2. Meeting Objectives
1. Project Status Review
•Network and Application monitoring findings, PCI project review
2. New Projects
Sysaid for Property Management
Gallo wines
3. Other Issues
• Store hardware age
• Windows XP
4. Set schedule for next meeting
2
3. Network & App Monitoring Findings
Problems Identified
SSC User Desktops
• HP ML310 are 5 year old servers, video card not meant for this type
of use, no management in place (patches, AV)
Stores Network
• Cabling issues – overlong runs, kinks, bent, pinched and/or
crushed
• Insufficient telco service (limited upload)
• Config issues - Poor use of UPS, inconsistent device setups
• NO OS or app patch management or AV management
• 5 year old equipment
• New switched out of date on IOS version
Stores WiFi – W&B
• Too high, not meshed and cooler access is blocked
3
4. Network & App Monitoring Findings
Problems Identified
Application Monitoring
• SQL Express is old and limited in functions – Till freezes
when log exceeds 80 mb or database exceeds 4gb
• Tills freeze when db maintenance not done – not
automated
• Receipt printers fail and cause till to freeze
• No SQL alerting or monitoring for health of DB
Equipment issues
• Five year old machines and Windows XP at the stores
• Dlink/linksys switches used
• Cables fail after heavy use
4
5. Network & App Monitoring Findings
Problems Identified
Application Monitoring - SSC
• SQL not configured properly – many non-standard settings
• Not optimized
Equipment issues - Datacenter
• Two SPOOFs found – ASA and switch
• No comprehensive test environment
5
6. PCI Compliance
Project Summary:
Develop and deploy the necessary systems, hardware, policies and procedures
to remediate the findings of the PCI assessment and attain compliance sign-off
Milestone
Plan Date
Overall Status
Date: Oct 31, 2013
Key Accomplishments/Highlights
%
comp
Requirements
Oct 31st
95%
G
Design for network components
Nov 30th
30%
G
Development of deployment plan
Nov 22nd
20%
G
Proof of concept for Store Touch
Dec 31st
0%
G
Store Touch Project
June 30th 2014
0%
G
Network Touch Project
June 30th 2014
0%
30th
G
G
Security Standards & Policies Project
June
2014
0%
G
ITIL Functional Areas Project
June 30th 2014
0%
G
PCI Compliance Assessment
July 31st 2014
0%
G
Project Completed
Aug 8th 2014
•
•
•
Completing requirements gathering and
planning of project streams
Design and testing ongoing for store and
core network components
Working with external service providers
and cabling vendors for store touch
Upcoming Key Activities/Deliverables
0%
Key Issues & Risks / Mitigation Plan
•
•
•
•
Resourcing constraints for internal resources who will be responsible for a number of deliverables in
all areas of the project. Need to hire security resource as soon as possible to integrate into
project.
Many other business and IT projects in the coming year have potential impact on the PCI project
and the resource availability. Program and resource planning will be required.
Lack of complete information on store environments, IT inventory, cabling. Need to complete an IT
supervised visit to the stores to collect information
Unknown interconnected components in network could affect project. Plan of action needs to be
implemented based on recent network review.
G
•
•
•
Finish network design components
Select resources and begin store visit
Select service providers for store touch
Asks/Decisions
• Approval of budget for PCI project
• Approval of security resource
7. PCI Project Costs
Area
Cost
Notes
Store Touch
$800,000
Visit to each store for data collection and documentation of
systems and cabling, Replacement of all network switches,
re-cabling at 43 stores, wiring standardization, lockable
cage for network gear, labeling and new standard images
for switches, router and wireless access points plus testing
Network Touch
$110,000
Network re-design for IP and DNS configuration, Intrusion
detection/intrusion prevention system and network sniffer
Security Standards and Policies
$0
All work to be done by PM or internal resource pool
ITIL Functional Areas
$260,000
Anti Virus System, Logging and monitoring system, software
update system, test environment, 2 factor authentication,
DVR upgrades, File integrity system, security training
module for staff
PM
$180,000
Full time PM to oversea all aspects of PCI project to
completion
Contingency
$250,000
20% based on current lack of complete information
regarding store environments and the current flux of the IT
organization for staffing and availability of resources
TOTAL
$1,600,000
7
8. Timeline for PCI Project
Sep 9 - Oct 4
Project Planning and information gathering
Network and Store Touch design and testing
Oct 4 - Nov 29
Finalize Store Touch plans and procedures
Nov 29 - Dec 31
Jan 6 - Jun 30
Store Touch Project
Jan 6 - Jun 30
Network Touch Project
Jan 6 - Jun 30
Security Standards and Policies Project
Jan 6 - Jun 30
ITIL Functional Areas Project
Jul 28 - Jul 31
PCI Audit and Compliance Review
PCI Projects Completed
Jun 30
Network redesign and
testing completed
PCI Audit for
Compliance
Nov 29
Jul 31
PCI Sub-Projects Start
Jan 6
2013
Sep
Project End
Aug 8
2014
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
2014
8
9. Network Monitoring
Project Summary:
Diagnose technical issues and develop a pragmatic approach and plan to repair
critical components / interfaces. .
Milestone
G
Project Charter
Original Date/Current
Plan Date
%
comp
Sept. 13th/Sept 13th
100%
30th/Oct
30th
Overall Status
Date: Sep. 13, 2013
G
Key Accomplishments/Highlights
•
•
80%
Monitoring complete
90% of findings identified with
recommendations
G
Monitoring Complete
Sept
G
Results Analyzed
Oct 14th/Oct 25th
70%
G
Remediation Plan Approved
Oct 21st/Nov 1st
70%
G
Visit to Pivot COLO to inspect and
document the state of the installation at
the site.
Transactional perfmom analysis of LSLPRMSABDB with analyst assistance
COLO ASA sysloging to capture VPN drop
failures from ASA logs
Assembly of final report PPT with
conclusions and recommendations
Oct 28th
100%
Nov 1st
50%
Upcoming Key Activities/Deliverables
Nov 4th
90%
•
Nov 4th
50%
G
G
G
Key Issues & Risks / Mitigation Plan
• Issues can be hard to track when they are intermittent and cannot be
reproduced via a specific set of steps.
• We will monitor and track the times for specific occurrences and
based on time noted will relate back to the monitoring
findings/logs
Complete final report and
recommendations
Asks/Decisions
10. Enterprise Software Selection
Project Summary:
Select a new enterprise software solution which can be implemented to support
all the major business processes.
Milestone
G
Project Charter
Original Date/Current
Plan Date
Sept. 13th/Sept. 13th
25th/Oct
30th
Overall Status
Date: Nov 1, 2013
Key Accomplishments/Highlights
%
comp
100%
G
Functional Requirements workshops
Oct
G
RFP Issued
Oct 31st/Nov 15th
0%
G
Vendors Response Received
Nov 22th/Nov 29th
0%
G
Vendor Demos
Dec 6th/Dec 6th
Vendor Selection
Dec 13th/Dec 13th
0%
•
•
•
•
Project in full swing
Workshops completed
Vendors Engaged
NDA Process begun
0%
G
G
100%
G
0%
G
0%
G
Upcoming Key Activities/Deliverables
0%
Key Issues & Risks / Mitigation Plan
•
Draft RFP document and issue it
Asks/Decisions
11. RMS Cleanup
Project Summary:
Apply a new hierarchy to product descriptors in RMS and apply the new format
at the item level to : To provide meaningful descriptions to items, To categorize
items in a consistent and standard format, To update existing item information
where applicable, To develop a standardized format for entering new items
Milestone
G
Project Charter
Plan Date
Sept. 13th
5th
Overall Status
Date: Nov. 1, 2013
Key Accomplishments/Highlights
%
comp
100%
G
Complete Item Clean-up
Dec
G
Validate Item Clean-up
Dec 20th
0%
G
Test Changes
Dec 30th
Deploy to Live environment
Jan 27th
•
0%
G
ON
HOLD
Beer section completed week ending Sept
13th
Hierarchy design completed in
conjunction with the buyers
0%
30%
G
0%
G
0%
G
0%
G
•
0%
Key Issues & Risks / Mitigation Plan
•
Resource Availability to do the data entry
•
Resources are deployed when available
Upcoming Key Activities/Deliverables
•
Data entry continues when resources can
be applied.
Asks/Decisions
12. Telecom Rationalization
Project Summary:
The Company spends approx. $1 million annually on telecom related services
(telephone, internet, fax, etc.) across 23 different vendors. The goal is to reduce
the spend through rationalization and vendor reductions.
Milestone
G
G
Rationalization of services – Initiate in
Canada
Review of Canadian vendor proposals
Original Date/Current
Plan Date
50%
Oct 11th/Nov 15th
50%
25st/Nov
0%
G
Selection of preferred Canadian vendor
Oct
G
Establish timetable for the transition of
Canadian services
Rationalization of services – Initiate in
Kentucky / Alaska
Review and selection of KY and AK
vendors
Establish timetable for the transition of KY
and AK services
Nov 8th/Dec 2nd
Oct 18th/Dec 2nd
0%
Nov 25th /Jan 13th
0%
Dec 12th/Jan 20th
0%
•
•
•
Project was just initiated
Telus and Shaw have been engaged in a
preliminary fashion
Telus has delivered their proposal
0%
G
G
G
22nd
G
Key Accomplishments/Highlights
%
comp
Sept. 20th
Overall Status
Date: Oct 31, 2013
G
0%
G
Upcoming Key Activities/Deliverables
•
Receive more Canadian Proposals and
compare them in terms of pricing and
service levels
0%
Key Issues & Risks / Mitigation Plan
Asks/Decisions
• Are two vendors enough?
13. Sharepoint Intranet
Project Summary:
Create and deploy a new intranet technology platform.
Milestone
G
Migrate intranets internally
Overall Status
Date: Nov. 1, 2013
Original Date/Current
Plan Date
100%
Key Accomplishments/Highlights
%
comp
Sept. 23rd
30th
G
Fix existing intranet functionality
Sep
G
Create team sites reflective of old team
Nov 4th
Training
Dec 2nd
Live Rollout
Dec 9th
Platform has been deployed
•
Receive Canadian Proposals and compare
•
Content must be configured and loaded
0%
G
•
90%
G
G
0%
100%
G
0%
G
0%
G
0%
G
0%
Key Issues & Risks / Mitigation Plan
•
Availability of resources for the project
•
Office coordinator will apply time to the project to create
and continue forward momentum
Upcoming Key Activities/Deliverables
Asks/Decisions
• Any critical requirements that would affect
schedule?
14. WebSite Migration
Project Summary:
Migrate all the LSGP web sites to a new hosting and design partner. Refurbish
the sites and create a central site at a top level domain.
Milestone
G
Agreement with host company
Original Date/Current
Plan Date
Sept. 30th
14th
/ Nov
Overall Status
Date: Nov. 1, 2013
Key Accomplishments/Highlights
%
comp
100%
4th
G
Relocate external websites
Oct
G
Restore web apps
Oct 21th / Nov 8th
Relocate internal websites
Sep 30th / Nov 8th
Restore email functionality
Oct 21st / Nov 8th
Project is being initiated
•
Receive Canadian Proposals and compare
•
Migrate sites and leave integration
functions behind
70%
G
•
70%
G
Y
70%
10%
G
0%
G
0%
G
0%
G
0%
Key Issues & Risks / Mitigation Plan
•
Maintain uptime for all functions during the move.
•
Phase the move and use parallel testing prior ro cutting live
Upcoming Key Activities/Deliverables
Asks/Decisions
15. Scan Safe Implementation
Project Summary:
Migrate all the LSGP web sites to a new hosting and design partner. Refurbish
the sites and create a central site at a top level domain.
Milestone
Original
Date/Current Plan
Date
Overall Status
Date: Nov 1, 2013
Key Accomplishments/Highlights
%
comp
G
Upgrade IOS (Pilot testing with 3 stores)
13/10/29
100%
G
Install ScanSafe (Testing pilot with 3 stores)
13/10/29
13/11/08
13/12/20
Deploy ScanSafe to all store
13/12/25
0%
•
Receive Canadian Proposals and compare
•
Deploy massive IOS upgrade with
compliance to PCI requirement.
0%
G
Project is not re-initiated yet
0%
G
Map similarities between ScanSafe and PCI
IOS upgrade requirement
Deploy Massive IOS upgrade for all stores
•
100%
G
G
G
Support and manage troubleshooting
14/01/10
0%
G
G
Upcoming Key Activities/Deliverables
G
Key Issues & Risks / Mitigation Plan
•
•
•
PCI requirement may be similar to ScanSafe and we need to decide
if both projects could be joined
Contractors may be required physically at the store level if there are
any issues with the IOS upgrade
Lose of connectivity may cause some business down time at the
store level.
Asks/Decisions
• We may be grouping the PCI project with the
ScanSafe as they may be having same
objectives and using the same resources.
16. Criteria for Project Prioritization
In the future, projects are to be prioritized based on the following criteria and suggested
weightings (for discussion):
Expense reduction (25 percent)
Revenue increase (25 percent)
Strategic (25 percent)
Legal/regulatory/security (25 percent)
For example, on a scale of 1 to 10, determine the degree to which a project results in
expense reduction:
1 – no expense reduction
10 – expense reduction of > $1M
Next steps – define metrics for each criteria.
16
Editor's Notes
Everything we have seen so far indicates a lack of knowledge of store details regarding IT footprint, inability (mostly due to resource constraints) of the It team to execute – so we have the contingency –ideally we won’t need it.This issue is addressed by two different effortsPCI project heavy touch stores address this for those storesWe have move about 20 stores from medium touch to heavy touch to address this for those stores as wellWe have been conducting diagnostics for the past couple of weeks and have just received the final report from the Litcom expertsWe will now drive out a plan of action for internally achievable fixes based on the findingsE.g. Move network components to the UPSSwap patch cablesReplace aging pinpads etc…