The document discusses stakeholder identification in systems design, emphasizing the complexities of recognizing both internal and external stakeholders, including potential risks they pose. It outlines methodologies for stakeholder elicitation, from casual approaches to more detailed methods, while highlighting the integration of stakeholders into system contexts. Additionally, it touches upon stakeholder attributes, modeling in software engineering, and the implications for agile development and compliance with related standards.

1. Stakeholders in Systems Design
Identify, Model, Service, Audit, Defend
CC BY-SA Attribution ShareAlike
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 1

2. Stakeholder study is conventionally
part of requirements engineering.
Requirements engineering is often lightly developed in systems development organizations.
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 2

3. Identification
 Stakeholder identification process can be (too) casual
 Are a single retail customer’s dependents and relatives also stakeholders?
 What is different about an enterprise customer?
 Stakeholders can be internal to an enterprise
 Not unusual to have both internal and external stakeholders
 Big Data => more external, hard-to-anticipate stakeholders
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 3

4. Warning
 A stakeholder is not necessarily beneficial or even benign
 Stakeholders can sue you
 Stakeholders can be regulators
 Stakeholders can be domestic or foreign governments
 Competitors can be stakeholders (Lack of confidence in an entire sector can affect revenue,
viability)
 Some conventional stakeholder notions are weak: Pub/Sub fails because some stakeholders are
producers, others are consumers, and still others do both
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 4

5. Casual Elicitation, Identification
Casual doesn’t write code, but can help elicit requirements and identify stakeholders.
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 5

6. Stakeholder Identification:
Reality Check
Excel is not a mature engineering tool but works well when paired with a savvy analyst.
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 6

7. Simple (Simplistic?) Approaches
Still Prevail
A stakeholder is an actor in a story
 Storytelling can be as simple or as complex as human discourse
 Vignettes can include nominal stakeholders as well as outliers and exceptions
 Storytelling is essential for situation awareness, central to decision support systems
 Some developers may not be good at recognizing / honoring stakeholders
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 7

8. Casual Stakeholder Elicitation Processes
 Study existing “business” processes and ecosystems
 Ask current “users”
 Follow the money (i.e., on whom are resources being spent?)
 Stakeholder mapping: As casual as the analyst doing it
 Exploit risk, security, safety, quality frameworks
 Constraint-based (Jastram M. & Kara, A.)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 8

9. Less Casual Identification Methods
More detailed, deeper granularity, but not necessarily “code”
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 9

10. Stakeholder Elicitation: Deeper Dives
 Unpack transactions (the “Who” in Who, What . . . )
 Study policy groups in Active Directory and LDAP (existing, proposed)
 Extract from discipline-specific Body of Knowledge, e.g., accounting, civil engineering,
cybersecurity, law
 Dataflow Model: User Interface “touch”
 “Acceptance Testing” (Test for value)
 Study BPMN and SysML adoption (rare)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 10

11. Stakeholder as Agent
 Mature concept in software engineering
 Encompasses software-based and human agents
 Distributed systems agent approach is IoT-friendly
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 11

12. Stakeholders in
Model Based Software Engineering
 Stick figures in UML
 MBSE Advantages
 MBSE Adoption Prospects
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 12

13. Stakeholders in SysML
 “With version 1.4 SysML provides a model element for stakeholders. The stakeholder has a name
and a list of stakeholder concerns. The concerns are comment model elements. The relationship
between the stakeholder and the comments has no notation. The SysML model element
stakeholder extends the UML classifier, i.e. a stakeholder could be a special actor as well as a
special block. The stakeholder is defined in the context of the view and viewpoint concept. It is
not the common stakeholder known from requirements engineering.”
 Credit: OOSE @OOSENews
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 13

14. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 14
In SysML 1.4, viewpoint has some updated properties:
• concernLIst is a list of concerns of the stakeholders that should be addressed
by this viewpoint. Each concern is modeled by a comment. There is a
relationship notation defined between viewpoints and comments.
• concern is a derived property that lists the bodies of the comments of the
concernList.
• method is a derived property that shows the behavior that is used to create
the view. It is derived from the behavior of the constructor of the viewpoint
(see below).
• language specifies a list of languages used to express the models that
represent content which is represented by the view.
• presentation defines a prescription of the format and style of the view.
• stakeholder is a list of stakeholders whose concerns are to be addressed by
the view.

15. SysML for Forest Fire Detection System
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 15

16. SysML Viewpoints (notional)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 16

17. Builder’s Intentions
Other significant meanings for Stake-holder
Transparency Portals
Promises, Promises and Terms of Use
Image Via Wikipedia
[]
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 17

18. Stakeholder Contract Models
 Electronic Health Record Consent
 Genomics Research: Genetics testing and “Precision Medicine”
 IT Administration (think “root” access)
 Cross-, Inter-organizational (think Big Data)
 Populations impacted by AI or data science analytics
 Consent withdrawal, expiration, transfer, delegation
 Management by exception
 Regulated vs. Voluntary
 Corporate Merger/Acquisition
 Software contracts (e.g., Blockchain contracts)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 18

19. Stakeholder Attributes: A Flyover
 Person or Agent
 Pointer to value construct
 Workflow stage / position (BPML terminology?)
 Role as attribute (e.g., role-based controls from RBAC security )
 Non-role attributes (e.g., attribute-based controls from ABAC security)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 19

20. Views of Stakeholders
Stakeholders must be integrated into system-aware contexts
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 20

21. Stakeholders in Agile Development
 Stakeholders in user stories
 Canonical or cross-domain user stories
 Domain-specific user stories
 Design patterns for user stories
 (?) Proxy stakeholder role in test engineering, QA, configuration management
 (?) Proxy stakeholder engagement in continuous improvement
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 21

22. Modeling and Simulation of Stakeholders
 M&S has relatively mature standards, but not often used in systems design
 Simulate traceability, impact of value “breach”
 May prove essential for DevOps
 Scalability matters to stakeholders (think Healthcare.gov)
 Model impact of compromised values (e.g., operationalize risk, forensics, mitigation playbooks)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 22

23. Possible P7000 Implications
Jumping off points for discussion
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 23

24. Next Steps?
 Collect use cases, esp. with workflow-, life cycle stage-dependent nuance
 E.g., disabled access in smart building design (OpenBIM ontology)
 Study connections to various life cycle standards
 Identify stakeholder design patterns
 Possible subgroup / subtopic affiliations: model-based engineering
 Identify useful work in other standards
 New concepts?
 “Value Defense,” analog of “Network Defense”
 “Value Resilience,” analog of “Systems Resilience”
 Value Audit, Value Forensics, Value Breach
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 24

25. Stakeholder Mapping Tables
 Map Stakeholder to:
 Value matrix
 Risk matrix
 Safety matrix (risk + mitigation measures)
 Compliance
 Dependency Model
 Software Component (UI, portal, communications text, module, interoperability)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 25

26. Special Problems
 Abandoned systems and components
 Microservices for stakeholder visibility
 Stakeholder Service Orchestration
 Problems with stakeholder self-service expectations, workflow, fallback/failover
 Point-in-time policy management is hard; automation doesn’t always help
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 26

27. Related Initiatives
 Sustainability
 Regulatory goals (e.g., CAFÉ standards)
 Professional Associations (cites .NE. endorsement)
 e.g., Int’l Society for Ethics and Information Technology
 Society for Business Ethics
 Int’l Society for Environmental Ethics
 Society of Corporate Compliance & Ethics
 Assistive Technology Industry Association
 IQ International (Information and Data Quality)
 NGOs
 Electronic Freedom Foundation
 Transparency International
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 27

28. Multi-discipline: Related Professions
 Quality Engineering
 Law (Compliance, Audit, Risk)
 Project Management
 Cybersecurity
 Marketing and Social Media (outreach)
 Knowledge Management, Education/Training
 Software Engineering
 Framework architects
 Best practices influencers
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 28

29. Some References
 See CiteULike http://www.citeulike.org/user/knowlengr/tag/ieee_p7000
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 29

30. Notes
 BPMN “OMG® has guided the standardization of BPM throughout the years. In particular, the
consortium adopted the Business Process Model & Notation (BPMN) specification. BPMN acts as
a common language, allowing an organization to interoperate amongst all of its stakeholders.”
 SysML Views and Stakeholders
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 30

31. Contacts for Followup
Mark Underwood dark@computer.org | Prof. Ali G. Hassani hessami@vegaglobalsystems.com
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 31