Produced by Araxis Merge on 9/7/2017 11:04:48 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | OSCIF_BTSSS_Build 4_Sprint 20_August_2017.zip | BTSSS_Configuration_Management_Plan.docx | Fri Jul 21 12:44:36 2017 UTC |
| 2 | OSCIF_BTSSS_Build 4_Sprint 20_August_2017.zip | BTSSS_Configuration_Management_Plan.docx | Fri Sep 8 02:54:38 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 18 | 1130 |
| Changed | 17 | 43 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | Configurat ion Manage ment Plan | ||
| 2 | Beneficiar y Travel S elf-Servic e System ( BTSSS) | ||
| 3 | |||
| 4 | |||
| 5 | |||
| 6 | July 2017 | ||
| 7 | Version 3. 01 | ||
| 8 | Department of Vetera ns Affairs | ||
| 9 | |||
| 10 | |||
| 11 | Version Hi story | ||
| 12 | Date | ||
| 13 | Version | ||
| 14 | Descriptio n | ||
| 15 | Author | ||
| 16 | 7/19/2017 | ||
| 17 | 3.01 | ||
| 18 | July Month ly Update | ||
| 19 | PII | ||
| 20 | 6/16/2017 | ||
| 21 | 2.03 | ||
| 22 | June Month ly Update | ||
| 23 | PII | ||
| 24 | 5/18/2017 | ||
| 25 | 2.02 | ||
| 26 | May Monthl y Update | ||
| 27 | PII | ||
| 28 | 4/18/2017 | ||
| 29 | 2.01 | ||
| 30 | April Mont hly Update | ||
| 31 | PII | ||
| 32 | 3/15/2017 | ||
| 33 | 1.03 | ||
| 34 | March Mont hly Update | ||
| 35 | PII | ||
| 36 | 2/24/2017 | ||
| 37 | 1.02 | ||
| 38 | February M onthly Upd ate | ||
| 39 | PII | ||
| 40 | 1/26/2016 | ||
| 41 | 1.01 | ||
| 42 | January Mo nthly Upda te | ||
| 43 | PII | ||
| 44 | 12/2/2016 | ||
| 45 | 0.04 | ||
| 46 | December M onthly Upd ate | ||
| 47 | PII | ||
| 48 | 10/31/2016 | ||
| 49 | 0.03 | ||
| 50 | Initial Re lease | ||
| 51 | PII | ||
| 52 | 10/28/2016 | ||
| 53 | 0.02 | ||
| 54 | Edited Doc ument Per Comments | ||
| 55 | PII | ||
| 56 | 10/26/2016 | ||
| 57 | 0.01 | ||
| 58 | Initial Dr aft | ||
| 59 | PII | ||
| 60 | |||
| 61 | |||
| 62 | |||
| 63 | Table of C ontents | ||
| 64 | 1.Executiv e Summary1 | ||
| 65 | 2.Introduc tion1 | ||
| 66 | 2.1Purpose of the Co nfiguratio n Manageme nt Plan1 | ||
| 67 | 2.2Scope o f the Conf iguration Management Plan2 | ||
| 68 | 2.3Structu re of the Configurat ion Manage ment Plan2 | ||
| 69 | 3Configura tion Manag ement Acti vities2 | ||
| 70 | 3.1Roles a nd Respons ibilities2 | ||
| 71 | 3.2Communi cation4 | ||
| 72 | 3.3System Configurat ion Baseli ne4 | ||
| 73 | 3.4Configu ration Con trol Proce ss (CCP)5 | ||
| 74 | 3.5Configu ration Man agement Re sources7 | ||
| 75 | APPENDIX A : CONFIGUR ATION MANA GEMENT PLA N APPROVAL 8 | ||
| 76 | Appendix B : Referenc es9 | ||
| 77 | Appendix C : Key Term s10 | ||
| 78 | Appendix D : Suggeste d Configur ation Item s Data Ele ments11 | ||
| 79 | Appendix E : [Facilit y] Current Configura tion Basel ine Report 16 | ||
| 80 | Appendix F : Configur ation Item s (CI) Sho wing Syste m Boundari es17 | ||
| 81 | Appendix G : Change O rder Appro val Checkl ist18 | ||
| 82 | Appendix H : Change O rder Imple mentation Plan Templ ate19 | ||
| 83 | Appendix I : Business Case Just ification2 0 | ||
| 84 | Appendix J : Change M anagement Back-Out P lan Templa te21 | ||
| 85 | |||
| 86 | Executive Summary | ||
| 87 | The implem entation o f a Benefi ciary Trav el Self-Se rvice Syst em (BTSSS) Solution serves to fulfill th e Departme nt of Vete rans Affai rs (VA) co mmitment t o Veterans and to th e American public to serve as good stewa rds of pub lic resour ces. | ||
| 88 | This docum ent will p rovide hig h level in formation on the Con figuration Managemen t (CM) pro cesses imp lemented t hroughout all phases for the B TSSS softw are projec t includin g software , systems, and docum entation. The proce ss and pro cedures ou tlined in this docum ent will c onform wit h the exis ting VA CM tools and the overa rching VA Configurat ion Manage ment Plan (CMP) in t he Rationa l reposito ry. The C MP will al so support the unifi ed Veteran Informati on Portal (VIP) Rele ase proces s utilizin g agile de velopment, frequent builds and releases, and a hig h level of integrati on with Ag ile Lifecy cle Manage ment (ALM) tools, wi th automat ed builds and testin g. ALM and testing d ata will n eed to be stored in the VIP Ra tional Rep ository. | ||
| 89 | Introducti on | ||
| 90 | The Benefi ciary Trav el Self-Se rvice Syst em (BTSSS) will enab le the VA to provide travel re imbursemen t to autho rized Vete rans and t heir benef iciaries a t the poin t-of-care as well as through s tandard we b browsers and the V etLink kio sk at vari ous VA fac ilities. I t will use state-of- the-art te chnology t hat will a llow Veter ans to sub mit expens es for tra vel reimbu rsement ut ilizing th e BTSSS ap plication and receiv e timely r eimburseme nt via Ele ctronic Fu nds Transf er (EFT). | ||
| 91 | The BTSSS software s olution wi ll be deve loped and implemente d using a COTS-based solution that provi des strong customer support an d access t o a user c ommunity. | ||
| 92 | Due to thi s projects use of mu ltiple thi rd party v endors, th e Configur ation Mana gement pro cess will initially be split b etween mul tiple tool s. However due to th e VA’s req uirement t hat all fi nalized co de be stor ed within its Config uration Ma nagement T ool, this project wi ll only be providing the final code rele ases into that tool. | ||
| 93 | |||
| 94 | Purpose of the Confi guration M anagement Plan | ||
| 95 | The overal l objectiv e of this CMP is to identify C M roles an d responsi bilities, resources, and forma l processe s and proc edures to ensure tha t all deve lopment of the BTSSS software system are evaluated and appro ved before implement ation. Thi s also inc ludes the processes and proced ures for m anaging an d controll ing the de velopment, delivery, and maint enance of all softwa re and doc umentation products used for c ontrolling implement ation, eva luation, a nd auditin g of the C M processe s and Conf iguration Items (CIs ), to incl ude mainta ining a cu rrent base line confi guration o f the syst em under C onfigurati on Managem ent Contro l. This CM P also out lines the BTSSS orga nization, responsibi lities, an d requirem ents to be followed by teams p roducing o r modifyin g software within th e system. The BTSSS CMP will a id both ma nagement a nd technic al staff i n the prod uction of high-quali ty softwar e products and all t he informa tion perti nent to th e BTSSS sy stem. | ||
| 96 | Scope of t he Configu ration Man agement Pl an | ||
| 97 | The Benefi ciary Trav el Self-Se rvice Syst em (BTSSS) CMP docum ent, along with the correspond ing CM Sta ndard Oper ating Proc edure (SOP ), defines the Infor mation Sys tem’s stru cture and methods fo r: | ||
| 98 | Identifyin g, definin g, and bas e-lining C Is | ||
| 99 | Creating C I Records | ||
| 100 | Identifyin g relation ships | ||
| 101 | Controllin g modifica tions and releases o f CIs | ||
| 102 | Reporting and record ing status of CIs an d any requ ired modif ications | ||
| 103 | Ensuring c ompletenes s, consist ency, and correctnes s of CIs | ||
| 104 | Controllin g storage, handling, and deliv ery of the CIs | ||
| 105 | Structure of the Con figuration Managemen t Plan | ||
| 106 | The intend ed audienc e of the C MP are sys tem owners , Organiza tional Ser vice Lines and divis ions, faci lity chief informati on officer s, system administra tors, info rmation se curity off icers and informatio n owners, and Office of Inform ation and Technology (OIT) sta ff within these iden tified are as respons ible for t he day-to- day mainte nance of t he configu ration ite ms on the BTSSS soft ware devel opment pro ject. This includes others who have a re quirement or need to develop, change, fi x, or enha nce softwa re artifac ts on the BTSSS soft ware devel opment pro ject. | ||
| 107 | This CMP, in conjunc tion with the OIT Co nfiguratio n and Chan ge Managem ent Proces s Document s, and Ser vice, Deli very and E ngineering (SDE) Cha nge Manage ment Polic y and Stan dard Opera ting Proce dures, ide ntifies co nfiguratio n manageme nt and cha nge manage ment roles and respo nsibilitie s and syst em relatio nships. In addition, the scope includes the automa ted tools and proces ses used t o manage t he informa tion syste m baseline configura tion. | ||
| 108 | Configurat ion Manage ment Activ ities | ||
| 109 | Roles and Responsibi lities | ||
| 110 | Table 1: R oles and R esponsibil ities | ||
| 111 | Role | ||
| 112 | Responsibi lity | ||
| 113 | Program Ma nager | ||
| 114 | • Oversees the softw are config uration ma nagement p rocess. | ||
| 115 | • Ensures proper exe cution of the BTSSS Plan. | ||
| 116 | • Identify dependent projects. | ||
| 117 | Configurat ion Manage r | ||
| 118 | |||
| 119 | • Develop and mainta in Softwar e Configur ation Mana gement (SC M) Procedu res Manual and work instructio ns for eac h VA produ ct they ar e assigned . | ||
| 120 | • Educates project t eam member s in SCM “ best pract ices.” | ||
| 121 | • Accounta ble for in stituting the establ ished proc esses and reporting progress s tatistics based on c hange requ ests. | ||
| 122 | • Identifi es product baselines as necess ary of all products within the ir assigne d projects . | ||
| 123 | • Responsi ble for SC M audits a nd necessa ry status accounting related t o the prod uct. | ||
| 124 | • Maintain s artifact s followin g proper v ersion con trol proce dures. | ||
| 125 | Software C hange/Buil d Administ rator | ||
| 126 | • Develops and maint ains artif acts follo wing prope r version control pr ocedures. | ||
| 127 | • Establis hes, promo tes, and r eleases ba selines. | ||
| 128 | • Performs or valida tes interi m and fina l builds. | ||
| 129 | • Identifi es product baselines as necess ary of all products within the ir assigne d projects . | ||
| 130 | Developmen t Manager/ Technical Lead | ||
| 131 | • Prepares release p ackage, re lease arch ives and V ersion Des cription D ocuments ( VDD). | ||
| 132 | • Ensures all SCM Pr ocedures M anual and work instr uctions ar e implemen ted and fo llowed for all softw are, docum entation, and/or any other com ponents fo r which th ey are res ponsible. | ||
| 133 | • Ensures all develo pers’ work within th e specifie d SCM proc ess and re lated guid elines as specified in the SCM Procedure s Manual a nd work in structions . | ||
| 134 | Developers /System Ad ministrati on | ||
| 135 | • Develops and maint ains artif acts follo wing prope r version control pr ocedures u sing the S CM Procedu res Manual and work instructio ns. | ||
| 136 | • Maintain accurate, detailed informatio n for all assigned s tories, in the Ratio nal databa se, relate d to the a pplicable developmen t detail o f the Agil e lifecycl e. | ||
| 137 | • Provide impact ana lysis repo rting prob lems or ch anges, inc luding doc umentation of sugges ted soluti ons. | ||
| 138 | • Document ation of b uild, rele ase, and i nstallatio n instruct ions. | ||
| 139 | Software Q uality Ass urance Ana lyst/Testi ng Analyst | ||
| 140 | • Update s tories ass igned to t hem accord ing to tes t activity results. | ||
| 141 | • Determin es Pass/Fa il for eac h story sc heduled fo r a sprint release. | ||
| 142 | • Identifi es defect( s) and/or enhancemen t(s) for a ny newly d iscovered problems d uring test ing and cr eates stor ies or def ects in Ra tional. | ||
| 143 | Technical Writer | ||
| 144 | • Develops technical deliverab le documen tation to support th e software deliverab les. | ||
| 145 | • Provides editing, formatting , and grap hics suppo rt for doc umentation . | ||
| 146 | Implementa tion Team/ Operations Team | ||
| 147 | • Coordina tes the re lease and deployment of softwa re updates to the ex isting BTS SS Custome r Relation ship Manag ement (CRM ) system. | ||
| 148 | • 365 Clou d | ||
| 149 | |||
| 150 | Communicat ion | ||
| 151 | Communicat ion within the BTSSS project w ill utiliz e the feat ures withi n the Rati onal Confi guration M anagement tool that allows for tasks, wo rk items, builds, an d deployme nts to be processed through a life cycle . That cyc le progres sion is ac complished by alloca ting to ea ch activit y, task, o r decision the role that is ac countable and/or res ponsible f or it as w ell as tho se roles t o be consu lted with beforehand , or infor med afterw ard. The O IT Configu ration Man agement Pr ocess docu ment provi des a Resp onsible, A ccountable , Consulte d, and Inf ormed (RAC I) Matrix to define activities and roles . | ||
| 152 | BTSSS will utilize t his matrix to define the roles and respo nsibilitie s within t he project and will provide co mmunicatio n via dail y scrum me etings, we ekly team meetings, and variou s develope r, test an d deployme nt meeting s as neede d. | ||
| 153 | Requests f or Change (RFC)/Stor ies are en tered in t he appropr iate Chang e Manageme nt System (VA) for r eview, app roval, and implement ation by t he appropr iate Servi cing Divis ions. Chan ge Control and Advis ory Board reviews ar e required for chang es that im pose downt ime for th e system o r service or pose a risk or af fect multi ple facili ties or se rvices. I t is the r esponsibil ity of the implement ation team to notify potential ly affecte d customer s and pers onnel requ ired to pr ovide supp ort, e.g. Organizati onal Servi cing Divis ions, Netw ork Chief Informatio n Officer (NCIO), Fa cility Chi ef Informa tion Offic er (FCIO), etc. | ||
| 154 | System Con figuration Baseline | ||
| 155 | Configurat ion identi fication i s the proc ess of ide ntifying, selecting, naming, a nd classif ying the d evelopment items sub ject to ch ange contr ol. This i nvolves de fining the product s tructure a nd definin g identifi cation con ventions t o be used for baseli nes of pro ducts, doc uments, so ftware bui lds, and r eleases pa ckages. It ems are no rmally pla ced under change con trol as so on as they are insta ntiated, a s tracking the confi guration a nd new con tents and implementa tion statu s of new r equirement s going in to an init ial releas e is equal ly as impo rtant as t racking la ter change s. | ||
| 156 | Within the Rational Team Conce rt (RTC) r epository, unique id entifiers will be ap plied to p roducts an d their as sociated c ontent. T he followi ng are the types of identifier s used in accordance with the formats de fined in t he applica ble proced ure docume nts: | ||
| 157 | |||
| 158 | File versi ons - Iden tifies the version o r revision identifie r of each software i tem that c omprise th e Product at any spe cific base line. It a llows iden tification of unique items tha t make up the invent ory of a b aseline. S oftware id entificati on provide s the foun dation for traceabil ity of rel ated artif acts. The software i dentificat ion versio n number i s assigned by the ve rsion cont rol automa ted tool a nd control led in the developme nt reposit ory. The V DD lists a ll softwar e, its ver sion, and related ch ange docum ent number s. | ||
| 159 | Change rec ords– Iden tifies a s et of work product v ersions cr eated to r esolve a s pecific Ch ange Reque st. The id entifier i s created, controlle d, and tra cked by th e Change M anagement System. | ||
| 160 | Baseline – Identifie s a set of specifica tions or w ork produc ts that ha s been for mally revi ewed and a greed upon , which se rves as th e basis fo r further developmen t, and whi ch can be changed on ly through change co ntrol proc edures. | ||
| 161 | Build – Id entifies a set of so lution fil e versions used to b uild and a ssemble de ployable p ackages. | ||
| 162 | Release Pa ckage – Id entifies a set of de ployable f ile versio ns and del iverable d ocument ve rsions tha t constitu te a compl ete releas e package. | ||
| 163 | Release Ca ndidate – Identifies the distr ibution of the basel ine or app lication m odificatio ns to the baseline t hat is bei ng staged for produc tion befor e it becom e a Produc t Release. | ||
| 164 | For the BT SSS progra m all proj ect relate d document s will be managed an d controll ed in the Rational T eam Concer t designat ed reposit ory for th at type of document. All proj ect docume ntation mu st adhere to VA poli cy on prot ection of VA securit y and VA a rchitectur e content, desensiti zation of patient da ta content , Freedom of Informa tion Act ( FOIA) cont ent redact ion restri ctions, 50 8 accessib ility stan dards, and documenta tion stand ards where applicabl e. | ||
| 165 | Product Ar tifacts ar e those th at change along with the devel oped produ ct and mos t likely, will exper ience chan ge over ti me and thu s require baselining and Chang e Manageme nt. They a lso typica lly repres ent specif ic configu rations an d criteria required by the dev eloped rel ease of th e product to which t hey are as sociated w ith and th us should be package d and migr ated throu gh the sam e series o f life cyc les stages as all ot her baseli ned artifa cts within the devel opment env ironment a rchitectur e and util ities. | ||
| 166 | Configurat ion Contro l Process (CCP) | ||
| 167 | OIT and SD E have est ablished p rocess and procedure s that dic tate the c onfigurati on change control fo r all hard ware and s oftware co nfiguratio n items. A VA tool i s used for requestin g, approvi ng, implem enting, mo nitoring, and tracki ng, auditi ng and clo sing chang e orders a ffecting c onfigurati on items u nder chang e and conf iguration control. | ||
| 168 | Step 1: Es tablish Sy stem Confi guration B aseline | ||
| 169 | Step 2: Re view backl og, identi fy changes , and crea te change story | ||
| 170 | Step 3: Id entify cha nge storie s and plan Sprint | ||
| 171 | Step 4: Pe rform conf iguration changes | ||
| 172 | Step 5: Pe rform Secu rity and O perational Impact An alysis | ||
| 173 | Step 6: Im plement co nfiguratio n changes | ||
| 174 | Step 7: Ve rify Imple mented cha nges are s uccessful and did no t introduc e addition al issues/ incidents into the e nvironment . | ||
| 175 | Step 8: Pe rform Conf iguration Status Acc ounting | ||
| 176 | Step 9: Co nduct Retr ospective which incl udes Confi guration V erificatio n and Audi t. | ||
| 177 | All produc t assets a re expecte d to be ma naged suff iciently t o provide a stable, traceable, dependabl e, and sec ured devel opment, te st, and, p roduction environmen t within V A and for VA informa tion asset s managed outside th e VA for t he purpose s of condu cting busi ness with or on beha lf of the VA. Config uration it ems in the scope of this docum ent are de fined as a ny object (software, hardware, data, doc umentation , environm ent config urations, etc.) that may exper ience chan ge over ti me. | ||
| 178 | The act of creating any softwa re deliver able impli es that ob jects will be create d and modi fied in th e design a nd develop ment proce ss, which by definit ion become CIs along with the environmen ts and doc umentation developed to suppor t them. Af ter develo pment is c omplete, t esting for validatio n and cert ification is require d. This ca n only be accomplish ed accurat ely if the integrity of the so ftware del iverable c an be main tained thr ough forma l change c ontrol. | ||
| 179 | Formal cha nge contro l involves the manag ement of c hanges and versions to the CIs that are introduced to the ba seline. Ch ange contr ol will al so apply t o product migration beyond dev elopment, to the var ious phase s of testi ng and cer tification , and unti l it is re leased int o a produc tion envir onment. | ||
| 180 | There are at least t wo levels of change control th at this do cument is addressing . The cha nge contro l that tak es place d uring the Software D evelopment Life Cycl e (SDLC) i s managed with the S CM change management processes and proce dures and the Operat ions chang e control is managed by OIT Ch ange Manag ement proc esses and procedures . The han doff betwe en softwar e developm ent and OI T will be handled by assigned staff from both depa rtments th at the SCM Manager w ill coordi nate. | ||
| 181 | The comple xity invol ved in the Change Co ntrol proc ess requir es the imp lementatio n of forma l processe s and proc edures to be documen ted in det ail for ea ch VA prod uct in the SCM. Proc edure Manu al(s) and work instr uctions. T hese docum ents provi de objecti ves, requi rements, a nd step-by -step inst ruction on the perfo rmance of Change Con trol activ ities with in the SCM Environme nt for eac h VA Produ ct. The do cument wil l also pro vide secti ons with i nformation on key pr ocess area s such as: | ||
| 182 | The organi zation of personnel and the di vision of tasks for the VA tea m members. | ||
| 183 | Decision c riteria an d escalati on require ments spec ific to ea ch level o f change r equest rev iew. | ||
| 184 | The overal l Change M anagement Process de scription and flow. | ||
| 185 | The descri ption of t he change control to ols and ho w the team will use them | ||
| 186 | Configurat ion Manage ment Resou rces | ||
| 187 | The Change Managemen t Systems (CMS) is t he automat ed mechani sm that is used for tracking p roposed ch anges to c onfigurati on items. Change ord ers are en tered into the syste m and work orders as signed to the approp riate grou ps for rev iew, appro val, imple mentation, configura tion statu s accounti ng and con figuration verificat ion. Chang es are tim e stamped to provide a timelin e and revi ewed per l ocal proce ss and pro cedures to ensure th at changes are proce ssed corre ctly and a re impleme nted to me et establi shed requi rements. C hanges are not imple mented wit hout appro val per OI T and SDE Change Man agement Po licy and p rocedures. | ||
| 188 | Each area of the org anization managing c hanges has a Change and Config uration Ma nagement D ivision th at is resp onsible of ensuring that appro priate con trol is pu t in place to manage the confi guration i tems per V A Handbook 6500 Conf iguration Management controls. | ||
| 189 | The VA uti lizes the Rational T eam Concer t tools to manage al l requirem ents, conf iguration items, tas ks, activi ties, buil ds and tes ting. This all-encom passing to ol provide s project staff and VA managem ent the ab ility to t rack any f ile, task, requireme nt or test ing throug h the vari ous stages of concep tion to de livery. | ||
| 190 | APPENDIX A : CONFIGUR ATION MANA GEMENT PLA N APPROVAL | ||
| 191 | |||
| 192 | The unders igned ackn owledge th at they ha ve reviewe d the BTSS S Configur ation Mana gement Pla n and agre e with the informati on present ed within this docum ent. Chang es to this Configura tion Manag ement Plan will be c oordinated with, and approved by, the un dersigned, or their designated represent atives. | ||
| 193 | |||
| 194 | __________ __________ __________ __________ __________ __________ __________ ________ | ||
| 195 | Signature: Date: | ||
| 196 | Print Name : | ||
| 197 | Title: | ||
| 198 | Role: | ||
| 199 | |||
| 200 | __________ __________ __________ __________ __________ __________ __________ ________ | ||
| 201 | Signature: Date: | ||
| 202 | Title: | ||
| 203 | Role: | ||
| 204 | |||
| 205 | __________ __________ __________ __________ __________ __________ __________ ________ | ||
| 206 | Signature: Date: | ||
| 207 | Print Name : | ||
| 208 | Title: | ||
| 209 | Role: | ||
| 210 | |||
| 211 | Appendix B : Referenc es | ||
| 212 | The follow ing table summarizes the docum ents refer enced in t his docume nt. | ||
| 213 | |||
| 214 | Document N ame | ||
| 215 | Descriptio n | ||
| 216 | Location | ||
| 217 | VA Directi ve 6500 | ||
| 218 | Managing I nformation Security Risk: VA I nformation Security Program | ||
| 219 | https://UR L.DNS/ | ||
| 220 | |||
| 221 | VA Handboo k 6500 | ||
| 222 | Risk Manag ement Fram ework for VA Informa tion Syste ms – Tier 3: VA Info rmation Se curity Pro gram | ||
| 223 | https://UR L.DNS/ | ||
| 224 | OIT Config uration Ma nagement P rocess | ||
| 225 | OIT Config uration Ma nagement P roPath def ined proce ss and sup porting do cument | ||
| 226 | https://UR L.DNS/ | ||
| 227 | OIT Change Managemen t Process Document | ||
| 228 | OIT Change Managemen t ProPath defined pr ocess and supporting document | ||
| 229 | https://UR L.DNS/ | ||
| 230 | SDE Change Managemen t SOP | ||
| 231 | SDE Change Managemen t Standard Operation Procedure | ||
| 232 | https://UR L.DNS/ | ||
| 233 | Master Tes t Plan | ||
| 234 | Master Tes t Plan Tem plate | ||
| 235 | https://wa rriortechn ology.shar epoint.com /sites/bts ss/Shared% 20Document s/Forms/Al lItems.asp x?id=%2Fsi tes%2Fbtss s%2FShared %20Documen ts%2FData% 20Library% 2FProject% 20Docs%2FM TP | ||
| 236 | |||
| 237 | Appendix C : Key Term s | ||
| 238 | The follow ing table provides d efinitions and expla nations fo r terms an d acronyms relevant to the con tent prese nted withi n this doc ument. | ||
| 239 | Term | ||
| 240 | Definition | ||
| 241 | ALM | ||
| 242 | Agile Life cycle Mana gement | ||
| 243 | CAB | ||
| 244 | Change Adv isory Boar d | ||
| 245 | CCB | ||
| 246 | Change Con trol Board | ||
| 247 | CCP | ||
| 248 | Configurat ion Contro l Process | ||
| 249 | CI | ||
| 250 | Configurat ion Item | ||
| 251 | CM | ||
| 252 | Configurat ion Manage ment | ||
| 253 | CMS | ||
| 254 | Change Man agement Sy stems | ||
| 255 | CMDB | ||
| 256 | Configurat ion Manage ment Datab ase | ||
| 257 | CMP | ||
| 258 | Configurat ion Manage ment Plan | ||
| 259 | COR | ||
| 260 | Contractin g Officer Representa tive | ||
| 261 | CRM | ||
| 262 | Customer R elationshi p Manageme nt | ||
| 263 | DNS | ||
| 264 | Domain Nam e Service | ||
| 265 | FCIO | ||
| 266 | Facility C hief Infor mation Off icer | ||
| 267 | FOIA | ||
| 268 | Freedom of Informati on Act | ||
| 269 | IT | ||
| 270 | Informatio n Technolo gy | ||
| 271 | OIT | ||
| 272 | Office of Informatio n & Techno logy | ||
| 273 | OS | ||
| 274 | Operating System | ||
| 275 | POC | ||
| 276 | Point of C ontact | ||
| 277 | RACI | ||
| 278 | Responsibl e, Account able, Cons ulted, and Informed | ||
| 279 | RFC | ||
| 280 | Request fo r Change | ||
| 281 | SCM | ||
| 282 | Software C onfigurati on Managem ent | ||
| 283 | SDE | ||
| 284 | Service De livery and Engineeri ng | ||
| 285 | SOP | ||
| 286 | Standard O perating P rocedure | ||
| 287 | VA | ||
| 288 | Veterans A ffairs | ||
| 289 | VDD | ||
| 290 | Version De scription Documents | ||
| 291 | VIP | ||
| 292 | Veteran In formation Portal | ||
| 293 | VISN | ||
| 294 | Veterans I ntegrated Service Ne twork | ||
| 295 | Appendix D : Suggeste d Configur ation Item s Data Ele ments | ||
| 296 | Suggested standard d ata elemen ts (Data T ype and CI Type) and what type of data w ould be co llected an d how it w ould be us ed. | ||
| 297 | Field Name | ||
| 298 | Data Type | ||
| 299 | CI Type | ||
| 300 | Descriptio n | ||
| 301 | Resource N ame | ||
| 302 | Indexed Te xt | ||
| 303 | Hardware / Software / Service / Document | ||
| 304 | A unique n ame of the Configura tion Item (CI). A n ame that r epresents the Resour ce and is easy to id entify wha t it is; a key searc h field wi thin the C onfigurati on Managem ent Databa se (CMDB). | ||
| 305 | DNS Name | ||
| 306 | Indexed Te xt | ||
| 307 | Hardware | ||
| 308 | The name o f the CI a s identifi ed within your Domai n Name Ser vice (DNS) ; this hel ps with as sociation of service s or serve rs to a CI . | ||
| 309 | Status | ||
| 310 | Lookup Tab le | ||
| 311 | Hardware / Software / Service / Document | ||
| 312 | The curren t status o f the CI. For exampl e: when fi rst added to the CMD B, the CI may be in a status o f Register ed, then l ater it ma y be Accep ted. This identifies how the r ecord move s through the status /lifecycle ; if a cha nge is bei ng perform ed on the CI the sta tus would be changed to Change in Progre ss, thus i dentifying CI’s that are curre ntly under going some form of a change. | ||
| 313 | Descriptio n | ||
| 314 | Free Text Multiple L ines | ||
| 315 | Hardware / Software / Service / Document | ||
| 316 | A short de scription that will provide ad ditional f eedback to the end u ser when l ooking up the CI. | ||
| 317 | CI Type | ||
| 318 | Lookup Tab le | ||
| 319 | Hardware / Software / Service / Document | ||
| 320 | This is th e type tha t the CI b elongs to. See list of suggest ed family types. | ||
| 321 | Asset Clas s | ||
| 322 | Lookup Tab le | ||
| 323 | Hardware / Software / Service / Document | ||
| 324 | This is th e classifi cation of the config uration it em; it is related to the famil y, but is a more spe cific clas sification of an ass et. This i s the sub- type that the CI bel ongs to; i t is used to group c ommon type s on confi guration i tems. An e xample wou ld be “Lap top”; the “Laptop” C lass is wi thin the h ardware Ty pe. | ||
| 325 | Comments | ||
| 326 | Free Text Multiple L ines | ||
| 327 | Hardware / Software / Service / Document | ||
| 328 | Comments r egarding t he specifi c CI; note s that nee d to be pa rt of the record his tory but a re not wit hin the De scription of the CI. | ||
| 329 | COR | ||
| 330 | Contact Ta ble Lookup | ||
| 331 | Hardware / Software / Service | ||
| 332 | Contractin g Officer Representa tive (COR) associate d with thi s particul ar purchas e or CI. | ||
| 333 | Customer N ame | ||
| 334 | Contact Ta ble Lookup | ||
| 335 | Hardware / Software / Service / Document | ||
| 336 | Name of th e Customer point of contact fo r issues w ith the CI . This per son or gro up is the primary fo cus point when issue s or chang es are rel ated to th e CI. | ||
| 337 | Customer O rganizatio n | ||
| 338 | Lookup Tab le | ||
| 339 | Hardware / Software / Service / Document | ||
| 340 | Name of th e Organiza tion that the custom er belongs to. Provi des report ing inform ation abou t what CI’ s are asso ciated to a specific organizat ion. | ||
| 341 | Deployed D ate | ||
| 342 | Date | ||
| 343 | Hardware / Software / Service / Document | ||
| 344 | The date t hat a serv ice, syste m, etc. wa s deployed to the pr oduction e nvironment . | ||
| 345 | Financial Reference | ||
| 346 | Free Text | ||
| 347 | Hardware / Software | ||
| 348 | A Purchase Order tha t was used to obtain the hardw are or sof tware. It is useful when looki ng up othe r informat ion that m ay be foun d in relat ed databas es like th e Asset Ma nagement s ystem. | ||
| 349 | Function | ||
| 350 | Lookup Tab le | ||
| 351 | Hardware | ||
| 352 | The functi on or purp ose that t he hardwar e Configur ation Item serves. | ||
| 353 | Host Name | ||
| 354 | Free Text | ||
| 355 | Hardware | ||
| 356 | In some ca ses, like UNIX, ther e is a pur pose to id entify the host name ; this is on the sam e as DNS N ame. | ||
| 357 | License Co unt | ||
| 358 | Numeric | ||
| 359 | Software | ||
| 360 | A number o f copies t hat a part icular lic ense allow s the owne r to distr ibute. It can be use d to deter mine if ad ditional s oftware li censes are needed or if there are too ma ny license s unused. | ||
| 361 | Type of Li censes | ||
| 362 | Lookup Tab le | ||
| 363 | Software | ||
| 364 | The type o f license that has b een procur ed, perpet ual or rec urring. | ||
| 365 | License Ke y Maintain ed By | ||
| 366 | Contact ta ble Lookup | ||
| 367 | Software | ||
| 368 | Who mainta ins the So ftware Lic ense Key t hat is use d to insta ll the sof tware? | ||
| 369 | Lifecycle Date | ||
| 370 | Date | ||
| 371 | Hardware / Software / Service | ||
| 372 | This is a date in th e future d erived fro m the inst all date a nd Informa tion Techn ology (IT) equipment life expe ctancy. | ||
| 373 | Location | ||
| 374 | Lookup Tab le | ||
| 375 | Hardware / Software / Service / Document | ||
| 376 | The locati on where t his partic ular CI is hosted or installed . More spe cific loca tion field s may be n eeded, suc h as room, floor, an d rack as part of th e physical location. | ||
| 377 | Maintenanc e Organiza tion | ||
| 378 | Lookup Tab le | ||
| 379 | Hardware / Software / Service | ||
| 380 | Name of th e Organiza tion that has Mainte nance resp onsibility over the CI; normal ly found w ithin the Operations and Maint enance (O& M) Plan. | ||
| 381 | Maintenanc e Vendor | ||
| 382 | Lookup Tab le | ||
| 383 | Hardware / Software / Service | ||
| 384 | The vendor that woul d support the Mainte nance Orga nization w ith a Warr anty or ot her type o f maintena nce agreem ent. | ||
| 385 | Manufactur er | ||
| 386 | Lookup Tab le | ||
| 387 | Hardware / Software | ||
| 388 | Manufactur er of the CI being e ntered int o the CMDB . Name use d for repo rting main tenance co ntracts or other dat a related to a speci fic manufa cturer. | ||
| 389 | Model | ||
| 390 | Lookup Tab le | ||
| 391 | Hardware / Software | ||
| 392 | The manufa cturer’s m odel name for the de vice. Rel ates to th e manufact urer; used for repor ting and f or mainten ance contr acts. | ||
| 393 | Version Nu mber | ||
| 394 | Free Text | ||
| 395 | Software / Document | ||
| 396 | Version Nu mber of so ftware or documents. This pro vides a ba seline as to what ve rsion of s oftware is installed /authorize d in produ ction or t he version of a docu ment that was approv ed and pub lished. No version c hanges unl ess there is a chang e process for it. | ||
| 397 | Maintenanc e Window | ||
| 398 | Free Text | ||
| 399 | Hardware / Software / Service | ||
| 400 | Maintenanc e windows are establ ished base d on Servi ce Level A greements (SLA’s) or other agr eements fo r specific services that are a vailable t o the end user. The Maintenanc e windows that are a ssociated with the C I’s should clearly s tate if th ey are rec urring mai ntenance w indows, th e days of the week t hat they a re availab le, and th e hours of the day t hat they c an be used . Example: Recurring - Monday – Friday 7 to 11 PM Contact (n ame or rol e of the p erson that should be contacted to valida te/verify the mainte nance wind ow). | ||
| 401 | Operating System | ||
| 402 | Look Up Ta ble | ||
| 403 | Hardware / Software | ||
| 404 | Identifies the Opera ting Syste m (OS) run ning on th e server, virtual ma chine, lap tops or wo rkstations . It is us ed for pat ching, SA assignment , reportin g purposes , licensin g, etc. N OTE: If th is informa tion is av ailable fr om other t ools that can report this info rmation an d is not n eeded as p art of int ernal repo rting or l inked to o ther field s that are not part of the ext ernal data source, t hen this f ield could be left o ut. | ||
| 405 | Published Date | ||
| 406 | Date | ||
| 407 | Document | ||
| 408 | The date t hat a docu ment was p ublished f or general consumpti on. | ||
| 409 | Region | ||
| 410 | Lookup Tab le | ||
| 411 | Hardware / Software / Service / Document | ||
| 412 | OIT is bro ken out in to differe nt regiona l areas. M ost have t heir own p rocesses a nd procedu res or hav e equipmen t and soft ware that is regiona lized. If the CMDB h olds cross -regional CI’s these should be identifie d for repo rting purp oses; othe rwise, the Organizat ional fiel d should p rovide the needed fe edback. | ||
| 413 | Relationsh ips | ||
| 414 | Lookup Tab le | ||
| 415 | Hardware / Software / Service / Document | ||
| 416 | Field is a one-to-ma ny relatio nship used to identi fy a relat ionship be tween 2 or more CI’s and the t ype of rel ationship that the C I has. Thi s relation ship could be with c ontacts, o ther hardw are, softw are, servi ces or doc ument CI’s . An examp le of type s of relat ionships a re listed below: | ||
| 417 | Changes Ap proved By | ||
| 418 | Connects T o | ||
| 419 | Is Documen ted By | ||
| 420 | Runs/Runs On | ||
| 421 | Renewal Da te | ||
| 422 | Date | ||
| 423 | Hardware / Software | ||
| 424 | A renewal date is us ed to esta blish when a particu lar CI’s m aintenance agreement will expi re and wou ld require renewal t o continue with the service. | ||
| 425 | Cost of Ma intenance Agreement | ||
| 426 | Numbers | ||
| 427 | Hardware / Software | ||
| 428 | Recurring cost of ma intenance agreements purchased under the contract. | ||
| 429 | Responsibl e Organiza tion | ||
| 430 | Lookup Tab le | ||
| 431 | Hardware / Software / Service / Document | ||
| 432 | The Organi zation tha t has resp onsibility over the CI. It may be the sa me as main tenance or customer organizati on or a di fferent on e. | ||
| 433 | Responsibl e Owner | ||
| 434 | Contact Lo okup Table | ||
| 435 | Hardware / Software / Service / Document | ||
| 436 | A primary point of c ontact who has been identified as the Po int of Con tact (POC) for the R esponsible Organizat ion. | ||
| 437 | Responsibl e Vendor | ||
| 438 | Lookup Tab le | ||
| 439 | Hardware / Software | ||
| 440 | The Respon sible Vend or for a p articular CI may be the same a s Maintena nce Vendor or may be a differe nt vendor if mainten ance is su b-contract ed out by the Primar y Responsi ble Vendor . | ||
| 441 | Secondary Contact | ||
| 442 | Contact Lo okup Table | ||
| 443 | Hardware / Software / Service / Document | ||
| 444 | This would be an alt ernate Poi nt of Cont act that c ould be co ntacted in the absen ce of the Primary PO C, | ||
| 445 | Serial Num ber | ||
| 446 | Alpha-Nume ric Free T ext | ||
| 447 | Hardware | ||
| 448 | Serial Num bers are u nique iden tification elements that are d irectly re lated to a sset manag ement; but by includ ing it wit hin your C MDB you co uld link t o other da tabases th at track t heir CI’s by Serial Number. | ||
| 449 | Service Li ne | ||
| 450 | Lookup Tab le | ||
| 451 | Hardware / Software / Service / Document | ||
| 452 | Support is broken do wn by Serv ice Lines within OIT Field Ope rations, p roviding a Service L ine associ ated to th e CI would expedite maintenanc e issues a nd provide reporting capabilit ies on the type and number of CI’s being maintaine d by a par ticular se rvice line . | ||
| 453 | Service Li ne Team/Di vision | ||
| 454 | Lookup Tab le | ||
| 455 | Hardware / Software / Service / Document | ||
| 456 | As Service Lines are stood up, so are th e Service Line Teams /Divisions that supp ort the se rvice line and have a more def ined scope of their responsibi lities. Ca pturing th is type of informati on would p rovide you with the same infor mation as Service Li ne would b ut allow y ou to brea k it down by the Ser vice Line Team Divis ion. | ||
| 457 | Source Sup plier | ||
| 458 | Lookup Tab le | ||
| 459 | Hardware | ||
| 460 | Used for h ardware su pport, thi s is the v endor that purchased the equip ment from the manufa cturer. It is receiv ed obtaine d from the Purchase Order Cont ract. | ||
| 461 | Created By | ||
| 462 | System Con tact Field | ||
| 463 | Hardware / Software / Service / Document | ||
| 464 | This is an audit fie ld; it cap tures the name of th e person t hat create d the reco rd. This s hould be a system fi eld and ca ptured bas ed on who was logged in during the creat ion of the record. | ||
| 465 | Created Da te | ||
| 466 | System Dat e Field | ||
| 467 | Hardware / Software / Service / Document | ||
| 468 | Initial da te of crea tion of th e Configur ation Item Record. | ||
| 469 | Modified B y | ||
| 470 | System Con tact Field | ||
| 471 | Hardware / Software / Service / Document | ||
| 472 | This is an audit fie ld; the pe rson who l ast edited the recor d would be listed. T his should be a syst em field a nd capture d based on who was l ogged in d uring the modificati on. | ||
| 473 | Modified D ate | ||
| 474 | System Dat e Field | ||
| 475 | Hardware / Software / Service / Document | ||
| 476 | Date the C onfigurati on Item Re cord was l ast modifi ed. | ||
| 477 | |||
| 478 | Appendix E : [Facilit y] Current Configura tion Basel ine Report | ||
| 479 | |||
| 480 | The follow ing table details th e Hardware /Software and Servic es associa ted with t he system under this CMP. | ||
| 481 | |||
| 482 | |||
| 483 | Appendix F : Configur ation Item s (CI) Sho wing Syste m Boundari es | ||
| 484 | |||
| 485 | |||
| 486 | |||
| 487 | Appendix G : Change O rder Appro val Checkl ist | ||
| 488 | |||
| 489 | Reviewer a nd Approve r must be different (the perso n putting together t he plan, a nd the per son approv ing the pl an) | ||
| 490 | Correct lo cation ent ered? | ||
| 491 | Change Ord er descrip tion conta ins requir ed informa tion | ||
| 492 | What is be ing done? | ||
| 493 | The busine ss case fo r doing it . | ||
| 494 | What is th e impact o f the chan ge (what s ervices wi ll be impa cted and w hat will t he impact most likel y be)? | ||
| 495 | What else may be imp acted? | ||
| 496 | What will occur if w e don’t do the chang e? | ||
| 497 | The implem entation p lan should be attach ed, never be pasted, into the descriptio n. | ||
| 498 | Were the c ustomers/s takeholder s notified as per th e Change A dvisory Bo ard (CAB) process? | ||
| 499 | CAB notifi cation in the ticket . | ||
| 500 | Facility O IT respons e or ignor e entered as a log c omment. | ||
| 501 | Is the imp lementatio n plan att ached? | ||
| 502 | Is the Not ification and Escala tion secti on complet e? | ||
| 503 | Does the i mplementat ion plan p rovide suf ficient de tail so th at a peer who is unf amiliar wi th the par ticular fa cility whe re the imp lementatio n is takin g place co uld execut e the plan ? | ||
| 504 | Does the i mplementat ion plan i nclude a t est plan t hat contai ns checkpo ints for v erificatio n, coordin ation, or implementi ng back-ou t? | ||
| 505 | Are verifi cation ste ps (Test P lan) inclu ded? | ||
| 506 | Do the ver ification steps ensu re the cus tomers are functioni ng and not just the item modif ied is wor king? | ||
| 507 | Is the bac k-out plan attached? | ||
| 508 | Is the not ification plan inclu ded? | ||
| 509 | Are verifi cation ste ps include d? | ||
| 510 | Do the ver ification steps ensu re the cus tomers are functioni ng, the se rvices imp acted are operationa l, and not just the item modif ied is wor king? | ||
| 511 | Is the nee d by date realistic? | ||
| 512 | Is there a n implemen tation dat e/time pri or to the need by da te? | ||
| 513 | |||
| 514 | If everyth ing is acc urate and all docume ntation at tached, ch ange Statu s to Appro ved and/or escalate to next le vel Change Control B oard (CCB) if this i s a signif icant chan ge/downtim e required . | ||
| 515 | |||
| 516 | |||
| 517 | Appendix H : Change O rder Imple mentation Plan Templ ate | ||
| 518 | Local faci lity Notif ication an d Escalati on Contact s | ||
| 519 | Name/Role | ||
| 520 | Business | ||
| 521 | After-hour s | ||
| 522 | PII , FCIO | ||
| 523 | 333-345-67 89 | ||
| 524 | 333-987-65 43 | ||
| 525 | |||
| 526 | |||
| 527 | |||
| 528 | VISN/Servi ce Line No tification and Escal ation Cont acts | ||
| 529 | Name/Role | ||
| 530 | Business | ||
| 531 | After-hour s | ||
| 532 | |||
| 533 | |||
| 534 | |||
| 535 | Any pre-im plementati on work th at will be required | ||
| 536 | |||
| 537 | Step-by-st ep guidanc e for what needs to be done in cluding ti me estimat es, escala tion and c oordinatio n points | ||
| 538 | |||
| 539 | Identifica tion of ar eas that m ight cause problems | ||
| 540 | |||
| 541 | Identifica tion of ro ll-back po ints and/o r criteria for initi ating the Back-out p lan | ||
| 542 | |||
| 543 | Test/valid ation step s for the verificati on phase – include v alidation that custo mers are f unctioning and not j ust the it em modifie d (See Mas ter Test P lan Templa te) | ||
| 544 | |||
| 545 | |||
| 546 | |||
| 547 | |||
| 548 | Appendix I : Business Case Just ification | ||
| 549 | |||
| 550 | Please pro vide a det ailed desc ription of this chan ge. | ||
| 551 | |||
| 552 | List the r equirement s needed f or the cha nge (i.e., servers, switches, software, etc.). | ||
| 553 | |||
| 554 | Describe t he effect the change may have upon the e nd user, b usiness op eration, a nd infrast ructure, i f known. | ||
| 555 | |||
| 556 | Describe t he impact on and the availabil ity to oth er service s that run on the sa me infrast ructure (o r on softw are develo pment proj ects). | ||
| 557 | |||
| 558 | Describe t he effect of not imp lementing the change . | ||
| 559 | |||
| 560 | Estimate t he IT, bus iness, and other res ources req uired to i mplement t he change, including the likel y costs, t he number and availa bility of people req uired, the elapsed t ime, and a ny new inf rastructur e elements required. | ||
| 561 | |||
| 562 | Estimate a ny additio nal ongoin g resource s required if the ch ange is im plemented. | ||
| 563 | |||
| 564 | Document d owntime pr ocedures. | ||
| 565 | |||
| 566 | |||
| 567 | Document c ommunicati on procedu res (i.e., who needs to be not ified in t he event o f schedule d/unschedu led downti me and how to notify this pers on). | ||
| 568 | |||
| 569 | |||
| 570 | |||
| 571 | Appendix J : Change M anagement Back-Out P lan Templa te | ||
| 572 | Change Ord er | ||
| 573 | Affected S ystems | ||
| 574 | |||
| 575 | |||
| 576 | Estimated time-frame s for rest oring serv ice | ||
| 577 | |||
| 578 | Any pre-im plementati on work th at will be required | ||
| 579 | |||
| 580 | Step-by-st ep guidanc e to resto re service to the pr e-change s tate | ||
| 581 | |||
| 582 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.