Project Management Methodology Procurement management.
-
Upload
evan-greene -
Category
Documents
-
view
254 -
download
7
Transcript of Project Management Methodology Procurement management.
Project Management Methodology
Procurement management
Procurement Management
Purchasing Hardware Software Vendor Services Consulting Services
Outsourcing development Training Services Maintenance
Documents Contract Specification Statement Of Work
Procurement management processes
Processes Planning Conducting procurement Administering Closing
Procurement can be organized as a sub-project
Procurement management processes
Planning Initial market research Decide about what to buy Preliminary cost estimation Make short list of vendors (2 to 5 names)
Procurement management processes
Conducting procurement Request For Proposals (RFP) sent out to vendors
RFP must reflect critical requirements, both functional and non-functional. It must enable vendor evaluation, otherwise it will be useless
Respectively, evaluation criteria must be defined (do not send them to vendors)
Collect responses Responses review and evaluation Communicate to vendors Select a vendor
Generic RFP structure
RFP set of criteria should reflect: Management approach – 30% Technical approach – 30% Past performance – 20% Price – 20%
Weights are assigned in order to facilitate responses evaluation
Management approach and past performance groups of criteria most probably exist, when technical approach must be developed for each project specifically
Technical part of RFP
The following must be addressed Functional capabilities - Yellow Platform solution - Red Open architecture - Orange Security - Green Performance - Blue Scalability - Purple Usability (ease of use) - BrownT
Technical Part of RFP – Functional capabilities
Two-factor authentication
Team Yellow Snake
Questions to ask our Vendors
What authentication factors/forms does your product support?
What directory services does your product integrate with?
Where is your product currently deployed? Does your product support federated user
authentication? What federated user authentication protocols
does your product support?
Functional Capabilities
Do you offer 24/7 technical support? What Data and transport encryption
protocols does the product support?
Comments The questions are good and relevant, except of one re the product
deployment. This one is better to locate at the section that requests about the company experience
Team Red
Anti-virus RFPPlatform solution
Questions Current Solutions for:
Linux Server Windows Workstation
Licenses Type of licenses Number of computers per license
Effectiveness - % of malware protection Maintenance – updates and patches Support Interaction with other software?
Comments:First group is fine but Others are not relevant to The topic. Better choiceWould be to ask about Plans for the future
THE GREEN TEAMIPS
Adam, Liane, Paul, Matt
It’s not easy being green
SecurityQuestions to the vendor
Questions
1. Does your product allow for remote access/administration?
2. What are your terms when it comes to ownership of data (cloud)?
3. Do third parties conduct security assessments on your products?
Questions are good re Security. Not all areRelevant to IPS
Questions Cont’d
4. Does your product store data unencrypted?
5. Do you review security at each phase during the software development cycle?
6. What methodologies do you use for testing your products’ security?
Questions Cont’d
7. Do you delete data once requested by the customer?
8. Do you have a privacy policy, if so, what is it?
9. What are the vendors’ security certifications?
Questions Cont’d
10. What are your disaster recovery plans?
11. What are your risk mitigation strategies?
12. How are the end users alerted to new updates?
Questions Cont’d
13. What kind of authentication controls are built into the product?
14. How is your application team educated in current application security risks?
15. What is your process for notifying customers of security problems and the solutions?
TEAM BLUE: Web Traffic Filtering Project -
Performance
We would like to know….
1. What are the performing advantages in this system that we
should consider over any other similar system in the market?
2. How quickly this integrated system could run up at the
beginning of each working day?
3. How many workstations could this system handle?
4. What is the possible down time in annual bases?
5. How many applications could simultaneously run before any
indication of system slow down?
Good questions
RFP SIEM
Scalability
Scalability● SIEM (Security information and event
management)● Logging and event management● Nodes refers to any software that creates
log files that are collected by the SIEM software.
Good questions
Scalability
●How many additional network nodes can be added?●Is there a delay in logging if the number of nodes exceed a certain amount?●How much additional storage capacity required per node?●Will adding more nodes cost more money? (license restrictions)●Is it open source?●Does the interface support WANs?●How in-depth can individual logs be accessed? (per computer, per software, ect.)
Firewall project RFPUsability
Team BrownMikeMax
KowriNahin
Questions
Does this product require more than average technical knowledge in order to operate?
Will there be any bottlenecking involved with the implementation of the 3 firewalls?
Will it be easy to control the access permissions and privileges for user data travelling through the firewalls?
How much throughput will the product be able to analyze before it starts dropping packets?
More Questions
Will there be any connectivity complications involved with the different vendor products and because of the more complex network structure?
Are we able to increase the number of SSL/VPN peer connections?
Good questions althoughIt is difficult to segregate Usability and performanceFor this sort of tools
Procurement management processes
Administering procurement Define procedures and have them described in the RFP.
Vendors must be aware about procedures The description must provide information about:
Due date of responses submission Document format Delivery channels Contact information
Procurement management processes
Closing procurement Having a vendor selected, focus on her performance
Make deeper investigation of technical capabilities. Sometimes people conduct a Proof Of Concept project in order to understand things better
Prepare a contract (legal document) Prepare technical specification and/or statement of work (SOW)
Technical specification is provided to buy products “off the shelf” SOW is provided to buy services, such as
Installation and configuration Training Development
SOW content
SOW describes the content, terms, and conditions of the purchased (outsourced) service delivery
This is some sort of initial project plan that shows the project milestones, critical human resources, and price