visiblethread user experience within our iso 20k certified air force pmo
TRANSCRIPT
November 2014
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
Briefing for the VisibleThread Users’ Conference 2014
Copyright 2014, Booz Allen Hamilton Inc.
Chris Roelofs, Lead Associate, Booz Allen Hamilton
1
Our VisibleThread Journey Since October 2012
Deltek Reports (October 2012)
Sandbox (October 2012 – March 2013)
Out-of-the-Box Utilization (April 2013)
Concept Dictionary Deployment for RFP Analysis (May 2013 – Present)
Concept Dictionary Deployment for ISO 20K Compliance (June 2013 – Present)
Concept Dictionary Development for ISO 27K Certification (August 2014)
Copyright 2014, Booz Allen Hamilton Inc.
2
Deltek Reports (October 2012)
Customers identified VisibleThread as an RFP analysis tool available on the Deltek site
Conducted research to see if firm already possessed licenses
Contacted VisibleThread to learn more
Our journey began with a tip from a customer
Copyright 2014, Booz Allen Hamilton Inc.
3
Sandbox (October 2012 – March 2013)
Select user group
Support and demonstrations from VisibleThread experts
Minor Concept Dictionary development
Focus on RFP analysis
Broad reach within firm
Supported business case development for purchase
The sandbox allowed demonstrations on real data without restriction
Copyright 2014, Booz Allen Hamilton Inc.
4
Out-of-the-Box Utilization (April 2013)
Initial procurement
Installation on internal server
Expanded user group
Training
Demonstrations of capabilities to market groups and proposal teams
Solicited feedback on concept report output – refined basic dictionaries
We honed our skills, gained a larger user base and envisioned broader application
Copyright 2014, Booz Allen Hamilton Inc.
5
Concept Dictionary Deployment for RFP Analysis (May 2013 – Present)
Compliance Matrix – What does the SOW tell us to do?
EISM Task Areas – How does this requirement relate to the prime contract?
Risk Matrix – Which firm identified risks are triggered?
Section L & M – What do we provide and how will we be evaluated?
We enhanced and refined dictionary development to achieve targeted results
Copyright 2014, Booz Allen Hamilton Inc.
6
What does the Statement of Work
tells us to do?
What scope areas from the IDIQ does
the RFP address?
Which Firm Specified Risk areas
are triggered?
What do we have to provide in
our proposal and
how will we be evaluated?
Concept Dictionaries Deployed
for RFP Analysis
Copyright 2014, Booz Allen Hamilton Inc.
7
Concept Dictionary Deployment for ISO 20K Compliance (June 2013 – Present)
“ISO/IEC 20000-1:2011 (ISO 20K) is a standard for the design, transition, delivery and
improvement of services that fulfill service requirements and provide value for both the
customer and the service provider.” *
“ISO 20K requires an integrated process approach when the service provider plans,
establishes, implements, operates, monitors, reviews, maintains and improves a service
management system (SMS).” *
“Coordinated integration and implementation of the SMS through all stages of the service
lifecycle, from strategy through design, transition and operation, including continual
improvement.” *
We use VisibleThread to help us:
– Ensure all areas of the standard are addressed in our documents (policies, plans, procedures, etc.)
– Show the interrelationship between documents involved in the performance of a process from initiation to completion
* - BS ISO/IEC 20000-1:2011
We targeted concepts across multiple documents to show linkages and process relationships
Copyright 2014, Booz Allen Hamilton Inc.
8
Concept Analysis for ISO 20K Compliance
Copyright 2014, Booz Allen Hamilton Inc.
9
Document Folders
Concept Analysis for ISO 20K Compliance
Copyright 2014, Booz Allen Hamilton Inc.
10
Documents Under Analysis
Concept Analysis for ISO 20K Compliance
Copyright 2014, Booz Allen Hamilton Inc.
11
Concept Analysis for ISO 20K Compliance
Copyright 2014, Booz Allen Hamilton Inc.
Concept dictionary
12
Concept Analysis for ISO 20K Compliance
Copyright 2014, Booz Allen Hamilton Inc.
ISO 20k Requirement Clause
13
Concept Analysis for ISO 20K Compliance
Copyright 2014, Booz Allen Hamilton Inc.
Analysis
14
Concept Dictionary Development for ISO 27K Certification (August 2014)
ISO/IEC 27001:2013 (ISO 27K) – “This International Standard has been prepared to provide
requirements for establishing, implementing, maintaining and continually improving an
information security management system.” *
“The information security management system preserves the confidentiality, integrity and
availability of information by applying a risk management process and gives confidence to
interested parties that risks are adequately managed.” *
“It is important that the information security management system is part of and integrated with
the organization’s processes and overall management structure and that information security
is considered in the design of processes, information systems, and controls.” *
We use VisibleThread to help us:
– To determine where ISO 27K controls are adequately incorporated into existing documentation
– Identify which controls may not be fully managed or only partially managed – gaps that need resolution prior to certification audit
* - SN ISO/IEC 27001:2013 en
We are envisioning how documents should relate to achieve integrated processes
Copyright 2014, Booz Allen Hamilton Inc.
15
ISO 27K Certification
Compliance Analysis
Copyright 2014, Booz Allen Hamilton Inc.
16
ISO 27K Certification
Compliance Analysis
Copyright 2014, Booz Allen Hamilton Inc.
Concept dictionary
17
ISO 27K Certification
Compliance Analysis
Copyright 2014, Booz Allen Hamilton Inc.
ISO 27k Control
18
ISO 27K Certification
Compliance Analysis
Copyright 2014, Booz Allen Hamilton Inc.
Documents Under Analysis
19
ISO 27K Certification
Compliance Analysis
Copyright 2014, Booz Allen Hamilton Inc.
Analysis
20
The VisibleThread Journey Continues…
It has been a growing experience
– A suggestion has turned into a standard business practice for our PMO
Our ISO 27K Concept Dictionary is work in progress
– Proper selection of terms and phrases will determine its effectiveness
We still have customers asking if we can do something different with the tool
– We haven’t had to say “No” yet
Copyright 2014, Booz Allen Hamilton Inc.