This study summarizes results of a study of Technical Debt across 745 business applications comprising 365 million lines of code collected from 160 companies in 10 industry segments. These applications were submitted to a static analysis that evaluates quality within and across application layers that may be coded in different languages. The analysis consists of evaluating the application against a repository of over 1200 rules of good architectural and coding practice. A formula for estimating Technical Debt with adjustable parameters is presented. Results are presented for Technical Debt across the entire sample as well as for different programming languages and quality factors.
“Clinical Grade" Requirements to Enable a Mobile Health and Advanced Workflow Environment by Laurence Beaulieu; Chief Architect, Healthcare Solutions
Nortel Business Solutions
Benchmark METRICS THAT MATTER October 4 2012BenchmarkQA
Betty Schaar and Jeff Roth presented this at BenchmarkQA's fall 2012 Software Quality Forum, challenging attendees to rethink the metrics they're generating. Metrics without the context of the project mean nothing.
“Clinical Grade" Requirements to Enable a Mobile Health and Advanced Workflow Environment by Laurence Beaulieu; Chief Architect, Healthcare Solutions
Nortel Business Solutions
Benchmark METRICS THAT MATTER October 4 2012BenchmarkQA
Betty Schaar and Jeff Roth presented this at BenchmarkQA's fall 2012 Software Quality Forum, challenging attendees to rethink the metrics they're generating. Metrics without the context of the project mean nothing.
This presentation was given at GRC Conference in Boston (October 2010) and explains the importance of measuring performance for real value. It goes into the world of metrics and balanced scorecards
This presentation was given at GRC Conference in Boston (October 2010) and explains the interesting triad of not only People, Process & Technology but also Culture, Structure & Strategy. Besides, it moves beyond the 'alignment' idea and goes deep into the 'synchronization' needs of today's companies
Trends in Control and Power Technologies and Its Impact for Mineral Recovery ...Schneider Electric
Presented at the 2013 Society of Mining, Metallurgy and Exploration Annual Meeting (SME 2013). Mineral processing presents a major process challenge as it involves complexities in extraction and transformation into a final product, but also requires huge material movement, scheduling, and tracking. Learn how trends in information systems, reporting systems, energy management and efficiency, communications, process control, plant integration and other control technologies are aligned to address these current industry challenges.
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
This presentation was given at ISRM Conference in Las Vegas (September 2010) and shows the shift in perception from Technology Risk to Enterprise Risk and how businesses and TI need to embrace that new frontier
Three Confluence Deployments That Will Blow You AwayAtlassian
There are lots of great Confluence deployment stories. And then there are a few that are just mind-blowing. This session highlights three incredible Confluence deployments that will make your head turn.
Customer Speakers: Nate Nash of BearingPoint, Tim Colson of Cisco, Connie Taylor of Premier Inc
Key Takeaways:
* Incredible Confluence examples
* Innovative uses of a wiki and enterprise collaboration
Overcoming Cost Intransparency of Cloud ComputingNane Kratzke
Presentation hold during Cloud Computing Conference 2011 in Noordwijkerhout, Netherlands 2011. This is presentation is about missing cost estimation models in cloud computing and presents firsts considerations how to overcome this.
Achieving high product reliability has become increasingly vital for manufacturers in order to meet customer expectations amid the threat of strong global competition. Poor reliability can doom a product and jeopardize the reputation of a brand or company. Inadequate reliability also presents financial risks from warranty, product recalls, and potential litigation. When developing new products, it is imperative that manufacturers develop reliability specifications and utilize methods to predict and verify that those reliability specifications will be met. This 4-Hour course provides an overview of quantitative methods for predicting product reliability from data gathered from physical testing or from field data
This presentation was given at GRC Conference in Boston (October 2010) and explains the importance of measuring performance for real value. It goes into the world of metrics and balanced scorecards
This presentation was given at GRC Conference in Boston (October 2010) and explains the interesting triad of not only People, Process & Technology but also Culture, Structure & Strategy. Besides, it moves beyond the 'alignment' idea and goes deep into the 'synchronization' needs of today's companies
Trends in Control and Power Technologies and Its Impact for Mineral Recovery ...Schneider Electric
Presented at the 2013 Society of Mining, Metallurgy and Exploration Annual Meeting (SME 2013). Mineral processing presents a major process challenge as it involves complexities in extraction and transformation into a final product, but also requires huge material movement, scheduling, and tracking. Learn how trends in information systems, reporting systems, energy management and efficiency, communications, process control, plant integration and other control technologies are aligned to address these current industry challenges.
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
This presentation was given at ISRM Conference in Las Vegas (September 2010) and shows the shift in perception from Technology Risk to Enterprise Risk and how businesses and TI need to embrace that new frontier
Three Confluence Deployments That Will Blow You AwayAtlassian
There are lots of great Confluence deployment stories. And then there are a few that are just mind-blowing. This session highlights three incredible Confluence deployments that will make your head turn.
Customer Speakers: Nate Nash of BearingPoint, Tim Colson of Cisco, Connie Taylor of Premier Inc
Key Takeaways:
* Incredible Confluence examples
* Innovative uses of a wiki and enterprise collaboration
Overcoming Cost Intransparency of Cloud ComputingNane Kratzke
Presentation hold during Cloud Computing Conference 2011 in Noordwijkerhout, Netherlands 2011. This is presentation is about missing cost estimation models in cloud computing and presents firsts considerations how to overcome this.
Achieving high product reliability has become increasingly vital for manufacturers in order to meet customer expectations amid the threat of strong global competition. Poor reliability can doom a product and jeopardize the reputation of a brand or company. Inadequate reliability also presents financial risks from warranty, product recalls, and potential litigation. When developing new products, it is imperative that manufacturers develop reliability specifications and utilize methods to predict and verify that those reliability specifications will be met. This 4-Hour course provides an overview of quantitative methods for predicting product reliability from data gathered from physical testing or from field data
CA Infrastructure Management 2.0 vs. Solarwinds Orion: Speed and ease of mana...Principled Technologies
Infrastructure and operations support time is valuable, and every second is critical when a performance, capacity or application response issue begins to manifest. A management, alerting, and root cause analysis system that allows staff to quickly locate and troubleshoot a problem is key to providing five-nines uptime SLAs, as well as keeping a business’s own staff working at peak efficiency.
In our tests, we found that CA Infrastructure Management 2.0 outperformed the SolarWinds Orion tools in tests of ease of use and required-time-to-complete. The testing demonstrated timing wins for CA Technologies in our four simulated scenarios, by factors of 2.3 to 11.4 times over SolarWinds Orion.
When managing large-scale infrastructures, the ability to efficiently triage a large number of devices and network links is essential for maintaining high availability, consistent performance and routine business operations. This is particularly evident when calculating the aggregate time saved when performing the same operations multiple times in a given day. Over time, these aggregate figures can lead to significant savings of time and money for your organization.
Software Measurement for Lean Application ManagementCAST
Learn how the Lean practices pioneered in the Toyota Production System apply to the Application Development and Maintenance (ADM) of business software. Applying Lean to ADM decreases total cost of ownership and improves business responsiveness and operational dependability.
See how IT Risks Impacts your Business. CAST help you to check on software performance, stability, maintainability, and security vulnerabilities in which CAST excels and successfully differentiates from code analyzers.CAST’s Application Intelligence Platform and Rapid Portfolio Analysis solutions can help you avoid these types of “software glitches” or "software risks" by allowing you to gain greater visibility through automated code review that identifies the root causes of risks before they become production problems, while expediting time-to-market with shorter release time lines and improved business agility.
Getting Over 'the Hump': How to Expand Your Stalled Virtualization DeploymentDavid Resnic
Many organizations are experiencing virtualization stall, which prevents them from moving beyond the first stage on the virtualization maturity curve and realizing the full scope of benefits of the technology. This presentation shows how to ensure successful virtualization deployments by containing risk, managing resources and establishing effective management. It explains how to identify problems in your IT organization before they appear, how to expand your virtualization deployment, and move further along in your journey to dynamic data centers and cloud computing.
Rapid Portfolio Analysis powered by CAST HighlightCAST
Have you not seen any real benefits from your current Application Portfolio Management (APM) tools and services? Learn how CAST Rapid Portfolio Analysis (RPA), a low-cost, cloud-based solution, is helping organizations get the most out of their APM efforts by providing information required for objective portfolio-level decisions quickly, easily and inexpensively. RPA can deliver results on a large portfolio in a matter of hours, providing comprehensive quality, technical debt and size measures so you can make fact-based decisions on risks that drain budgets, increase production failures and affect responsiveness.
Agile Management of Tech Debt and Architecture with CASTCAST
When working with Agile, you need to control architecture, satisfy non-functional requirements, and reduce technical debt in short iterations. Even more challenging, non-functional, structural flaws are notoriously difficult to detect with test cases. Since these application-level defects are typically investigated during acceptance testing at the end of an iteration or sprint, problems are detected when it is often too late to make corrections before release. Consequently, these flaws become technical debt to be remediated in future iterations.
In this paper find out how the CAST Application Intelligence Platform (AIP) can be incorporated into a continuous integration environment to evaluate if newly integrated components:
• Violate rules of good architectural and coding practice affecting security, robustness, changeability, performance efficiency, and maintainability
• Create unintended side effects in other layers of the application
• Adhere to the application’s architectural rules
• Have structural problems that create technical debt
7 Steps to Pay Down the Interest on Your IT Technical DebtCAST
Dr. Bill Curtis - Dr. Bill Curtis, Senior Vice President and Chief Scientist with CAST - lays out the “Technical Debt Management Cycle”, a 7-step process for analyzing and measuring Technical Debt so you can relate executive business priorities to strategic quality priorities for reducing business risk and IT cost. It includes a formula to benchmark your Technical Debt against industry data, or adjust the parameters to best fit your organization’s own maintenance and structural quality objectives, experiences, and costs.
5 IT Trends That Reduce Cost And Improve Web Performance - A Forrester and Go...Compuware APM
Virtualization, Cloud Computing and Outsourcing promise significant cost savings and enhanced business agility. Implemented correctly these initiatives can cut hardware and software costs, improve web application performance and quality, and positively impact business results. Learn how these 5 key business and technology trends are enabling companies to reduce costs AND ensure web application performance:
1. Virtualization
2. Outsourced Hosting & Management of Applications
3. Cloud Computing
4. Real-user Monitoring
5. ‘SaaS’ification of IT Management Software
In this deck from the Stanford HPC Conference, Ryan Quick from Providentia Worldwide describes how DNNs can be used to improve EDA simulation runs.
"Systems Intelligence relies on a variety of methods for providing insight into the core mechanisms for driving automated behavioral changes in self-healing command and control platforms. This talk reports on initial efforts with leveraging Semiconductor Electronic Design Automation (EDA) telemetry data from cross-domain sources including power, network, storage, nodes, and applications in neural networks as a driving method for insight into SI automation systems."
Watch the video: https://youtu.be/2WbR8tq-XbM
Learn more: http://www.providentiaworldwide.com/
and
http://www.hpcadvisorycouncil.com/events/2020/stanford-workshop/
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...Mark Underwood
What happens when the (Observe) Plan-Do-Check-Adjust cycle is undermined by lapses in data integrity? Observations are questioned. Plans may be ill-conceived. Actions may be undertaken that undermine rather than enhance. “Checks” can fail. Adjustments may be guesswork. In cybersecurity, the results of poor data integrity can be expensive outages, ransom requests, breaches, fines -- even bankruptcy (think Cambridge Analytica). But data integrity issues take many forms, ranging from benign to malicious. The full range of these issues is surveyed from a cybersecurity perspective, where logs and alerts are critical for defenders -- as well as quality engineers . Techniques borrowed from model-based systems engineering and ontology AI to are identified that can mitigate these deleterious effects on PDCA.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
1. Estimating the Principal
of Technical Debt
Bill Curtis, Jay Sappidi, & Alexandra Szynkarski WTD’12
CAST Research Labs June 5, 2012
2. The Technical Debt Metaphor
Technical Debt the future cost of defects remaining in code at
release, a component of the cost of ownership
Business Risk Opportunity cost—benefits that could have
been achieved had resources been put on new
Opportunity cost capability rather than retiring technical debt
Liability from debt Liability—business costs related to outages,
breaches, corrupted data, etc.
Technical Debt Interest—continuing IT costs attributable to the
violations causing technical debt, i.e, higher
Interest on the debt maintenance costs, greater resource usage, etc.
Principal borrowed Principalcost of fixing problems remaining in
the code after release that must be remediated
Structural quality problems Today’s talk focuses on the principal
in production code
CAST Confidential 1
3. Inputs for Estimating the Principal of Technical Debt
Data source Inputs
Structural
Static analysis quality
of applications problems
Hours to Technical
Historical data correct Debt
on maintenance problems Principal
Developer’s
IT or contractor burdened
finance records hourly rate
CAST Confidential 2
4. Analyzing and Measuring Structural Quality
CAST Application Intelligence Platform
ANALYZERS APP KNOWLEDGE BASE DASHBOARDS & PORTALS
Oracle PL/SQL
APPLICATION HEALTH Governance Dashboard
Sybase T-SQL
SQL Server T-SQL
IBM SQL/PSM Risk Factors Cost factors
C, C++, C#
Robustness Transferability
Pro C
Cobol Performance Changeability
CICS
Security
Visual Basic
VB.Net
ASP.Net APPLICATION SIZE Project Trends
Java, J2EE
LOC Function Points
JSP
XML, HTML
Javascript
VBScript
PHP Application Metadata
PowerBuilder Drill Down Portal
Oracle Forms
PeopleSoft Analysis
SAP ABAP, of all
Netweaver system
Tibco artifacts
Business Objects
Universal Analyzer
CAST Confidential
5. Appmarq CAST’s Structural Quality Repository
Industry-leading repository on structural quality
– 745 Applications
– 160 Companies, 14 Countries
– 321,259,160 Lines of Code; 59,511,706 Violations
Telecom
Retail Financial
Government
Other
Insurance
IT Consulting
CAST Confidential
6. Formulas for Estimating Technical Debt Principal
% Violations Hours to
to be fixed Fix Cost /Hour
Old New Old New Old New
High Severity 50% 100% 1 3 $75 $75
Medium Severity 25% 50% 1 1 $75 $75
Low Severity 10% 0% 1 NA $75 NA
Estimated Technical Debt Principal =
( high severity violations) X (% to be fixed) X (average hours to fix) X ($s per hour) +
( medium severity violations) X (% to be fixed) X (average hours to fix) X ($s per hour) +
( low severity violations) X (% to be fixed) X (average hours to fix) X ($s per hour)
This is an estimate of Technical Debt Principal
Customers can get more accurate estimates by
adjusting the parameters in the equation
CAST Confidential
7. Technical Debt Principal Estimates for Both Formulas
Mean Median Minimum Maximum Std. Deviation
Old New Old New Old New Old New Old New
Sample
3.61 10.26 2.79 7.94 0.02 0.01 49.72 253.03 3.34 10.57
(n=744)
.NET
3.09 12.29 2.37 10.20 0.96 0.49 16.52 73.00 2.70 11.47
(n=63)
ABAP
0.43 1.90 0.41 1.73 0.05 2.00 1.42 6.89 0.23 1.08
(n=72)
C
2.62 7.65 2.18 6.46 0.02 0.01 12.82 31.89 2.58 6.92
(n=44)
C++
4.33 12.95 2.41 7.83 0.02 0.01 38.08 132.91 7.02 24.42
(n=30)
JavaEE
5.42 14.68 5.13 13.66 0.07 0.23 49.72 253.03 3.91 12.76
(n=474)
Or-Forms
4.57 21.16 1.12 3.87 0.49 1.13 30.23 151.93 6.60 33.92
(n=45)
V. Basic
2.93 9.83 2.58 8.37 0.68 2.77 12.14 45.01 2.80 10.24
(n=16)
CAST Confidential 6
8. Estimates of Technical Debt Principal by Health Factor
70% of Technical Debt is in IT Cost
(Transferability, Changeability)
Robustness
30% of Technical Debt is in Business
18% Risk (Robustness, Performance, Security)
Transferability
40% Health Factor proportions are mostly
Security 7% consistent across technologies
Changeability
30%
CAST Confidential
9. Relating Technical Debt to Business Value
Health Operational Output
Factor problems Measure
Outages, slow
Robustness Availability
recovery
Degraded
Performance Work efficiency
response
Technical
Security Breaches, Theft Data protection
debt
Lengthy
Transferability IT productivity
comprehension
Changeability Excessive effort Delivery speed
CAST Confidential 8
10. Technical Debt Management Cycle
Application Build/Release/
IT Executives Managers Developers QA/AI Center
Step 1 Step 2 Step 3
Set policy and Set reduction Measure
quality priorities targets & plans Technical Debt
Step 4
Plan actions for
remediation
Step 7 Step 6 Step 5
Report to the Remediate
Track results
business violations
CAST Confidential 9