Steering comittee nov 1 2013

341 views

Published on

Published in: Technology
1 Comment
1 Like
Statistics
Notes
  • This is comprehensive. Really helpful. Thanks for sharing. What are the different status used? G and Y - what does it represent?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
341
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
11
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide
  • Everything we have seen so far indicates a lack of knowledge of store details regarding IT footprint, inability (mostly due to resource constraints) of the It team to execute – so we have the contingency –ideally we won’t need it.This issue is addressed by two different effortsPCI project heavy touch stores address this for those storesWe have move about 20 stores from medium touch to heavy touch to address this for those stores as wellWe have been conducting diagnostics for the past couple of weeks and have just received the final report from the Litcom expertsWe will now drive out a plan of action for internally achievable fixes based on the findingsE.g. Move network components to the UPSSwap patch cablesReplace aging pinpads etc…
  • Steering comittee nov 1 2013

    1. 1. Information Technology Steering Committee Liquor Stores N.A. Ltd. Committee Meeting November 1, 2013 1
    2. 2. Meeting Objectives 1. Project Status Review •Network and Application monitoring findings, PCI project review 2. New Projects Sysaid for Property Management Gallo wines 3. Other Issues • Store hardware age • Windows XP 4. Set schedule for next meeting 2
    3. 3. Network & App Monitoring Findings Problems Identified SSC User Desktops • HP ML310 are 5 year old servers, video card not meant for this type of use, no management in place (patches, AV) Stores Network • Cabling issues – overlong runs, kinks, bent, pinched and/or crushed • Insufficient telco service (limited upload) • Config issues - Poor use of UPS, inconsistent device setups • NO OS or app patch management or AV management • 5 year old equipment • New switched out of date on IOS version Stores WiFi – W&B • Too high, not meshed and cooler access is blocked 3
    4. 4. Network & App Monitoring Findings Problems Identified Application Monitoring • SQL Express is old and limited in functions – Till freezes when log exceeds 80 mb or database exceeds 4gb • Tills freeze when db maintenance not done – not automated • Receipt printers fail and cause till to freeze • No SQL alerting or monitoring for health of DB Equipment issues • Five year old machines and Windows XP at the stores • Dlink/linksys switches used • Cables fail after heavy use 4
    5. 5. Network & App Monitoring Findings Problems Identified Application Monitoring - SSC • SQL not configured properly – many non-standard settings • Not optimized Equipment issues - Datacenter • Two SPOOFs found – ASA and switch • No comprehensive test environment 5
    6. 6. PCI Compliance Project Summary: Develop and deploy the necessary systems, hardware, policies and procedures to remediate the findings of the PCI assessment and attain compliance sign-off Milestone Plan Date Overall Status Date: Oct 31, 2013 Key Accomplishments/Highlights % comp Requirements Oct 31st 95% G Design for network components Nov 30th 30% G Development of deployment plan Nov 22nd 20% G Proof of concept for Store Touch Dec 31st 0% G Store Touch Project June 30th 2014 0% G Network Touch Project June 30th 2014 0% 30th G G Security Standards & Policies Project June 2014 0% G ITIL Functional Areas Project June 30th 2014 0% G PCI Compliance Assessment July 31st 2014 0% G Project Completed Aug 8th 2014 • • • Completing requirements gathering and planning of project streams Design and testing ongoing for store and core network components Working with external service providers and cabling vendors for store touch Upcoming Key Activities/Deliverables 0% Key Issues & Risks / Mitigation Plan • • • • Resourcing constraints for internal resources who will be responsible for a number of deliverables in all areas of the project. Need to hire security resource as soon as possible to integrate into project. Many other business and IT projects in the coming year have potential impact on the PCI project and the resource availability. Program and resource planning will be required. Lack of complete information on store environments, IT inventory, cabling. Need to complete an IT supervised visit to the stores to collect information Unknown interconnected components in network could affect project. Plan of action needs to be implemented based on recent network review. G • • • Finish network design components Select resources and begin store visit Select service providers for store touch Asks/Decisions • Approval of budget for PCI project • Approval of security resource
    7. 7. PCI Project Costs Area Cost Notes Store Touch $800,000 Visit to each store for data collection and documentation of systems and cabling, Replacement of all network switches, re-cabling at 43 stores, wiring standardization, lockable cage for network gear, labeling and new standard images for switches, router and wireless access points plus testing Network Touch $110,000 Network re-design for IP and DNS configuration, Intrusion detection/intrusion prevention system and network sniffer Security Standards and Policies $0 All work to be done by PM or internal resource pool ITIL Functional Areas $260,000 Anti Virus System, Logging and monitoring system, software update system, test environment, 2 factor authentication, DVR upgrades, File integrity system, security training module for staff PM $180,000 Full time PM to oversea all aspects of PCI project to completion Contingency $250,000 20% based on current lack of complete information regarding store environments and the current flux of the IT organization for staffing and availability of resources TOTAL $1,600,000 7
    8. 8. Timeline for PCI Project Sep 9 - Oct 4 Project Planning and information gathering Network and Store Touch design and testing Oct 4 - Nov 29 Finalize Store Touch plans and procedures Nov 29 - Dec 31 Jan 6 - Jun 30 Store Touch Project Jan 6 - Jun 30 Network Touch Project Jan 6 - Jun 30 Security Standards and Policies Project Jan 6 - Jun 30 ITIL Functional Areas Project Jul 28 - Jul 31 PCI Audit and Compliance Review PCI Projects Completed Jun 30 Network redesign and testing completed PCI Audit for Compliance Nov 29 Jul 31 PCI Sub-Projects Start Jan 6 2013 Sep Project End Aug 8 2014 Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug 2014 8
    9. 9. Network Monitoring Project Summary: Diagnose technical issues and develop a pragmatic approach and plan to repair critical components / interfaces. . Milestone G Project Charter Original Date/Current Plan Date % comp Sept. 13th/Sept 13th 100% 30th/Oct 30th Overall Status Date: Sep. 13, 2013 G Key Accomplishments/Highlights • • 80% Monitoring complete 90% of findings identified with recommendations G Monitoring Complete Sept G Results Analyzed Oct 14th/Oct 25th 70% G Remediation Plan Approved Oct 21st/Nov 1st 70% G Visit to Pivot COLO to inspect and document the state of the installation at the site. Transactional perfmom analysis of LSLPRMSABDB with analyst assistance COLO ASA sysloging to capture VPN drop failures from ASA logs Assembly of final report PPT with conclusions and recommendations Oct 28th 100% Nov 1st 50% Upcoming Key Activities/Deliverables Nov 4th 90% • Nov 4th 50% G G G Key Issues & Risks / Mitigation Plan • Issues can be hard to track when they are intermittent and cannot be reproduced via a specific set of steps. • We will monitor and track the times for specific occurrences and based on time noted will relate back to the monitoring findings/logs Complete final report and recommendations Asks/Decisions
    10. 10. Enterprise Software Selection Project Summary: Select a new enterprise software solution which can be implemented to support all the major business processes. Milestone G Project Charter Original Date/Current Plan Date Sept. 13th/Sept. 13th 25th/Oct 30th Overall Status Date: Nov 1, 2013 Key Accomplishments/Highlights % comp 100% G Functional Requirements workshops Oct G RFP Issued Oct 31st/Nov 15th 0% G Vendors Response Received Nov 22th/Nov 29th 0% G Vendor Demos Dec 6th/Dec 6th Vendor Selection Dec 13th/Dec 13th 0% • • • • Project in full swing Workshops completed Vendors Engaged NDA Process begun 0% G G 100% G 0% G 0% G Upcoming Key Activities/Deliverables 0% Key Issues & Risks / Mitigation Plan • Draft RFP document and issue it Asks/Decisions
    11. 11. RMS Cleanup Project Summary: Apply a new hierarchy to product descriptors in RMS and apply the new format at the item level to : To provide meaningful descriptions to items, To categorize items in a consistent and standard format, To update existing item information where applicable, To develop a standardized format for entering new items Milestone G Project Charter Plan Date Sept. 13th 5th Overall Status Date: Nov. 1, 2013 Key Accomplishments/Highlights % comp 100% G Complete Item Clean-up Dec G Validate Item Clean-up Dec 20th 0% G Test Changes Dec 30th Deploy to Live environment Jan 27th • 0% G ON HOLD Beer section completed week ending Sept 13th Hierarchy design completed in conjunction with the buyers 0% 30% G 0% G 0% G 0% G • 0% Key Issues & Risks / Mitigation Plan • Resource Availability to do the data entry • Resources are deployed when available Upcoming Key Activities/Deliverables • Data entry continues when resources can be applied. Asks/Decisions
    12. 12. Telecom Rationalization Project Summary: The Company spends approx. $1 million annually on telecom related services (telephone, internet, fax, etc.) across 23 different vendors. The goal is to reduce the spend through rationalization and vendor reductions. Milestone G G Rationalization of services – Initiate in Canada Review of Canadian vendor proposals Original Date/Current Plan Date 50% Oct 11th/Nov 15th 50% 25st/Nov 0% G Selection of preferred Canadian vendor Oct G Establish timetable for the transition of Canadian services Rationalization of services – Initiate in Kentucky / Alaska Review and selection of KY and AK vendors Establish timetable for the transition of KY and AK services Nov 8th/Dec 2nd Oct 18th/Dec 2nd 0% Nov 25th /Jan 13th 0% Dec 12th/Jan 20th 0% • • • Project was just initiated Telus and Shaw have been engaged in a preliminary fashion Telus has delivered their proposal 0% G G G 22nd G Key Accomplishments/Highlights % comp Sept. 20th Overall Status Date: Oct 31, 2013 G 0% G Upcoming Key Activities/Deliverables • Receive more Canadian Proposals and compare them in terms of pricing and service levels 0% Key Issues & Risks / Mitigation Plan Asks/Decisions • Are two vendors enough?
    13. 13. Sharepoint Intranet Project Summary: Create and deploy a new intranet technology platform. Milestone G Migrate intranets internally Overall Status Date: Nov. 1, 2013 Original Date/Current Plan Date 100% Key Accomplishments/Highlights % comp Sept. 23rd 30th G Fix existing intranet functionality Sep G Create team sites reflective of old team Nov 4th Training Dec 2nd Live Rollout Dec 9th Platform has been deployed • Receive Canadian Proposals and compare • Content must be configured and loaded 0% G • 90% G G 0% 100% G 0% G 0% G 0% G 0% Key Issues & Risks / Mitigation Plan • Availability of resources for the project • Office coordinator will apply time to the project to create and continue forward momentum Upcoming Key Activities/Deliverables Asks/Decisions • Any critical requirements that would affect schedule?
    14. 14. WebSite Migration Project Summary: Migrate all the LSGP web sites to a new hosting and design partner. Refurbish the sites and create a central site at a top level domain. Milestone G Agreement with host company Original Date/Current Plan Date Sept. 30th 14th / Nov Overall Status Date: Nov. 1, 2013 Key Accomplishments/Highlights % comp 100% 4th G Relocate external websites Oct G Restore web apps Oct 21th / Nov 8th Relocate internal websites Sep 30th / Nov 8th Restore email functionality Oct 21st / Nov 8th Project is being initiated • Receive Canadian Proposals and compare • Migrate sites and leave integration functions behind 70% G • 70% G Y 70% 10% G 0% G 0% G 0% G 0% Key Issues & Risks / Mitigation Plan • Maintain uptime for all functions during the move. • Phase the move and use parallel testing prior ro cutting live Upcoming Key Activities/Deliverables Asks/Decisions
    15. 15. Scan Safe Implementation Project Summary: Migrate all the LSGP web sites to a new hosting and design partner. Refurbish the sites and create a central site at a top level domain. Milestone Original Date/Current Plan Date Overall Status Date: Nov 1, 2013 Key Accomplishments/Highlights % comp G Upgrade IOS (Pilot testing with 3 stores) 13/10/29 100% G Install ScanSafe (Testing pilot with 3 stores) 13/10/29 13/11/08 13/12/20 Deploy ScanSafe to all store 13/12/25 0% • Receive Canadian Proposals and compare • Deploy massive IOS upgrade with compliance to PCI requirement. 0% G Project is not re-initiated yet 0% G Map similarities between ScanSafe and PCI IOS upgrade requirement Deploy Massive IOS upgrade for all stores • 100% G G G Support and manage troubleshooting 14/01/10 0% G G Upcoming Key Activities/Deliverables G Key Issues & Risks / Mitigation Plan • • • PCI requirement may be similar to ScanSafe and we need to decide if both projects could be joined Contractors may be required physically at the store level if there are any issues with the IOS upgrade Lose of connectivity may cause some business down time at the store level. Asks/Decisions • We may be grouping the PCI project with the ScanSafe as they may be having same objectives and using the same resources.
    16. 16. Criteria for Project Prioritization In the future, projects are to be prioritized based on the following criteria and suggested weightings (for discussion): Expense reduction (25 percent) Revenue increase (25 percent) Strategic (25 percent) Legal/regulatory/security (25 percent) For example, on a scale of 1 to 10, determine the degree to which a project results in expense reduction: 1 – no expense reduction 10 – expense reduction of > $1M Next steps – define metrics for each criteria. 16

    ×