More and more Federal CIOs (and their staffs) are realizing a need to get their arms around their in-house IT requirements vetting. Since joining ISS in 2013, we have expanded our IT/Data requirements support at NOAA (National Ocean Service and National Weather Service) and Defense Logistics Agency (built and automated the “IT Front Door”). We’ve been able to support various levels of requirements automation and sophistication. Bottom line – we’ve had to serve the client’s mission to get a handle on what’s in their enterprise, and how to efficiently fill new requirements.
We’ve seen our clients realize that when a small agency becomes an enterprise, tools become capability suites and discussions become corporate communications. It happens when the Office of the Chief Information Officer (OCIO) realizes they’ve lost visibility over new IT spending for tools, technologies or capabilities, or when the integration and sustainment costs are growing out of control. CIOs need a structured, disciplined review and analysis of new and existing IT investments and capabilities, and they long for standard, repeatable processes. But where do you start?
There are several essential steps when trying to manage your “approval life cycle” and better prioritize IT expenditures:
- Provide a single face to the internal customer concerning new capabilities and requirements. That person or office receives reviews, coordinates and tracks requests through a matrixed team of subject matter experts across the organization.
- Define the roles and responsibilities of each party in the process, and clarify the rules and policies that make the IT requirements vetting process mandatory.
- Establish evaluation and approval criteria, business rules, quality checks and feedback reporting for requirement submissions (business case and life cycle analysis).
- Build a knowledge base of existing tools and licenses. Accelerate the approval process when the desired capability exists within current IT solutions or systems.
- Check requests against Chief Information Officer (CIO) and Chief Technology Officer (CTO) strategies, ensuring correct vetting, and documenting approvals.
- Advertise capabilities and approvals to leadership, internal customers, and stakeholders.
- Document architecture/configuration changes.
- Establish linkages to the budget process where business cases can be vetted.
A skeleton view of a requirements review process has three essential phases, which we have seen broken into more, but rarely fewer steps:
Coherent Requirement Documentation – Every internal request for IT capability (resource dedication) should be approved by a business process owner before submittal. This will help ensure both the clarity and completeness of the request. Once a request is submitted, it should be reviewed by the requirements process owner to ensure it makes sense to the IT subject matter experts (SMEs) who can help translate the request from business process to technology/tool/process definition. Once the analysts and the customers agree that they have accurately captured the essence of the need, the request moves forward to internal vetting and analysis.
Internal Vetting and Analysis – This is the most extensive step because it involves due diligence – ensuring the request improves either business operations or customer interface. Analysts will first check the existing library of technologies and tools to ensure this need can’t be covered by an existing (or planned) capability. If the need can be met with an existing technology or tool, the approval process can be accelerated.
Next the analysts work with the Chief Technology Officer to check for existing commercial-off-the-shelf (COTS) or government-off-the-shelf (GOTS) tools to fill the need. If there are no existing tools, the CTO may need to help draft documentation to guide a developmental effort, which can reflect a significant time and resource commitment for the organization.
Finally, the analysts assess the relevance to the CIO/CTO strategies, compatibility with existing architectures, and the time/money required to move forward. Once these issues are assessed, the request may be returned to the customer for adjustment/re-work, or forwarded for approval and funding.
Approval and Funding – When the team decides there is sufficient information and analysis to merit a decision, they recommend an approval level (based on resource commitment authorities). For inexpensive efforts, this could mean an approval notice which authorizes the customer to buy the COTS/GOTS tool using office funds. For more complex and expensive efforts, it may mean assigning a priority for resource competition at budget deliberation time.
The complexity of the mission, organization and supported processes will drive the complexity of the requirements approval process. But once it’s in place, a structured, disciplined review and analysis of new and existing IT investments and capabilities using standard and repeatable processes will help prevent redundancy, prioritize investments, ensure architectural integrity and reduce life cycle costs.
Implementation – Integrated Systems Solutions has been developing a variety of requirements management systems for federal customers since 2008. Whether it’s IT requirements, IT modernization, environmental observation requirements, ocean observation requirements, or data/metadata requirements, we have experts who can guide you to a user-friendly, enduring solution. We can match the sophistication and automation of your process (from hands-on committee-based discussions to end-to-end web-based solutions) based on your organizational needs, culture, time and fiscal resources.
Brigadier General Bob Ranck (ret.) is Vice President of Integrated Systems Solutions (ISS), a Service-Disabled, Veteran-Owned Small Business (SDVOSB) possessing a Top Secret Facility clearance and ISO 9001:2008 certification. General Ranck served as Director, Warfighter Systems Integration, Office of Information Dominance and Chief Information Officer, Office of the Secretary of the Air Force, the Pentagon, Washington, D.C.