Вы находитесь на странице: 1из 21

FinalDeck(2).

pptx

Agenda
Page

CAF Governance Model and Compliance

STRICTLYPRIVATEANDCONFIDENTIAL

TylerSherman

December 2014

FinalDeck(2).pptx

STRICTLYPRIVATEANDCONFIDENTIAL

Table of Contents

Executive Summary

Current Process

Examples of Problem

Problem Statement

CAF Pipeline

Proposed Framework Revision

11

Implementation Timeline

13

Acknowledgements

14

Appendix

15

FinalDeck(2).pptx

Executive Summary
Problem Statement
TheCriticalAvailabilityFrameworkdoesnothaveastandardizedprocessforremediatingfailuresandprovidingaccountability

Causes
CentralissueswithCAF:
1. Non-Standardizedgovernancemodelandlackofreportingstructure
2. Shortfallinmanagementoversightcreatesinconsistentremediationpractices
3. ReactiveCultureinServicingCriticalApplications

STRICTLYPRIVATEANDCONFIDENTIAL

Goal
Maximizetheavailabilityandsecurityofapplicationsdeemedcritical

Summary of Proposed Solution


Governancemodeltocreatestandardizationforremediation
Strategicreportingforeffectivecommunicationbetweenallstakeholders
Mandateprojectplanstorectifyendoflifehardwareandcomponents

Risks
Lackofoversightpreventseffectiveculturechange
Pushbackfromstakeholders
Misuseofreportingstandards
2

STRICTLYPRIVATEANDCONFIDENTIAL

FinalDeck(2).pptx

Analysis of Current Process

FinalDeck(2).pptx

STRICTLYPRIVATEANDCONFIDENTIAL

Analysis of Current Remediation Process

Issuespresent:
Novalidationofprojectsuccess
Accountabilitythroughouttheresolutionprocessisnotwelldefined
MinimalcommunicationbetweenApplicationOwnersandProjectManagers

FinalDeck(2).pptx

Problem Statement
Problem Statement
TheCriticalAvailabilityFrameworkdoesnothaveastandardizedprocessforremediatingfailuresandprovidingaccountability

Additional Insight

STRICTLYPRIVATEANDCONFIDENTIAL

Applicationownersfailtoupdateremediationdates
Applicationsarentmandatedtoremediateswiftlyandeffectively
Oncedeemedcritical,applicationownersarenotofferedtheproperdocumentationandtrainingtomeetCAFguidelines

Impacts
CONFIDENTIAL

FinalDeck(2).pptx

Example of Problem Lack of Remediation Dates

STRICTLYPRIVATEANDCONFIDENTIAL

CONFIDENTIAL

Lowpercentageratesofremediationdatessupplied
6

FinalDeck(2).pptx

Example of Problem Low Success Rate

STRICTLYPRIVATEANDCONFIDENTIAL

CONFIDENTIAL

FinalDeck(2).pptx

Current Requirements

STRICTLYPRIVATEANDCONFIDENTIAL

System should be able to

Meets Requirement

producevaluableoutputforapplicationowners

PASS

notifyapplicationownerspreemptivelyoffutureactionstotake

FAIL

trackapplicationsoptingoutofpatchinginconsecutiveperiods

FAIL

ensuredataqualityresponsibleforCAFmetrics

FAIL

remediationprocesswithchecksandbalances

FAIL

trainingandsufficientdocumentationforapplicationownersandCAF
liaisons

FAIL

maintainstandardizationofreportingstructuresacrossLOBs

FAIL

STRICTLYPRIVATEANDCONFIDENTIAL

FinalDeck(2).pptx

Whats in Pipeline for CAF

CONFIDENTIAL

FinalDeck(2).pptx

Pipeline Requirements

STRICTLYPRIVATEANDCONFIDENTIAL

System should be able to

Meets Requirement

producevaluableoutputforapplicationowners

PASS

notifyapplicationownerspreemptivelyoffutureactionstotake

PASS

trackapplicationsoptingoutofpatchinginconsecutiveperiods

PASS

ensuredataqualityresponsibleforCAFmetrics

FAIL

remediationprocesswithchecksandbalances

FAIL

trainingandsufficientdocumentationforapplicationownersandCAFliaisons

FAIL

maintainstandardizationofreportingstructuresacrossLOBs

FAIL

10

5employee
team

STRICTLYPRIVATEANDCONFIDENTIAL

FinalDeck(2).pptx

Proposed Solution

11

FinalDeck(2).pptx

Proposed Governance Model

STRICTLYPRIVATEANDCONFIDENTIAL

System should be able to

Meets
Requirement

producevaluableoutputforapplication
owners

PASS

notifyapplicationownerspreemptivelyof
futureactionstotake

PASS

trackapplicationsoptingoutofpatching
inconsecutiveperiods

PASS

ensuredataqualityresponsibleforCAF
metrics

PASS

remediationprocesswithchecksand
balances

PASS

trainingandsufficientdocumentationfor
applicationownersandCAFliaisons

PASS

maintainstandardizationofreporting
structuresacrossLOBs

PASS

12

FinalDeck(2).pptx

Governance Model Cost Benefit Analysis


Costs
Thegovernanceteamwouldbecomprisedoffive(5)fulltimeanalystsaswellasonesenioroversightrole.
Analyst
CAFLiaison

$65,000x5 =
$100,000x1 =

$325,000
+$100,000

$425,000

Fiscal Return on Investment (ROI)

STRICTLYPRIVATEANDCONFIDENTIAL

Minimizedriskofapplicationsgoingdownpreventsfiscallosses
MinimizedcostsforservicepackagestosupportEOLcomponents
Component

AmountinService(CCB)

CostofextendedWarrantyper

Total

HPProliant

37

$1,769

$65,453

IBMAIX

13

$1,013

$13,169

Analyzed:

50breaksinCCB

$78,622

$1,000

237Componentbreaks(CCB)

$237,000

Lowaveragecost

Other Benefits
Mitigatingsecuritythreatstothefirm
Ensuringthehighavailabilityofallcriticalapplications
Holdingcriticalinfrastructuretothehigheststandard
13

FinalDeck(2).pptx

STRICTLYPRIVATEANDCONFIDENTIAL

Implementation Timeline
2014

2015

2016

Lifecycle

Majorproductioninfrastructure
componentsareknown,approved
andnoneareEOL.
Alldependenciesareknownand
conformtothecriticalapplication
framework
Nohardwareover7yearsold

Onlysoftwareapprovedforusewill
runonGTIinfrastructure,both
desktopandserver
Criticalapplicationswillrunonlyon
InvestorMaintaininfrastructure
andmigratedoffbeforereaching
EOL
Nohardwareover6yearsold

Criticalapplicationswillrunonlyin
strategicdatacenters
Lessthat10%ofthenoncritical
applicationinfrastructurewillbe
EOL,witholdesthardwaremigrated
first
Nohardwareover5yearsold

Hygiene

Reboot,patch,backup,criticaltools,
etcallconform100%topolicy

Maintenancewillbepredictive,
proactive,preventativeanddescopednomorethanonceper
calendaryear

Resiliency

DRsuccessfully testedperpolicy
timeframes(implyingdefinedRTO,
RPO,RCOandHoursofOps)
DRcansustainproductioncapacity
fornon-trivialtimeperiods

Criticalapplicationswillrunontheir
DRsystemsduringbusinesscycles
atleast2timesayear

Monitoring

Demonstrablemonitoringexists

Monitoringcoveringthespectrum
fromenduserexperienceand
transactionstoinfrastructure
components

Operations

ChangeandIncidentManagement
processeswhichlinkApplicationand
Infrastructureforasingleview

Measuringthenumberofchanges
andcomparingproductionandUAT
environments

PilotgovernancemodelforCCB.
MeasuresuccessforCCB.Findout
howmanyapplicationshittheir
designatedremediationdates.

Remediation

14

Intelligentmonitoringwithrealtime
alertandnotificationaswellas
performancebasedanalytics

Rolloutnewgovernancegroups
structuredsimilarlyforotherLOBs,
withsizesbasedonapplicationsin
specificLOB.

STRICTLYPRIVATEANDCONFIDENTIAL

FinalDeck(2).pptx

Appendix

16

STRICTLYPRIVATEANDCONFIDENTIAL

FinalDeck(2).pptx

Stakeholder Analysis

17

FinalDeck(2).pptx

Change Management Strategy


Stakeholder

Risk

Actions

Increasedbureaucracy
Morerequiredreports

Traininganddocumentationon
updatedCAFprojectstandards

Budgetallocations
Developmentupdates
Pushbackongovernancemodel

Influencefromsenior
managementtodriveinitiative

Newrole
Workload

Thoroughon-boardingprocess
anddocumentationofjobfunction
ClarityStandardReports

Changeadverse
Responsibleforculturechange

Demonstrateincreasedbusiness
value

ProjectManagers

STRICTLYPRIVATEANDCONFIDENTIAL

ApplicationOwners

CAFLiaisons

SeniorCAFManagement

18

FinalDeck(2).pptx

Statistics for CAF


Consistsofmissedremediationdatesandblankentries

Faults in Data Entry

STRICTLYPRIVATEANDCONFIDENTIAL

CONFIDENTIAL

19

FinalDeck(2).pptx

Implementation Breakdown
Timeline for Implementation
Q1-2015

Q2-2015

Q3-2015

Q4-2015

Q12016

Q2-2016

Q3-2016

Q4-2016

Hiring
otherLOBs

HiringCCB

Training

Training

STRICTLYPRIVATEANDCONFIDENTIAL

Devof
ClarityReports

Workbacklog
(incl.prioritizationbyCTR)

Workbacklog

Measure
success

Measure
success

Revamp
Restructure

Revamp
Restructure

Success measured by the following:


Allremediationdatesfilledforapplicationbreaks
70%applicationsontracktoberemediatedbybeginningofQ3-2016
20

Q1-2017

Q2-2017

FinalDeck(2).pptx

Team size calculations


Calculations

CONFIDENTIAL

STRICTLYPRIVATEANDCONFIDENTIAL

3 Week Options

6 Week Options

Ifteamspends100%oftimeoninterviewingin3weeks
(thisleavesnotimetocompilereports):

Ifteamspends100%oftimeoninterviewingin6weeks
(thisleavesnotimetocompilereports):

2.7peoplewouldbeneeded

1.35peoplewouldbeneeded

Ifteamspends50%oftimeoninterviewingin3weeks
(thisleaves60hourstocompilereports):

Ifteamspends50%oftimeoninterviewingin6weeks
(thisleaves120hourstocompilereports):

5.4peoplewouldbeneeded

2.7peoplewouldbeneeded

Ifteamspends25%oftimeoninterviewingin3weeks
(thisleaves90hourstocompilereports):

Ifteamspends25%oftimeoninterviewingin6weeks
(thisleaves180hourstocompilereports):

10.8peoplewouldbeneeded

5.4peoplewouldbeneeded

21