Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO

1,051 views

Published on

Booz Allen Hamilton use VisibleThread to help ISO certification. This session was part of the VisibleThread Users conference 2014. Presented by Chris Roelofs, Lead Associate at Booz Allen Hamilton, a VisibleThread user. Chris covered:
- ISO 20k and 27k certification
- using VisibleThread dictionaries to satisfy audit requirements in a PMO

Published in: Business
  • Be the first to comment

VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO

  1. 1. VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO November 2014 Chris Roelofs, Lead Associate, Booz Allen Hamilton Briefing for the VisibleThread Users’ Conference 2014 Copyright 2014, Booz Allen Hamilton Inc.
  2. 2. 1 Our VisibleThread Journey Since October 2012 Deltek Reports (October 2012) Sandbox (October 2012 – March 2013)  Out-of-the-Box Utilization (April 2013) Concept Dictionary Deployment for RFP Analysis (May 2013 – Present) Concept Dictionary Deployment for ISO 20K Compliance (June 2013 – Present) Concept Dictionary Development for ISO 27K Certification (August 2014) Copyright 2014, Booz Allen Hamilton Inc.
  3. 3. 2 Deltek Reports (October 2012) Customers identified VisibleThread as an RFP analysis tool available on the Deltek site Conducted research to see if firm already possessed licenses Contacted VisibleThread to learn more Our journey began with a tip from a customer Copyright 2014, Booz Allen Hamilton Inc.
  4. 4. 3 Sandbox (October 2012 – March 2013) Select user group Support and demonstrations from VisibleThread experts Minor Concept Dictionary development  Focus on RFP analysis Broad reach within firm Supported business case development for purchase The sandbox allowed demonstrations on real data without restriction Copyright 2014, Booz Allen Hamilton Inc.
  5. 5. 4 Out-of-the-Box Utilization (April 2013)  Initial procurement  Installation on internal server Expanded user group  Training Demonstrations of capabilities to market groups and proposal teams Solicited feedback on concept report output – refined basic dictionaries We honed our skills, gained a larger user base and envisioned broader application Copyright 2014, Booz Allen Hamilton Inc.
  6. 6. 5 Concept Dictionary Deployment for RFP Analysis (May 2013 – Present) Compliance Matrix – What does the SOW tell us to do? EISM Task Areas – How does this requirement relate to the prime contract?  Risk Matrix – Which firm identified risks are triggered? Section L & M – What do we provide and how will we be evaluated? We enhanced and refined dictionary development to achieve targeted results Copyright 2014, Booz Allen Hamilton Inc.
  7. 7. 6 Concept Dictionaries Deployed for RFP Analysis What does the Statement of Work tells us to do? What scope areas from the IDIQ does the RFP address? Which Firm Specified Risk areas are triggered? What do we have to provide in our proposal and how will we be evaluated? Copyright 2014, Booz Allen Hamilton Inc.
  8. 8. 7 Concept Dictionary Deployment for ISO 20K Compliance (June 2013 – Present)  “ISO/IEC 20000-1:2011 (ISO 20K) is a standard for the design, transition, delivery and improvement of services that fulfill service requirements and provide value for both the customer and the service provider.” *  “ISO 20K requires an integrated process approach when the service provider plans, establishes, implements, operates, monitors, reviews, maintains and improves a service management system (SMS).” *  “Coordinated integration and implementation of the SMS through all stages of the service lifecycle, from strategy through design, transition and operation, including continual improvement.” * We use VisibleThread to help us: – Ensure all areas of the standard are addressed in our documents (policies, plans, procedures, etc.) – Show the interrelationship between documents involved in the performance of a process from initiation to completion We targeted concepts across multiple documents to show linkages and process relationships * - BS ISO/IEC 20000-1:2011 Copyright 2014, Booz Allen Hamilton Inc.
  9. 9. 8 Concept Analysis for ISO 20K Compliance Copyright 2014, Booz Allen Hamilton Inc.
  10. 10. 9 Document Folders Concept Analysis for ISO 20K Compliance Copyright 2014, Booz Allen Hamilton Inc.
  11. 11. 10 Concept Analysis for ISO 20K Compliance Documents Under Analysis Copyright 2014, Booz Allen Hamilton Inc.
  12. 12. 11 Concept Analysis for ISO 20K Compliance Concept dictionary Copyright 2014, Booz Allen Hamilton Inc.
  13. 13. 12 Concept Analysis for ISO 20K Compliance Copyright 2014, Booz Allen Hamilton Inc. ISO 20k Requirement Clause
  14. 14. 13 Concept Analysis for ISO 20K Compliance Copyright 2014, Booz Allen Hamilton Inc. Analysis
  15. 15. 14 Concept Dictionary Development for ISO 27K Certification (August 2014)  ISO/IEC 27001:2013 (ISO 27K) – “This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system.” *  “The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.” *  “It is important that the information security management system is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls.” * We use VisibleThread to help us: – To determine where ISO 27K controls are adequately incorporated into existing documentation – Identify which controls may not be fully managed or only partially managed – gaps that need resolution prior to certification audit We are envisioning how documents should relate to achieve integrated processes * - SN ISO/IEC 27001:2013 en Copyright 2014, Booz Allen Hamilton Inc.
  16. 16. 15 ISO 27K Certification Compliance Analysis Copyright 2014, Booz Allen Hamilton Inc.
  17. 17. 16 ISO 27K Certification Compliance Analysis Concept dictionary Copyright 2014, Booz Allen Hamilton Inc.
  18. 18. 17 ISO 27K Certification Compliance Analysis Copyright 2014, Booz Allen Hamilton Inc. ISO 27k Control
  19. 19. 18 ISO 27K Certification Compliance Analysis Documents Under Analysis Copyright 2014, Booz Allen Hamilton Inc.
  20. 20. 19 ISO 27K Certification Compliance Analysis Copyright 2014, Booz Allen Hamilton Inc. Analysis
  21. 21. 20 The VisibleThread Journey Continues…  It has been a growing experience – A suggestion has turned into a standard business practice for our PMO  Our ISO 27K Concept Dictionary is work in progress – Proper selection of terms and phrases will determine its effectiveness We still have customers asking if we can do something different with the tool – We haven’t had to say “No” yet Copyright 2014, Booz Allen Hamilton Inc.

×