IRM revises a computer security process.
Catherine Russell, Executive Director of the Foreign Service Institute, said there is now "more open, honest communication and collaboration" in the C&A experience.
Chief Information Security Officer John Streufert directed IRM/IA to change to the C&A process to provide bureaus with more control. Bureaus now contract with contractor-staffed Tiger Teams directly for C&A, and IA oversees the process to ensure requirements are met.
Cost has been a large concern. The new, more streamlined C&A Tiger Team process helps reduce the C&A price tag. All documentation is gathered before the C&A kickoff meetings, increasing the effectiveness and productivity of Tiger Teams while they're on the clock. To further reduce costs, bureaus are updating system patches and documentation before C&A and allowing Tiger Teams to access their systems. During the second and third quarters of 2007, many C&As were completed below initial cost estimates.
To provide transparency, Tiger Teams are placed at the direction of the bureaus. No work begins until the bureaus know what will happen, when it will happen and who is responsible. After work begins, bureaus get weekly status updates on the progress, costs and risks of their C&As. Bureaus also have a contact who coordinates meetings, answers questions and keeps communication open.
Russell said this means she "didn't need to get engaged [in the C&A] because everyone knew their roles and responsibilities and worked to fulfill them."
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||NEWS; Bureau of Information Resource Management|
|Article Type:||Brief article|
|Date:||Nov 1, 2007|
|Previous Article:||Teeing off for charity: IRM golfers support juvenile cancer care.|
|Next Article:||Triathletes race for breast cancer research.|