|
CONCEPT DEVELOPMENT
Step 1: Concept Development
In Step 1, the predominate IPMC process group is Planning. (See Appendix B for a detailed discussion of the Planning process group.) During Concept Development, the project manager accomplishes the detailed planning to prepare for project execution. It is here that the project manager develops the project management plan, including the project Work Breakdown Structure (WBS) that communicates the specifics of the project scope and the requirements of the product or service that the project will produce. With an understanding of the project scope the team prepares the project master schedule and time phased budget that become the basis for project performance measurement (such as earned value management). During the concept development phase processes are put in place that will insure close control over the project scope, schedule and budget. Other processes are initiated to identify and assess project risks and insure product quality. Specific strategies are developed for the acquisition of project labor and materials.
It is during this phase that the project manager or project sponsor ensures senior officer and business owner approval of the project scope, schedule, budget, risks, acquisition strategy, and product requirements. A best practice is to have the appropriate senior officer(s) and business owner actually sign the Project Management Plan and subordinate plans that contain the above information.
Important distinctions exist between Step 1 Concept Development tasks and the tasks required to prepare and communicate information for the Exhibit 300 process (See Appendix D for a more detailed discussion of the Exhibit 300). The major distinction is that the Step 1 Concept Development process is goal driven, with milestones being reached after intermediate project goals are achieved; while the Exhibit 300 process is an annual process, requiring actions throughout the year to meet OMB submission dates. In the Step 1 Concept Development phase the project plans are created to control the project. This is also the period of time when the groundwork is laid for Exhibit 300 reporting by entering the project planning data into the project management software.
Milestone I: Prototype Development Approval
The Milestone I review is intended to have the Project Manager address areas necessary to warrant approving the commitment of resources to a prototype or pilot effort. At Milestone I, the PM demonstrates a well-founded business case for the effort. Prototype efforts are encouraged within VA, as a general principle, in order to speed time to market and to increase the likelihood that the delivered product will fit the end users’ true needs. For certain projects, the project requirements and maturity of the technology will have already been established. In these cases, the project may proceed to a combined Milestone I/II review.
Milestone I includes development of the Exhibit 300, either a “Planning Application” or a “Full Acquisition”. The applications can be combined depending on whether preliminary funding or full funding is being requested.
If preliminary funding for project development is needed, a preliminary Exhibit 300, the “Planning Application” should be prepared. The “Planning Application” will be reviewed by the Office of Information and Technology (technical review), the EIB Panel (strategic and financial review), the EIB, and the SMC (if required) for approval and funding.
If full funding is needed for the upcoming budget year a complete Exhibit 300 “Full Acquisition” should be prepared. The Exhibit 300 will be reviewed by the Office of Information and Technology (technical review), the EIB Panel (strategic and financial review), the EIB, and the SMC (if required) for approval and funding.
Planning Application (Exhibit 300) for Preliminary Funding: The Planning Application further defines this concept. It also includes a high-level evaluation of alternatives for an IT solution. The document should address functional, security, performance, and reliability requirements, concept of operations, high-level use cases, business case, technical approach, acquisition, testing and fielding strategy, training and documentation requirements, schedule, staffing, and skills requirements. Comparisons of alternative concept solutions normally result in identification of the most promising system concept. The Exhibit 300 also needs to include Return-on-Investment and Cost Benefits analysis estimates.
If the project is approved, preliminary funding will be provided and the project will be included in the budget request. The, Full Acquisition Exhibit 300, will be required for the project by the following summer, before the budget year for which it is funded begins. This should document in more detail the scope, schedule, cost resource requirements, test strategy, risk profile and mitigation plan, project organization and staffing, operational support strategy, detailed life-cycle cost, and detailed business case. OMB Circular A-11, Part VII, Section 300 provides full instructions for this document.
Concept Development for Full Funding: If full funding is needed for the upcoming budget year a complete Exhibit 300 (“Full Acquisition”) should be prepared. At Milestone I, additional documentation (in addition to the information from Milestone 0) is required that supports Exhibit 300, such as:
▲ |
Completed Row 2 of the Zachman Framework, the organizational business processes from the perspective of line and staff managers, --revalidating the information relative to the EA addressed in the Milestone 0 review, showing how the project fits into the allocated functional baseline and integration points established in row 2 of the framework. In addition, the Project Manager is expected to take the functional requirements and integration points contained within row 2 and the Technical Reference Model (TRM) and standards profile and begin development of the functional and technical requirements baseline for their project that is the subject of row 3 of the framework, the IT system from the perspective of the Project Manager. |
▲ |
An initial change management and communications plan |
▲ |
A project organization plan and staffing inventory |
▲ |
An updated mapping of the project concept to Performance Goals |
▲ |
A prototype development work plan and staffing schedule |
In addition, the project may need to be presented to the administration if required.
IT Security
4.3.1 System Security Plan (SSP). The SSP documents the security risks (not project risks) and overall system security categorization in terms of potential level of impact (Low, Moderate, High) for each of the security objectives of confidentiality, integrity, and availability of federal information and information systems. The plan documents the security processes that will be implemented and tested in the Security Controls Assessment (SCA) plan. The SCA plan is the basis for System Certification and Accreditation and acceptance of residual security risk. The System Security Plan includes the following components:
▲ |
System Boundary Summary – Describes what constitutes the system for the purposes of the SSP. |
▲ |
IT System Security Categorization and Sensitivity – The System Security Categorization classifies the system as a Major Application or a General Support system. The Security Sensitivity identifies the potential level of impact as Low (limited impact), Moderate (serious impact), or High (severe or catastrophic impact) for confidentiality, integrity, and availability of federal information and information systems. The categorization and sensitivity determines the minimum management, operational, and technical security controls required for information and information systems. See Federal Information Processing Standards (FIPS) 199 – Standards for Security Categorization of Federal Information and Information Systems. (http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf). Guidance on the use of FIPS 199 can be found in NIST Special Publication 800-60. |
▲ |
4.3.2 Configuration Management Approach – Develop the approach for managing change over the development and production life cycle of the system – application and operating system software, configuration settings, interfaces, and hardware. Note: A security risk assessment differs greatly from a project risk assessment. A security risk assessment assesses the security risks to the information system itself whereas a project risk assessment assesses the project risks. |
4.3.3 Contingency and Disaster Recovery Approach – Prepare an approach for responding to man-made or natural incidents or disasters.
4.3.4 Federal Information Security Management Act (FISMA) Self-Assessment and Plan of Action and Milestones (POA&M). FISMA requires the completion of an annual self-assessment to identify security deficiencies. Many organizations have an automated tool to facilitate completion of the survey and tracking of deficiencies in the form of P0A&M that are submitted to OMB quarterly. OMB guidance also requires POA&Ms to be addressed by system owners/program managers in order to obtain a security score of 4 in the Exhibit 300 process.
4.3.5 Preliminary Security Risk Assessment. The basic assessment of the confidentiality, integrity, and availability risks that help determine what security controls are necessary to protect the information contained in this information system. Completing the FISMA self-assessment constitutes a preliminary risk assessment.
See Appendix I for Federal and VA-specific guidance on IT Security deliverables for this stage.
Privacy Impact Assessment
The E-Government Act of 2001 (E-Gov) requires a Privacy Impact Assessment (PIA) to be conducted for any new information collections. Primarily, the PIA formalizes and documents how private data is to be protected. It must describe:
▲ |
What information is to be collected, |
▲ |
Why the information is being collected, |
▲ |
The intended use of the information, |
▲ |
With whom the information will be shared, |
▲ |
What notice or opportunities for consent would be provided to individuals regarding what information is collected and how that information is shared, |
▲ |
How the information will be secured, and |
▲ |
Whether a system of records is being created under the Privacy Act (5 U.S.C. 552a) |
The PIA is to be initiated in the early stages of system development and completed as part of the required System Development Life Cycle reviews. Privacy must be considered when requirements are analyzed and decisions are made about data usage and system design.
Details on the PIA, its privacy principles, and steps for completing one can be found at: http://www.cio.gov/documents/pia_for_it_irs_model.pdf
One Enterprise Architecture
From the perspective of the One- EA, at Milestone I PMs are expected to focus on the information relevant to their project in row 2 of the One EA Zachman Framework. This information is described in Chapter 4 of version 2.1 of the One Enterprise Architecture. Chapter 4 defines the functionally of information systems in terms of their target processes, functions and sub functions, data, and their integration points with other information systems both inside and outside the enterprise.
IT Operations Considerations
Projects that will involve organizational telecommunications and operations infrastructure should consider the following questions leading up to Milestone I:
Network Capacity Planning:
▲ |
What type of transactions types will the project use: |
▲ |
What are the project’s data network traffic characteristics per transaction type: |
■ |
Traffic volumes and transmission rates? |
■ |
Traffic at peak and non-peak business hours? |
▲ |
What is the project’s data network load distribution: |
■ |
User count and locations for application execution and end user access? |
■ |
Potential high traffic points? |
▲ |
What communications protocols will the project use? |
▲ |
What is the project’s network availability objective? |
▲ |
What is the project’s scalability objective? |
▲ |
What is the project’s interoperability with existing applications? |
▲ |
What is the project’s required network environment for prototype testing? |
Step 1: Significant Project Management Activities
The following is a summary listing of the significant project management activities and outputs for Step 1.
▲ |
Project Management Plan (including WBS, Scope Statement, Project Schedule, and Cost Estimates) |
▲ |
Schedule Management Plan |
▲ |
Staffing Management Plan |
▲ |
Integrated Change Control Plan |
▲ |
Procurement Management Plan |
▲ |
IT Security Deliverables (See 4.3.) |
▲ |
Privacy Impact Assessment |
▲ |
Milestone I Briefing and Decision Memo |
Step 1: Responsibility Assignment Matrix
The Responsibility Assignment Matrix below is provided as a “best practices” tool that the PM can adapt and fill out for the appropriate tasks and responsibilities of his or her project. For additional guidance, the PM should refer to the appendices of this guide and consult his or her Administration or Staff Office PMO.
|
|
|
|
|
|
|
|
|
Step 1 – Concept Development |
Deliverable
/Artifact |
Task |
Responsible |
D = Develop or Designate, S = Support,
C = Concur, A = Approve |
Business Sponsor |
Program Manager |
Project Manager |
Project Team |
Stakeholders / OI&T |
EIB / SMC |
OMB Exhibit 300 |
Describe how the project supports the President’s Management Agenda. |
|
|
|
|
|
|
Describe the project performance goals. |
|
|
|
|
|
|
Describe the program management governance, team, and processes. |
|
|
|
|
|
|
Conduct and describe an analysis of project alternative solutions. |
|
|
|
|
|
|
Describe the project life cycle cost formulation. |
|
|
|
|
|
|
Describe the results of the project risk assessment included mandated OMB risk areas. |
|
|
|
|
|
|
Describe the project acquisition strategy and accommodation |
|
|
|
|
|
|
Describe the project performance based management system with emphasis on the Earned Value Measurement System (EVMS). |
|
|
|
|
|
|
Describe adherence to the Enterprise Architecture (EA) and Capital Planning and Investment Control (CPIC) process. |
|
|
|
|
|
|
Describe the project security and privacy action plan. |
|
|
|
|
|
|
Approve Exhibit 300 |
|
|
|
|
|
|
Project Management Plan |
Describe project: description, goals, objectives, strategies, requirements, etc. |
|
|
|
|
|
|
OBS |
Develop project Organizational Breakdown Structure (OBS). |
|
|
|
|
|
|
WBS |
Develop project Work Breakdown Structure (WBS). |
|
|
|
|
|
|
Schedule |
Develop detailed project schedule. |
|
|
|
|
|
|
Cost Estimate |
Develop project cost estimate using OBS, WBS, and schedule. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Step 1 – Concept Development (continued) |
Deliverable /Artifact |
Task |
Responsible |
D = Develop or Designate, S = Support,
C = Concur, A = Approve |
Business Sponsor |
Program Manager |
Project Manager |
Project Team |
Stakeholders / OI&T |
EIB / SMC |
Scope Management Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Describe process used to develop the WBS. |
|
|
|
|
|
|
Describe the process used to baseline the WBS. |
|
|
|
|
|
|
Describe the WBS change control process. |
|
|
|
|
|
|
Schedule Management Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Describe the use of Software to develop and manage project schedules. |
|
|
|
|
|
|
Describe the schedule change management process. |
|
|
|
|
|
|
Describe how schedules will be used for performance measurement. |
|
|
|
|
|
|
Describe schedule status reporting. |
|
|
|
|
|
|
Staffing Management Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Describe the project organization. |
|
|
|
|
|
|
Describe the roles and responsibilities for team members and stakeholders |
|
|
|
|
|
|
Describe project resource requirements by functional areas |
|
|
|
|
|
|
Describe known resource constraints, such as scarce skills |
|
|
|
|
|
|
Describe the development and frequency of staffing reports |
|
|
|
|
|
|
Integrated Change Control Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Describe the change review and approval process in areas such as scope, schedule, cost, configuration management, technical design and test. |
|
|
|
|
|
|
Describe the baseline process and change control thresholds such as a work package exceeding budget by 10%. |
|
|
|
|
|
|
Describe change identification, documentation, implementation and reporting. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Step 1 – Concept Development (continued) |
Deliverable
/Artifact |
Task |
Responsible |
D = Develop or Designate, S = Support,
C = Concur, A = Approve |
Business Sponsor |
Program Manager |
Project Manager |
Project Team |
Stakeholders / OI&T |
EIB / SMC |
Cost Management Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Describe the cost estimating process. |
|
|
|
|
|
|
Describe the development and maintenance of a time-phased budget. |
|
|
|
|
|
|
Describe the financial cost maintenance to include responsibilities, reporting, and the management and budget processes |
|
|
|
|
|
|
Describe cost performance reporting with emphasis on the management and budget process and the Earned Value Management System. |
|
|
|
|
|
|
Describe cost reporting including the cost performance indexes and variances. |
|
|
|
|
|
|
Describe the process for managing cost and budget changes. |
|
|
|
|
|
|
Communications Management Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Identify the project stakeholders and related information (title, etc.). |
|
|
|
|
|
|
Describe project reports, development process, and responsible personnel. |
|
|
|
|
|
|
Describe information accessibility, filing, document security, etc. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Step 1 – Concept Development (continued) |
Deliverable
/Artifact |
Task |
Responsible |
D = Develop or Designate, S = Support,
C = Concur, A = Approve |
Business Sponsor |
Program Manager |
Project Manager |
Project Team |
Stakeholders / OI&T |
EIB / SMC |
Risk Management Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Describe risk identification, documentation, and assessment. |
|
|
|
|
|
|
Describe risk triggers, such as missed delivery dates, etc. |
|
|
|
|
|
|
Describe the risk analysis process, both qualitative and quantitative. |
|
|
|
|
|
|
Describe the development of a risk severity grid to aid analysis. |
|
|
|
|
|
|
Describe risk response planning to minimize the affects of risks. |
|
|
|
|
|
|
Describe risk documentation and reporting, such as tools like the risk register and risk maintenance software. |
|
|
|
|
|
|
Describe risk control using a reassessment and validation process. |
|
|
|
|
|
|
Quality Management Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Describe the organization quality policy, such as document preparation standards or contracting standards. |
|
|
|
|
|
|
Describe quality management approach to implementing quality management on the project. |
|
|
|
|
|
|
Describe the implementation of the quality assurance process. |
|
|
|
|
|
|
Describe the implementation of the quality control process. |
|
|
|
|
|
|
Describe the change control process for managing changes to the quality process and standards. |
|
|
|
|
|
|
Describe project team responsibilities as they relate to quality tasks. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Step 1 – Concept Development (continued) |
Deliverable
/Artifact |
Task |
Responsible |
D = Develop or Designate, S = Support,
C = Concur, A = Approve |
Business Sponsor |
Program Manager |
Project Manager |
Project Team |
Stakeholders / OI&T |
EIB / SMC |
Procurement Management Plan |
Describe project: description, goals, objectives, strategies, etc. |
|
|
|
|
|
|
Describe the anticipated procurements including preparation lead times and project team responsibilities. |
|
|
|
|
|
|
Describe how the IPMC Acquisition Process will be employed to approve, initiate, and sustain project procurement efforts. |
|
|
|
|
|
|
Describe solicitation planning, such as Statement of Work development and the evaluation strategy. |
|
|
|
|
|
|
Describe the process for contract administration. |
|
|
|
|
|
|
Describe the process for contract closeout |
|
|
|
|
|
|
Milestone I Briefing |
Create briefing slides |
|
|
|
|
|
|
Seek Administration or Staff Office approval |
|
|
|
|
|
|
Schedule EIB briefing with OI&T |
|
|
|
|
|
|
Present briefing to EIB |
|
|
|
|
|
|
Milestone I Decision Memo |
Draft Decision Memo |
|
|
|
|
|
|
Sign Decision Memo |
|
|
|
|
|
|
Accomplish Decision Memo tasks |
|
|
|
|
|
|
|
