Revision Log
Revision
Date
Explanation
02/13/2015
2/27/2015
3/6/2015
3/20/2015
3/27/2015
4/6/2015
4/17/2015
4/20/2015
Table of Contents
Revision Log..........................................................................................................1
Executive Summary...............................................................................................4
The Means for Collecting Requirements and Developing the WBS......................5
Overview Initiation...............................................................................................7
Team Roster..........................................................................................................8
Team Contract.......................................................................................................9
Stakeholder Register...........................................................................................13
Stakeholder Management Strategy.....................................................................14
Stakeholder Communications Analysis................................................................15
Business Case.....................................................................................................17
Project Charter.....................................................................................................23
Agenda for Kick-off Meeting.................................................................................26
Risk Management for Vendor Reviews................................................................27
Overview Planning..29
Functional Description...30
Technical Description.31
Project Assumptions..34
Risk Register/List of Prioritized Risks.35
Project Scope Statement ....................................................................................36
Requirements Traceability Matrix .......................................................................39
Work Breakdown Structure .................................................................................41
Executive Summary
This report was commissioned to examine and verify that vendors to Nittany Lion
National Bank (NLNB) are compliant with their contract regarding data protection.
Research for Phase A deliverable focuses on the overview of the overall project. NLNB
wants to grow as a business and become more profitable. After evaluating their
expenses, NLNB found that it would be beneficial to manage the cost of purchasing
services. NLNB has decided to prioritize managing purchased services. Vendor
relationships are really important to NLNB, but vendor relationships must be balanced
with price. We predict that the pre-start-up activities will have successful outcomes
based on our success criterion and that this project will benefit NLNB and serve their
initiative to obtain pricing that takes into account the aggregate of scale with their value
as a major customer, service with an emphasis on added value, and substantial
reductions in cost.
To promote this initiative, NLNB will be conducting Vendor Security Compliance
Reviews (VSCRs). VSCRs are necessary in order to comply with NLNB Standards and
regulatory requirements. The NLNB VSCR team oversees the VSCR process and
periodically reviews vendors as required. NLNB is looking for a third party, one or more
Security Consulting Firms (SCFs), to perform VSCR services. The purpose of the
reviews is to assess the security of each vendors facilities and provide assurance that
each vendor has taken the appropriate information security measures to comply with
the current contract in place.
The project will be completed by May 2nd, 2015. Throughout the semester we will
complete Phases A through H to ensure we are on task and on schedule. After the
completion of Phase H, the project will be complete.
Overview - Initiation
Nittany Lion National Bank Related Services Company (NLNB), Inc. wants to grow as a
business and increase their profits. After evaluating their expenses, NLNB has
prioritized managing purchased services and the costs associated with the purchased
services.
Vendor relationships are really important to NLNB, but vendor relationships must be
balanced with price. NLNB intends to make every effort to obtain pricing that takes into
account the aggregate of scale with their value as a major customer, service with an
emphasis on added value, and substantial reductions in cost.
The purpose of the reviews is to assess the security of each vendors facilities and
provide assurance that each vendor has taken the appropriate information security
measures to comply with the current contract in place.
Team Roster
February 6, 2015
Role on
Position
Phone
Location
Project
Mats
Point of
Penn State
Gausdal
Contact for
Consulting
EY
Team
Coordinator
Penn State
Michael
Hergarty
4420
PA
mah5741@psu.edu (215)-983- State
Consulting
5000
Team
Franklin
Documenter
Mak
Penn State
fwm5072@psu.edu
(215)-908- State
0994
Team
Project
Penn State
Nizinski
Manager
Consulting
Team
College,
PA
Consulting
Allie
College,
College,
PA
acn136@psu.edu
(717)-324- State
2618
College,
PA
Team Contract
Contact Information
Franklin Mak
Email:
fwm5072@psu.edu
Phone: 215-908-0994
Franklin Mak
Allie Nizinski
Email: acn136@psu.edu
Phone: 717-324-2618
Allie Nizinski
Michael Hegarty
Email:
mah5741@psu.edu
Phone: 215-983-5000
Michael Hegarty
Mats Gausdal
Email:
mqg5319@psu.edu
Phone: 610-413-4420
Mats Gausdal
10
Code of Conduct
We agree to:
Communicate at a minimum frequency of a weekly basis through email and/or
telephone/texts to keep all team members up to date with project work
Participation
Equal participation should be expected by all team members.
We agree to:
Check emails and phone messages daily and in order to not miss important emails
or texts regarding the group project coming from other team members
Allocate the work equally among the team members.
11
Allow the team leader to set due dates with agreement from the other team
members
Monitor, at each meeting, the work that was due from each team member at that
meeting
Division of Work
We agree to:
Allocate work equally between all members. Work division will be decided at weekly
team meetings
Meet deadlines that allow review and edit of all documents by all team members
Assign roles appropriate to each team members skills and strengths
Assist team members with work when they are struggling
Monitor all project activities to assure that each member works on for every
assignment to ensure that no one is doing more or less than others.
Consequences
If a team member demonstrates a pattern of poor quality work, we will meet with the
TA after a majority rule vote.
12
Communication
Each team must agree to the methods by which they will communicate with one another
whether it be through email, text/GroupMe, Skype, or face-to-face.
We agree to:
Use GroupMe and Google Docs for our daily communication and collaboration,
however for more serious issues we will schedule face-to-face meeting times
Assure the exchange of all documents to all team members so the entire team is
fully informed
Remind team members of team meetings and work responsibilities via email and
GroupMe
Meeting Guidelines
Meet every Monday from 2:45-3:30 p.m. and every Wednesday from 4:30-5:30 p.m.
We agree to:
Create and fill out a doodle document to establish a meeting time that is acceptable
for all team members
Work together to make sure we accomplish all that need to be done at our meetings
Record the agreements reached concerning important dates and assignments
agreed during team meetings
Use team meetings to review content and answer questions about deliverables for
that phase
13
Date: 2/11/15
Name
Position
Internal/
External
Project
Role
Contact Information
Michael Hegarty
Coordinator
Internal
Penn State
Consulting
Team
mah5741@psu.edu
Allie Nizinski
Team
Leader/Project
Manager
Internal
Penn State
Consulting
Team
acn136@psu.edu
Franklin Mak
Documenter
Internal
Penn State
Consulting
Team
fwm5072@psu.edu
Mats Gausdal
Point of
Contact for EY
Internal
Penn State
Consulting
Team
mqg5319@psu.edu
John Hill
Professor
External
Special
Advisor
jhill@ist.psu.edu
Andrew
Dunheimer
EY Contact
Internal
Client
Andrew.Dunheimer@ey.com
Lauren Ceppi
EY Contact
Internal
Client
Lauren.Ceppi@ey.com
14
Date: 2/11/2015
Name
Level of
Interest
Level of
Influence
Michael Hegarty
High
High
Allison Nizinski
High
High
Franklin Mak
High
High
Mats Guasdal
High
High
John Hill
Medium
High
Andrew
Dunheimer
Medium
High
Lauren Ceppi
Medium
High
15
Stakeholder
Document
Name
Document
Format
Contact
Person
Due
Michael Hegarty
Lessons
Learned
Report,
Stakeholder
Management
Strategy,
Stakeholder
Communication
Analysis,
Stakeholder
Register,
Scope,
Technical
Description,
Lessons
Learned,
Scope
Management
Plan, Project
Schedule
Model
Development,
Cost
Management
Plan, Quality
Assurance
Plan, Change
Request Log
Phase A, Word
Document, Phase
B, Phase C,
Phase D, Phase
E, Phase F,
Phase G
John Hill,
Andrew
Dunheimer,
Lauren Ceppi
4/20/15
Allie Nizinski
Project Charter,
Bibliography,
OverviewInitiation,
Project Plan,
Functional
Description,
Project
Assumptions,
Requirements
Traceability
Matrix, Gantt
Phase A, Word
Document, MS
Project, Phase B,
Phase C, Phase
D, Phase E,
Phase F, Phase
G, Phase H
John Hill,
Andrew
Dunheimer,
Lauren Ceppi
4/20/15
16
Chart with
Milestones,
Cost
Management
Plan, Overview
Executing,
Overview
Monitoring and
Control,
Overview Closing
Franklin Mak
Business Case,
Weekly
Agenda,
OverviewPlanning,
Weekly
Agenda, Scope
Statement,
Schedule
Management
Plan, Change
Request Form,
Customer
Acceptance/Pr
oject
Completion
Form
Phase A, Word
Document, Phase
B, Phase C,
Phase D, Phase
E, Phase F,
Phase G, Phase
H
John Hill,
Andrew
Dunheimer,
Lauren Ceppi
4/20/15
Mats Gausdal
Team Contract,
Executive
Summary, List
of Prioritized
Risks, Risk
Register, WBS,
WBS
Dictionary,
Activity-onArrow Network
Diagram,
Project Cost
Baseline,
Communication
s Management
Plan
Phase A, Phase
B, Phase C, MS
Excel, PDF,
Phase D, Phase
E, Phase F,
Phase G
John Hill,
Andrew
Dunheimer,
Lauren Ceppi
4/20/15
17
18
NLNB wants to ensure they view each vendor fairly, therefore a set of standards is
necessary to promote fairness while grading each vendor. The objective is to build out
deliverables for how to go about reviewing vendors and managing those relationships
and the risks associated with them. Using these standards NLNB will be able to view
which vendors they rank more highly based only on quality and cost.
3.0 Current Situation and Problem/Opportunity Statement
NLNB is currently looking for one or more Security Consulting Firms (SCFs) to provide
Vendor Security Compliance Review (VSCR) services. VSCRs are conducted on
external companies that provide services to NLNB where NLNBs business or
customer-confidential data is being processed, stored, and/or accessed. The reviews
are designed to specifically assess the security posture of a vendors facilities and to
provide sufficient assurance that a vendor has implemented information security
measures that are consistent with its contract obligations. This will allow NLNB to
have a vendor analysis for each vendor and evaluate their current relationship and
contract with each vendor.
4.0 Critical Assumption and Constraints
To ensure confidentiality, security, and integrity of NLNB data while in the hands of
NLNBs vendors and to fulfill NLNBs legal and regulatory commitments. To ensure
required logical and physical security controls over all external facilities where NLNB
Data is accessed, processed, filed, transmitted or stored;
To assess risks associated with external vendor non-compliance and ensure they
implement appropriate security and control measures required to mitigate those risks.
19
VSCRs are conducted at external locations that process, store or access NLNB
business or customer confidential data. This includes but is not limited to out-tasking
an internal function to an external vendor, (e. g., telemarketing, resource strategy,
etc.). External companies that have direct on-line access to NLNB systems; and
external companies that perform a service or product support for NLNB.
NLNB prioritizes cost for this project.
5.0 Analysis of Options and Recommendation
The Security Consulting Firm that they require (and will hire) will need to perform
Vendor Security Compliance Reviews. There are two varieties of VSCRs:
1. On-Site Security Reviews
Lasts about a day and a half, excluding interview preparation and report
preparation
Lasts about two hours, excluding interview preparation and report preparation
Agents of the SCF in question would need to be stationed nearby the vendor
for OSSRs, whereas CCSRs require no such constraint. Of course, the
20
difference is the thoroughness of the Security Reviews, with the former being
most in-depth and the latter less so. In addition, OSSRs need only one agent
for perform the review.
6.0 Preliminary Project Requirements
Ensure that a Non-Disclosure Agreement (NDA) is completed and signed between the
vendor being reviewed and the SCF For OSSRs, the SCF will offer participation
[observation] to the VRM. For OSSRs, perform a minimum of 5 control tests per
review. The SCF must ensure that all data collected during the review is adequately
protected while in their custody [via PGP disk level encryption or equivalent for
electronic copies and good business practices for paper copies]. The SCF will retain
secured service partner documents for one year or until completion of a subsequent
review, whichever is longer. Risk ratings of High, Medium and Low shall be applied
in accordance with the guidelines set forth in NLNB-provided rating guidance. NLNB
will own all methodology, procedures, questionnaires, pre-assessments, training
materials and assessment results.
This RFP is intended to gather information about your firms ability to perform
multiples of these reviews per year. The project does not, in itself, target improving
the process [though there are parallel efforts with this as a target]. The SCF will not
reuse assessment materials from vendor to vendor.
7.0 Budget Estimate and Financial Analysis
The total budget is at maximum $2.5 million USD, split across fees of the
21
administrative, onsite review or remote review varieties. We plan to use net present
value analysis, return on investment, and payback analysis to further map out the
budget.
Return on Investment (ROI): The benefits minus the costs divided by costs.
Opportunity Cost of Capital: The rate used in discounting future cash flow;
also known as capitalization rate or discount rate.
Internal rate of return (IRR): The discount rate that results in an NPV of
zero for a project.
Discount factor: A multiplier for each year based on the discount rate and
year.
Payback period: The amount of time it will take to recoup, in the form of
net cash inflows, the total dollars invested in project.
22
23
Project Charter
Project Title: NLNB Service Vendor Quality Assessment
Project Start Date: January 30, 2015
Budget Information:
Pricing Assumptions - Price Quotes
OSSR Assumptions
CCSR Assumptions
Annual volume up to 400 per year
Annual volume up to 250 per year
SLA:
SLA:
Reviews identified in the two week period
Reviews are preformed within 25
before a quarter are completed in the
business days after being
quarter
requested
Report due to NLNB within 30 business
Report due to NLNB within 5
days of site visit
business days of CC
Flat rate per review [all toll free
Flat rate per review including T&E
conference call numbers provided by
NLNB]
Distribution: 50% North America, 20% Europe Distribution: 60% North America, 20%
and 30% Asia
Europe and 20% Asia
OSSR Price Quote
CCSR Price Quote
$600 Per Review
(To be placed directly on the sourcing
site)
Travel, Lodging, and Hourly Rate
Travel should be booked in advance for the best rate. Lodging costs are not to
exceed $200 per night.
Hourly rates of Team 3 correspond to experience in the security consulting industry:
Senior member: $75.00/hr
Junior member: $50.00/hr
Project ceilings and additional notes
Project not to exceed $2.5 million USD
The discounted rate for this project is 12%
The length of this project should not exceed 3 years
24
To ensure required logical and physical security controls over all external
facilities where NLNB Data is accessed, processed, filed, transmitted or
stored;
VSCRs are conducted at external locations that process, store or access NLNB
business or customer confidential data. This includes but is not limited to:
External companies that have direct on-line access to NLNB systems; and
Success Criteria:
Project success metrics will be decided at a later date, but Team 3 will be
conscientious of scope, time, cost, and quality. Team 3 is prioritizing cost at NLNBs
request.
Approach:
25
Determine a way to measure the value of vendor review during the project
Role
Position
Mats Gausdal
EY Point of
Contact
Penn State
Consulting
Team
mqg5319@psu.edu,
(610)-413-4420
Coordinator
Penn State
Consulting
Team
mah5741@psu.edu,
(215)-983-5000
Michael Hegarty
Contact
Information
Franklin Mak
Documenter
Penn State
Consulting
Team
fwm5072@psu.edu,
(215)-908-0994
Allie Nizinski
Project
Manager
Penn State
Consulting
Team
acn136@psu.edu,
(717)-324-2618
Andrew Dunheimer
EY
Client/Advisor Consulting
Andrew.Dunheimer
@ey.com
Lauren Ceppi
Client/Advisor
EY
Consulting
Lauren.Ceppi@ey.c
om
John Hill
Special
Consultant
Penn State
ANGEL
TAs
Reviewer
Penn State
ANGEL
26
Assigned To
Due Date
Franklin Mak
Project Charter,
Bibliography
Allie Nizinski
Michael Hegarty
Mats Gausdal
27
28
Overview - Planning
To manage purchased services, we need to find vendors that have goals that align well
with NLNBs own goals to expand and secure the information of their future customers,
in addition to reinforcing the security that guards archived data from their clients before
the expansion. NLNB needs to keep costs down to allow them to continue to offer
excellent service at an affordable price, as well as be consistently secure and be
diligently well-kept to keep their business smooth, safe, and sound.
The purpose of the reviews is to assess the security of each vendors facilities and
provide assurance that each vendor has taken the appropriate information security
measures to comply with the current contract in place. We will be assessing the risks
involved for each vendor and comparing price points to negotiate better prices or
change vendors.
29
Functional Description
To improve profitability, NLNB has prioritized managing the cost of purchased services.
NLNB wishes to obtain better pricing by leveraging vendor relationships.
The Request for Proposal (RFP) is being sent to competitors of NLNBs current vendors
to identify the best value, cost effective providers for these services. NLNB is looking for
us to provide Vendor Security Compliance Review (VSCR) services.
VSCRs will be conducted for NLNB vendors. Since vendors store business or customerconfidential data is being processed, stored, and/or accessed. The reviews will assess
the security of each vendors facilities and ensure that each vendor has taken the
necessary security measures that are consistent with its contract obligation. The
reviews will allow NLNB to ensure the integrity of its data and keep costs down.
30
Technical Description
To discover and/or confirm which vendors currently offer NLNB the best value, we will
travel to each vendor and review their facilitys security and ensure that each vendor is
maintaining its contractual obligation.
These reviews ensure confidentiality, security, and integrity of Nittany Lion National
Bank Data while in the hands of NLNBs Vendors and to fulfill NLNBs legal and
regulatory commitments and to ensure required logical and physical security controls
over all external facilities where NLNB Data is accessed, processed, filed, transmitted or
stored.
2 Types of Security Reviews
On-Site Security Review (OSSR)
Conference call - 2 hr
duration [excluding
preparation for review and
report preparation]
Performed on potential
NLNB Vendors prior to
contract
To perform an on-site review, we will travel to the actual company and conduct the
review in person, at the vendors facilities. On-site reviews with vendors are conducted
only for current NLNB vendors. This review is the most expensive option because it
includes travel cost, lodging cost, and the hourly rate of the employees who perform the
31
review. Even though it is more expensive, the on-site review provides the best
opportunity for a successful review because of meeting the vendor face-to-face and
physically reviewing their facilities on-site. An on-site visit allows us to review physical
and logical security questions.
OSSRs are best performed by SCF staff already located in the specific geography.
Only one qualified person is necessary for each Vendor assessment. If a
seasoned/credentialed professional is not available, the SCF will submit a resume of a
qualified replacement to NLNB for consideration and approval prior to conducting the
review.
NLNB provides an Interview Process Utility [IPU] for the OSSR. This spreadsheet
format is augmented with guidelines for the acceptable depth of findings and
assistance for rating the responses.
For the CCSR, a Questionnaire is provided to the vendor firm being reviewed. The
Technology Evaluation Questionnaire [TEC] is completed by the firm and returned. It is
then used as the complete basis of the Conference Call. No separate research or
evaluation from the SCF is part of the process. The SCF will work with the NLNB
Vendor Relationship Manager (VRM) and the NLNB Review Coordinator, as
appropriate, to coordinate all reviews and associated meetings.
The NLNB methodology for performing these reviews has been used both by NLNB
staff and by other SCFs. While the process will continue to be refined, the SCF should
32
not consider development of the methodology, or the tools, used for the reviews to be
part of the work effort. The SCF will utilize NLNBs existing methodology and developed
tools for these reviews.
Review Guidelines
On-Site Security Review (OSSR)
Documentation from review is provided to The only documentation from review should
NLNB Vendor Security Management with be the report itself
the report.
SLA:
SLA:
Reviews identified in the two week
period before a quarter are
completed in the quarter
Report due to NLNB within 30
business days of site visit
33
retain secured service partner documents for one year or until completion of a
subsequent review, whichever is longer.
Risk ratings of High, Medium and Low shall be applied in accordance with the
guidelines set forth in NLNB-provided rating guidance.
The current IPU has 175 individual exploration areas. These are grouped in 25 sections.
There are 107 questions in the current version. The full IPU and TEQ will be provided to
the SCF(s) chosen to perform the work.
Another type of review performed is a teleconference security call. This call is used to
review potential vendors that could do business with NLNB. The conference call takes
place over the span of a couple of hours with potential vendors and answers logical
questions about their performance. This is a cheaper review because it does not require
travel and lodging costs since the review is over the phone. This review only costs the
hourly rate of the employees who perform the review.
General Exclusions/Limitations:
NLNB will own all methodology, procedures, questionnaires, pre-assessments,
training materials and assessment results.
This RFP is intended to gather information about your firms ability to perform
multiples of these reviews per year. The project does not, in itself, target
improving the process [though there are parallel efforts with this as a target.
The SCF will not reuse assessment materials from vendor to vendor.
34
Project Assumptions
If a vendor is compliant, competitor pricing will be compared, but NLNB also takes into
other factors. Current NLNB vendors will be evaluated based on current performance
and history of interaction. If vendors are satisfying cost, scope, time, and quality, it is
likely that the vendor will be eligible for an extended contract/a future contract.
If a vendor is not compliant with the contract agreement when addressing the issue of
protecting highly sensitive information (NLNBs business and customer information) this
exemplifies a breach of contract and the contract may be terminated. Vendors may be
given a warning and will work with NLNB to become in compliance. NLNB is permitted
to hire/fire vendors when contract obligations are not satisfied. A Request for Proposal
(RFP) will be sent out to have alternative vendors who are prepared to step in if the
occasion calls for it.
35
36
37
38
i. Judging Rubric
ii. Review Scheduling System
Allie Nizinski
Date: 03/03/15
39
Requirement
Name
Category
Source
Status
NLNB Interview
Documentation
Project
Complete. Provided
Charter
by NLNB.
Project
In progress.
Charter
Documentation is
No.
R1
Process Utility
R2
NLNB Technology
Documentation
Evaluation
Questionnaire
R3
Physical Security
being assembled.
Documentation
Questions
R4
R5
Non-Disclosure
Documentation
Agreement
R6
Control Test
Documentation
Procedures
Project
In progress.
Charter,
Documentation is
Scope
being assembled.
Project
In progress.
Charter,
Documentation is
Scope
being assembled.
Project
Complete. Provided
Charter
by NLNB.
Project
In progress.
Charter
Documentation is
being assembled.
R7
Software
Project
Complete. Software
Charter
ordered.
40
R8
Hotel Reservation
Lodging
Project
Ongoing.
Charter
R9
Airline Reservation
Travel
Project
Charter
Ongoing.
41
Tabular Form
1. NLNB VSCRs
1.1 Initiation
1.1.1 Evaluate current systems
1.1.1.1 Evaluate state of current system
1.1.1.2 Analyze product and compare to updated requirements
1.1.2 Define VSCRs requirements
1.1.2.1 Define user requirements
1.1.2.1 Define content requirements
1.1.2.2 Define system requirements
1.1.2.3 Define NLNB vendors server requirements
1.1.3 Define specific functionality
1.1.3.1 Define system functionality
1.1.4 Define risks & risk management approach
1.1.4.1 Define project risks
1.1.4.2 Identify risks
1.1.4.3 Specify response
1.1.4.4 Assess security posture
1.1.5 Develop project plan
1.1.6 Develop a vendor risk assessment
1.1.7 Develop a budget plan
1.1.8 Brief development team
42
43
44
WBS Dictionary
Project Title: NLNB Service Vendor Quality Assessment
45
46
47
Description: Develop project and purpose of the design phase. Define interactions in a
UML to achieve the required goal. Ensure models, policies, and standards comply with
data collection, arrangement and integration. Identify the systems physical components
and how they work together.
48
Description: The MVC will be developed accordingly with the framework, the UI will be
developed and the database will be developed accordingly to its EDR.
49
50
Description: Perform quality test of the product, meet with NLNB and make sure they
are satisfied with the new product.
51
Introduction
Throughout this project we will be reviewing current and prospective vendors. These
vendors will be reviewed on their security practices. Both on-site and remote reviews of
vendors will take place to ensure proper research has been done. Throughout this
section we will explain how we prepared the scope statement and how we are
controlling and managing it through each iteration of the project.
52
53
To manage requests for changes to the project scope, one has to be monitoring the
scope at every deliverable. There are many scope elements that need to be monitored
during the project that can impact the original scope. The Project manager and team are
responsible for monitoring the scope and elements that could impact the scope. There
are many unplanned things that could change the scope during the projects life cycle so
the scope must constantly be monitored. Proposed changes to the scope could be
brought upon by the sponsor, stakeholder or project manager. Any proposed change
must be approved by the project manager because it will impact the overall project
greatly. Risk factors must be presented to the stakeholders because of the impact
changing the scope has on the project.
54
55
1 Initiation
2 Evaluate current systems
3 Define risks & risk management approach
4 Define VSCRs requirements
5 Define specific functionality
6 Develop project plan
7 Brief development team
8 Develop design plan
9 Develop use cases
10 Create data architecture
11 Create hardware architecture
12 Develop product
13 Execute tests
14 Implementation
15 Analyze product testing
16 Data collection
17 Rollout
18 Create sample data
19 Migrate sample data
20 Install prototype
21 Install software
22 Alpha testing phase
23 Beta testing phase
24 Data assessments
25 Product Rollout
26 Announce launch
27 Quality Assurance
28 Define requirements
29 Define support
30 Define Product support
31 Develop training program
32 Train Employees
33 Completion
Schedule Management Plan
56
The schedule model was created by basing it on the WBS activity list, identifying key
milestones in the WBS, and following the critical path made from the WBS and the key
milestones.
In terms of project progress, we decided that measuring in time (specifically, days) was
the most effective measurement in terms of monitoring progress. The estimates above
are likely to deviate by about 2 to 5 days.
Concerning estimate deviation, we figured that our variance threshold would be around
+-10%, due to a plethora of possible delays (e.g. addition required test, key members of
the development team being incapacitated, etc.).
Progress reports should contain two bar graphs; the first bar graph for where our ideal
progress should be, and the other for where our actual progress is. These graphs
should compare the number of tasks completed alongside the time that elapsed during
their completion. We would expect a progress report every week, as well as upon the
completion of each milestone. Should a milestone be reached at the same time as the
normal weekly progress report, only one will be required.
57
1) Initiation
a) Concept
i) Evaluate current systems
(1) Examine existing protocols and systems and decide if they are to be
integrated into the new system, reengineered for usage in the new
system, or retired.
ii) Define VSCRs Requirements
(1) Identify standards to be kept and protocols to be observed.
iii) Define specific functionality
(1) Identify programs and their functions/purpose within the system.
iv) Define risks and risk management approach
(1) Identify possible negative outcomes and how they will be addressed in the
event that they should occur.
v) Develop project plan
(1) Elaborate on what resources are being applied to which parts of the effort.
vi) Brief development team
(1) Communicate the information gathered from the pre-existing systems, the
VSCR requirements, specific functionality, risk management approaches,
and the project plan to the development team.
2) Planning
a) VSCR Design
i) Develop design plan
(1) Design product
58
(a) Given the information from the briefing at the end of the initiation stage,
the development team lays out the basic architecture of the new
system.
(2) Design test
(a) After the architecture is finished drafting, it is tested, then adjusted or
overhauled accordingly in response to any issues that arise in the
tests.
ii) Develop use cases
(1) Brainstorm the average usage of the system, from the duration of usage
per session to the frequency of the systems usage.
(2) From the above, cater to the specific functions in the system in regards to
the findings.
iii) Create data architecture
(1) Taking the product designs, the development team fleshes out the system
in code, testing frequently as they go to mitigate the number of bugs to be
found later.
iv) Create hardware architecture
(1) The development team begins to acquire the equipment necessary to
support the system. This equipment can use parts from the older system,
in which it is treated as a legacy system.
3) Executing
a) VSCR Development
i) Rollout
59
60
61
(1) Determine the types of support. For example, there could be a need for
technical or hardware support and software support.
v) Develop training program
(1) Lay the foundations to teach employees how to troubleshoot issues that
occur and fix them if they are beyond user error. In addition, establish
regulations and protocol in regards of user access and clearance levels.
vi) Train employees
(1) Enroll employees as they come in the training program.
62
63
1. Design product
a. Duration: 10 days
b. Dependencies: 0
2. Design test
a. Duration: 8 days
b. Dependencies: 0
ii. Develop use cases
1. Duration: 8 days
2. Dependencies: 1 -- Develop design plans
iii. Create data architecture
1. Duration: 9 days
2. Dependencies: 1 -- Develop use cases
iv. Create hardware architecture
1. Duration: 9 days
2. Dependencies: 1 -- Develop use cases
3) Executing
a. VSCR Development
i. Rollout
1. Duration: 1 day
2. Dependencies: 0
ii. Create sample data
1. Duration: 1 day
2. Dependencies: 0
64
65
v. Announce launch
1. Duration: 1 day
2. Dependencies: 1 -- Product Rollout
vi. Quality assurance
1. Duration: 6 days
2. Dependencies: 1 -- Announce Launch
5) Closing
a. Support
i. Define Requirements
1. Duration: 2 days
2. Dependencies: 0
ii. Define support
1. Duration: 3 days
2. Dependencies: 1 -- Define Requirements
iii. Define product support
1. Duration: 1 day
2. Dependencies: 0
iv. Develop training program
1. Duration: 2 days
2. Dependencies: 0
v. Train employees
1. Duration: 5 days
2. Dependencies: 0
66
67
68
69
70
71
As stated above, individuals on the development team receive an hourly wage for this
project. This wage adjusts itself within accordance to their actual contribution to the
project itself. For example, if one team member was to expend 300 hours of labor to
complete 1 task and another was to complete 3 similar tasks in about half of that, the
wages would be adjusted to reflect their merit/inefficiency. In addition, costs related to
hotels and travel can fluctuate during certain times of year. As a result, the budget cost
estimate regarding travel/hotels can be lower than estimated (it should be noted that the
aforementioned travel/hotel cost estimate considered the worst case scenario in costs).
Overview- Executing
72
The executing process group takes the actions necessary to complete the work
described in the planning activities. The main outcome of this process group is
delivering the actual work of the project. During the executing process, EY Team 3 team
members will receive assignments. Information will be distributed in a timely manner.
Throughout the execution phase, management will produce a communications
management plan and a quality assurance plan. The key to the executing phase is good
communication, focusing on both group and individual communication needs. By
utilizing a bi-weekly phone call, EY Team 3 and NLNB can maintain excellent
communication.
73
Date: 04/06/2015
The purpose of the communications management plan is to define the necessary
communication strategies for NLNB VSCR. The intention of this document is to ensure
that stakeholders are aware of their communication responsibilities.
For the project to be successful, it is critical to have effective communication between all
stakeholders. EY Team 3 team members Mats Gausdal, Michael Hegarty, Franklin Mak,
and Allie Nizinski will communicate with each other. Communication with Professor Hill
will be vital to understand the requirements and guidelines for the project.
Communication with NLNB will be performed on a regular basis to ensure the success
of the project. Communication will also be conducted with any other stakeholders whose
support is required for a successful project.
Every team member will, to the best of their ability, ensure the project will not suffer
from bad communication. Project Leader Allie Nizinski and Point of Contact Mats
Gausdal will be responsible for the daily communication with the stakeholders. Allie
Nizinski is responsible for the communication within the team and with Professor Hill.
Mats Gausdal is responsible for communicating with Andrew Dunheimer and Lauren
Ceppi. In the event of revised procedures to the project, the responsible stakeholders
will update the rest of the team.
Stakeholders
Communications
Name
Delivery
Method/Format
Producer
Due/Frequency
74
Michael
Hegarty
Continuous Status
Reports
All Team
Members
4/10/15
Allie Nizinski
Continuous Status
Reports
All Team
Members
4/10/15
Franklin Mak
Continuous Status
Reports
All Team
Members
4/10/15
Mats Gausdal
Continuous Status
Reports
All Team
Members
4/10/15
John Hill
Weekly Status
Reports
All Team
Members
As Necessary
Andrew
Dunheimer
Weekly Status
Reports
E-mail and
Conference
Meetings
Mats
Gausdal
Every Monday at
3:00 pm
Lauren Ceppi
Weekly Status
Reports
E-mail and
Conference
Meetings
Mats
Gausdal
Every Monday at
3:00 pm
75
Forecasts - Predict future project status and progress based on past information and
trends
Interactive Communication - Two or more people interacting to exchange information
via meetings, phone calls, or video conferencing
Lessons Learned Report - A document that reflects on the important information team
members have learned from working on a project
Progress Report - Describes what the project team has accomplished during a certain
period
Pull Communication - Information is sent to recipients at their request via web sites,
bulletin boards, e-learning, blogs etc.
Push Communication - Information is sent or pushed to recipients without their
request via reports, e-mails, faxes, voice mails etc.
Reporting Performance - Involves collecting and disseminating information about how
well a project is moving toward meeting its goals
Stakeholder A person involved in or affected by project activities
Status Report - Describes where the project stands at a specific point in time. The
report addresses where the project stands in terms of the triple constraint
Wiki - A web site that enables anyone who accesses it to contribute or modify content
Quality Assurance Plan
76
77
The Project Manager, Allie Nizinski, will be monitoring progress closely to ensure that
deliverables are being completed and objectives are being met. Allie Nizinski will work
closely with EY Team 3 and NLNB to ensure that deliverables are being completed ontime and objectives are being met.
The ideal outcome of the monitoring and control process group is to complete a project
successfully by delivering the agreed-upon project scope within the time, cost, and
quality constraints. If changes to project objectives or plans are required, the monitoring
and control processes ensure that these changes are made efficiently and effectively to
meet stakeholder needs and expectations. Monitoring and control processes overlap all
of the other project management process groups because changes can occur at any
time.
78
Date 03/30/2015
Project Name: NLNB Service Vendor Quality Assessment
Date Request Submitted: 03/30/2015
Title of Change Request: Reduction of Face-to-Face Meetings
Change Order Number: 1002
Submitted by: Franklin Mak
Change Category: Schedule
Description of change requested: Reduce the number of face-to-face meetings to
reduce costs. Replace those meetings with remote sessions.
Events that made this change necessary or desirable:
The realization that most exchanges of information or briefings could be done over
applications such as Team Viewer or Skype.
Justification for the change/why it is needed/desired to continue/complete the
project:
The reduction of face-to-face meetings would cut costs by decreasing travel, lodging,
and food expenses. This slack in the budget can be reallocated to other parts of the
project.
Impact of the proposed change on: Cost savings.
Scope: None
Schedule: Meetings may be adjusted based on time saved from travelling.
Cost: Should reduce the cost of the project entirely and allow for reallocation of budget.
Staffing: None
79
Risk: Technical Issues including, but not limited to, connection failures, software and/or
hardware failures, and potential leakage of sensitive information via digital means.
Other: None
Name/Title
Date
Approve/Reject
Blutarch Mann
In Review
In Review
In Review
In Review
Allison Nizinski
04/03/2015
Approved
Mats Gausdal
04/03/2015
Approved
Michael Hegarty
04/03/2015
Approved
80
Change Log
Project: NLNB Service Vendor Quality Assessment
Change Change
No.
Type
CR 001
Description
of Change
Date: 04/08/2015
Requestor Date
Submitted
Franklin
Mak
Date
Approved
Status
Comments
81
Overview Closing
During the closing phase, all activities are finalized and all deliverables will be
transferred to NLNB. Our final product will be a Phase H deliverable, a final project
report. This final project report will include all services we will be providing to NLNB.
Project Documentation
82
83
Date: 04/08/2015
Project Name: NLNB Service Vendor Quality Assessment
Project Manager: Allison Nizinski
We, the undersigned, acknowledge and accept delivery of the work completed for this
project on behalf of our organization. Our signatures attest to our agreement that this
project has been completed. No further work should be done on this project.
Name
Title
Blutarch Mann
Signature
Date
04/08/2015
NLNB
Saxton Barnabus
Co-founder and
Hale
Chairman of NLNB
04/08/2015
The project, even with a few considerable obstacles, was a success. It was on
timely, effective, and appears to be easy to sustain indefinitely. A few of the cost control
methods from this project have been filed away for usage in future projects, especially
the usage of secured remote communications between branches.
84
3. Please provide suggestions on how our organization could improve its project
delivery capability in the future.
.
While the project itself finished on time, a few steps were nearly delayed due to
85
Bibliography
Information Technology Project Management. CENGAGE Learning. Retrieved from
www.chegg.com.
Schwalbe, Kathy. Introduction to Project Management. Template files (for creating a
charter, scope statement, etc.) using Microsoft Office. Retrieved from
http://www.intropm.com/.
86
Phase C did meet the scope and time of the project. The project was due Friday the
6th and each part was completed within an adequate timeframe to properly review
and edit it. There was no cost for this part of the project so the cost goals are
currently irrelevant.
2.
What was the success criteria listed in the project scope statement?
The success criteria listed is to meet all the goals set forth. We planned to have the
project done by a certain date so it could be reviewed to ensure the quality is at the
highest level. If these two things were met then it would be a success.
3.
This phase is successful because we met the time and scope goals we planned to
meet.
4.
What were the main lessons your team learned from this project?
The main lesson we learned is it is better to get a head start on work because
87
schedules do not always work as planned. Sometimes people cannot meet at the
same time so it is best to plan ahead.
5.
One example of something that went right on this project was that Phase B was
completed on time. We did not have to rush at the deadline and have the quality of
work suffer.
6.
Our team meetings did not always go as plan for this phase. At one point we had to
push our meeting back a few days which resulted in not all team members being
able to attend.
7.