Manage Solutions Identification and Build

Purpose:

Establish and maintain identified solutions in line with enterprise requirements covering design, development, procurement/sourcing and partnering with suppliers/vendors. Manage configuration, test preparation, testing, requirements management and maintenance of business processes, applications, information/data, infrastructure and services.

Objective:

Establish timely and cost-effective solutions capable of supporting enterprise strategic and operational objectives>

Description:

<?>

Inputs:

• Architecture principles
• Baseline domain descriptions and architecture definition
• Research analyses of innovation possibilities
• Evaluations of innovation ideas
• Confirmed acceptance criteria from stakeholders
• Requirements definition repository
• High-level acquisition/development plan
• Architecture principles
• Information architecture model
• Baseline domain descriptions and architecture definition
• Solution development guidance
• Assessments of using innovative approaches
• Confirmed acceptance criteria from stakeholders
• Requirements definition repository
• Feasibility study report
• Risk mitigation actions
• Requirements risk register
• Sponsor approvals of requirements and proposed solutions
• Feasibility study report
• Sponsor approvals of requirements and proposed solutions
• Results of QMS effectiveness Reviews
• Quality management plan
• Analysis of rejected initiatives
• Results and recommendations from proof-of-concept initiatives
• Record of requirement change requests
• Guiding principles for allocation of resources and capabilities
• Value benefit statement for target environment
• Gaps and changes required to realize target capability
• Budget allocations
• Budget communications
• IT budget and plan
• Definition of potential improvement projects
• Configuration baseline
• Approved changes to baseline
• Configuration status reports
• <?>

Outputs:

• Approved high-level design specification
• Approved detailed design specification
• SLA and OLA revisions
• Documented solution components
• Approved acquisitive plan
• Updates to asset inventory
• Integrated and configured solution components
• Quality assurance plan
• Quality review results, exceptions and corrections
• Test plan
• Test procedures
• Test result logs and audit trails
• Test result communications
• Record of all approved and applied change requests
• Maintenance plan
• Updated solution components and related documentation
• Service definitions
• Updated service portfolio
• <?>

Controls:

<?>

Task Instructions:

Design High-Level Solutions

1. 1. Establish a high-level design specification that translates the proposed solution into business processes, supporting services, applications, infrastructure, and information repositories capable of meeting business and enterprise architecture requirements.

   2. Involve appropriately qualified and experienced users and IT specialists in the design process to make sure that the design provides a solution that optimally uses the proposed IT capabilities to enhance the business process.

   3. Create a design that is compliant with the organization’s design standards, at a level of detail that is appropriate for the solution and development method and consistent with business, enterprise and IT strategies, the enterprise architecture, security plan, and applicable laws, regulations, and contracts.

   4. After quality assurance approval, submit the final high-level design to the project stakeholders and the sponsor/business process owner for approval based on agreed-on criteria. This design will evolve throughout the project as understanding grows.

Design Detailed Solutions Components

1. 1. Design the business process activities progressively and workflows that need to be performed in conjunction with the new application system to meet the enterprise objectives, including the design of the manual control activities.
   2. Design the application processing steps, including specification of transaction types and business processing rules, automated controls, data definitions/business objects, use cases, external interfaces, design constraints, and other requirements (e.g., licensing, legal, standards, and internationalization/localization).
   3. Classify data inputs and outputs according to enterprise architecture standards. Specify the source data collection design, documenting the data inputs (regardless of source) and validation for processing transactions, as well as the methods for validation. Design the identified outputs, including data sources.
   4. Design system/solution interface, including any automated data exchange.
   5. Design data storage, location, retrieval, and recoverability.
   6. Design appropriate redundancy, recovery, and backup.
   7. Design the interface between the user and the system application so that it is easy to use and self-documenting.
   8. Consider the impact of the solution’s need for infrastructure performance, being sensitive to the number of computing assets, bandwidth intensity, and time-sensitivity of the information.
   9. Proactively evaluate for design weaknesses (e.g., inconsistencies, lack of clarity, potential flaws) throughout the life cycle, identifying improvements when required.
   10. Provide an ability to audit transactions and identify root causes of processing errors.

Develop Solution Components

1. 1. Develop business processes, supporting services, applications and infrastructure, and information repositories based on agreed-on specifications and business, functional and technical requirements.

   2. When third-party providers are involved with the solution development, ensure that maintenance, support, development standards, and licensing are addressed and adhered to in contractual obligations.

   3. Track change requests and design, performance, and quality reviews, ensuring active participation of all impacted stakeholders.

   4. Document all solution components according to defined standards and maintain version control over all developed components and associated documentation.

   5. Assess the impact of solution customization and configuration on the performance and efficiency of acquired solutions and on interoperability with existing applications, operating systems, and other infrastructure. Adapt business processes as required to leverage the application capability.

   6. Ensure that responsibilities for using high security or restricted access infrastructure components are clearly defined and understood by those who develop and integrate infrastructure components. Their use should be monitored and evaluated.

Procure Solution Components

1. 1. Create and maintain a plan for the acquisition of solution components, considering future flexibility for capacity additions, transition costs, risk, and upgrades over the lifetime of the project.

   2. Review and approve all acquisition plans, considering risk, costs, benefits, and technical conformance with enterprise architecture standards.

   3. Assess and document the degree to which acquired solutions require adaptation of the business process to leverage the benefits of the acquired solution.

   4. Follow required approvals at crucial decision points during the procurement processes.

   5. Record receipt of all infrastructure and software acquisitions in an asset inventory.

Build Solutions

1. 1. Integrate and configure business and IT solution components and information repositories in line with detailed specifications and quality requirements. Consider the role of users, business stakeholders, and the process owner in the configuration of business processes.

   2. Complete and update business process and operational manuals, where necessary, to account for any customization or special conditions unique to the implementation.

   3. Consider all relevant information control requirements in solution component integration and configuration, including implementation of business controls, where appropriate, into an automated application, controls such that processing is accurate, complete, timely, authorized, and auditable.

   4. Implement audit trails during configuration and integration of hardware and infrastructural software to protect resources and ensure availability and integrity.

   5. Consider when the effect of cumulative customizations and configurations (including minor changes that were not subjected to formal design specifications) require a high-level reassessment of the solution and associated functionality.

   6. Ensure the interoperability of solution components with supporting tests, preferably automated.

   7. Configure acquired application software to meet business processing requirements.

   8. Define service catalogs for relevant internal and external target groups based on business requirements.

Perform Quality Assurance

1. 1. Define a QA plan and practices including, e.g., specification of quality criteria, validation and verification processes, the definition of how quality will be reviewed, necessary qualifications of quality reviewers, and roles and responsibilities for the achievement of quality.

   2. Frequently monitor the solution quality based on project requirements, enterprise policies, adherence to development methodologies, quality management procedures, and acceptance criteria.

   3. Employ code inspection, test-driven development practices, automated testing, continuous integration, walk-throughs, and testing of applications as appropriate. Report on outcomes of the monitoring process and testing to the application software development team and IT management.

   4. Monitor all quality exceptions and address all corrective actions. Maintain a record of all reviews, results, exceptions, and corrections—repeat quality reviews, where appropriate, based on the amount of rework and corrective action.

Prepare for Solution Testing

1. 1. Create an integrated test plan and practices commensurate with the enterprise environment and strategic technology plans that will enable the creation of suitable testing and simulation environments to help verify that the solution will operate successfully in the live environment and deliver the intended results, and that controls are adequate.
   2. Create a test environment that supports the full scope of the solution and reflects, as closely as possible, real-world conditions, including the business processes and procedures, range of users, transaction types, and deployment conditions.
   3. Create test procedures that align with the plan and practices and allow evaluation of the operation of the solution in real-world conditions. Ensure that the test procedures evaluate the adequacy of the controls based on enterprisewide standards that define roles, responsibilities, and testing criteria, and are approved by project stakeholders and the sponsor/business process owner.

Execute Solution Testing

1. 1. Undertake testing of solutions and their components in accordance with the testing plan. Include testers independent from the solution team, with representative business process owners and end-users. Ensure that testing is conducted only within the development and test environments.

   2. Use clearly defined test instructions, as defined in the test plan, and consider the appropriate balance between automated scripted tests and interactive user testing.

   3. Undertake all tests in accordance with the test plan and practices, including the integration of business processes and IT solution components and of non-functional requirements (e.g., security, interoperability, usability).

   4. Identify, log, and classify (e.g., minor, significant, and mission-critical) errors during testing. Repeat tests until all significant errors have been resolved. Ensure that an audit trail of test results is maintained.

   5. Record testing outcomes and communicate results of testing to stakeholders in accordance with the test plan.

Manage Changes to Requirements

1. 1. Assess the impact of all solution change requests on the solution development, the original business case and the budget, and categorize and prioritize them accordingly.

   2. Track changes to requirements, enabling all stakeholders to monitor, review, and approve the changes. Ensure that the outcomes of the change process are fully understood and agreed on by all the stakeholders and the sponsor/business process owner.

   3. Apply change requests, maintaining the integrity of integration and configuration of solution components. Assess the impact of any major solution upgrade and classify it according to agreed-on objective criteria (such as enterprise requirements), based on the outcome of the analysis of the risk involved (such as the impact on existing systems and processes or security), cost-benefit justification and other requirements.

Maintain Solutions

1. 1. Develop and execute a plan for the maintenance of solution components that includes periodic reviews against business needs and operational requirements such as patch management, upgrade strategies, risk, vulnerabilities assessment, and security requirements.

   2. Assess the significance of proposed maintenance activity on current solution design, functionality, and/or business processes. Consider risk, user impact, and resource availability. Ensure that the business process owners understand the effect of designating changes as maintenance.

   3. In the event of major changes to existing solutions that result in a significant change in current designs and/or functionality and/or business processes, follow the development process used for new systems. For maintenance updates, use the change management process.

   4. Ensure that the pattern and volume of maintenance activities are analyzed periodically for abnormal trends indicating underlying quality or performance problems, cost/benefit of a major upgrade, or replacement in lieu of maintenance.

   5. For maintenance updates, use the change management process to control all maintenance requests.

Define IT Services and Maintain the Service Portfolio

1. 1. Propose definitions of the new or changed IT services to ensure that the services are fit for purpose. Document the proposed service definitions in the portfolio list of services to be developed.

   2. Propose new or changed service level options (service times, user satisfaction, availability, performance, capacity, security, continuity, compliance, and usability) to ensure that the IT services are fit for use. Document the proposed service options in the portfolio.

   3. Interface with business relationship management and portfolio management to agree on the proposed service definitions and service level options.

   4. If service change falls within agreed-on approval authority, build the new or changed IT services or service level options. Otherwise, pass the service change to portfolio management for investment review.