evolvent - ManTech International Corporation
Transcription
evolvent - ManTech International Corporation
SECURING BUSINESS INTELLIGENCE EVOLVENT MAGAZINE BUILDING A Crossing Time and Space: The Networked Virtual Organization – Page 4 Collaboration: The Keystone of a High Performance Workplace – Page 7 Evolvent Knowledge Management Discovery Toolset – Page 24 FALL 2005 NETWORKED VIRTUAL ORGANIZATION About Evolvent Evolvent is a mission-focused federal technology services firm with corporate offices in Falls Church, Virginia and San Antonio, Texas. Evolvent currently supports technology services engagements with federal agencies including: the US Air Force, the US Army, the US Navy, the Department of Agriculture, the Department of Commerce, the Department of the Interior and the Department of Veterans Affairs. Evolvent’s areas of expertise include the company’s Enterprise Information Management group that has designed, developed and implemented the AF Surgeon General’s Enterprise Knowledge Exchange serving 44,000 medical personnel worldwide. Additionally, the company’s Cybersecurity practice also supports the US Army Medical Information Technology Center (USAMITC) with integrated Information Assurance services and provides computer network defense expertise to the Department of Veterans Affairs. Evolvent is a partner to large organizations such as General Dynamics, SAIC, SI International and NCI. A prime contractor on the Department of Defense D/SIDDOMS III contract, partner to SI International on the recent Army HR Solutions award, and a partner to SAIC and NCI on the recent VA GITSS award, the company offers a broad spectrum of e-business solutions and services to both federal and commercial customers. • Technical Services Content Management System (CMS) & Web Engineering Enterprise Information Management (EIM) EJunctionTm EIM suite built on Knowledge Junction concept Total Cost of Ownership Telemedicine Support Outsourced Support Services – On-shore & Off-shore • CyberSecurity Services DITSCAP Accreditation Information Assurance (Computer Security) Security Audits Incident Response Center and Network Security Ops Center Contingency Planning and Business Resumption Vulnerability Assessment • Contracting Vehicles VA GITSS D/SIDDOMS III (D3) HR Solutions AF NETCENTS SeaPort GSA IT Schedule 70 Contract: GS-35F-0364M VA BPA Contract: VAO797-02-A0048 Cleared and Uncleared Resources Available Evolvent offers a variety of Thought Leadership publications. For information on these publications, please visit www.evolvent.com or call the Marketing Department at 703.379.2146. To be added to our mailing list, email info@evolvent.com. S m s p IN THIS ISSUE: Evolvent Magazine 4 Page 4 Fall 2005 editors Crossing Time and Space: The Networked Virtual Organization Bill Oldham, Chief Executive Officer, Evolvent 7 Page 7 Collaboration: The Keystone of a High Performance Workplace Paul Ramsaroop, President & COO, Evolvent Jennifer Cupka Stella Ramsaroop 10 Page 10 • Networked Virtual Organizations and Building an IT Support Services Group Evolvent Contributing Writers Bill Oldham 14 Page 14 Geoff Howard Evolvent Paul Ramsaroop Guy Sherburne Networked Virtual Organizations and a Business Case for the Capability Maturity Model (CMM) 19 Page 19 Knowing the Legal Requirements for Security Guy Sherburne, VP Security Practice, Evolvent • Design 24 Page 24 ben.verlinde@gmail.com Evolvent Knowledge Management Discovery Toolset Evolvent Evolvent Magazine, published by Evolvent Press 32 Page 32 Agile Devolopment Geoff Howard, Chief Technology Officer, Evolvent • Statements contained herein may constitute forward-looking statements that involve risks and uncertainties. Due to such uncertainties and risks, readers are cautioned not to place undue reliance on such statements. Copyright © Evolvent, 2005 All rights reserved. FALL | 2005 3 Crossing Time and Space: The Networked, Virtual Organization Beyond demographics…the transition from an industrial age to a post-industrial or information age has been discussed so much and for so long that we may not have noticed that we are passing into a postinformation age. The industrial age, very much an age of atoms, gave us the concept of mass production, with the economies that come from manufacturing with uniform and repetitious methods in any one given space and time. The information age, the age of computers, showed us the same economies of scale, but with less regard for time and space…in the same ways that hypertext removes the limitations of the printed page, the post-information age will remove the limitations of geography. BILL W. OLDHAM Chief Executive Officer, Evolvent — excerpt from Being Digital, pp. 163-165, 1995. ore than a decade ago, thought leader and guru Nicholas Negroponte posited the above describing a working world less enslaved by notions of time and space. Not even a guru of Negroponte’s stature however could have envisioned the brave new world of what we discuss in this edition of the Evolvent Magazine—the Networked Virtual Organization. and its diminished sense of space constraints or physical location. Cisco identifies three main NVO strategies in their landmark paper, The Bridge, Making Money the NVO Way (Cisco, 2003): of working as an NVO. Feature articles include: ■ Collaboration: The Keystone of a High Performance Workplace ■ ■ NVOs: a Business Case for the Capability Maturity Model ■ Security Column: Knowing the Legal Requirements Management notions come and go like fashions or fads, yet it is undeniable that organizations of all shapes and sizes, industries and cultures, are less restricted by industrial age notions of time and space. The enhanced power of technology and the growth in information sciences has replaced in large measure the ancient problems of time and space with newer problems of how to cope with working environments that exist round the clock and span the globe. ■ ■ Agile Development Part II ■ NVOs and Building an IT Support Services Organization ■ White Paper: Evolvent’s Knowledge Management Discovery Toolset Our friends at Cisco Systems call the new organization a “networked, virtual organization” or NVO, highlighting both the power of the modern network infrastructure In this writers several clients M ■ “An NVO responds rapidly to customers’ needs, putting the customer at the center of the value chain, not at the end. An NVO concentrates on those elements of functions where it adds the most value or has the greatest skills, and turns over to multiple partners who compete to provide those elements that are not core. NVOs adopt standard business processes, standard sets of data and standard IT systems throughout the organization.” issue of the magazine, Evolvent’s and consultants have highlighted topics where we believe that our can delve deeper into the notion In preparing for this magazine, I’ve personally talked to industry thinkers and a number of our clients. The path to becoming an NVO and even to a large extent what that path means remains a mystery to many. Yet the themes our writers explore are critical to the success of the modern organization that operates across time and space using new technologies and new processes. On a personal note, our customers and associates alike have shared with me their difficulties utilizing and implementing information technology solutions. As we discussed in Evolvent Magazine, Summer 2005, the imperative to extract greater value from shrinking IT budgets and still ensure that technology continues to create value for the enterprise is a challenge to all of us in the IT industry. We hope that you find the NVO construct a useful way of examining the challenges in IT and as always welcome your feedback and inputs. We hope you enjoy this edition of the Evolvent Magazine and look forward to working with you in the coming months. Kind regards, Bill Oldham bill.oldham@evolvent.com 4 Evolvent Magazine AFCEA NOVA AF A ARMED FORCES A FO COMMUNICATIONS & ELECTRONICS ASSOCIATION Your link to the local, regional, and national defense community AFCEA NOVA is the largest Chapter in the AFCEA International family, with approximately 5,500 members, and countless other associates and friends in industry, government, & academia. We are are blessed with the Hometown Advantage of having the Pentagon in our back yard, and the Nation's Capital right next door -- which means that AFCEA NOVA luncheons, conferences, and special events always feature top speakers and cutting edge topics, not to mention the best networking in town. For more information, visit www.afceanova.org. AFCEA International is a worldwide association founded as the Armed Forces Communications and Electronics Association; but it encompasses more than just the military. AFCEA International represents the top government, industry, and military professionals in the fields of communications, electronics, intelligence, information systems, imaging, and multi-media. AFCEA's purpose is to support global security by providing an ethical environment that encourages a close cooperative relationship among civil government agencies, the military, and private industry. For more AFCEA NOVA information, visit: http://www.afceanova.org See Evolvent at: 48th Annual AAMA Conference November 10–12, 2005 Riviera Hotel and Casino, Las Vegas, NV 2006 Tricare Conference January 30–February 1, 2006 Marriott Wardman Park Hotel, Washington DC 2006 Annual HIMSS Conference February 12–16, 2006 in San Diego, CA • For more information about our receptions for members of the MHS, please call the Evolvent Marketing Department at 703.379.2146 volvent was born in the Knowledge Management Era (KME). Since our inception, we have had the privilege of growing up within the evolving KME constructs, such as the imperative need to develop collaborative environments. In fact, any company aspiring to stay competitive in today’s fast-changing, information driven world is required by default to know how to anticipate the next vital maneuvers its industry will likely make, and then to be one of the first to arrive. This type of proactive foresight is a practice Evolvent has long made a priority when establishing our developmental objectives to be customer focused, partner friendly and employee centric. E Collaboration: The Keystone of a High Performance Workplace By Paul Ramsaroop, President & COO, Evolvent An effective collaborative environment has the capacity to facilitate these developmental objectives as its primary focus by concentrating on providing the company’s stalwart features and leveraging partners who have excelled in the other necessary components. This is effectively administered through continuous collaboration between associates, partners and customers on practically every aspect of their respective relationships through adaptive business processes and evolving technologies with the capability to gather all of these components into one virtual location—such as the Evolvent Exchange (E2), an intelligent information system developed by Evolvent associates and partners that can be accessed easily through the internet. How to Make a Geographically Dispersed Company Employee Centric Evolvent has associates throughout the world; therefore, by utilizing E2, we have taken an earnest approach in our responsibility to provide a reliable avenue by which the associates feel constantly connected and supported with information about HR issues, company news and even every day interactions. E2 has also proven to be invaluable when collaborating on customer deliverables and reports, providing the ability for constant interface FALL | 2005 7 E2 is a worldwide intranet network by which Evolvent has easily integrated mature collaborative concepts, making the world our office. between not only those in the same physical location, but even when we are thousands of miles apart and still need to move effortlessly back and forth through the relevant data and documents as the project progresses. E2 is a worldwide intranet network by which Evolvent has easily integrated mature collaborative concepts, making the world our office. In many organizations, a higher value is placed on the creation of knowledge rather than sharing. Evolvent has attempted to place a higher emphasis on our associates sharing lessons learned, best practices and innovations with other associates when possible. Knowledge is power and with an ever-growing base of knowledge in E2’s repository, our associates can find solutions to critical client issues in a more timely and efficient manner. However, this connectivity and the collaborative ability does not end with Evolvent’s associates, it also encompasses our partners and clients. In fact, a modified E2 has been sold to several Government Agencies as our EJunctions product offering. Since we are the primary users of our own product, E2 has the capacity to continuously evolve to meet the needs of the company as it continues to grow and industry collaborative efforts advance. Mutually Beneficial Partnerships Furthering the ability to connect all aspects of business, we consider it a vital endeavor to maintain this same linkage with our partners. Partnerships are collaborative by nature, but the knack to smoothly establish and sustain constant communication is what defines the dynamics of each partner 8 Evolvent Magazine relationship.These are frequently long-term relationships that oft times determine the quality and timely delivery of the product and/or service being proposed or provided to the customer. Therefore, by establishing a means by which this high-level communication can be achieved and removing barriers to collaboration, such as geography and inept or dated processes, the ability to effectively partner becomes a fluid and friendly practice instead of an awkward and laborious task. Essentially, by creating an atmosphere conducive to successful partnerships and collaborations, we further enhance our ability to propose and deliver a service that is superlative and decidedly competitive. This is an important objective for both Evolvent and for current and potential partners. Informed Clients Make Better Customers The most crucial part of any collaboration is the method by which the client is included in the delivery process.The unobstructed flow of information and data between Evolvent, partners and clients is the next step in the natural progression of this collaborative effort. Inclusion of the customer during each stage of the engagement ensures the delivery of a product or service that is a good fit for the customer’s needs and intended utilization, as well as adaptive qualities throughout the life of the service. Evolvent believes that informed clients make better customers. Interconnecting Evolvent associates and partners with customers in a collaborative environment allows any of these entities to be anywhere in the world and still have real time information readily at hand. Although security is an ongoing issue with the exchange of information via the internet, E2 is equipped with an infrastructure that allows many different groups of people to have varying levels of access to different areas – much like security at an airport with passengers, baggage handlers, flight attendants, pilots and airport security all having varying degrees of access. By eliminating the distracting elements of configuring a means by which communication can be established and the cumbersome installation of hardware for sharing information with partners and clients, Evolvent has made collaboration a normative expectation and a practice that we hope will have far-reaching benefits for every entity involved in the delivery process. Keeping Evolvent On the Virtual Cutting Edge Seamless integration of collaborative concepts is not an easy task, but it is one that Evolvent is determined to continue to deploy. E2 provides an avenue by which our employees, partners and clients have the ability to remain connected to vital business information from anywhere in the world. Further, standard business processes allow for the sharing of diverse yet mission-critical information through an enterprise that supplies end-to-end manageability to ensure reliability. With our clients and their evolving needs in mind, Evolvent remains committed to the practice of adapting to the ever-changing technologies so we can anticipate the future requisites for service in this industry. We also remain dedicated to establishing relationships with our partners and clients that assumes responsibility for cooperation and collaboration, thereby bridging any gaps in the exchange of information and creating a communication climate that is healthy and vibrant. Evolvent is “virtually” cutting edge. Best of Show ENTERPRISE CONTENT MANAGEMENT 2004 & 2005 For the second year in a row, Stellent® Universal Content Management™ was named the top enterprise content management (ECM) suite by AIIM E-DOC Magazine at AIIM, the world’s largest ECM conference and exposition. Coupled with other top honors received at AIIM 2005, Stellent is clearly solidifying its leadership position in the ECM space, demonstrating the company’s commitment to providing technology applications offering award-winning features and functionality that result in tangible return-on-investment. Visit www.stellent.com/awardwinning3 to see the solution in action, or call 1.877. 332 . 9567 ext. 216 for more information. AIIM 2005 HONORS: AIIM 2005 Best of Show Award AIIM Best Practices Award AIIM Best Practices Award I3 Award ENTERPRISE CONTENT MANAGEMENT LAND O’LAKES, INC. CITY OF AURORA, COLORADO EMERSON PROCESS MANAGEMENT CLIENT STELLENT INC LIVE: 7.5" X 10" TRIM 8 25" X 10 875" Channel Connection Award WASHINGTON SECRETARY OF STATE w / PARTNER IMAGESOURCE COLOR: 4C PUB EVOLVEMENT MAGAZINE A s organizations move towards greater utilization of networks, virtual working groups and much more extensive deployment of technology solutions, it is vital that the architecture of IT support services is both considered and integrated into the new NVO management construct. Networked Virtual Organizations and Building an IT Support Services Group by Evolvent Because of the complexity of Information Technology (IT) systems and networks today, organizations are often unaware of the hidden costs of these systems. How technology systems are supported is frequently misunderstood, and the hidden costs of IT support services can become a major element of service delivery costs. Evolvent’s consulting group has completed a number of IT support services benchmarking studies examining what progress has been made in consolidating or centralizing IT support services in the federal sector and ascertained what models or focus areas are being used for any initiatives in order to establish benchmarks or best practices for enterprise-wide efforts. IT support services are defined in most of these engagements as Level One help desk or call center activities where the operational focus is really triage for the user’s first point of contact. These studies typically do not include Level Two service desk or functional specialty support activities. Our consultants continue to find however, that little overall progress has been made in consolidating or centralizing IT support services. Several projects have been examined but had varying foci, and most were in their infancy and had not yet reached initial deployment stage. Measurable impacts from current projects were thus not definable. The study found three specific common requirements for progress in examining the condition of IT support services. These requirements are mapped to our most frequent recommendations and are summarized briefly below: 1. Performance Metrics: Define an enterprise set of performance metrics as a baseline for supporting the evolution of IT support services delivery. 2. Support Services Technology Toolset: Establish a pilot project to build a common capability for best practices deployment of support services technology across the enterprise. 3. Common Business Rules: Establish a pilot project to define common business rules, role definitions that accommodate mission variances and performance metrics to build a foundation for an evidence-based path to support services reengineering. Evolvent’s consultants utilize relevant Gartner Group Total Cost of Ownership (TCO) models and data and project data related to support services initiatives from regional organizations and subagency levels across the federal enterprise. TCO data serves to demonstrate comparability of each organization reviewed. Project data was more helpful to determine the strategic direction of each group’s efforts, which are highlighted topically below. 10 Evolvent Magazine f e l d ) f e s e T s t r h T s e f e l T d t m r e s t o o t h In order to validate the data developed locally at the regional or sub-agency level, the team referenced Gartner Group’s 150question survey based on each customer’s priorities in determining the need for new technologies to be deployed in support of help desk operations and common business process guidance, identifying common performance issues that existing help desk operations face in performing their mission, as well as identifying best practices where possible in performing these operations. Additionally, the Evolvent team has developed a tool for the customer to survey the support functions currently provided across the enterprise to gain a broader perspective on how support services are provided and by whom. Based on customer direction and experience derived from four years of TCO studies, Evolvent’s consultants have identified a number of support services reengineering cases across the federal sector. From multiple site visits and conference calls over the last several years, our consultants obtained a more complete picture of the status of each case identified and have developed key findings and recommendations that seemingly emerge across multiple organizations and stretch across time as well. Below, our consulting group has outlined major considerations for support services reengineering activities. Reengineer Personnel Mix and Deployment Pattern Many organizations studied have actively pursued the vision of a centralized help desk covering an enterprise or an entire region. Manning and personnel decisions considered include the conversion of some personnel to more technical labor categories. Test deployments have frequently been planned to establish a centralized facility and bring facilities on one at a time. Tests would involve users being instructed for a period of one month at a particular facility (regardless of facility size) to call the remote test help desk instead of the standard operating procedure to call someone locally or utilize the departmental technical assistant. Once test site operations are completed, the agency would aggregate lessons learned and finalize plans for a full or phased rollout after analysis and adjustment from test. Our team observed that testing design has been difficult given operational constraints and timing issues within each organization. In one particular instance, the agency reviewed plans to staff the support mission with government personnel primarily on cost grounds. This manning strategy varies from most other efforts examined as the organization appears to be focused on government personnel. Another organization studied had determined to implement a reengineering task to release government personnel and add contractor personnel in their place, while consolidating support to a central help desk facility and reducing the support footprint at the local level. The organization has been careful to preserve and project joint responsibility—no distinction—between consolidated help desk staff and on-site staff. The reengineering effort focused on supporting integrated specialty apps via a dedicated special-skill person in the consolidated location. The organization has faced significant hurdles in the comfort level of users in contacting/ trusting remote site, yet the central capability now handles nearly three quarters of all support calls. One organization studied has focused on the consolidation of Tier One application support functions within the local operation. Using an in-house configuration of Remedy, the focus of this effort has been to obtain workload data for staffing metrics purposes to realign support staff. In amalgamating the mission of two groups, support service consolidation has focused on reducing the footprint utilized by each organization independently to a smaller number of staff supporting the combined operations. The consolidation is also only focused on application support not on network infrastructure or specialty applications. Importance of Standards Compliance Many of the organizations studied emphasized the importance of standards compliance for both software and hardware configurations with the goal of implementing a Standard Integrated Desktop (SID) to aid the effectiveness and efficiency of support services operations. In one organization, the SID is still being finalized as the IT group has had difficulty finding a configuration that works for all applications. Most organizations studied view the SID as a key to realizing the full impact of a consolidation/workload reduction strategy. As Evolvent’s consulting team looked closely at implementing a more developed NVO architecture for support services, it was clear that the SID was a critical ingredient for success. However, SID complexity may grow exponentially as scope of consolidation grows. This will be a key area for further study including the question of whether a possible SID hierarchy could allow for common SID elements while allowing specialization for sub-groups. IT IS VITAL THAT THE ARCHITECTURE OF IT SUPPORT SERVICES IS BOTH CONSIDERED AND INTEGRATED INTO THE NEW NVO MANAGEMENT CONSTRUCT. FALL | 2005 11 Business Rules: Hardest Piece of the Puzzle Most of the organizations examined by our teams demonstrated great differences in business processes from region to region or facility to facility. Our consultants noted that different strategies were also employed to progress toward common business processes across and even within each organization. In one organization the approach was to adopt common practices for the “centralized facility-level help desk initially.” Where “at some locations the facility does more” —a major issue with varying business processes within the organization was determined to involve regional and subregional levels with respect to permissions. It was suggested by organization personnel that this is frequently driven by personalities and was not necessarily driven by mission requirements—a major roadblock to realizing the value of the NVO construct. Excellence Dashboards—Power of Metrics One organization studied had developed a support service excellence dashboard for the centralized support organization built for its region. This agency has built stats analysis by drawing from Remedy data. Data mining allows real-time and close to real-time analysis of trends, weaknesses, etc. The dashboard displays resolution rates and speed, with trend analysis. The trend shows good adoption, with steady improvement over the history of the project. The initial three months did show retrograde in performance attributable to learning curve. Common business rules however, must be in place before metrics can be fully utilized. Resultant Benefits/Initial Conclusions Based on our analysis we see the following resultant benefits and initial conclusions from our teams efforts: ● Each study identified that a number of support services consolidation or reengineering activities were under consideration, development or in the initial stages of deployment testing, yet most activities were in their infancy and there was no enterprise level coordination of the efforts—a potential problem for clear, fast implementation of NVO constructs or initiatives. ● The studies also identified that little progress had been made to implement prior studies or working group recommendations for support services consolidation or reengineering. ● The studies identified the need for strong, focused efforts at the enterprise level to assist the facility and regional organization’s efforts to improve IT support services performance. Evolvent’s consultants developed a series of recommendations where an enterprise-led effort could focus initial steps toward an NVO construct. ● The studies validated and documented evidence concerning the capability to achieve consolidated Help Desk Operations/ IT Support Services. ● The studies validated and documented discrepancies to be mitigated before consolidation. Building on Remedy ● The studies provided a catalyst for change in operational IT practices. One organization studied has focused its efforts on the development of a demand management tool, a customization of scripting, interface and problem definitions for the enterprise deployment of Remedy. The tool’s objectives are to: ● The studies provided justification for a uniform, centralized reporting and trending capability within the information technology environment. ● Improve customer service ● The studies identified the need for further progress toward common business rules for IT Support Services. ● Simplify the submission and tracking of IT requests ● Automate processes ● The studies identified the need for further progress toward integrated, professional performance measurement strategy for IT Support Services to include common metrics development. ● Reduce time and manpower in resolving IT issues ● Provide accurate performance indicators ● Reduce return-to-service time A web-enabled, full-featured, advanced trouble ticketing and tracking tool, the tool is intended to be intuitive and easy-touse. The tool allows both technicians and customers to submit requests through a web browser, is Active Directory “aware” and is data-driven, modular and customizable. 12 Evolvent Magazine Key Findings and Recommendations Evolvent studies over the last few years have found that while several organizations were moving towards reengineering the way in which IT support services are delivered to end users, many different approaches were being used, and there was little commonality between cases examined. Further, it has been apparent that baseline implementations of support services best practices were sufficiently immature in their evolution to suggest that a number of “best practices” initiatives should precede further study of “how” the enterprise could centralize or consolidate its IT HAS BECOME CLEAR THAT WHILE THE TECHNOLOGIES ARE THERE TO SUPPORT AN NVO, HOW WE MANAGE THOSE TECHNOLOGIES IS DEPENDENT ON AGREED PERFORMANCE METRICS, CONSISTENTLY DEPLOYED TECHNOLOGY MANAGEMENT TOOLSETS AND A COMMON AGREEMENT ON BUSINESS RULES. ● FAQ development and the implementation of a knowledge base of common problems and solution sets to support both scripts for support services professionals and a self-support tool for end users themselves ● Metrics and management reporting for support services managers Our analysts found that many projects were underway to utilize the technology toolsets provided by enterprise level programs, yet extended timelines for deployment and limited use of defined best practices resulted from the lack of training or enterprise capabilities to support a best practices deployment of the enterprise support services toolsets. A pilot project to build a common capability for best practices deployment of support services technologies could provide a large degree of support across the enterprise. Business Processes and Operations Design IT support services organizations to facilitate the development of an NVO. Evolvent’s consultants have identified three initiatives that could capitalize on the activities investigated and form a more positive baseline for future strategic centralization or consolidation efforts. Performance Metrics Each of our engagements has approached the issue of performance metrics for support services independently. In some cases, mission differences between organizations may require that metrics be different. Our experience suggests further need for examining the issue of common performance metrics and the need for a benchmarking study focused on performance metrics and defining an enterprise set of metrics that would support the evolution of IT support services delivery either on a consolidated or centralized methodology. Support Services Technology Toolset In each engagement our analysts examined the toolsets used by support services organizations across several regional organizations or functional operations. Each instance of technology implementation examined was found to be focused on a particular subset of the technical capability and an incomplete use of industry best practices for support services technology implementations. Basic enterprise implementations of Remedy frequently serve as the obvious starting point for each case, yet the deployment or use varies dramatically from instance to instance. Each organization investigated had focused its technology development on different aspects of the toolset, including: ● Ease of use of the Remedy interface for the support services staff ● Common problem set definitions built into the standard Remedy deployment A key finding of our engagements is that different business rules and processes for support services delivery were utilized within each organization investigated. The lack of common business rules/processes, metrics, role definitions, administrative controls and the variance between and within organizations served as an important impediment to modeling a path to support services centralization or consolidation. It is clear that the design of support services operations vary greatly across the enterprise. This variance is also further complicated by the multiplicity of actors engaged in providing IT support services. TCO studies have shown over the last five years, end users, workgroup managers and IT professionals all deliver IT support services. In many studies the indirect costs of end user self-support has shown tremendous variance in the quality of direct IT support services. A pilot project to define common business rules, role definitions that accommodate mission variances and performance metrics could serve to build a foundation for an evidence-based path to support services reengineering. A Final Word for NVOs The power of the network and the necessity of aggregating knowledge resources into virtual working groups are fast becoming, and in many instances, already are accepted norms in the world of business and government. Yet, how we deploy and manage those technology resources that serve to give NVOs their shape and form is still a varied and inexact science. Our consulting efforts have given us repeated insights into would-be and evolving NVOs and their particular challenges in managing technology. It has become clear that while the technologies are there to support an NVO, how we manage those technologies is dependent on agreed performance metrics, consistently deployed technology management toolsets and a common agreement on business rules. FALL | 2005 13 Networked Virtual Organizations and a Business Case for the Capability Maturity Model (CMM) by Evolvent 14 Evolvent Magazine B orn within the profession of software development, the Capability Maturity Model (CMM) is a framework describing the key elements of an organization’s processes. It provides the foundation for process improvement by describing an evolutionary path from youth to maturity. Because many young organizations’ internal and external processes can be described as ad hoc, immature, personality-dependent and fairly unstable, CMM can help processes mature to become disciplined, standardized and repeatable by any associate. Because Networked Virtual Organizations or NVOs demand adherence to processes to avoid the chaos that is possible in “virtual” organizations that are only tied together by the network, CMM frameworks can provide a foundational process construct to ensure quality and productivity. There are five levels of progressive process maturity: Initial, Repeatable, Defined, Managed and Optimizing. This article provides a framework NVOs can use to achieve Level 3: Defined Process Maturity, at least for the near term. The Software Engineering Institute (SEI), Carnegie Mellon University, is credited with developing CMM in 1986 at the request of the U.S. Government (DoD). At that time, and as is often the current practice, the U.S. Government wanted a systematic method it could use to assess the capabilities of its contractors. Through CMM implementation, the U.S. Government can accurately assess an NVO’s capabilities, and the NVO can use the model to improve internally. COMPARISON WITH ISO AND OCTAVE The CMM is similar to ISO 9001, one of the ISO 9000 series of standards specified by the International Organization for Standardization (ISO). The ISO 9000 standards specify an effective quality system for manufacturing and service industries. The main difference between the two systems lies in their respective purposes: ISO 9001 specifies a minimal acceptable quality level for software processes, while the CMM establishes a framework for continuous process improvement and is more explicit than the ISO. OCTAVE, also developed by SEI, is somewhat similar in that it is process focused, but the processes it seeks to improve are restricted within the Information Security risks area. However, the OCTAVE methodology has its roots within the original CMM. Evolvent’s OCTAVE specialists currently utilize the construct of this model in the security services practice. Similarly, CMM practices are being developed within the information assurance and knowledge engineering practices to offer these capabilities in the federal technology marketplace. PURPOSE OF THE INVESTMENT When properly implemented, CMM will improve an NVO’s ability to meet corporate and project goals for costs and return on investment, schedules, functionalities and especially product quality. The ultimate goal is to improve efficiency and effectiveness in what we do: Efficiency + Effectiveness = Higher ROI KEY REASONS FOR PURSUING THE PROJECT With a marketable and proven CMM level, NVOs will have a yardstick against which commercial organizations and the government can judge, in a repeatable way, the maturity of the NVO’s processes and compare them to similar industry practices (benchmarking). Internally, the NVO can use CMM to identify process improvement areas and needs, to plan and prioritize improvements and most importantly, to evaluate improvement progress through metrics. According to the SEI, the CMM has become a de facto industry standard for assessing and improving processes via modeling, defining and measuring the maturity of an organization’s processes. In addition, it has been widely adopted and used by the U.S. Government, industry and academia. FALL | 2005 15 FIVE MATURITY LEVELS EXPLAINED VIS-À-VIS AN NVO • Quality Assurance • Initial Level: Organizations at level one are characterized by working in an ad hoc manner and by unpredictable performance. If services are delivered successfully, it is because of individual heroism. Processes are disorganized, even chaotic, and not considered to be repeatable, because processes would not be sufficiently defined and documented to allow them to be replicated or understood or even known by all associates. • Contract and Subcontract Management • Repeatable Level: Organizations at level two, the repeatable level, deliver services with a repeatable quality. That is, they can repeat earlier successful performances in similar circumstances. Basic management techniques have been established for project management and other process areas. Successes can now be repeated when associates adhere to the process procedures because the requisite processes would have been established, defined, documented and understood. • Defined Level: The third level is aimed at standardization of services. Organizations at level three employ standard processes to deliver services and have also implemented organization-wide processes to train employees and manage resources and problems. To reach Level Three, the NVO would have to develop its own standard processes through great attention to documentation and integration as well as adoption by all associates. • Managed Level: At this level, an NVO would be actively monitoring, reviewing and controlling its processes through data collection and analysis. This is a level dependent upon the techniques outlined in Category 2 of the Malcolm Baldridge Criteria of Total Quality Management, one of the most useful and fruitful aspects of the TQM movement: “Doing it with Data.” • Optimizing Level: Again referring back to TQM, this level is based upon the continuous improvement models proposed by Deming and Shewart. Here, processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization’s particular needs. This must be done with active leadership involvement. PROCESS AREAS BY MATURATION STAGES As processes mature, they are often part of two levels. Some processes are more efficient remaining at a specific level and some must maintain a minimum level to be effective. As a result, within CMM, there are “shades of levels” in which a combination of level characteristics is evident. These are described below: 1. Level 1-2. This level describes processes that are repeatable and disciplined. The following process areas should be at least within the latter stage of Level One and the beginning stages of Level Two: 16 Evolvent Magazine • Project Tracking and Oversight • Project Planning • Requirements Management 2. Level 2-3. This level requires defined, standard and consistent practices. Some process areas that should at least be at this level include: • Peer Reviews • Inter-group Coordination and Communication - Vertical and Horizontal • Integrated Management - Vertical and Horizontal • Training Programs • Organization Process Definitions • Organizational Process Focus 3. Level 3-4. This level’s characteristics include managed and predictable processes. Two processes which function best at Level 3-4 are Quality Management and Process Measurement and Analysis. 4. Level 4-5. In humanistic terms, this would be “selfactualization” on Maslow’s Pyramid. Here, processes are optimized to feature continuous process improvement. Processes include Change Management, Technology Change Management and Product Defect Prevention. HOW DOES AN NVO OBTAIN LEVEL THREE? Each maturity level (except for Level One) contains a number of key process areas. To reach a certain maturity level, an NVO has to implement each of the key process areas of that level and lower levels. Example: NVO KEY PROCESS AREA: Project Management A key process area is considered implemented if each of the goals of the key process area is reached. Thus, a key process area consists of goals (usually between two and four) and activities called key practices. Example: Project Management = Goals (1-4) + n Key Practices One goal could be "Early Completion" and the associated Key Practices could include "PMP and WBS Development and Adherence," "Resources Monitoring," "Resources Adjustment," "Predictive Situational Analysis," etc. WHEN PROPERLY IMPLEMENTED, CMM WILL IMPROVE AN NVO’S ABILITY TO MEET CORPORATE AND PROJECT GOALS FOR COSTS AND RETURN ON INVESTMENT, SCHEDULES, FUNCTIONALITIES AND ESPECIALLY PRODUCT QUALITY. • Verifying Implementation: These activities verify the implementation of the key process area. These key practices ensure that the processes are performed in compliance with the process that has been established. They generally include key practices that relate to oversight by senior management and project management, as well as specific verification activities that the service quality assurance group or others are expected to perform to verify that the process is being performed properly. For example, it is important that senior management periodically reviews the activities. IMPLEMENTATION: WHAT AN NVO MUST DO • Identify, develop and document key process areas • Communicate key process areas to all associates • Obtain input and "Buy-In" from all associates If the NVO consistently implements all activities from a certain key process area, then the goals of that key process are achieved. Within the realm of information technology CMM, there are five kinds of practices called common features. Together, they ensure that the goals of the NVO’s key process areas are achieved. • Ensure ALL NVO resources are tied to a key process area; if not, it may be irrelevant • Develop goals for each process area • Develop key practices - within the context of the five common features - for each goal • Develop procedures and mechanisms for monitoring key practices and goal achievement • Commitment to Perform: The key practices here describe the actions the organization must take to ensure that the process is established and will endure. This commitment is demonstrated by the NVO’s activities that are aimed at ensuring organizational and management commitment to the key process area activities. These activities can be in the form of documented organizational policies and responsible leadership. • Institute operational-level policies to ensure adherence to key practice procedures • Ability to Perform: These would be NVO activities that actually enable the key process area. They are the preconditions necessary to implement the process competently. They typically involve resources, organizational structures and training. • Ineffective monitoring of activities • Activities Performed: These are the activities needed to get the job done. They are the activities, roles and procedures necessary to implement a key process area. These typically involve establishing plans and procedures, performing the work, tracking the work and taking corrective actions as necessary. For example, having the right tools and trained associates, customer-relationship management expertise, budgeting savvy and human-relations skills. • G&A investment • Measurement and Analysis: These would be NVO activities aimed at determining the status of the key process area, consisting of basic measurement practices that are necessary to determine the status related to the process. Measurements included in this common feature are used to control and improve the process. For example, measuring time spent on different types of projects or how long it takes to deal with incidents. • Constantly review ASSOCIATED RISKS • NVO leadership does not "Stay the Course" (false starts) • Little or no associate "Buy-In" • Costs for "In-House" (G&A) development may be excessive REQUIREMENTS • Commitment by senior leadership • Allocation of time • Creation of a CMM working group CONCLUSION An NVO’s overall goal for achieving CMM Level Three is to enable it to assess its capabilities with respect to the delivery of services and products as well as provide specific directions and steps for further service and product improvement. This requires commitment to the development of and adherence to standard business processes and the implementation of organization-wide processes to train employees and manage resources. The adherence to standards, processes and implementation guidelines facilitates the creation of a successful NVO. FALL | 2005 17 SI.INTLFllpageColor3 6/15/05 1:42 PM Page 1 SI International is proud to serve the Federal government. We define, design, build, deploy, and operate mission-critical information technology and network solutions (IT). We deliver a full spectrum of state-of-the-practice systems and services with a strategic focus on the Federal government’s most urgent initiatives. 18 Evolvent Magazine www.si-intl.com Knowing the Legal Requirements for Security Guy Sherburne, VP Security Practice, Evolvent P rotecting various forms of highly sensitive information is a real challenge, especially in light of technological advancements and the growing worldwide threat from criminal organizations and terrorists. Probably the most perplexing problem facing senior management is in determining where or how to start a protection process. Adding to management challenges are several new government laws and policies mandating accountability, security and disaster recovery processes. Where should you start? s. FALL | 2005 19 There are many challenges to begin a workable corporate or government security process. To varying degrees, we all apply a security process to a part of our daily lives. When we prepare to leave our homes, we check to see if we left anything burning, turned off unneeded lighting, set the home alarm and locked the door on departing. When we arrive at work, office access is gained through the action of unlocking the office door with a key or using a card or badge containing a coded magnetic strip. Access to your office computer is done through a personal ID and password. Electronic billing is accomplished through secure connections, using a personal pin number to obtain cash from ATMs and protecting customer information from competitors. We all recognize the need for applying security practices to various aspects of our lives. Technology has made life easier, businesses more profitable, advanced healthcare and improved our national security. Putting a security process into effect starts with your basic understanding of security - the personal protective actions you take each day. There are many challenges to begin a workable corporate or government security process. Focusing too much time and energy on only one aspect of your security umbrella will surely leave you vulnerable in another area. Not only will you waste resources, time and money, but you will also leave yourself vulnerable to other costs of recovery and lost customer confidence. Your personal security knowledge will prove beneficial when starting to establish or improve your security process – do not underestimate what you know. Remember that assigning someone to be responsible for a process mandated by a law does not remove one’s liability for compliance, a situation that we have seen validated time and time again in our court system. In the past few years, there have been a few public laws that seem to have more of an impact across the board than others. It is important to understand which laws have an impact on your operation. Rely on your personal security knowledge and, with a little help from your management team, identify specific laws and policies to focus on, particularly the compliance laws that could negatively impact your activity for non-compliance. 20 Evolvent Magazine As viewed in the news, the judicial system does not accept ignorance as a workable defense by a senior corporate or government leader. Having personal knowledge of legal requirements further enhances a senior leader’s ability to identify potential problem areas before they become disaster areas. For example, having been involved in performing multiple security processes during the past thirty-five years, my knowledge of security is going to be greater than a leader whose background has been in another professional discipline. As a senior leader, the work I perform today drastically differs from what I was doing three decades ago. However, I still spend time reading, studying and seeking guidance from others on new laws and policies. Like an architect, I use mandated policy to build a security strategy, which is the foundation for a workable security process. I also rely on the sharing of security knowledge with my staff, from the top to the bottom of our corporate structure and the interchange of ideas. Health Insurance Portability and Accountability Act of 1996 (HIPAA) For the past few years, the health care industry, within the commercial and government sectors, has been working to implement Health Insurance Portability and Accountability Act of 1996 (HIPAA) protection requirements, specifically the Security Rule found in 45 CFR Part 160 and Part 164, Subparts A and C of the Act. The need for protecting patient information, especially in the modern and evolving technology world, was long over due. The trick was how to implement this security rule without a negative impact on patient care. The real challenge presented itself when attempting to apply security rules to systems that were developed a decade ago without security being designed into the system. Functionality took priority, as threats were not as obvious then as they are now. The HIPAA security standards are broken into three basic areas – administrative, physical and technical: • Administrative Safeguards – The administrative functions are the necessary processes implemented to meet HIPAA security standards. This portion of the rule involves everything from the risk analysis/management process, assignment of responsibilities, information management, security education, incident handling and contingency planning. • Physical Safeguards – The physical safeguards are the physical security measures taken to protect systems, facilities and equipment from natural and environmental hazards and unauthorized intrusions. This portion of the rule could extend outside the actual office to the workforce employee’s home or other physical location where patient information could be electronically accessed. • Technical Safeguards – As indicated in the first paragraph on HIPAA, advancements in technology have created numerous challenges, especially with the protection of electronically processed patient information. The Security Rule defines technical safeguards (see section 164.304 of the HIPAA policy) as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” The security rule does not direct a specific technology solution, only standards to be followed using simple technical examples. There are several excellent sources of information for HIPAA compliance, simplified for ease of reading by senior leaders, managers and those who will implement the requirements. An excellent source for HIPAA information can be found on the Department of Health and Human Services Website. Finally, it is important to not rely solely upon a technical solution for HIPAA compliance. If you do, chances are high that you would be over six percent non-compliant. Get your team involved and seek third party assistance – someone who has had extensive experience providing HIPAA and ePHI guidance to other health care covered entities. Your personal security knowledge will help to identify the real experts from those who only provide a partial solution. Sarbanes-Oxley Act Another important law, one that is of keen interest to financial institutions, is the Sarbanes-Oxley Act (SOA). Especially noteworthy in SOA is the final SEC rules Section 404, which is specifically designed to assure accountability. Guidance from legal counsel and knowledgeable risk advisors help senior management to implement standardized and repeatable processes that ensure compliance. The impact of technology is one element considered in an internal control evaluation over financial reporting. A vulnerable system could create uncertainty in the evaluation process. Corrupted data, the result of system vulnerabilities, skews audit trails, especially if business contingency plans do not take into account “data recovery.” Physical safeguards ensure controlled access from a system, facility and personal perspective. Some of the internal general security processes to considered are: • Security Administration – Critical asset identification and policy development that ensures security standardization, data availability, integrity and confidentiality • Risk Management – Identification, measurement, control and minimization of loss associated with uncertain risks or events • System and Application Configuration Management – Controlling how changes to systems and applications are to be made and by whom • Business Continuity Planning – What are the information protection requirements and the environment; business impact analysis and recovery strategies; assurance, trust and confidence mechanisms; testing, training, awareness and maintenance • Information Processing Center Operations and Problem Management – Policies, plans and actions for managing financial transactions and assuring accountability for problem management • Resource Management – Knowing the shared resources and how data are maintained and shared internally or externally Compliance with SOA will require a collective team effort involving corporate leadership, legal assistance, employees, third party auditors and security experts. Using your basic personal security protective knowledge, you will be able to structure your SOA compliance strategy to ensure compliance, help to identify qualified third party experts that will assist you and have the character to standby you when called upon. Federal Information Security Management Act of 2002 (FISMA) Of particular interest to federal government activities and the non-government agencies has been the implementation of Federal Information Security Management Act of 2002 (FISMA). If you are working in the government, or have business with the government, you will want to become knowledgeable of FISMA. On December 17, 2002, the President signed the Electronic Government Act (E-Government) into law. Title III of this law contained the Federal Information Security Management Act (FISMA), which lays out a framework for annual information security reviews, reporting and remediation planning. This allows the Federal government to identify system security progress, compliance and problems. Any agency that works within the government, provides support to the government or connects to the government is impacted by FISMA. What makes FISMA unique is that it incorporates requirements from other public laws and expands upon the framework first laid out by the Government Information Security Reform Act of 2000 (GISRA), which expired in November 2002. FALL | 2005 21 035-006 Staying current with legal requirements is fundamental to building a solid security process. FISMA introduces a statutory definition for information security, a definition that is not different from other government policies, information security meaning the protection of information and information systems. Key parts of the Act that allow for changes in technology and emerging threats makes FISMA all the more important. Below are the two key elements: 1. Section 3544(a)(1)(A)(ii) describes agency security responsibilities including “information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency.” 2.Section 3544(b) requires that each agency provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source. One item that seemed to be lacking in other legal government security policies was compliance “accountability.” Congress corrected the accountability problem with changes to OMB Circular A-130, driven by FISMA, requiring an “annual reporting requirement” to Congress to ensure accountability throughout the government. The following is a summarized overview on the new FISMA requirements: • Agencies are responsible for developing system configuration requirements to ensure compliance that comprises traditional system configuration management, employing clearly defined system security settings and maintaining up-to-date patches that include an active process of ongoing monitoring and maintenance. • Agencies will implement an annual security control test and evaluation process on each system that encompasses security policies, procedures, practices and management, operational and technical controls. • Agencies will develop contingency plans (Continuity of Operations, Disaster Recovery, Business Contingency Plans, etc.) and test the plans annually. • Agencies will help in combating vulnerabilities to technology and the constant emerging threats, a requirement to report significant deficiencies. Specifically, FISMA requires the “reporting of any significant deficiency in policy, procedure or practice.” • FISMA has resulted in an amendment to the Paperwork Reduction Act, requiring the head of each agency to 22 Evolvent Magazine develop and maintain an inventory of major information systems operated by or under the control of the agency. What makes the FISMA requirement different from other policy criteria is the requirement to include the identification of the interfaces between each system, all other systems and networks, including those “not” operated by or under the control of the government agency. • Certification and accreditation of government systems has been a requirement for some time now. Under FISMA, agencies are required to report the total number of systems and the number of systems with completed certification and accreditation. The policy requirements found in FISMA appear to be practical, flexible and cost-effective – allowing for changes in technology and emerging threats. Yet congressional reporting and independent audits continue to identify government agencies that either fail to comply or treat the current requirements similar to the twenty to thirty year old legal requirements that no longer exist. In short, this article provides an overview on a few recently enacted laws that may impact your organization. Within each law, you can expect to find numerous additional requirements that must be implemented. Staying current with legal requirements is fundamental to building a solid security process. Relying on your personal security knowledge will help you to ensure compliance, assure accountability and, when needed, obtain the right security skill set to help with implementing a solid security process for your organization. 035-006 IMITS Info Pg-REV-6-06 6/27/05 12:19 PM Page 1 Integrated Medical InformationTechnology System A Partnership between University of Pittsburgh Medical Center and the Department of Defense Through an appropriation in the defense-spending bill for 2002, the University of Pittsburgh Medical Center and the Department of Defense have created a strategic partnership called the IMITS Program. Focused on utilizing advanced technologies to provide quality healthcare services regardless of location, IMITS enables clinicians to have access to and view various types of medical information from pathology slides to CT scans, as well as to consult with specialists at distant locations. The system allows for swift diagnoses of various conditions where specialty medical care may not be readily available, such as at a rural physician’s office or a remote military installation. University of Pittsburgh Medical Center and the Department of Defense have formed this partnership in large part due to a decline in both private and military sectors of specialists who are essential for the accurate diagnosis and treatment of medical conditions. Continued congressional funding in 2004 and 2005 supports the development of new advanced clinical technologies and the expansion of the IMITS program into the Pacific Region. The IMITS platform will be extended into multi-health specialty areas while focusing on emerging advance care technologies. This initiative allows the creation of “Centers of Excellence” within the Department of Defense that can export medical care knowledge to areas around the globe. Through the expanded IMITS program UPMC and the Department of Defense will continue to share information technology resources and expertise that will contribute to the development of improved systems of care. IMITS Network Lackland AFB Lackland AFB Lackland AFB University of Hawaii University of Hawaii Lackland AFB PLATELET GEL MEDICAL SIMULATION ECMO TELEMENTAL HEALTH IMITS PROGRAMS TELEAUDIOLOGY TELERADIOLOGY TELEPATHOLOGY TELEOPHTHALMOLOGY Lackland AFB Lackland AFB Keesler AFB Lackland AFB Wright Patterson AFB Eglin AFB Eglin AFB Travis AFB MacDill AFB Forbes Tower • 200 Lothrop Street • Pittsburgh, PA 15213-2582 p: 412-432-5197 • f: 412-432-7568 24 Evolvent Magazine EVOLVENT KNOWLEDGE MANAGEMENT DISCOVERY TOOLSET Executive Summary In an environment where getting the right information to the right people at the right time is critical to an organization’s success, business leaders are constantly seeking ways to enhance the effectiveness of their decision making processes. Whether it is the collection and interpretation of raw data into information or the development and implementation of creative solutions to collaboration problems, harvesting knowledge from unstructured information contained in repositories across a wide range of business operating units is the key that opens the door to an organization’s intellectual capital. In the intelligence world, adversaries strive to gain advantage over each other. Through the use of intelligence, surveillance and reconnaissance (ISR) and technical innovations, intelligence agencies are able to convey environmental awareness and information capabilities to decision makers at every level of command. Many times agencies find their missions aligned to related goals, and as a result, they end up supporting many of the same customers. When this occurs, these agencies may engage themselves in partnerships to enhance their limited capabilities. While the idea of leveraging capabilities to gain superiority is a good goal, it is also a formidable and sometimes unattainable one. Establishing and maintaining access for intelligence community end-users to unique/segregated ISR databases, systems and secure information communications platforms results in limited end-user access and requires extensively trained administrative and technical resources. Since the content of unstructured information is critically linked to nearly every decision making process across a wide range of business operations, organizations must be able to efficiently process their unstructured information. transform unstructured information into “actionable” knowledge, enhance risk communication to leaders and improve both information flow and collaboration are what sets Evolvent apart from those who talk about KM and those who deliver KM. Introduction Embedded within every deliberate and crisis action planning process is a decision matrix that is fueled by unstructured information. This unstructured information presents itself in many forms such as Word or PDF documents, PowerPoint presentations, or HTML and XML formatted document types. Knowledge Management (KM) solutions that fail to efficiently manage unstructured information are similar to high performance vehicles that have been filled with low octane fuel—they fail to reach their potential. Incomplete information discovery and delivery oftentimes leads to decisions that would not have been made had the decision maker been provided with a comprehensive view of a situation. On the other hand, KM solutions that offer simultaneous high recall and high precision, exceptionally high rates of information sorting/classification, language independence and scalability are like high-octane fuel in that same vehicle. Both the driver and the decision maker effectively leverage all of their capabilities. Connecting leaders with relevant and timely information in an efficient manner has always provided a competitive advantage over one’s competition. In order to gain this advantage in today’s business environment, leaders must implement processes and toolsets that effectively maximize the return on intellectual and information resources through the re-use of existing knowledge within their respective “enterprise.” A leader in helping organizations maximize their return on intellectual and information resources, Evolvent is the “high-octane” fuel in the KM integration business. The successful employment of unique solutions that automate manual processes used to Evolvent KM solutions help clients develop and integrate resources for intellectual capital management. A web-based delivery model developed to virtually share, collaborate, distribute and exchange knowledge among members of an organization, While subject matter experts, surveillance systems and robust database analysis are crucial to converting raw data into information; it is the transformation of relevant information into an actionable context and its subsequent delivery to the appropriate decision maker that provides a leader with their advantage. The enabler of this advantage is the toolset that not only automates the collection, indexing, categorization and classification of unstructured information, but also extracts and pushes relevant information to selected decision makers through a KM platform. FALL | 2005 25 Evolvent’s Knowledge Exchange (Kx) serves as an intelligent portal for content management, workflow, e-learning and collaboration. Building strategic plans that reduce costs and enhance collaboration is demonstrated by Evolvent’s leveraging of know-how gained by experience across a variety of vertical markets. When it comes to managing and leveraging the benefits of unstructured information, Evolvent’s leading edge knowledge discovery toolset embedded within the Kx provides business leaders with search and retrieval technologies that are simple to deploy, easy to integrate and adhere to current and emerging standards. Evolvent’s unique combination of Knowledge Discovery technologies provides: • Probabilistic Latent Semantic Indexing • Relevance ranking based on the Probabilistic Model (Bayesian Inference) • Dynamic summarization • Concept identification based on Shannon’s Information Theory • Cross platform compatibility via Web Services • All Application Programming Interfaces (APIs) based on XML • Transparent access to system internals including the statistical profile of terms • True relevance ranking of compound (i.e. multi-word) items What does this mean to the user? • High Recall and High Precision • Contextualization; finding hidden relationships between documents within the enterprise • Exceptionally high sorting rates (200,000 documents per hour) • Language independence • Scalability 26 Evolvent Magazine Most KM platforms are robust document management systems. They are heavily dependent on subject matter experts (SMEs) who upload and organize information within their respective communities. This is both time-consuming and subjective, resulting in a stove-piped, static presentation of information. Retrieval of information is dependent on active searches conducted by end-users. This can be hit or miss and is compounded by a lack of integration between existing KM platforms and document management systems. Often times little or no connectivity exists to other valuable data sources. Evolvent KM solutions implemented in various business sectors effectively leverage existing technologies while driving higher utilization of the organizations’ information resources. Although successful KM initiatives have a multi-phased approach, a significant return on investment (ROI) can be obtained in relatively short order. This is demonstrated through the rapid improvement in support of information discovery and communication roles. Specifically, success for this endeavor is measured by Evolvent’s ability to collect, index, categorize and objectively classify an organization’s unstructured information. In almost every organization, unstructured information is categorized and indexed by various individuals using “subjective” factors in a manner that is very time-consuming. Evolvent’s KM solution involves using “objective” criteria (established and accepted taxonomies) to automate the classification function. Unstructured information is automatically indexed and relationally organized according to Organizational, Functional (multi-disciplinary skillsets) and Product Line taxonomies. New information is collected, indexed, categorized and classified daily. Individual users can set up a profile that enables automatic notification any time relevant information is added. The second discriminating component of Evolvent’s KM solution involves transforming the way an organization gets information to the end-user. While existing document management systems provide a repository where people can go for information, most do not push relevant information to the end-user. Instead of a hide-and-seek game where end-users have to visit a variety of private and public domains to obtain unstructured information, Evolvent’s KM solutions push content automatically from geographically separated information repositories and related sites that are relevant to what the end-user is working on. In summary, Evolvent KM solutions bring a variety of supplies and tools that are focused on providing support to a decision maker in any industry. It presents an integrated approach that automates the timeconsuming process of collecting, indexing, categorizing and classifying unstructured enterprise information and results in the rapid delivery of actionable knowledge to the right person at the right time. Kx Knowledge Discovery Toolset Foundation BAYESIAN INFERENCE Thomas Bayes was an eighteenth century mathematician who devised a theory for conditional probability: P(B/A) P(A) P(A/ B) = ———————————— P(B) Conditional probability is the probability of some event given that some other event has already occurred. In the above equation, the left hand term P(A/B) is known as the posterior probability or the probability of some event A occurring given that event B has occurred is equal to the probability of event B occurring given that event A has occurred, multiplied by the probability of event A occurring and dividend by the probability of event B occurring. The Probabilistic Model interprets Bayes’ Theorem in an Information Retrieval (IR) context where the probability that certain query terms are better differentiators between relevant and non-relevant documents than other query terms is evaluated given implicit or explicit relevance feedback. weights and document weights and subsequently performed extensive evaluations on relevance feedback techniques using standard document collections. In 1994, Robertson introduced an extended model that was no longer based on a binary independence model, and this work has strongly influenced the design of Evolvent’s Knowledge Discovery Toolset. Probabilistic Model. This model not only allows initial relevance ranking to be more accurate, but it also provides a mechanism for iterative searching based on relevance feedback. PROBABILISTIC LATENT SEMANTIC INDEXING Probabilistic Latent Semantic Indexing (PLSI) is the ability to locate documents that are relevant to the user’s WHEN IT COMES TO MANAGING AND LEVERAGING THE BENEFITS OF UNSTRUCTURED INFORMATION, EVOLVENT’S LEADING EDGE KNOWLEDGE DISCOVERY TOOLSET EMBEDDED WITHIN THE KX PROVIDES BUSINESS LEADERS WITH SEARCH AND RETRIEVAL TECHNOLOGIES THAT ARE SIMPLE TO DEPLOY, EASY TO INTEGRATE AND ADHERE TO CURRENT AND EMERGING STANDARDS. PROBABILISTIC MODEL The Probabilistic Model was pioneered at Cambridge University during the 1970’s and 1980’s. The model is an application of Bayes’ Theorem and defines a system for weighting individual query terms and documents based on: • The frequency of terms across the document collection (wcf) • The frequency of terms within a given document (wdf) • Normalized document length (ndl) • Explicit or implicit feedback on document relevance In 1976, Professor Stephen Robertson and Karen Sparck Jones devised a formula for computing term Why is the Probabilistic Model superior to traditional free text systems? Traditional free text systems are based on simple keywords and Boolean logic (primarily the AND, OR and NOT operators). While this technique is very precise, it does fall down when the number of documents retrieved is too large to examine exhaustively. In this case, the ability to rank documents, with the most important ones at the top of the list, is of paramount importance. Over time traditional systems have introduced various ways to rank results, but this is not based on a sophisticated model of term profiles across the collection of indexed documents and tend to rely too heavily on a within document frequency (wdf) analysis. The statistical model of term frequency across the document collection is unique to the query even if they do not contain any of the words in the user’s query text. It is also about the ability to ignore documents that do contain words from the user’s query, but which are not relevant. Probabilistic Latent Semantic Indexing (PLSI) is achieved by: • Relevance ranking the documents matched by the initial query • Extracting the distinguishing concepts from the most relevant documents • Expanding the query to include selected related concepts The inclusion of related concepts can be done explicitly (user decides) or implicitly where related concepts FALL | 2005 27 are included automatically based on an understanding of the application area and/or user personalization. For example, consider the following query: “Dangerous dog attacks baby” Imagine searching for “portable computer” and finding documents that were about “aptops”, “the Toshiba Tecra” and “notebooks” but where some of the retrieved documents do not contain any words from the original query—that’s Latent Semantic Indexing. RELEVANCE FEEDBACK Traditional IR systems provide a static mechanism to index documents and service retrieval requests. Relevance feedback is used to describe dynamic mechanisms that allow the retrievals to be tuned over time based on explicit or implicit feedback from the user(s). An example of implicit feedback would be where a user identifies individual documents that are relevant to their query. An example of implicit feedback would be where the system monitors the user’s activity to see what documents they examine, how long they spend looking at individual documents, what documents they author or perhaps a common pattern to their retrieval activity. The Probabilistic Model allows this type of explicit or implicit feedback to be injected into the retrieval process so that the weightings applied are modified or tuned automatically to suit a particular user’s requirements. A human would interpret this phrase as being about a wild animal attacking an infant. However, a simple IR system that assumes that words appear independently from each other would assume that any document containing the phrase: “Dangerous virus attacks baby dog” would be 100 percent relevant to the above query on the basis that it contains all of the words. Most humans would disagree. Evolvent’s Kx uses Shannon’s Information Theory to compute the incremental value of compound terms based on an analysis of the probability of the joint occurrence. SHANNON’S INFORMATION THEORY Claude Shannon, a scientist working at Bells Labs, published his Information Theory in 1948 and this had an immediate and lasting impact on data communication technology. Shannon demonstrated that the value of a piece of information is proportional to its probability and the entropy of a joint event is given by: H(x,y)= – p(i,j)logp(i,j) i,j CONCEPT SEARCHING COMPARED TO SIMPLE KEYWORDS SEARCHING A Probabilistic implementation that worked on the basis that words appear in documents independently from other words would provide a reasonable level of accuracy. However, if the implementation understands that the co-location of words is relevant and should form part of the weighting process then a significant improvement in the relevance ranking can be achieved. 28 Evolvent Magazine Evolvent’s Kx interprets this in an IR context to compute the incremental value of a two-word term over its singleton components. Higher order compound terms are evaluated using their lower order compound components. It is no coincidence that the majority of compound terms are in fact proper nouns, noun phrases and verb phrases, and it is these sentence fragments that convey the key concepts in most text. However, the concepts are identified without any linguistic analysis and so the toolset works with any vocabulary and is language independent. The mathematical approach works because Shannon’s theory can be applied to any human language communication. The ability of an IR system to identify clusters of words that identify specific concepts represents a major advancement over systems that fail to do this. LANGUAGE STEMMING Often a user will type in a query with one form of a word but would like to match other forms of what is essentially the same word. In 1980, Dr Martin Porter, a member of the team working on a Probabilistic Model at Cambridge University, developed a suffix-stripping algorithm that has been very widely adopted for normalizing words in IR systems. Using Porter’s algorithm the following words can be matched: “dangerous” with “danger”; “dangers” and “dangerous” “attacks” with “attack”, “attacks”, “attacker”, “attackers” and “attacking” “baby” with “baby” and “babies” In addition, with our fuzzy stemmer the following words can also be matched: “misspelt” with “mispelt” “commission” with “commision”, “comission”, “commissioning” and “comisioned” “accommodate” with “accomodate” and “acomodation” Evolvent’s Kx uses language stemming as part of its conce pt matching process, although individual words and phrases may be left un-stemmed by enclosing with double quotes. This means that by default, stemming broadens the matching process but where a particular word should be interpreted verbatim, it can be easily excluded from the stemming process. SUMMARIZATIONWhen a document is retrieved we normally need to display an extract from the document as an aid to the user when reviewing the returned document set. Most systems will display a static summary that is the same regardless of the user’s query. Evolvent’s Kx can display static summaries. However, it can also apply a modified weighting system to identify short extracts that are most relevant to the user’s query. The number, length and relevance threshold for these extracts are all-configurable. The extracts will normally comprise whole sentences or short paragraphs. PERSONALIZATION AND ALERTING Sometimes users would like to be kept informed about a particular topic and notified when new documents arrive that are relevant to their interests. Evolvent’s Kx can be used to keep users updated based on their individual profiles and will typically send an email message when new content has been added to the index. With Evolvent’s Kx Agents, the system becomes proactive, pushing content to users and eliminates the need to repeat the same searches periodically just to see what is new. SUPPORTED PLATFORMS The current version of Evolvent’s Kx Knowledge Discovery Tools Server is available as a .NET Web Service. This means that it can be deployed on any platform that supports Microsoft.NET and may be called from any platform that supports Web Services. Therefore, it is easy for an application developer using any J2EE development environment (e.g. IBM Web Sphere) to take the Web Services Definition Language (WSDL) file and begin making Kx API calls. The Kx Index Server is implemented as a suite of Windows programs. Sample applications are available today written in C# (for .NET), ASP (for COM+) and Java/JSP (for J2EE). A native J2EE implementation of the Query Server is also planned. The major advantage of the J2EE implementation, which has an identical API to the .NET version, will be the ability to host the Query Server on Unix platforms. CAN I CALL Evolvent’s Kx FROM AN ASP/COM + APPLICATION? New application development on the Microsoft platform is rapidly moving to .NET and this environment make interfacing to Web Services very simple. However, many excellent products have been developed for the ASP/COM+ environment and migrating these to .NET would be a major undertaking. Fortunately, Microsoft has provided the SOAP Toolkit for ASP/COM+ developers and using this it is fairly straightforward to call Web Services running under .NET (or J2EE). WHAT TYPES OF DOCUMENTS CAN I STORE? Evolvent’s Kx has the following collectors: • HTTP collector—for spidering web pages • File collector—for documents located on file systems • Corel WordPerfect • PowerPoint • Any other files in text format (e.g. TXT, CSV, etc) In addition, an application developer can pass custom documentation types via the Evolvent’s Kx XML collector. WHY IS A SQL DATABASE REQUIRED? The Evolvent Kx stores its probabilistic index in a proprietary database. However, the Kx uses a SQL database to manage the queue of documents to be indexed. The SQL database contains all information necessary to perform indexing, such as the individual filenames and URLs, access criteria, re-indexing frequency, inclusions and exclusions, etc. The SQL database may also be used to store any application specific meta-data. Benefits of the Evolvent Kx Approach HIGH RECALL AND HIGH PRECISION Recall is a measure of how many of the documents that are relevant get found, with high recall indicating that most of the relevant documents are found. Precision is a measure of how many documents in the returned set are relevant, with high precision indicating that most of the documents returned are relevant. The Evolvent Kx offers “high recall and high precision”. Others offer only “high recall or high precision.” • Microsoft Word and Rich Text Formats CLASSIFICATION AND SUPPORT FOR TAXONOMIES The Evolvent’s Kx module can be used to classify documents into any predefined categories based on a small number of descriptors. Once classified the documents can then be applied to a corporate taxonomy and used for browsing the database or as a filter when running ad hoc que- • Adobe Portable Document Format (PDF) ries.Evolvent Kx can classify around 200,000 documents per hour. • XML collector—for custom document types Evolvent’s Kx has native file conversation facilities for the following document types: • All HTML and XML formats FALL | 2005 29 EVOLVENT KM CONCEPT MODELS (PILOTS) PROVIDE A RAPID, MEASURABLE AND LOW-RISK ROI. SUPPORTED LANGUAGES The Evolvent Kx can index any text in the Roman alphabet including full support for diacritics. The use of diacritics within documents or queries is entirely optional so that fitchée will match with fitchée and vice versa. All information is exchanged and managed internally; using UTF-8 and so support for non-roman alphabets (e.g. Kanji or Arabic) should be possible in the future. The following languages are automatically detected and processed: • Danish • Dutch • English • Finnish • French • German • Italian • Norwegian For testing and development the entire system can be installed on a single computer. For live implementations the Query Server, Index Server and the Web Application would normally be distributed. A multi-server configuration will be capable of indexing about two million pages per day while simultaneously providing retrieval to hundreds of concurrent • Portuguese • Spanish • Swedish • Welsh 30 SCALABILITY The designers of the Evolvent Kx have many years experience in implementing proprietary file systems and custom databases. In particular the database format has been designed to allow concurrent indexing at full speed while allowing simultaneous access for retrievals. This concurrency has been achieved in part by reducing the amount of file restructuring typically found in competitive systems, which are often based on Btree structures. The selected design tends to produce an index database a little larger than some alternatives but with faster retrieval. In general, the Evolvent Kx will produce an index database whose size is directly proportional to the volume of documents under index (i.e. 10GB of documents will typically produce an index database of 10GB). The proprietary database format used by the Evolvent Kx has been designed to provide optimum performance and concurrency. users. For very large implementations, multiple Query Servers could be configured with shared access from a pool of application servers. Conclusion Evolvent KM Concept Models (pilots) provide a rapid, measurable and low-risk ROI. A KM solution that layers over and leverages multiple document management systems, Evolvent’s KM solutions lack the exorbitant integration costs traditionally found in other KM platforms and are the defining factor in determining who in business is successful and who in business is successful FIRST. Do Au The unst from iden for c With infor mail prior unde Evolvent Magazine Copyrigh Over 60 Civilian, Defense and Homeland Security agencies use Autonomy to disseminate critical information. Shouldn't you? Does your existing software solution get the right information to the right people? Automatically? The public sector must be able to efficiently and accurately process unstructured information, whether the function is monitoring news feeds from foreign countries, supporting law enforcement investigations, identifying security threats, or providing the most up-to-date information for constituent service. With Autonomy's power, computers understand the 24/7 deluge of information. E-mails, message traffic, Web pages, documents, voice mails, videos, audio files and XML content are intelligently categorized, prioritized and delivered to the right person because the computer has understood and ranked the main concepts within them - automatically. Copyright © 2005 Autonomy Corp. All rights reserved. Other trademarks are registered trademarks and the properties of their respective owners. Autonomy's technology automates the information portals and customer relationship management applications that empower agencies to use their core resources more effectively. Which is why more than 60 civilian, defense, and homeland security agencies use Autonomy's intelligent infrastructure to gather data in real time, conduct extensive analysis, facilitate collaboration and disseminate critical information. To find out what benefits Autonomy can bring to your agency, call us at 866-821-9955 or visit us at www.autonomy.com. AGILE DEVE By Geoff Howard Chief Technology Officer, Evolvent recently heard an off-hand comment about some failures in a project at a government agency from an acquaintance. It turned out that the requirements process had been delegated by the senior project owners to disinterested minor stakeholders who were busy with other tasks. Driven by the technical project manager, a detailed requirements document was created, blessed by senior leadership (who probably did not review the document in detail because of its length and apparent completeness), and executed on time by the technical team. I Only after “successful” delivery was it discovered that the finished system missed the mark in several key areas because of the limited domain knowledge and interest of those who created the requirements. We have seen nearly identical problems where requirements in RFPs and SOWs are detailed and clear, but turn out to be inaccurate as the engagement begins. In our first article on Agile Development, we examined the false security of requirements and looked at one technique designed to combat this problem – continuous delivery. Certainly this practice would have helped avert the failure described above, but there are other disciplines deployed by adaptive development practitioners that go further. Having pointed to failures in typical customer interaction and requirements specification, we certainly should paint a picture of how these can be accomplished successfully. Less Detail—More Accuracy Having heard that Agile Development places less emphasis on up-front requirements gathering, you may be wondering how a project could ever come together. How do I communicate what is needed, reduce risk and ensure quality without specific details up front? A key element lies in understanding what is really needed by developers and stakeholders alike in the early stages of a project. 32 Evolvent Magazine I commonly find requirements documents to be overly detailed while missing key information about what users need from a system. For example, a detailed description of a screen may specify each piece of information that needs to be displayed, and how much room each field requires in the database, which fields are required, what sort of input is acceptable for each, etc.This will appear complete to most observers, but critical information is missing. How do users need to interact with this screen and why? How will they get there, what do they need or want to do next? Even worse, the detail that is provided is usually not necessary in the early planning stages, tends to distract from the “big picture,” and causes other critical needs to be missed. If it has not already been done, I would like to coin an axiom of human behavior: As a document’s length and detail increases, the number of people who will read it decreases, and the number of people who will evaluate it thoughtfully decreases exponentially. With a requirements document, this leads to disaster. What does an Agile Development approach suggest to counter this? First of all, constant involvement from the customer – at least one key stakeholder able and available to steer and correct features as they emerge. We will return to this in a moment. But what about written, formal requirements? The common practice here is not to attempt to gather detailed technical specifications for the whole system up front, but to gather prose descriptions of users’ interactions with the system. Sometimes called “User Stories,” these units of requirements are short – generally a short paragraph, and written by the customer in their own words – not in technical terms. It is easy to imagine why a collection of these brief non-technical descriptions would be significantly easier to gather real input on from a wide array of stakeholders. A good collection of them may only take up ten pages, but they are in “customer-speak,” and therefore tend be dense with meaning easily understood by key insiders. Where does the detail come from? How do developers interpret what may be a foreign language to them? They need ongoing help from the customer – that is what we will look at below. VELOPMENT AS A DOCUMENT’S LENGTH AND DETAIL INCREASES, THE NUMBER OF PEOPLE WHO WILL READ IT DECREASES. WITH A REQUIREMENTS DOCUMENT, THIS LEADS TO DISASTER. Customer Availability When it comes time to work on developing code to implement one of these stories, a knowledgeable customer meets face to face with the development team to translate and fill in details necessary to the work at hand. In a very large project this may be a full time commitment from one or two people. In a more typical modest sized project, this may be a minor, but real, commitment spread out throughout the development period. The key is that as questions arise and assumptions are made, a knowledgeable and authoritative customer voice is consulted. On the surface, this can sound like a much greater investment of time than the standard practice of delivering written requirements. In practice this turns out to not be true. The timesavings gained from benefits like decreased up-front requirements details generally outweigh the difference. Most people also find it more efficient to discuss smaller units of functionality, and to evaluate concrete ideas in front of their eyes (often a partially working product) than to participate in long and broad discussions about all aspects of an entire system that does not yet exist. In practice it is also usually true that face-to-face communication is clearer and more efficient about such details than a written document. True, the results of this communication would normally be captured in writing and can be validated and kept for ongoing reference. However, the written words are not intended to be the primary means of communication – only a record of what was communicated. This may sound like a small point but it is crucial. Customer interaction goes beyond this face-to-face requirements channel. Another key role for the customer representatives is in release planning. During the initial highlevel planning (gathering of user stories and laying out a rough project plan), and in the ongoing process of planning the next release cycle, the customer decides and refines what features are implemented next, and how to adjust should problems arise. Sub-delivery targets can be negotiated by adding or removing features and resources, or by moving the target dates. This bi-directional visibility into project dependencies, timing, strategy, pressures and constraints promotes healthy team dynamics and buy-in on both sides. Strange Yet Familiar I would be willing to bet that some of the practices we have been describing sound familiar as natural tendencies of any healthy development project, while some sound foreign and counter-intuitive. The Agile Development approach grew largely out of casting off procedures that consumed effort but were not delivering value, and replacing them with refined versions of informal and natural tendencies that tended to resurface across many projects. It must be added that Agile Development is no panacea. An interesting open question, especially in the government space, is how to construct a contract to support this style of development without increasing both customer and contractor risk by leaving deliverables too vague. Still, with the right team and under the right circumstances an Agile Development process can lead to increased speed and success, and decreased risk and cost. The benefits of Agile Development can be tremendous. We have already examined the potential for increased accuracy and success. Having examined the agile requirements process more fully, we can now add a new benefit: meaningful development can often begin faster and produce results sooner. ■ FALL | 2005 33 Fielding the Best Team for SPAWAR Systems Center Charleston! Evolvent, a small business leader in Information Assurance, has built a team of industry leading small, medium and large businesses with capabilities across the spectrum of the SSC Charleston requirement.