PMBOK, CMMI and Agile Processes Tailored to the Program & Project

PORTFOLIO MANAGEMENT - Defined standards, processes, tools and techniques that are used to select, instantiate and manage the projects in the portfolio. We take the DevSecOps approach to Program & Portfolio Management.

DEVELOPMENT (Dev)

Development is the project workflow that creates or modifies software used by the client. The PMO establishes Project Management Templates to facilitate the management of Agile and Waterfall project methodologies. The development cycle has five (5) continuous processes:

• Plan includes analysis of scope (Envisioning), development of a Project Management Plan (PMP), release schedule, resource management, cost estimates, communications planning, and standards for progress reporting.

• Develop is the phase where the software is created or modified using development methodologies specified during the planning phase.

• Build creates a release for testing and once approved for release

• Test verifies that features and fixes selected release are fully functional and ready to deploy

• Release is the process of preparing a build and securely transferring software to operations for deployment

SECURITY (Sec)

The addition of Security to the DevOps model applies the standard practices prescribed NIST including Risk Assessment, Threat Assessment & Modeling and, the implementation of standard Security Policies & Procedures based on NIST Sp800-53which are enforced for all projects and operations in the program portfolio.

• Threat Modeling identifies potential internal and external threats

• Secure Coding ensures that the developing software does not include know exploits

• Security as Code provides secure coding guidelines include periodic scans of the developing software to identify and mitigate vulnerabilities in open source, new code, and development frameworks.

• Application Security Testing employs automated tools to identify security issues prior to code release.

  • Static Testing (SAST) - SAST analyzes code for security vulnerabilities before it is compiled thereby enabling early identification and mitigation of security issues.

  • Dynamic Testing (DAST) - DAST analyzes web applications from the front-end to identify vulnerabilities in a release that must be closed prior to deployment.

• Penetration Testing assigns a security professional to attempt manual penetration of the website before release and deployment.

• Digital Signing insures that the release is formally approved for release.

Operational Security includes:

• Secure Transfer from development to operations

• Security Configuration of the development, test/stage, and production environments

• Security Vulnerability Scanning

• Patching of infrastructure and COTS software to manage security vulnerabilities

• Security Audits performed on a recurring basis to verify that processes are rigorously followed

• Security Monitoring both automated and manual

• Security Analysis to identify new and recurring issues for remediation by Dev, Ops or Sec.

OPERATIONS (Ops)

Recurring process in Operations includes:

• Deploy the software release on Test/Stage and Production environments.

• Operate of systems

• Monitor includes performance, log file reviews, and defect and issue tracking

• Feedback closes the loop back to Dev with issues and defects for remediation

PROJECT MANAGEMENT

The A-Squared Project Manager is responsible for formalizing and tailoring the processes and procedures used throughout a specific project. We prepare a Project Management Plan (PMP) to establish governance processes for the project. The processes enable us to manage scope, schedule, resources and budget. The PMP describes the activites and artifacts followign will

Inception

The Inception Phase establishes the business objectives and requirements for the project. This involves interaction with project sponsors and stakeholders to align business requirements with organizational mission, goals and objectives, and the functional and technical requirements requried to support mission, goals and objectives.

Analysis & Planning

Analysis & Planning aligns the project scope in terms of Resources, Schedule. and Budget with the business requirements of the project. The Project Management Plan is instantiated during the Analysis and Planning Phase. It defines the Management Approach, Roles & Responsibilities, Controls & Monitoring, Technical & Management Reviews, and other management processes that will be employed throughout the project.

Management Approach

The Management Approach is determined by the methodology used to create the final products. We provide project management for traditional waterfall projects, SAFe Agile, Agile, and Hybrid methodologies. The approach defines the structure of the project, the processes used for project execution, and the measures and controls that determine success.

Roles & Responsibilities

The Roles & Responsibilities of the members of the project team are defined in the Mangement Plan. Botht the Client's personnel and project personnel are identified along with their project specific responsibilities.

Communications Management

The Communications Management Plan defines the tools and techniques for managing the flow of information and approval responsibilities of client and project personnel.

Review & Reporting

The Review & Reporting Plan identifies the lines of communication and approval authorities for project initiation, status reporting, designs, specifications, product releases, and documentation. A standard format for reporting project status to the PMO and the Client is defined for each project.

Project Monitoring & Control

Both the client's and contractor's Project Managers are responsible for monitoring a project to ensure that activities and tasks are completed on schedule and within budget. The tools and techniques used for monitoring and controlling the completion of project related tasks is specific to the project type.

Risk & Issues Management

Risk & Issues Management standards and processes are defined for the Program. A Risk & Issues Management Plan is instantiated for each project with tailoring for the project methodology. The plan defines the approach to identifying, prioritizing, assigning responsibilities, tracking, and resolving issues identified throughout the project.

Change & Scope Management

Change Control ensures that scope is managed and the customer is aware of the budget and schedule impacts of changes. Changes to the contractual constraints on scope and related budget, resources and schedule, and changes to baseline IT infrastructure and systems requirements are managed using the processes and procedures defined in the Change and Scope Management Plan.

Enterprise software implementation employs a waterfall-like process.

ENVISION

Project planning is conducted with the Client's implementation team to finalize goals, approach, communications, staffing, milestones, timeline, and budget

PLAN & DESIGN

We facilitate workshops specific to the software product to understand business processes that will be initially supported and future vision for growth. Based the information gathered, we recommend configuration options and enterprise system integrations.

CONFIGURE & INTEGRATE

Together the client and the IT infrastructure team, our implementation consultants instantiates the environments needed. Normally, we recommend Development/Test, Staging, and Production environments. The implementation team configures the system and develops technical integrations. Data is migrated from legacy systems and recurring data feeds to and from other enterprise systems are implemented.

TEST & VALIDATE

User Acceptance Testing of the configured system is performed in the Staging environment. Our team assists in resolving issues prior to go-live. The Client Testing Team is trained and knowledge transfer provided to ensure successful testing, validation, and issues resolution.

TRAIN & DEPLOY

During the Train & Deploy phase, the Production environment is configured, production data is imported, and a system cutover is made.

When appropriate, custom training is developed using the ADDIE Process.

The client's system administrators, key stakeholders, and help desk personnel are trained to support and use the system. Support is then transitioned to the help desk, vendor support, and operations.

ADDIE Process Centric Learning Development

A-Squared Systems LLC develops training programs with the objective of promoting systematic relevant acquisition of knowledge and skills. We follow an iterative ADDIE process to define and meet organizational, job and process related training needs. Continuous Evaluation ensures training stays relevant.

ANALYSIS

Our Project Manager and Analysts identify stakeholders and the unique training needs as defined by the roles and responsibilities of stakeholders and business owners. We perform a Job and Task Analysis to identify training tasks.

DESIGN

Training Objectives specific to job responsibilities, processes, tools, and tasks are defined and allocated to curricula, courses and learning objects to create a learning structure. An assessment strategy is defined in partnership with our client.

DEVELOP

Our developers select appropriate learning modalities; and develop the learning objects and assessment tools appropriate to each target audience.

IMPLEMENT

We then pilot the learning, evaluate the outcomes, and identify and incorporate improvements. We then deploy the learning.

EVALUATE

A formative evaluation, performed during the Learning Pilot, measures effectiveness and identifies gaps. A summative evaluation collects data over time. Quizzes, tests and surveys and data from standard multi-level and 360 multi-rater performance assessments are analyzed to identify needed changes.