”
issue of the magazine, Evolvent’s
and consultants have highlighted
topics where we believe that our
can delve deeper into the notion
In preparing for this magazine, I’ve personally
talked to industry thinkers and a number of
our clients. The path to becoming an NVO and
even to a large extent what that path means
remains a mystery to many. Yet the themes
our writers explore are critical to the success
of the modern organization that operates
across time and space using new technologies
and new processes. On a personal note,
our customers and associates alike have
shared with me their difficulties utilizing
and implementing information technology
solutions. As we discussed in Evolvent
Magazine, Summer 2005, the imperative to
extract greater value from shrinking IT budgets
and still ensure that technology continues to
create value for the enterprise is a challenge
to all of us in the IT industry.
We hope that you find the NVO construct a
useful way of examining the challenges in IT
and as always welcome your feedback and
inputs. We hope you enjoy this edition of
the Evolvent Magazine and look forward to
working with you in the coming months.
Kind regards,
Bill Oldham
bill.oldham@evolvent.com
4
Evolvent Magazine
AFCEA NOVA
AF
A
ARMED FORCES
A
FO
COMMUNICATIONS & ELECTRONICS ASSOCIATION
Your link to the local, regional, and national defense community
AFCEA NOVA is the largest Chapter in the AFCEA International family, with approximately 5,500 members, and countless other associates and friends in industry, government, & academia. We are are
blessed with the Hometown Advantage of having the Pentagon in our back yard, and the Nation's
Capital right next door -- which means that AFCEA NOVA luncheons, conferences, and special events
always feature top speakers and cutting edge topics, not to mention the best networking in town. For
more information, visit www.afceanova.org.
AFCEA International is a worldwide association founded as the Armed Forces Communications and
Electronics Association; but it encompasses more than just the military. AFCEA International represents the top government, industry, and military professionals in the fields of communications, electronics, intelligence, information systems, imaging, and multi-media. AFCEA's purpose is to support
global security by providing an ethical environment that encourages a close cooperative relationship
among civil government agencies, the military, and private industry.
For more AFCEA NOVA information, visit: http://www.afceanova.org
See Evolvent at:
48th Annual AAMA Conference
November 10–12, 2005
Riviera Hotel and Casino, Las Vegas, NV
2006 Tricare Conference
January 30–February 1, 2006
Marriott Wardman Park Hotel, Washington DC
2006 Annual HIMSS Conference
February 12–16, 2006 in San Diego, CA
• For more information about our receptions for members of the MHS,
please call the Evolvent Marketing Department at 703.379.2146
volvent was born in the
Knowledge Management Era
(KME). Since our inception, we
have had the privilege of growing
up within the evolving KME constructs,
such as the imperative need to develop
collaborative environments. In fact, any
company aspiring to stay competitive
in today’s fast-changing, information
driven world is required by default
to know how to anticipate the
next vital maneuvers its industry
will likely make, and then to be
one of the first to arrive. This
type of proactive foresight is a
practice Evolvent has long made
a priority when establishing
our developmental objectives
to be customer focused, partner
friendly and employee centric.
E
Collaboration:
The Keystone of a High
Performance Workplace
By Paul Ramsaroop,
President & COO, Evolvent
An
effective
collaborative
environment has the capacity
to facilitate these developmental
objectives as its primary focus by
concentrating on providing the company’s
stalwart
features
and
leveraging
partners who have excelled in the other
necessary components. This is effectively
administered
through
continuous
collaboration between associates, partners
and customers on practically every aspect
of their respective relationships through
adaptive business processes and evolving
technologies with the capability to gather
all of these components into one virtual
location—such as the Evolvent Exchange
(E2), an intelligent information system
developed by Evolvent associates and
partners that can be accessed easily
through the internet.
How to Make a Geographically
Dispersed Company Employee Centric
Evolvent has associates throughout
the world; therefore, by utilizing E2, we
have taken an earnest approach in our
responsibility to provide a reliable avenue
by which the associates feel constantly
connected and supported with information
about HR issues, company news and even
every day interactions. E2 has also proven
to be invaluable when collaborating
on customer deliverables and reports,
providing the ability for constant interface
FALL | 2005
7
E2 is a worldwide intranet network by
which Evolvent has easily integrated
mature collaborative concepts,
making the world our office.
between not only those in the same
physical location, but even when we are
thousands of miles apart and still need to
move effortlessly back and forth through
the relevant data and documents as the
project progresses.
E2 is a worldwide intranet network by
which Evolvent has easily integrated mature
collaborative concepts, making the world
our office. In many organizations, a higher
value is placed on the creation of knowledge
rather than sharing. Evolvent has attempted
to place a higher emphasis on our associates
sharing lessons learned, best practices and
innovations with other associates when
possible. Knowledge is power and with an
ever-growing base of knowledge in E2’s
repository, our associates can find solutions
to critical client issues in a more timely and
efficient manner.
However, this connectivity and the
collaborative ability does not end with
Evolvent’s associates, it also encompasses
our partners and clients. In fact, a modified
E2 has been sold to several Government
Agencies as our EJunctions product
offering. Since we are the primary users
of our own product, E2 has the capacity to
continuously evolve to meet the needs of
the company as it continues to grow and
industry collaborative efforts advance.
Mutually Beneficial Partnerships
Furthering the ability to connect all aspects
of business, we consider it a vital endeavor
to maintain this same linkage with our
partners. Partnerships are collaborative by
nature, but the knack to smoothly establish
and sustain constant communication is
what defines the dynamics of each partner
8
Evolvent Magazine
relationship.These are frequently long-term
relationships that oft times determine the
quality and timely delivery of the product
and/or service being proposed or provided
to the customer.
Therefore, by establishing a means by
which this high-level communication
can be achieved and removing barriers
to collaboration, such as geography and
inept or dated processes, the ability to
effectively partner becomes a fluid and
friendly practice instead of an awkward
and laborious task. Essentially, by creating
an atmosphere conducive to successful
partnerships and collaborations, we further
enhance our ability to propose and deliver
a service that is superlative and decidedly
competitive. This is an important objective
for both Evolvent and for current and
potential partners.
Informed Clients
Make Better Customers
The most crucial part of any collaboration is
the method by which the client is included in
the delivery process.The unobstructed flow
of information and data between Evolvent,
partners and clients is the next step in the
natural progression of this collaborative
effort. Inclusion of the customer during
each stage of the engagement ensures
the delivery of a product or service that
is a good fit for the customer’s needs and
intended utilization, as well as adaptive
qualities throughout the life of the service.
Evolvent believes that informed clients
make better customers.
Interconnecting Evolvent associates and
partners with customers in a collaborative
environment allows any of these entities to
be anywhere in the world and still have real
time information readily at hand. Although
security is an ongoing issue with the
exchange of information via the internet,
E2 is equipped with an infrastructure that
allows many different groups of people to
have varying levels of access to different
areas – much like security at an airport
with passengers, baggage handlers, flight
attendants, pilots and airport security all
having varying degrees of access.
By eliminating the distracting elements
of configuring a means by which
communication can be established and
the cumbersome installation of hardware
for sharing information with partners and
clients, Evolvent has made collaboration a
normative expectation and a practice that we
hope will have far-reaching benefits for every
entity involved in the delivery process.
Keeping Evolvent
On the Virtual Cutting Edge
Seamless integration of collaborative
concepts is not an easy task, but it is one
that Evolvent is determined to continue to
deploy. E2 provides an avenue by which
our employees, partners and clients have
the ability to remain connected to vital
business information from anywhere in
the world. Further, standard business
processes allow for the sharing of diverse
yet mission-critical information through
an enterprise that supplies end-to-end
manageability to ensure reliability.
With our clients and their evolving needs in
mind, Evolvent remains committed to the
practice of adapting to the ever-changing
technologies so we can anticipate the
future requisites for service in this industry.
We also remain dedicated to establishing
relationships with our partners and clients
that assumes responsibility for cooperation
and collaboration, thereby bridging any gaps
in the exchange of information and creating
a communication climate that is healthy and
vibrant. Evolvent is “virtually” cutting edge.
Best of
Show
ENTERPRISE
CONTENT MANAGEMENT
2004 & 2005
For the second year in a row, Stellent®
Universal Content Management™ was named
the top enterprise content management (ECM)
suite by AIIM E-DOC Magazine at AIIM, the
world’s largest ECM conference and exposition.
Coupled with other top honors received at
AIIM 2005, Stellent is clearly solidifying
its leadership position in the ECM space,
demonstrating the company’s commitment to
providing technology applications offering
award-winning features and functionality
that result in tangible return-on-investment.
Visit www.stellent.com/awardwinning3 to see
the solution in action, or call 1.877. 332 . 9567
ext. 216 for more information.
AIIM 2005 HONORS:
AIIM 2005
Best of Show
Award
AIIM
Best Practices
Award
AIIM
Best Practices
Award
I3
Award
ENTERPRISE
CONTENT MANAGEMENT
LAND O’LAKES, INC.
CITY OF AURORA,
COLORADO
EMERSON PROCESS
MANAGEMENT
CLIENT
STELLENT INC
LIVE: 7.5" X 10"
TRIM 8 25" X 10 875"
Channel
Connection
Award
WASHINGTON
SECRETARY OF STATE
w / PARTNER IMAGESOURCE
COLOR: 4C
PUB EVOLVEMENT MAGAZINE
A
s organizations move towards greater utilization of
networks, virtual working groups and much more
extensive deployment of technology solutions, it is vital
that the architecture of IT support services is both considered and
integrated into the new NVO management construct.
Networked Virtual
Organizations
and Building an IT
Support Services
Group
by Evolvent
Because of the complexity of Information Technology (IT)
systems and networks today, organizations are often unaware of
the hidden costs of these systems. How technology systems are
supported is frequently misunderstood, and the hidden costs
of IT support services can become a major element of service
delivery costs.
Evolvent’s consulting group has completed a number of IT
support services benchmarking studies examining what progress
has been made in consolidating or centralizing IT support
services in the federal sector and ascertained what models or
focus areas are being used for any initiatives in order to establish
benchmarks or best practices for enterprise-wide efforts. IT
support services are defined in most of these engagements
as Level One help desk or call center activities where the
operational focus is really triage for the user’s first point of
contact. These studies typically do not include Level Two service
desk or functional specialty support activities.
Our consultants continue to find however, that little overall
progress has been made in consolidating or centralizing IT
support services. Several projects have been examined but had
varying foci, and most were in their infancy and had not yet
reached initial deployment stage. Measurable impacts from
current projects were thus not definable.
The study found three specific common requirements for
progress in examining the condition of IT support services. These
requirements are mapped to our most frequent recommendations
and are summarized briefly below:
1. Performance Metrics: Define an enterprise set of
performance metrics as a baseline for supporting the
evolution of IT support services delivery.
2. Support Services Technology Toolset: Establish a pilot
project to build a common capability for best practices
deployment of support services technology across the
enterprise.
3. Common Business Rules: Establish a pilot project to define
common business rules, role definitions that accommodate
mission variances and performance metrics to build a
foundation for an evidence-based path to support services
reengineering.
Evolvent’s consultants utilize relevant Gartner Group Total Cost
of Ownership (TCO) models and data and project data related to
support services initiatives from regional organizations and subagency levels across the federal enterprise. TCO data serves to
demonstrate comparability of each organization reviewed. Project
data was more helpful to determine the strategic direction of each
group’s efforts, which are highlighted topically below.
10
Evolvent Magazine
f
e
l
d
)
f
e
s
e
T
s
t
r
h
T
s
e
f
e
l
T
d
t
m
r
e
s
t
o
o
t
h
In order to validate the data developed locally at the regional
or sub-agency level, the team referenced Gartner Group’s 150question survey based on each customer’s priorities in determining
the need for new technologies to be deployed in support of help desk
operations and common business process guidance, identifying common
performance issues that existing help desk operations face in performing
their mission, as well as identifying best practices where possible in
performing these operations. Additionally, the Evolvent team has
developed a tool for the customer to survey the support functions
currently provided across the enterprise to gain a broader perspective
on how support services are provided and by whom.
Based on customer direction and experience derived from
four years of TCO studies, Evolvent’s consultants have identified
a number of support services reengineering cases across the
federal sector. From multiple site visits and conference calls over
the last several years, our consultants obtained a more complete
picture of the status of each case identified and have developed
key findings and recommendations that seemingly emerge across
multiple organizations and stretch across time as well.
Below, our consulting group has outlined major considerations
for support services reengineering activities.
Reengineer
Personnel Mix and Deployment Pattern
Many organizations studied have actively pursued the vision
of a centralized help desk covering an enterprise or an entire
region. Manning and personnel decisions considered include the
conversion of some personnel to more technical labor categories.
Test deployments have frequently been planned to establish a
centralized facility and bring facilities on one at a time. Tests
would involve users being instructed for a period of one month
at a particular facility (regardless of facility size) to call the remote
test help desk instead of the standard operating procedure to call
someone locally or utilize the departmental technical assistant.
Once test site operations are completed, the agency would aggregate
lessons learned and finalize plans for a full or phased rollout after
analysis and adjustment from test. Our team observed that testing
design has been difficult given operational constraints and timing
issues within each organization.
In one particular instance, the agency reviewed plans to staff
the support mission with government personnel primarily on
cost grounds. This manning strategy varies from most other
efforts examined as the organization appears to be focused on
government personnel.
Another organization studied had determined to implement
a reengineering task to release government personnel and add
contractor personnel in their place, while consolidating support
to a central help desk facility and reducing the support footprint at
the local level. The organization has been careful to preserve and
project joint responsibility—no distinction—between consolidated
help desk staff and on-site staff. The reengineering effort focused
on supporting integrated specialty apps via a dedicated special-skill
person in the consolidated location. The organization has faced
significant hurdles in the comfort level of users in contacting/
trusting remote site, yet the central capability now handles nearly
three quarters of all support calls.
One organization studied has focused on the consolidation
of Tier One application support functions within the local
operation. Using an in-house configuration of Remedy, the
focus of this effort has been to obtain workload data for staffing
metrics purposes to realign support staff. In amalgamating
the mission of two groups, support service consolidation has
focused on reducing the footprint utilized by each organization
independently to a smaller number of staff supporting the
combined operations. The consolidation is also only focused on
application support not on network infrastructure or specialty
applications.
Importance of Standards Compliance
Many of the organizations studied emphasized the importance
of standards compliance for both software and hardware
configurations with the goal of implementing a Standard
Integrated Desktop (SID) to aid the effectiveness and efficiency
of support services operations. In one organization, the SID is
still being finalized as the IT group has had difficulty finding a
configuration that works for all applications. Most organizations
studied view the SID as a key to realizing the full impact of a
consolidation/workload reduction strategy. As Evolvent’s
consulting team looked closely at implementing a more developed
NVO architecture for support services, it was clear that the SID
was a critical ingredient for success. However, SID complexity
may grow exponentially as scope of consolidation grows. This will
be a key area for further study including the question of whether
a possible SID hierarchy could allow for common SID elements
while allowing specialization for sub-groups.
IT IS VITAL THAT THE
ARCHITECTURE OF IT
SUPPORT SERVICES IS
BOTH CONSIDERED AND
INTEGRATED INTO THE
NEW NVO MANAGEMENT
CONSTRUCT.
FALL | 2005
11
Business Rules:
Hardest Piece of the Puzzle
Most of the organizations examined by our teams
demonstrated great differences in business processes from
region to region or facility to facility. Our consultants noted
that different strategies were also employed to progress
toward common business processes across and even within
each organization. In one organization the approach was to
adopt common practices for the “centralized facility-level
help desk initially.” Where “at some locations the facility does
more” —a major issue with varying business processes within
the organization was determined to involve regional and subregional levels with respect to permissions. It was suggested
by organization personnel that this is frequently driven
by personalities and was not necessarily driven by mission
requirements—a major roadblock to realizing the value of the
NVO construct.
Excellence Dashboards—Power of Metrics
One organization studied had developed a support service
excellence dashboard for the centralized support organization
built for its region. This agency has built stats analysis by drawing
from Remedy data. Data mining allows real-time and close to
real-time analysis of trends, weaknesses, etc. The dashboard
displays resolution rates and speed, with trend analysis. The trend
shows good adoption, with steady improvement over the history
of the project. The initial three months did show retrograde in
performance attributable to learning curve. Common business
rules however, must be in place before metrics can be fully
utilized.
Resultant Benefits/Initial Conclusions
Based on our analysis we see the following resultant benefits
and initial conclusions from our teams efforts:
● Each study identified that a number of support services
consolidation or reengineering activities were under
consideration, development or in the initial stages of
deployment testing, yet most activities were in their infancy and there was
no enterprise level coordination of the efforts—a potential problem for clear,
fast implementation of NVO constructs or initiatives.
● The studies also identified that little progress had been
made to implement prior studies or working group
recommendations for support services consolidation or
reengineering.
● The studies identified the need for strong, focused efforts
at the enterprise level to assist the facility and regional
organization’s efforts to improve IT support services
performance. Evolvent’s consultants developed a series of
recommendations where an enterprise-led effort could focus
initial steps toward an NVO construct.
● The studies validated and documented evidence concerning
the capability to achieve consolidated Help Desk Operations/
IT Support Services.
● The studies validated and documented discrepancies to be
mitigated before consolidation.
Building on Remedy
● The studies provided a catalyst for change in operational IT
practices.
One organization studied has focused its efforts on the
development of a demand management tool, a customization of
scripting, interface and problem definitions for the enterprise
deployment of Remedy. The tool’s objectives are to:
● The studies provided justification for a uniform, centralized
reporting and trending capability within the information
technology environment.
● Improve customer service
● The studies identified the need for further progress toward
common business rules for IT Support Services.
● Simplify the submission and tracking of IT requests
● Automate processes
● The studies identified the need for further progress toward
integrated, professional performance measurement strategy for
IT Support Services to include common metrics development.
● Reduce time and manpower in resolving IT issues
● Provide accurate performance indicators
● Reduce return-to-service time
A web-enabled, full-featured, advanced trouble ticketing and
tracking tool, the tool is intended to be intuitive and easy-touse. The tool allows both technicians and customers to submit
requests through a web browser, is Active Directory “aware” and is
data-driven, modular and customizable.
12
Evolvent Magazine
Key Findings and Recommendations
Evolvent studies over the last few years have found that while
several organizations were moving towards reengineering the
way in which IT support services are delivered to end users,
many different approaches were being used, and there was little
commonality between cases examined. Further, it has been
apparent that baseline implementations of support services best
practices were sufficiently immature in their evolution to suggest
that a number of “best practices” initiatives should precede further
study of “how” the enterprise could centralize or consolidate its
IT HAS BECOME CLEAR THAT
WHILE THE TECHNOLOGIES
ARE THERE TO SUPPORT AN
NVO, HOW WE MANAGE THOSE
TECHNOLOGIES IS DEPENDENT
ON AGREED PERFORMANCE
METRICS, CONSISTENTLY
DEPLOYED TECHNOLOGY
MANAGEMENT TOOLSETS AND
A COMMON AGREEMENT ON
BUSINESS RULES.
● FAQ development and the implementation of a knowledge
base of common problems and solution sets to support both
scripts for support services professionals and a self-support
tool for end users themselves
● Metrics and management reporting for support services
managers
Our analysts found that many projects were underway to
utilize the technology toolsets provided by enterprise level
programs, yet extended timelines for deployment and limited
use of defined best practices resulted from the lack of training or
enterprise capabilities to support a best practices deployment of
the enterprise support services toolsets. A pilot project to build
a common capability for best practices deployment of support
services technologies could provide a large degree of support
across the enterprise.
Business Processes and Operations Design
IT support services organizations to facilitate the development of
an NVO. Evolvent’s consultants have identified three initiatives
that could capitalize on the activities investigated and form a
more positive baseline for future strategic centralization or
consolidation efforts.
Performance Metrics
Each of our engagements has approached the issue of
performance metrics for support services independently. In some
cases, mission differences between organizations may require that
metrics be different. Our experience suggests further need for
examining the issue of common performance metrics and the
need for a benchmarking study focused on performance metrics
and defining an enterprise set of metrics that would support the
evolution of IT support services delivery either on a consolidated
or centralized methodology.
Support Services Technology Toolset
In each engagement our analysts examined the toolsets
used by support services organizations across several regional
organizations or functional operations. Each instance of
technology implementation examined was found to be focused
on a particular subset of the technical capability and an
incomplete use of industry best practices for support services
technology implementations. Basic enterprise implementations
of Remedy frequently serve as the obvious starting point for
each case, yet the deployment or use varies dramatically from
instance to instance. Each organization investigated had focused
its technology development on different aspects of the toolset,
including:
● Ease of use of the Remedy interface for the support
services staff
● Common problem set definitions built into the standard
Remedy deployment
A key finding of our engagements is that different
business rules and processes for support services delivery
were utilized within each organization investigated. The lack of
common business rules/processes, metrics, role definitions,
administrative controls and the variance between and within
organizations served as an important impediment to modeling
a path to support services centralization or consolidation. It is
clear that the design of support services operations vary greatly
across the enterprise. This variance is also further complicated
by the multiplicity of actors engaged in providing IT support
services. TCO studies have shown over the last five years, end
users, workgroup managers and IT professionals all deliver IT
support services. In many studies the indirect costs of end user
self-support has shown tremendous variance in the quality of
direct IT support services.
A pilot project to define common business rules, role
definitions that accommodate mission variances and performance
metrics could serve to build a foundation for an evidence-based
path to support services reengineering.
A Final Word for NVOs
The power of the network and the necessity of aggregating
knowledge resources into virtual working groups are fast
becoming, and in many instances, already are accepted
norms in the world of business and government. Yet, how
we deploy and manage those technology resources that
serve to give NVOs their shape and form is still a varied
and inexact science. Our consulting efforts have given us
repeated insights into would-be and evolving NVOs and
their particular challenges in managing technology. It has
become clear that while the technologies are there to support
an NVO, how we manage those technologies is dependent
on agreed performance metrics, consistently deployed
technology management toolsets and a common agreement on
business rules.
FALL | 2005
13
Networked Virtual Organizations
and a Business Case for the
Capability Maturity Model (CMM)
by Evolvent
14
Evolvent Magazine
B
orn within the profession of software development, the Capability Maturity Model (CMM) is a
framework describing the key elements of an organization’s processes. It provides the foundation for process
improvement by describing an evolutionary path from
youth to maturity. Because many young organizations’
internal and external processes can be described as ad hoc,
immature, personality-dependent and fairly unstable,
CMM can help processes mature to become disciplined,
standardized and repeatable by any associate. Because Networked Virtual Organizations or NVOs demand adherence
to processes to avoid the chaos that is possible in “virtual”
organizations that are only tied together by the network,
CMM frameworks can provide a foundational process construct to ensure quality and productivity.
There are five levels of progressive process maturity:
Initial, Repeatable, Defined, Managed and Optimizing.
This article provides a framework NVOs can use to achieve
Level 3: Defined Process Maturity, at least for the near
term. The Software Engineering Institute (SEI), Carnegie
Mellon University, is credited with developing CMM in
1986 at the request of the U.S. Government (DoD). At
that time, and as is often the current practice, the U.S.
Government wanted a systematic method it could use to
assess the capabilities of its contractors. Through CMM
implementation, the U.S. Government can accurately
assess an NVO’s capabilities, and the NVO can use the
model to improve internally.
COMPARISON WITH ISO AND OCTAVE
The CMM is similar to ISO 9001, one of the ISO 9000
series of standards specified by the International Organization for Standardization (ISO). The ISO 9000 standards specify an effective quality system for manufacturing
and service industries. The main difference between the
two systems lies in their respective purposes: ISO 9001
specifies a minimal acceptable quality level for software
processes, while the CMM establishes a framework for
continuous process improvement and is more explicit than
the ISO. OCTAVE, also developed by SEI, is somewhat
similar in that it is process focused, but the processes it
seeks to improve are restricted within the Information Security risks area. However, the OCTAVE methodology has
its roots within the original CMM.
Evolvent’s OCTAVE specialists currently utilize the
construct of this model in the security services practice.
Similarly, CMM practices are being developed within the
information assurance and knowledge engineering practices to offer these capabilities in the federal technology
marketplace.
PURPOSE OF THE INVESTMENT
When properly implemented, CMM will improve an
NVO’s ability to meet corporate and project goals for costs
and return on investment, schedules, functionalities and
especially product quality. The ultimate goal is to improve
efficiency and effectiveness in what we do:
Efficiency + Effectiveness = Higher ROI
KEY REASONS FOR PURSUING THE PROJECT
With a marketable and proven CMM level, NVOs will have
a yardstick against which commercial organizations and the
government can judge, in a repeatable way, the maturity of
the NVO’s processes and compare them to similar industry
practices (benchmarking). Internally, the NVO can use
CMM to identify process improvement areas and needs, to
plan and prioritize improvements and most importantly,
to evaluate improvement progress through metrics.
According to the SEI, the CMM has become a de facto
industry standard for assessing and improving processes via
modeling, defining and measuring the maturity of an organization’s processes. In addition, it has been widely adopted
and used by the U.S. Government, industry and academia.
FALL | 2005
15
FIVE MATURITY LEVELS EXPLAINED VIS-À-VIS AN NVO
• Quality Assurance
• Initial Level: Organizations at level one are characterized
by working in an ad hoc manner and by unpredictable
performance. If services are delivered successfully, it is
because of individual heroism. Processes are disorganized,
even chaotic, and not considered to be repeatable, because
processes would not be sufficiently defined and documented
to allow them to be replicated or understood or even known by
all associates.
• Contract and Subcontract Management
• Repeatable Level: Organizations at level two, the
repeatable level, deliver services with a repeatable quality.
That is, they can repeat earlier successful performances
in similar circumstances. Basic management techniques
have been established for project management and other
process areas. Successes can now be repeated when associates
adhere to the process procedures because the requisite
processes would have been established, defined,
documented and understood.
• Defined Level: The third level is aimed at standardization
of services. Organizations at level three employ standard
processes to deliver services and have also implemented
organization-wide processes to train employees and manage
resources and problems. To reach Level Three, the NVO
would have to develop its own standard processes through
great attention to documentation and integration as well as
adoption by all associates.
• Managed Level: At this level, an NVO would be actively
monitoring, reviewing and controlling its processes through
data collection and analysis. This is a level dependent upon
the techniques outlined in Category 2 of the Malcolm
Baldridge Criteria of Total Quality Management, one of
the most useful and fruitful aspects of the TQM movement:
“Doing it with Data.”
• Optimizing Level: Again referring back to TQM,
this level is based upon the continuous improvement
models proposed by Deming and Shewart. Here,
processes are constantly being improved through
monitoring feedback from current processes and
introducing innovative processes to better serve the
organization’s particular needs. This must be done
with active leadership involvement.
PROCESS AREAS BY MATURATION STAGES
As processes mature, they are often part of two levels.
Some processes are more efficient remaining at a specific level and some must maintain a minimum level to be
effective. As a result, within CMM, there are “shades of
levels” in which a combination of level characteristics is
evident. These are described below:
1. Level 1-2. This level describes processes that are repeatable and disciplined. The following process areas should
be at least within the latter stage of Level One and the
beginning stages of Level Two:
16
Evolvent Magazine
• Project Tracking and Oversight
• Project Planning
• Requirements Management
2. Level 2-3. This level requires defined, standard and
consistent practices. Some process areas that should at
least be at this level include:
• Peer Reviews
• Inter-group Coordination and Communication - Vertical
and Horizontal
• Integrated Management - Vertical and Horizontal
• Training Programs
• Organization Process Definitions
• Organizational Process Focus
3. Level 3-4. This level’s characteristics include managed
and predictable processes. Two processes which function
best at Level 3-4 are Quality Management and Process
Measurement and Analysis.
4. Level 4-5. In humanistic terms, this would be “selfactualization” on Maslow’s Pyramid. Here, processes are
optimized to feature continuous process improvement.
Processes include Change Management, Technology
Change Management and Product Defect Prevention.
HOW DOES AN NVO OBTAIN LEVEL THREE?
Each maturity level (except for Level One) contains a
number of key process areas. To reach a certain maturity
level, an NVO has to implement each of the key process
areas of that level and lower levels.
Example:
NVO KEY PROCESS AREA: Project Management
A key process area is considered implemented if each of
the goals of the key process area is reached. Thus, a key
process area consists of goals (usually between two and
four) and activities called key practices.
Example:
Project Management = Goals (1-4) + n Key Practices
One goal could be "Early Completion" and the associated
Key Practices could include "PMP and WBS Development
and Adherence," "Resources Monitoring," "Resources
Adjustment," "Predictive Situational Analysis," etc.
WHEN PROPERLY IMPLEMENTED, CMM
WILL IMPROVE AN NVO’S ABILITY TO MEET
CORPORATE AND PROJECT GOALS FOR COSTS
AND RETURN ON INVESTMENT, SCHEDULES,
FUNCTIONALITIES AND ESPECIALLY PRODUCT
QUALITY.
• Verifying Implementation: These activities verify the
implementation of the key process area. These key practices
ensure that the processes are performed in compliance with
the process that has been established. They generally include
key practices that relate to oversight by senior management
and project management, as well as specific verification
activities that the service quality assurance group or others
are expected to perform to verify that the process is being
performed properly. For example, it is important that senior
management periodically reviews the activities.
IMPLEMENTATION: WHAT AN NVO MUST DO
• Identify, develop and document key process areas
• Communicate key process areas to all associates
• Obtain input and "Buy-In" from all associates
If the NVO consistently implements all activities from a
certain key process area, then the goals of that key process
are achieved. Within the realm of information technology CMM, there are five kinds of practices called common
features. Together, they ensure that the goals of the NVO’s
key process areas are achieved.
• Ensure ALL NVO resources are tied to a key process area; if
not, it may be irrelevant
• Develop goals for each process area
• Develop key practices - within the context of the five common
features - for each goal
• Develop procedures and mechanisms for monitoring key
practices and goal achievement
• Commitment to Perform: The key practices here describe
the actions the organization must take to ensure that the
process is established and will endure. This commitment
is demonstrated by the NVO’s activities that are aimed at
ensuring organizational and management commitment to
the key process area activities. These activities can be in the
form of documented organizational policies and responsible
leadership.
• Institute operational-level policies to ensure adherence to key
practice procedures
• Ability to Perform: These would be NVO activities
that actually enable the key process area. They are the
preconditions necessary to implement the process
competently. They typically involve resources, organizational
structures and training.
• Ineffective monitoring of activities
• Activities Performed: These are the activities
needed to get the job done. They are the activities,
roles and procedures necessary to implement a key
process area. These typically involve establishing plans
and procedures, performing the work, tracking the
work and taking corrective actions as necessary. For
example, having the right tools and trained associates,
customer-relationship management expertise,
budgeting savvy and human-relations skills.
• G&A investment
• Measurement and Analysis: These would be NVO
activities aimed at determining the status of the key
process area, consisting of basic measurement practices
that are necessary to determine the status related to the
process. Measurements included in this common feature
are used to control and improve the process. For example,
measuring time spent on different types of projects or
how long it takes to deal with incidents.
• Constantly review
ASSOCIATED RISKS
• NVO leadership does not "Stay the Course" (false starts)
• Little or no associate "Buy-In"
• Costs for "In-House" (G&A) development may be excessive
REQUIREMENTS
• Commitment by senior leadership
• Allocation of time
• Creation of a CMM working group
CONCLUSION
An NVO’s overall goal for achieving CMM Level Three
is to enable it to assess its capabilities with respect to the
delivery of services and products as well as provide specific
directions and steps for further service and product improvement. This requires commitment to the development
of and adherence to standard business processes and the
implementation of organization-wide processes to train
employees and manage resources. The adherence to standards, processes and implementation guidelines facilitates
the creation of a successful NVO.
FALL | 2005
17
SI.INTLFllpageColor3
6/15/05
1:42 PM
Page 1
SI International is proud to serve the Federal government.
We define, design, build, deploy, and operate mission-critical
information technology and network solutions (IT). We deliver a
full spectrum of state-of-the-practice systems and services with a
strategic focus on the Federal government’s most urgent initiatives.
18
Evolvent Magazine
www.si-intl.com
Knowing the Legal
Requirements for Security
Guy Sherburne, VP Security Practice, Evolvent
P
rotecting various forms of highly
sensitive information is a real
challenge, especially in light of
technological advancements and the
growing worldwide threat from criminal
organizations and terrorists. Probably
the most perplexing problem facing senior
management is in determining where or
how to start a protection process. Adding
to management challenges are several new
government laws and policies mandating
accountability, security and disaster
recovery processes. Where should you start?
s.
FALL | 2005
19
There are many challenges to begin a workable
corporate or government security process.
To varying degrees, we all apply a security process to a part
of our daily lives. When we prepare to leave our homes, we
check to see if we left anything burning, turned off unneeded lighting, set the home alarm and locked the door on
departing. When we arrive at work, office access is gained
through the action of unlocking the office door with a key
or using a card or badge containing a coded magnetic strip.
Access to your office computer is done through a personal
ID and password. Electronic billing is accomplished through
secure connections, using a personal pin number to obtain
cash from ATMs and protecting customer information from
competitors.
We all recognize the need for applying security practices to
various aspects of our lives. Technology has made life easier,
businesses more profitable, advanced healthcare and improved our national security. Putting a security process into
effect starts with your basic understanding of security - the
personal protective actions you take each day.
There are many challenges to begin a workable corporate
or government security process. Focusing too much time
and energy on only one aspect of your security umbrella will
surely leave you vulnerable in another area. Not only will you
waste resources, time and money, but you will also leave yourself vulnerable to other costs of recovery and lost customer
confidence.
Your personal security knowledge will prove beneficial when
starting to establish or improve your security process – do
not underestimate what you know. Remember that assigning
someone to be responsible for a process mandated by a law
does not remove one’s liability for compliance, a situation
that we have seen validated time and time again in our court
system.
In the past few years, there have been a few public laws that
seem to have more of an impact across the board than others. It
is important to understand which laws have an impact on your
operation. Rely on your personal security knowledge and, with
a little help from your management team, identify specific laws
and policies to focus on, particularly the compliance laws that
could negatively impact your activity for non-compliance.
20
Evolvent Magazine
As viewed in the news, the judicial system does not accept
ignorance as a workable defense by a senior corporate or government leader. Having personal knowledge of legal requirements further enhances a senior leader’s ability to identify
potential problem areas before they become disaster areas.
For example, having been involved in performing multiple
security processes during the past thirty-five years, my knowledge of security is going to be greater than a leader whose
background has been in another professional discipline. As
a senior leader, the work I perform today drastically differs
from what I was doing three decades ago. However, I still
spend time reading, studying and seeking guidance from others on new laws and policies. Like an architect, I use mandated policy to build a security strategy, which is the foundation
for a workable security process. I also rely on the sharing of
security knowledge with my staff, from the top to the bottom
of our corporate structure and the interchange of ideas.
Health Insurance Portability and
Accountability Act of 1996 (HIPAA)
For the past few years, the health care industry, within the
commercial and government sectors, has been working to
implement Health Insurance Portability and Accountability
Act of 1996 (HIPAA) protection requirements, specifically
the Security Rule found in 45 CFR Part 160 and Part 164,
Subparts A and C of the Act. The need for protecting patient
information, especially in the modern and evolving technology world, was long over due.
The trick was how to implement this security rule without a
negative impact on patient care. The real challenge presented
itself when attempting to apply security rules to systems that
were developed a decade ago without security being designed
into the system. Functionality took priority, as threats were
not as obvious then as they are now. The HIPAA security
standards are broken into three basic areas – administrative,
physical and technical:
• Administrative Safeguards – The administrative functions
are the necessary processes implemented to meet HIPAA
security standards. This portion of the rule involves
everything from the risk analysis/management process,
assignment of responsibilities, information management,
security education, incident handling and contingency
planning.
• Physical Safeguards – The physical safeguards are the
physical security measures taken to protect systems,
facilities and equipment from natural and environmental
hazards and unauthorized intrusions. This portion of the
rule could extend outside the actual office to the workforce
employee’s home or other physical location where patient
information could be electronically accessed.
• Technical Safeguards – As indicated in the first paragraph
on HIPAA, advancements in technology have created
numerous challenges, especially with the protection of
electronically processed patient information. The Security
Rule defines technical safeguards (see section 164.304 of
the HIPAA policy) as “the technology and the policy and
procedures for its use that protect electronic protected
health information and control access to it.” The security
rule does not direct a specific technology solution, only
standards to be followed using simple technical examples.
There are several excellent sources of information for HIPAA
compliance, simplified for ease of reading by senior leaders,
managers and those who will implement the requirements.
An excellent source for HIPAA information can be found on
the Department of Health and Human Services Website.
Finally, it is important to not rely solely upon a technical
solution for HIPAA compliance. If you do, chances are high
that you would be over six percent non-compliant. Get your
team involved and seek third party assistance – someone who
has had extensive experience providing HIPAA and ePHI
guidance to other health care covered entities. Your personal
security knowledge will help to identify the real experts from
those who only provide a partial solution.
Sarbanes-Oxley Act
Another important law, one that is of keen interest to financial institutions, is the Sarbanes-Oxley Act (SOA). Especially
noteworthy in SOA is the final SEC rules Section 404, which
is specifically designed to assure accountability. Guidance
from legal counsel and knowledgeable risk advisors help senior management to implement standardized and repeatable
processes that ensure compliance.
The impact of technology is one element considered in an
internal control evaluation over financial reporting. A vulnerable system could create uncertainty in the evaluation process.
Corrupted data, the result of system vulnerabilities, skews audit
trails, especially if business contingency plans do not take into
account “data recovery.” Physical safeguards ensure controlled
access from a system, facility and personal perspective. Some of
the internal general security processes to considered are:
• Security Administration – Critical asset identification and
policy development that ensures security standardization,
data availability, integrity and confidentiality
• Risk Management – Identification, measurement, control
and minimization of loss associated with uncertain risks or
events
• System and Application Configuration Management
– Controlling how changes to systems and applications are
to be made and by whom
• Business Continuity Planning – What are the information
protection requirements and the environment; business
impact analysis and recovery strategies; assurance, trust and
confidence mechanisms; testing, training, awareness and
maintenance
• Information Processing Center Operations and Problem
Management – Policies, plans and actions for managing
financial transactions and assuring accountability for
problem management
• Resource Management – Knowing the shared resources and
how data are maintained and shared internally or externally
Compliance with SOA will require a collective team effort involving corporate leadership, legal assistance, employees, third
party auditors and security experts. Using your basic personal
security protective knowledge, you will be able to structure
your SOA compliance strategy to ensure compliance, help to
identify qualified third party experts that will assist you and
have the character to standby you when called upon.
Federal Information Security
Management Act of 2002 (FISMA)
Of particular interest to federal government activities and the
non-government agencies has been the implementation of
Federal Information Security Management Act of 2002 (FISMA). If you are working in the government, or have business
with the government, you will want to become knowledgeable
of FISMA.
On December 17, 2002, the President signed the Electronic
Government Act (E-Government) into law. Title III of this
law contained the Federal Information Security Management
Act (FISMA), which lays out a framework for annual information security reviews, reporting and remediation planning.
This allows the Federal government to identify system security
progress, compliance and problems.
Any agency that works within the government, provides support to the government or connects to the government is
impacted by FISMA. What makes FISMA unique is that it
incorporates requirements from other public laws and expands upon the framework first laid out by the Government
Information Security Reform Act of 2000 (GISRA), which
expired in November 2002.
FALL | 2005
21
035-006
Staying current with legal requirements is
fundamental to building a solid security process.
FISMA introduces a statutory definition for information
security, a definition that is not different from other government policies, information security meaning the protection
of information and information systems. Key parts of the
Act that allow for changes in technology and emerging threats
makes FISMA all the more important. Below are the two key
elements:
1. Section 3544(a)(1)(A)(ii) describes agency security
responsibilities including “information systems used or
operated by an agency or by a contractor of an agency or
other organization on behalf of an agency.”
2.Section 3544(b) requires that each agency provide
information security for the information and information
systems that support the operations and assets of the
agency, including those provided or managed by another
agency, contractor or other source.
One item that seemed to be lacking in other legal government
security policies was compliance “accountability.” Congress
corrected the accountability problem with changes to OMB
Circular A-130, driven by FISMA, requiring an “annual
reporting requirement” to Congress to ensure accountability
throughout the government. The following is a summarized
overview on the new FISMA requirements:
• Agencies are responsible for developing system
configuration requirements to ensure compliance that
comprises traditional system configuration management,
employing clearly defined system security settings and
maintaining up-to-date patches that include an active
process of ongoing monitoring and maintenance.
• Agencies will implement an annual security control test
and evaluation process on each system that encompasses
security policies, procedures, practices and management,
operational and technical controls.
• Agencies will develop contingency plans (Continuity of
Operations, Disaster Recovery, Business Contingency
Plans, etc.) and test the plans annually.
• Agencies will help in combating vulnerabilities to
technology and the constant emerging threats, a
requirement to report significant deficiencies.
Specifically, FISMA requires the “reporting of any
significant deficiency in policy, procedure or practice.”
• FISMA has resulted in an amendment to the Paperwork
Reduction Act, requiring the head of each agency to
22
Evolvent Magazine
develop and maintain an inventory of major information
systems operated by or under the control of the agency.
What makes the FISMA requirement different from
other policy criteria is the requirement to include the
identification of the interfaces between each system, all
other systems and networks, including those “not” operated
by or under the control of the government agency.
• Certification and accreditation of government systems has
been a requirement for some time now. Under FISMA,
agencies are required to report the total number of systems
and the number of systems with completed certification
and accreditation.
The policy requirements found in FISMA appear to be
practical, flexible and cost-effective – allowing for changes in
technology and emerging threats. Yet congressional reporting and independent audits continue to identify government agencies that either fail to comply or treat the current
requirements similar to the twenty to thirty year old legal
requirements that no longer exist.
In short, this article provides an overview on a few recently
enacted laws that may impact your organization. Within each
law, you can expect to find numerous additional requirements that must be implemented. Staying current with legal
requirements is fundamental to building a solid security process. Relying on your personal security knowledge will help
you to ensure compliance, assure accountability and, when
needed, obtain the right security skill set to help with implementing a solid security process for your organization.
035-006 IMITS Info Pg-REV-6-06
6/27/05
12:19 PM
Page 1
Integrated Medical InformationTechnology System
A Partnership between University of Pittsburgh Medical Center and the Department of Defense
Through an appropriation in the defense-spending bill for 2002, the University of Pittsburgh Medical Center and the Department of
Defense have created a strategic partnership called the IMITS Program. Focused on utilizing advanced technologies to provide quality
healthcare services regardless of location, IMITS enables clinicians to have access to and view various types of medical information from
pathology slides to CT scans, as well as to consult with specialists at distant locations. The system allows for swift diagnoses of various
conditions where specialty medical care may not be readily available, such as at a rural physician’s office or a remote military installation.
University of Pittsburgh Medical Center and the Department of Defense have formed this partnership in large part due to a decline in
both private and military sectors of specialists who are essential for the accurate diagnosis and treatment of medical conditions.
Continued congressional funding in 2004 and 2005 supports the development of new advanced clinical technologies and the expansion
of the IMITS program into the Pacific Region. The IMITS platform will be extended into multi-health specialty areas while focusing on
emerging advance care technologies. This initiative allows the creation of “Centers of Excellence” within the Department of Defense
that can export medical care knowledge to areas around the globe. Through the expanded IMITS program UPMC and the Department
of Defense will continue to share information technology resources and expertise that will contribute to the development of improved
systems of care.
IMITS Network
Lackland AFB
Lackland AFB
Lackland AFB
University of Hawaii
University of Hawaii
Lackland AFB
PLATELET GEL
MEDICAL
SIMULATION
ECMO
TELEMENTAL
HEALTH
IMITS PROGRAMS
TELEAUDIOLOGY
TELERADIOLOGY
TELEPATHOLOGY
TELEOPHTHALMOLOGY
Lackland AFB
Lackland AFB
Keesler AFB
Lackland AFB
Wright Patterson AFB
Eglin AFB
Eglin AFB
Travis AFB
MacDill AFB
Forbes Tower • 200 Lothrop Street • Pittsburgh, PA 15213-2582
p: 412-432-5197 • f: 412-432-7568
24
Evolvent Magazine
EVOLVENT KNOWLEDGE
MANAGEMENT DISCOVERY
TOOLSET
Executive Summary
In an environment where getting
the right information to the right
people at the right time is critical to
an organization’s success, business
leaders are constantly seeking ways
to enhance the effectiveness of their
decision making processes. Whether
it is the collection and interpretation
of raw data into information or the
development and implementation
of creative solutions to collaboration problems, harvesting knowledge
from unstructured information contained in repositories across a wide
range of business operating units is
the key that opens the door to an
organization’s intellectual capital.
In the intelligence world, adversaries strive to gain advantage over
each other. Through the use of
intelligence, surveillance and reconnaissance (ISR) and technical innovations, intelligence agencies are able
to convey environmental awareness
and information capabilities to decision makers at every level of command. Many times agencies find their
missions aligned to related goals, and
as a result, they end up supporting
many of the same customers. When
this occurs, these agencies may
engage themselves in partnerships to
enhance their limited capabilities.
While the idea of leveraging capabilities to gain superiority is a good goal,
it is also a formidable and sometimes
unattainable one. Establishing and
maintaining access for intelligence
community end-users to unique/segregated ISR databases, systems and
secure information communications
platforms results in limited end-user
access and requires extensively
trained administrative and technical resources. Since the content of
unstructured information is critically
linked to nearly every decision making process across a wide range of
business operations, organizations
must be able to efficiently process
their unstructured information.
transform unstructured information
into “actionable” knowledge, enhance
risk communication to leaders and
improve both information flow and
collaboration are what sets Evolvent
apart from those who talk about KM
and those who deliver KM.
Introduction
Embedded within every deliberate
and crisis action planning process
is a decision matrix that is fueled
by unstructured information. This
unstructured information presents
itself in many forms such as Word or
PDF documents, PowerPoint presentations, or HTML and XML formatted document types. Knowledge
Management (KM) solutions that
fail to efficiently manage unstructured information are similar to high
performance vehicles that have been
filled with low octane fuel—they fail
to reach their potential. Incomplete
information discovery and delivery
oftentimes leads to decisions that
would not have been made had the
decision maker been provided with
a comprehensive view of a situation.
On the other hand, KM solutions that
offer simultaneous high recall and
high precision, exceptionally high
rates of information sorting/classification, language independence and
scalability are like high-octane fuel
in that same vehicle. Both the driver
and the decision maker effectively
leverage all of their capabilities.
Connecting leaders with relevant
and timely information in an efficient
manner has always provided a competitive advantage over one’s competition. In order to gain this advantage in today’s business environment,
leaders must implement processes
and toolsets that effectively maximize the return on intellectual and
information resources through the
re-use of existing knowledge within
their respective “enterprise.”
A leader in helping organizations
maximize their return on intellectual
and information resources, Evolvent
is the “high-octane” fuel in the KM
integration business. The successful
employment of unique solutions that
automate manual processes used to
Evolvent KM solutions help clients
develop and integrate resources for
intellectual capital management. A
web-based delivery model developed to virtually share, collaborate,
distribute and exchange knowledge
among members of an organization,
While subject matter experts, surveillance systems and robust database
analysis are crucial to converting raw
data into information; it is the transformation of relevant information into
an actionable context and its subsequent delivery to the appropriate
decision maker that provides a leader
with their advantage. The enabler of
this advantage is the toolset that not
only automates the collection, indexing, categorization and classification
of unstructured information, but also
extracts and pushes relevant information to selected decision makers
through a KM platform.
FALL | 2005
25
Evolvent’s Knowledge Exchange
(Kx) serves as an intelligent portal
for content management, workflow,
e-learning and collaboration. Building strategic plans that reduce costs
and enhance collaboration is demonstrated by Evolvent’s leveraging
of know-how gained by experience
across a variety of vertical markets.
When it comes to managing and leveraging the benefits of unstructured
information, Evolvent’s leading edge
knowledge discovery toolset embedded within the Kx provides business
leaders with search and retrieval
technologies that are simple to deploy, easy to integrate and adhere to
current and emerging standards.
Evolvent’s unique combination of
Knowledge Discovery technologies
provides:
• Probabilistic Latent Semantic
Indexing
• Relevance ranking based on the
Probabilistic Model (Bayesian
Inference)
• Dynamic summarization
• Concept identification based on
Shannon’s Information Theory
• Cross platform compatibility via
Web Services
• All Application Programming
Interfaces (APIs) based on XML
• Transparent access to system
internals including the statistical
profile of terms
• True relevance ranking of
compound (i.e. multi-word) items
What does this mean to the user?
• High Recall and High Precision
• Contextualization; finding hidden
relationships between documents
within the enterprise
• Exceptionally high sorting rates
(200,000 documents per hour)
• Language independence
• Scalability
26
Evolvent Magazine
Most KM platforms are robust document management systems. They
are heavily dependent on subject
matter experts (SMEs) who upload
and organize information within
their respective communities. This
is both time-consuming and subjective, resulting in a stove-piped, static
presentation of information. Retrieval
of information is dependent on active searches conducted by end-users. This can be hit or miss and is
compounded by a lack of integration
between existing KM platforms and
document management systems.
Often times little or no connectivity
exists to other valuable data sources.
Evolvent KM solutions implemented
in various business sectors effectively
leverage existing technologies while
driving higher utilization of the organizations’ information resources. Although successful KM initiatives have
a multi-phased approach, a significant
return on investment (ROI) can be
obtained in relatively short order. This
is demonstrated through the rapid
improvement in support of information discovery and communication
roles. Specifically, success for this
endeavor is measured by Evolvent’s
ability to collect, index, categorize
and objectively classify an organization’s unstructured information.
In almost every organization, unstructured information is categorized
and indexed by various individuals
using “subjective” factors in a manner that is very time-consuming.
Evolvent’s KM solution involves using
“objective” criteria (established and
accepted taxonomies) to automate
the classification function. Unstructured information is automatically
indexed and relationally organized
according to Organizational, Functional (multi-disciplinary skillsets)
and Product Line taxonomies. New
information is collected, indexed,
categorized and classified daily. Individual users can set up a profile that
enables automatic notification any
time relevant information is added.
The second discriminating component of Evolvent’s KM solution
involves transforming the way an
organization gets information to the
end-user. While existing document
management systems provide a repository where people can go for information, most do not push relevant
information to the end-user. Instead
of a hide-and-seek game where
end-users have to visit a variety of
private and public domains to obtain
unstructured information, Evolvent’s
KM solutions push content automatically from geographically separated
information repositories and related
sites that are relevant to what the
end-user is working on.
In summary, Evolvent KM solutions bring a variety of supplies and
tools that are focused on providing
support to a decision maker in any
industry. It presents an integrated
approach that automates the timeconsuming process of collecting,
indexing, categorizing and classifying
unstructured enterprise information
and results in the rapid delivery of
actionable knowledge to the right
person at the right time.
Kx Knowledge
Discovery Toolset Foundation
BAYESIAN INFERENCE
Thomas Bayes was an eighteenth
century mathematician who devised
a theory for conditional probability:
P(B/A) P(A)
P(A/ B) = ————————————
P(B)
Conditional probability is the probability of some event given that some
other event has already occurred.
In the above equation, the left hand
term P(A/B) is known as the posterior probability or the probability
of some event A occurring given
that event B has occurred is equal
to the probability of event B occurring given that event A has occurred,
multiplied by the probability of event
A occurring and dividend by the
probability of event B occurring.
The Probabilistic Model interprets
Bayes’ Theorem in an Information
Retrieval (IR) context where the
probability that certain query terms
are better differentiators between
relevant and non-relevant documents
than other query terms is evaluated
given implicit or explicit relevance
feedback.
weights and document weights and
subsequently performed extensive
evaluations on relevance feedback
techniques using standard document collections. In 1994, Robertson
introduced an extended model that
was no longer based on a binary
independence model, and this work
has strongly influenced the design
of Evolvent’s Knowledge Discovery
Toolset.
Probabilistic Model. This model not
only allows initial relevance ranking to
be more accurate, but it also provides
a mechanism for iterative searching
based on relevance feedback.
PROBABILISTIC
LATENT SEMANTIC INDEXING
Probabilistic Latent Semantic Indexing (PLSI) is the ability to locate documents that are relevant to the user’s
WHEN IT COMES TO MANAGING AND LEVERAGING THE
BENEFITS OF UNSTRUCTURED INFORMATION, EVOLVENT’S
LEADING EDGE KNOWLEDGE DISCOVERY TOOLSET EMBEDDED WITHIN THE KX PROVIDES BUSINESS LEADERS
WITH SEARCH AND RETRIEVAL TECHNOLOGIES THAT ARE
SIMPLE TO DEPLOY, EASY TO INTEGRATE AND ADHERE TO
CURRENT AND EMERGING STANDARDS.
PROBABILISTIC MODEL
The Probabilistic Model was pioneered at Cambridge University during the 1970’s and 1980’s. The model
is an application of Bayes’ Theorem
and defines a system for weighting
individual query terms and documents based on:
• The frequency of terms across the
document collection (wcf)
• The frequency of terms within a
given document (wdf)
• Normalized document length (ndl)
• Explicit or implicit feedback on
document relevance
In 1976, Professor Stephen Robertson and Karen Sparck Jones devised a formula for computing term
Why is the Probabilistic Model superior to traditional free text systems?
Traditional free text systems are
based on simple keywords and Boolean logic (primarily the AND, OR and
NOT operators). While this technique
is very precise, it does fall down when
the number of documents retrieved
is too large to examine exhaustively.
In this case, the ability to rank documents, with the most important ones
at the top of the list, is of paramount
importance. Over time traditional
systems have introduced various
ways to rank results, but this is not
based on a sophisticated model of
term profiles across the collection of
indexed documents and tend to rely
too heavily on a within document frequency (wdf) analysis. The statistical
model of term frequency across the
document collection is unique to the
query even if they do not contain any
of the words in the user’s query text.
It is also about the ability to ignore
documents that do contain words
from the user’s query, but which are
not relevant.
Probabilistic Latent Semantic
Indexing (PLSI) is achieved by:
• Relevance ranking the documents
matched by the initial query
• Extracting the distinguishing
concepts from the most relevant
documents
• Expanding the query to include
selected related concepts
The inclusion of related concepts
can be done explicitly (user decides)
or implicitly where related concepts
FALL | 2005
27
are included automatically based on
an understanding of the application
area and/or user personalization.
For example, consider the following
query:
“Dangerous dog attacks baby”
Imagine searching for “portable computer” and finding documents that
were about “aptops”, “the Toshiba
Tecra” and “notebooks” but where
some of the retrieved documents
do not contain any words from the
original query—that’s Latent Semantic Indexing.
RELEVANCE FEEDBACK
Traditional IR systems provide a
static mechanism to index documents and service retrieval requests.
Relevance feedback is used to
describe dynamic mechanisms that
allow the retrievals to be tuned over
time based on explicit or implicit
feedback from the user(s). An example of implicit feedback would
be where a user identifies individual
documents that are relevant to their
query. An example of implicit feedback would be where the system
monitors the user’s activity to see
what documents they examine, how
long they spend looking at individual
documents, what documents they
author or perhaps a common pattern
to their retrieval activity.
The Probabilistic Model allows this
type of explicit or implicit feedback to
be injected into the retrieval process
so that the weightings applied are
modified or tuned automatically to
suit a particular user’s requirements.
A human would interpret this phrase
as being about a wild animal attacking an infant. However, a simple IR
system that assumes that words appear independently from each other
would assume that any document
containing the phrase:
“Dangerous virus attacks
baby dog”
would be 100 percent relevant to the
above query on the basis that it contains all of the words. Most humans
would disagree.
Evolvent’s Kx uses Shannon’s Information Theory to compute the incremental value of compound terms
based on an analysis of the probability of the joint occurrence.
SHANNON’S
INFORMATION THEORY
Claude Shannon, a scientist working
at Bells Labs, published his Information Theory in 1948 and this had an
immediate and lasting impact on
data communication technology.
Shannon demonstrated that the
value of a piece of information is proportional to its probability and the
entropy of a joint event is given by:
H(x,y)= –
p(i,j)logp(i,j)
i,j
CONCEPT SEARCHING
COMPARED TO SIMPLE
KEYWORDS SEARCHING
A Probabilistic implementation that
worked on the basis that words
appear in documents independently
from other words would provide
a reasonable level of accuracy.
However, if the implementation
understands that the co-location of
words is relevant and should form
part of the weighting process then
a significant improvement in the
relevance ranking can be achieved.
28
Evolvent Magazine
Evolvent’s Kx interprets this in an IR
context to compute the incremental
value of a two-word term over its
singleton components. Higher order
compound terms are evaluated
using their lower order compound
components.
It is no coincidence that the majority of compound terms are in fact
proper nouns, noun phrases and verb
phrases, and it is these sentence
fragments that convey the key concepts in most text.
However, the concepts are identified
without any linguistic analysis and so
the toolset works with any vocabulary and is language independent.
The mathematical approach works
because Shannon’s theory can be
applied to any human language communication.
The ability of an IR system to identify clusters of words that identify
specific concepts represents a major
advancement over systems that fail
to do this.
LANGUAGE STEMMING
Often a user will type in a query with
one form of a word but would like to
match other forms of what is essentially the same word.
In 1980, Dr Martin Porter, a member
of the team working on a Probabilistic Model at Cambridge University, developed a suffix-stripping
algorithm that has been very widely
adopted for normalizing words in IR
systems.
Using Porter’s algorithm the following words can be matched:
“dangerous” with “danger”; “dangers”
and “dangerous”
“attacks” with “attack”, “attacks”,
“attacker”, “attackers” and
“attacking”
“baby” with “baby” and “babies”
In addition, with our fuzzy stemmer the following words can also be
matched:
“misspelt” with “mispelt”
“commission” with “commision”,
“comission”, “commissioning” and
“comisioned”
“accommodate” with “accomodate”
and “acomodation”
Evolvent’s Kx uses language stemming as part of its conce pt matching
process, although individual words
and phrases may be left un-stemmed
by enclosing with double quotes.
This means that by default, stemming
broadens the matching process but
where a particular word should be
interpreted verbatim, it can be easily
excluded from the stemming process.
SUMMARIZATIONWhen a document
is retrieved we normally need to display an extract from the document
as an aid to the user when reviewing the returned document set. Most
systems will display a static summary that is the same regardless of
the user’s query. Evolvent’s Kx can
display static summaries. However,
it can also apply a modified weighting system to identify short extracts
that are most relevant to the user’s
query. The number, length and relevance threshold for these extracts
are all-configurable. The extracts will
normally comprise whole sentences
or short paragraphs.
PERSONALIZATION
AND ALERTING
Sometimes users would like to be
kept informed about a particular
topic and notified when new documents arrive that are relevant to their
interests. Evolvent’s Kx can be used
to keep users updated based on their
individual profiles and will typically
send an email message when new
content has been added to the index.
With Evolvent’s Kx Agents, the
system becomes proactive, pushing
content to users and eliminates the
need to repeat the same searches
periodically just to see what is new.
SUPPORTED PLATFORMS
The current version of Evolvent’s Kx
Knowledge Discovery Tools Server
is available as a .NET Web Service.
This means that it can be deployed
on any platform that supports
Microsoft.NET and may be called
from any platform that supports
Web Services. Therefore, it is easy
for an application developer using
any J2EE development environment
(e.g. IBM Web Sphere) to take the
Web Services Definition
Language (WSDL) file and begin
making Kx API calls. The Kx Index
Server is implemented as a suite of
Windows programs. Sample applications are available today written
in C# (for .NET), ASP (for COM+)
and Java/JSP (for J2EE). A native
J2EE implementation of the Query
Server is also planned. The major
advantage of the J2EE implementation, which has an identical API to
the .NET version, will be the ability
to host the Query Server on Unix
platforms.
CAN I CALL Evolvent’s Kx FROM AN
ASP/COM + APPLICATION?
New application development on the
Microsoft platform is rapidly moving
to .NET and this environment make
interfacing to Web Services very
simple. However, many excellent
products have been developed for
the ASP/COM+ environment and
migrating these to .NET would be
a major undertaking. Fortunately,
Microsoft has provided the SOAP
Toolkit for ASP/COM+ developers
and using this it is fairly straightforward to call Web Services running
under .NET (or J2EE).
WHAT TYPES OF
DOCUMENTS CAN I STORE?
Evolvent’s Kx has the following
collectors:
• HTTP collector—for spidering web
pages
• File collector—for documents
located on file systems
• Corel WordPerfect
• PowerPoint
• Any other files in text format
(e.g. TXT, CSV, etc)
In addition, an application developer
can pass custom documentation
types via the Evolvent’s Kx XML
collector.
WHY IS A SQL
DATABASE REQUIRED?
The Evolvent Kx stores its probabilistic index in a proprietary database.
However, the Kx uses a SQL database
to manage the queue of documents
to be indexed. The SQL database
contains all information necessary to
perform indexing, such as the individual filenames and URLs, access criteria, re-indexing frequency, inclusions
and exclusions, etc. The SQL database
may also be used to store any application specific meta-data.
Benefits of the Evolvent Kx Approach
HIGH RECALL
AND HIGH PRECISION
Recall is a measure of how many of
the documents that are relevant get
found, with high recall indicating that
most of the relevant documents are
found. Precision is a measure of how
many documents in the returned set
are relevant, with high precision indicating that most of the documents
returned are relevant. The Evolvent
Kx offers “high recall and high precision”. Others offer only “high recall or
high precision.”
• Microsoft Word and Rich Text
Formats
CLASSIFICATION AND
SUPPORT FOR TAXONOMIES
The Evolvent’s Kx module can be
used to classify documents into any
predefined categories based on a
small number of descriptors. Once
classified the documents can then be
applied to a corporate taxonomy and
used for browsing the database or as
a filter when running ad hoc que-
• Adobe Portable Document Format
(PDF)
ries.Evolvent Kx can classify around
200,000 documents per hour.
• XML collector—for custom
document types
Evolvent’s Kx has native file
conversation facilities for the following document types:
• All HTML and XML formats
FALL | 2005
29
EVOLVENT KM CONCEPT MODELS (PILOTS)
PROVIDE A RAPID, MEASURABLE AND
LOW-RISK ROI.
SUPPORTED LANGUAGES
The Evolvent Kx can index any text
in the Roman alphabet including full
support for diacritics. The use of diacritics within documents or queries
is entirely optional so that fitchée will
match with fitchée and vice versa.
All information is exchanged and
managed internally; using UTF-8 and
so support for non-roman alphabets
(e.g. Kanji or Arabic) should be possible in the future.
The following languages are automatically detected and processed:
•
Danish
•
Dutch
•
English
•
Finnish
•
French
•
German
•
Italian
•
Norwegian
For testing and development the
entire system can be installed on a
single computer. For live implementations the Query Server, Index Server
and the Web Application would normally be distributed. A multi-server
configuration will be capable of
indexing about two million pages per
day while simultaneously providing
retrieval to hundreds of concurrent
• Portuguese
•
Spanish
•
Swedish
•
Welsh
30
SCALABILITY
The designers of the Evolvent Kx
have many years experience in implementing proprietary file systems and
custom databases. In particular the
database format has been designed
to allow concurrent indexing at full
speed while allowing simultaneous
access for retrievals. This concurrency has been achieved in part by
reducing the amount of file restructuring typically found in competitive
systems, which are often based on Btree structures. The selected design
tends to produce an index database
a little larger than some alternatives
but with faster retrieval. In general,
the Evolvent Kx will produce an
index database whose size is directly proportional to the volume of
documents under index (i.e. 10GB of
documents will typically produce an
index database of 10GB). The proprietary database format used by the
Evolvent Kx has been designed to
provide optimum performance and
concurrency.
users. For very large implementations, multiple Query Servers could
be configured with shared access
from a pool of application servers.
Conclusion
Evolvent KM Concept Models (pilots)
provide a rapid, measurable and
low-risk ROI. A KM solution that
layers over and leverages multiple
document management systems,
Evolvent’s KM solutions lack the exorbitant integration costs traditionally found in other KM platforms and
are the defining factor in determining
who in business is successful and
who in business is successful FIRST.
Do
Au
The
unst
from
iden
for c
With
infor
mail
prior
unde
Evolvent Magazine
Copyrigh
Over 60 Civilian, Defense and Homeland
Security agencies use Autonomy
to disseminate critical information.
Shouldn't you?
Does your existing software solution get the right information to the right people?
Automatically?
The public sector must be able to efficiently and accurately process
unstructured information, whether the function is monitoring news feeds
from foreign countries, supporting law enforcement investigations,
identifying security threats, or providing the most up-to-date information
for constituent service.
With Autonomy's power, computers understand the 24/7 deluge of
information. E-mails, message traffic, Web pages, documents, voice
mails, videos, audio files and XML content are intelligently categorized,
prioritized and delivered to the right person because the computer has
understood and ranked the main concepts within them - automatically.
Copyright © 2005 Autonomy Corp. All rights reserved. Other trademarks are registered trademarks and the properties of their respective owners.
Autonomy's technology automates the information portals and customer
relationship management applications that empower agencies to use their
core resources more effectively.
Which is why more than 60 civilian, defense, and homeland security
agencies use Autonomy's intelligent infrastructure to gather data in real
time, conduct extensive analysis, facilitate collaboration and disseminate
critical information.
To find out what benefits Autonomy can bring to your agency,
call us at 866-821-9955 or visit us at www.autonomy.com.
AGILE DEVE
By Geoff Howard
Chief Technology Officer, Evolvent
recently heard an off-hand comment about some failures in
a project at a government agency from an acquaintance. It
turned out that the requirements process had been delegated
by the senior project owners to disinterested minor stakeholders
who were busy with other tasks. Driven by the technical project
manager, a detailed requirements document was created, blessed
by senior leadership (who probably did not review the document
in detail because of its length and apparent completeness), and
executed on time by the technical team.
I
Only after “successful” delivery was it discovered that the
finished system missed the mark in several key areas because of
the limited domain knowledge and interest of those who created
the requirements. We have seen nearly identical problems where
requirements in RFPs and SOWs are detailed and clear, but turn
out to be inaccurate as the engagement begins.
In our first article on Agile Development, we examined the false
security of requirements and looked at one technique designed to
combat this problem – continuous delivery. Certainly this practice
would have helped avert the failure described above, but there are
other disciplines deployed by adaptive development practitioners
that go further. Having pointed to failures in typical customer
interaction and requirements specification, we certainly should
paint a picture of how these can be accomplished successfully.
Less Detail—More Accuracy
Having heard that Agile Development places less emphasis on
up-front requirements gathering, you may be wondering how a
project could ever come together. How do I communicate what is
needed, reduce risk and ensure quality without specific details up
front? A key element lies in understanding what is really needed by
developers and stakeholders alike in the early stages of a project.
32
Evolvent Magazine
I commonly find requirements documents to be overly detailed
while missing key information about what users need from a
system. For example, a detailed description of a screen may specify
each piece of information that needs to be displayed, and how much
room each field requires in the database, which fields are required,
what sort of input is acceptable for each, etc.This will appear
complete to most observers, but critical information is missing.
How do users need to interact with this screen and why? How
will they get there, what do they need or want to do next? Even
worse, the detail that is provided is usually not necessary in the
early planning stages, tends to distract from the “big picture,”
and causes other critical needs to be missed. If it has not already
been done, I would like to coin an axiom of human behavior:
As a document’s length and detail increases, the number of
people who will read it decreases, and the number of people
who will evaluate it thoughtfully decreases exponentially. With a
requirements document, this leads to disaster.
What does an Agile Development approach suggest to counter
this? First of all, constant involvement from the customer – at
least one key stakeholder able and available to steer and correct
features as they emerge. We will return to this in a moment. But
what about written, formal requirements? The common practice
here is not to attempt to gather detailed technical specifications
for the whole system up front, but to gather prose descriptions of
users’ interactions with the system.
Sometimes called “User Stories,” these units of requirements are
short – generally a short paragraph, and written by the customer
in their own words – not in technical terms. It is easy to imagine
why a collection of these brief non-technical descriptions would
be significantly easier to gather real input on from a wide array
of stakeholders. A good collection of them may only take up ten
pages, but they are in “customer-speak,” and therefore tend be
dense with meaning easily understood by key insiders. Where
does the detail come from? How do developers interpret what
may be a foreign language to them? They need ongoing help
from the customer – that is what we will look at below.
VELOPMENT
AS A DOCUMENT’S LENGTH
AND DETAIL INCREASES, THE
NUMBER OF PEOPLE WHO WILL
READ IT DECREASES. WITH A
REQUIREMENTS DOCUMENT,
THIS LEADS TO DISASTER.
Customer Availability
When it comes time to work on developing code to implement
one of these stories, a knowledgeable customer meets face to
face with the development team to translate and fill in details
necessary to the work at hand. In a very large project this may be
a full time commitment from one or two people. In a more typical
modest sized project, this may be a minor, but real, commitment
spread out throughout the development period.
The key is that as questions arise and assumptions are made, a
knowledgeable and authoritative customer voice is consulted. On
the surface, this can sound like a much greater investment of time
than the standard practice of delivering written requirements. In
practice this turns out to not be true. The timesavings gained from
benefits like decreased up-front requirements details generally
outweigh the difference.
Most people also find it more efficient to discuss smaller units of
functionality, and to evaluate concrete ideas in front of their eyes
(often a partially working product) than to participate in long and
broad discussions about all aspects of an entire system that does
not yet exist. In practice it is also usually true that face-to-face
communication is clearer and more efficient about such details
than a written document. True, the results of this communication
would normally be captured in writing and can be validated and
kept for ongoing reference. However, the written words are not
intended to be the primary means of communication – only a
record of what was communicated. This may sound like a small
point but it is crucial.
Customer interaction goes beyond this face-to-face
requirements channel. Another key role for the customer
representatives is in release planning. During the initial highlevel planning (gathering of user stories and laying out a rough
project plan), and in the ongoing process of planning the next
release cycle, the customer decides and refines what features
are implemented next, and how to adjust should problems
arise. Sub-delivery targets can be negotiated by adding or
removing features and resources, or by moving the target dates.
This bi-directional visibility into project dependencies, timing,
strategy, pressures and constraints promotes healthy team
dynamics and buy-in on both sides.
Strange Yet Familiar
I would be willing to bet that some of the practices we have
been describing sound familiar as natural tendencies of any
healthy development project, while some sound foreign and
counter-intuitive. The Agile Development approach grew largely
out of casting off procedures that consumed effort but were not
delivering value, and replacing them with refined versions of
informal and natural tendencies that tended to resurface across
many projects.
It must be added that Agile Development is no panacea.
An interesting open question, especially in the government
space, is how to construct a contract to support this style of
development without increasing both customer and contractor
risk by leaving deliverables too vague. Still, with the right
team and under the right circumstances an Agile Development
process can lead to increased speed and success, and decreased
risk and cost.
The benefits of Agile Development can be tremendous. We
have already examined the potential for increased accuracy
and success. Having examined the agile requirements process
more fully, we can now add a new benefit: meaningful
development can often begin faster and produce results
sooner. ■
FALL | 2005
33
Fielding the Best Team for
SPAWAR Systems Center Charleston!
Evolvent, a small business leader in Information
Assurance, has built a team of industry leading small,
medium and large businesses with capabilities across
the spectrum of the SSC Charleston requirement.