esc/en engineering process compliance procedures august 2002

ESC/ENEngineering Process

ComplianceProcedures

August 2002

2

ESC/EN

Engineering Process Compliance

Four major steps to compliance

- Conduct Process Self-Assessment

- Complete Engineering Process Compliance Templates

- Submit Completed Templates and Selected Process Assets

- Appear before EN Compliance Board to Review Self-Assessment Completed Process Compliance Templates Selected Process Assets

ConductProcess

Self- Assessment

PrepareComplianceTemplates

CollectProcessAssets

Submit Templates andSelected Assets

PresentResult to

EN Comp Bd

3

ESC/EN

Engineering Process ComplianceStep 1 - Conduct Process Self-Assessment






ConductProcess

Self- Assessment




PresentResult to

EN Comp Bd

4

ESC/EN

Conducting the Self-Assessment

Complete Program Baseline Questionnaire - Provide an understanding of your program

Unique circumstances or conditions Stakeholders etc.

- Provide data needed to understand the gaps in the ESC/EN Process Concepts when compared to you business model

Complete the Risk Manage Self Assessment Survey- If your program has implemented a risk management process, this checklist can help us decide how well the process meets the CMMI goals and specific practices. - Assist in the adaptation of the ESC/EN Process Concepts to your program.

5

ESC/EN

Risk Management Self Assessment SurveyExample

Complete All Sections:SG 1 - Prepare for Risk Management

SG 2 - Identify and Analyze Risk

SG 3 - Mitigate Risks

GG 1 - Achieve SGs

GG 2 - Institutionalize a Managed Process

GG 3 - Institutionalize a Defined Process

GG 4 - Institutionalize a Quantitatively

Managed Process

GG 5 - Institutionalize an Optimizing

Process

Collect Artifacts Helpful if Completed and Delivered

Electronically

6

ESC/EN

Risk Management Self Assessment Survey Example (Concluded)

Questions

ArtifactsDescribed

YourComments

Specific Goal

SpecificPractice

Collect Artifacts(i.e.Evidence) to

SupportSelf Assessment

7

ESC/EN

Program Baseline Questionnaire (Risk Management)

Example

Complete All Sections:1 - Program Data

2 - ESC/MC POC

3 - MITRE POC

4 - Brief Program Description

5 - Contractor Information

6 - Program Status

7 - Risk Management Process

8 - Risk Management Data

9 - Contracting

10 - Other Comments

Attach Support Material if Necessary Helpful if Completed and Delivered

Electronically

8

ESC/EN

Program Baseline Questionnaire (Risk Management)

Example (Concluded)

DataRequested

UseSpace Needed

CompleteAll

Blanks

Section

ProvideNarratives

Attach Artifacts(i.e.Evidence) as

Applicable

9

ESC/EN

Engineering Process ComplianceStep 2 - Complete Engineering Process Compliance Templates






ConductProcess

Self- Assessment




PresentResult to

EN Comp Bd

10

ESC/EN

Engineering Process Compliance Templates

This template was created to assist in the development of ESC/EN Compliance Board Briefing charts. It is based on the ESC/EN Engineering Process Self- Assessment .

The Chief Engineer should brief, as a minimum, program baseline information, the results of the self-assessment survey and a review of selected process assets.

The Chief Engineer should address the topics as outlined in the Process Compliance Template charts as appropriate for a complete understanding of the state of process implementation in the program.

The template should be tailored to meet your program business environment and practices.

Process Compliance Templates are Shown in the Following xx Charts

11

ESC/EN

x

x

[Program Name][Name of Process]Compliance Status

[Chief Engineer Name]

[Date]

Process Compliance Template - Chart 1

12

ESC/EN

Overview

Part 1 - Program Baseline

- Background

- Program Description

- Contractor Information

- Program Status

- [Process Name] Process Background

- Program [Process Name] Data Part 2 - [Process Name] Self-Assessment

- Assessment Summary

- Process Gaps and Gap Filler Solutions

- Practice Adoptions

- Assessment Details

- Assessment Conclusions Part 3 - Review of Selected [Process Name Assets]


For IllustrationPurposes the

Risk ManagementProcess Self Assessment

Survey will be usedto form Templatesfor Part 2 and 3

13

ESC/EN

Program DataProgram Name:AcquisitionOrganization:Users:

ACAT LevelProgram Manager

NameAddressPhoneFaxE-Mail

Chief EngineerNameAddressPhoneFaxE-Mail

Part 1 - Program BaselineProgram Background


14

ESC/EN

Part 1 - Program BaselineProgram Description

Narrative or Graphic Description


15

ESC/EN

Part 1 - Program BaselineContractor Information


Contractor InformationName Location Role History

Prime

Sub 1

Sub 2

Sub 3

Contracting (indicates types of risk mitigation actions available):Type of contract: duration, basis for payment (include awards and incentives):

Government/Contractor, relationship: CAIV? TSPR? Role and involvement of user organizations:

Any other important features of contract or contracting process

Describe how you incorporate Contractor Risk into your Risk Management Program.

16

ESC/EN

Part 1 - Program BaselineProgram Status


Program Status

PrimaryPurpose

New Start Upgrade Migration Other(Describe

Below)of Acquisition YES YES YES

NO NO NODescription of Other:

Next Major MilestoneMilestone Date

Purpose

17

ESC/EN

Part 1 - Program Baseline[Process Name] Process Background


[Process Name]Describe YourCurrent [ProcessName] Process

(Use additional Charts as Required)

IPT (if so, whichorganizations participateand how often do theymeet?)


Describe how[Process Name]process data arereported andmanaged.

(Use additional Charts as Required)(Include Internal Program, Contractor, and Cross Programs)

What [ProcessName] Tools areused?


Is [Process Name]Training given?(If, Yes, describe)


Does your programhave a [ProcessName] Plan?(Describe)


Other Commentsabout your [ProcessName] Process.


18

ESC/EN

Part 1 - Program BaselineProgram [Process Name] Data


[Process Name] DataWhat key metrics are available to you under the contract or otherwise concerning contractorperformance?

What information does the government use regularly to manage the contract and oversee theprogress and direction?

What assessments have been done (Red Teams, other), by whom, and what were the results?

What redirection or replanning has been done, when? (show all replans, schedule slips, whenannounced)?

19

ESC/EN

Part 2 - [Process Name] Self-AssessmentAssessment Summary


YESKEY: NO

Partially

CMMI Description SPOGoal Summary

SG 1 Prepare for Risk Management: Preparation for risk management is conducted.

SG 2 Identify and Analyze Risks: Risks are identified and analyzed to determine their relative importance.

SG 3 Mitigate Risks: Risks are handled and mitigated, where appropriate, to reduce adverse impact on achieving objectives.

GG 1 Achieve Specific Goals. (Capability Level 1 - Performed)GG 2 Institutionalize a Managed Process. (Capability Level 2 -

Managed)GG 3 Institutionalize a Defined Process. (Capability Level 3 -

Defined)GG 4 Institutionalize a Quantitatively Managed Process.

(Capability Level 4 – Quantitatively Managed)

GG 5 Institutionalize an Optimizing Process. (Capability Level 5 – Optimizing)

Fill in Boxes with Appropriate Color

Risk Management Process Example

20

ESC/EN

Part 2 - [Process Name] Self-AssessmentProcess Gaps and Gap Filler Solutions


GAPS GAP Filler

SG1

SG2

SG3

GG1

GG2

GG3

GG4

GG5


21

ESC/EN

Part 2 - [Process Name] Self-AssessmentPractice Adoptions



SG1 - Install process support tools (SP1.1 & SP1.2) - Establish Program RMP policy and procedures (SP1.3) - Separate risk management from issue management (SP1.3)

SG2 - Implement standard risk management toolbox (SP2.1)- Implement standard identification and analysis tools. (SP2.2)

SG3 - Formalize the mitigation planning and incorporate into program plans and execution. (SP3.1)- Establish monitoring procedures and regular review cycle for mitigation plans.(SP3.2)

GG1 - Complete RMP Implementation (GP1.1 and GP1.2)- Maintain current RM Team structure and establish recurring training. (GP1.1 and GP1.2)

GG2 - Implement suggested Policy (GP2.1)- Implement suggested Operating Instruction (GP2.2, GP2.4, GP2.5)- Maintain current RMP Team Structure (GP2.3)- Incorporate Risk Management Products into Configuration Management process (GP2.6)- Implement Standard RMP Guide (GP2.7), (GP2.8)- Perform regular RMP Self Assessments (GP2.9)- Incorporate activities, status and results of the RMP in program, directorate, and command reviews. (GP2.10)

GG3 - Implement recommendations of GG2 (GP3.1 and GP3.2)GG4&5 - As GG2&3 is being satisfied, consideration should be given to the GG4&5 goal at the JPO level.

22

ESC/EN

Part 2 - [Process Name] Self-AssessmentAssessment Details


Assessment Team:Name Organization Role

Assessment Period:

Assessment Problems:

Recommendations for Future Assessments:

23

ESC/EN

Part 2 - [Process Name] Self-AssessmentAssessment Conclusions


Overall Assessment Rating Level: (e.g. 0,1,2,3,4,or 5)

Summary of Findings:

Corrective Actions Needed:

24

ESC/EN

Part 3 - Review of Selected [Process Name] Assets[Process Name] [Asset Name]


Relates to Goal and Practice: (e.g. SG2, SP2.1)Question Answered: (e.g. If yes, what are the indicators that risks are identified and documented?)

Description of Asset:

How the Asset Answers the Question:

NoteThe Number of Assets to Reviewwill be determine by the EN Compliance Board after Receiptof Templates and Selected Assets

25

ESC/EN

Template Backup Charts

BACKUP CHARTS


26

ESC/EN

Part 2 - [Process Name] Self-AssessmentAssessment Details SG 1


Process Compliance Template - Backup Chart 1

CMMI Practice Description ProcessGoal hyperlink YES NO Partially Assets Collected

SG 1 Prepare for Risk Management: Preparation for risk management is conducted.

SP 1.1 Determine Risk Sources and Categories: Determine risk sources and categories.Do you have an approach to determining risk sources and categories?

SP 1.2 Define Risk Parameters: Define the parameters used to analyze and classify risks, and the parameters used to control the risk management effort.Do you have an approach to defining the parameters used to analyze and classify risks, and the parameters used to control the risk management effort?

SP 1.3 Establish a Risk Management Strategy: Establish and maintain the strategy and methods to be used for risk management.Have you established and are you maintaining a strategy and a set of methods to be used for risk management?

Response

Comments

27

ESC/EN



Comments


SG 2 Identify and Analyze Risks: Risks are identified and analyzed to determine their relative importance.

SP 2.1 Identify Risks: Identify and document the risks.Do you identify and document the risks?

SP 2.2 Evaluate, Classify, and Prioritize Risks: Evaluate and classify each identified risk using the defined risk categories and parameters, and determine its relative priority.Do you evaluate and classify each identified risk using the defined risk categories and parameters, and determine its relative priority?

Response


28

ESC/EN



Comments


SG 3 Mitigate Risks: Risks are handled and mitigated, where appropriate, to reduce adverse impact on achieving objectives.

SP 3.1 Develop Risk Mitigation Plans: Develop a risk mitigation plan for the most important risks to the project, as defined by the risk management strategy.Do you develop risk mitigation plans for the most important risks to the project, as defined by the risk management strategy?

SP 3.2 Implement Risk Mitigation Plans: Monitor the status of each risk periodically and implement the risk mitigation plan as appropriate.Do you monitor the status of each risk periodically and implement the risk mitigation plan as appropriate?

Response


29

ESC/EN

Part 2 - [Process Name] Self-AssessmentAssessment Details GG 1


Comments


GG 1 Achieve Specific Goals. (Capability Level 1 - Performed)GP 1.1 Identify Work Scope: Identify the scope of the work to be

performed and work products to be produced for risk management, and communicate this information to those performing the work .Have you identified the scope of the work to be performed and work products to be produced for risk management, and communicate this information to those performing the work?

GP 1.2 Perform Base Practices: Perform the base practices of the risk management process to develop work products and provide services to achieve the specific goals of the process area.Are you performing the base practices of the risk management process to develop work products and provide services to achieve the specific goals of the process area? (Satisfying all of the 3 specific goals and associated practices listed above)

Response


30

ESC/EN



Comments


GG 2 Institutionalize a Managed Process. (Capability Level 2 - Managed)

GP 2.1 Establish an Organizational Policy: Establish and maintain an organizational policy for planning and performing the risk management process.Have you established and are you maintaining an organizational policy for planning and performing the risk management process?

GP 2.2 Plan the Process: Establish and maintain the requirements and objectives, and plans for performing the risk management process.Have you established and are you maintaining the requirements and objectives, and plans for performing the risk management process?

GP 2.3 Provide Resources: Provide adequate resources for performing the planned process, developing the work products and providing the services for the risk management process.Are you providing adequate resources for performing the planned process, developing the work products and providing the services for the risk management process?

Response


31

ESC/EN

Part 2 - [Process Name] Self-AssessmentAssessment Details GG 2 (Continued)


Comments



GP 2.4 Assign Responsibility: Assign responsibility and authority for performing the process, developing the work products, and providing the services of the risk management process.Have you assigned responsibility and authority for performing the process, developing the work products, and providing the services of the risk management process?

GP 2.5 Train People: Train the people performing or supporting the risk management process as needed.Have you trained the people performing or supporting the risk management process as needed?

GP 2.6 Manage Configurations: Place designated work products of the risk management process under appropriate levels of configuration management.Have you placed designated work products of the risk management process under appropriate levels of configuration management?

GP 2.7 Identify and Involve Relevant Stakeholders: Identify and involve the relevant stakeholders of the risk management process as planned.Have you identified and involved the relevant stakeholders of the risk management process as planned?

Response


32

ESC/EN

Part 2 - [Process Name] Self-AssessmentAssessment Details GG 2 (Concluded)


Comments



GP 2.8 Monitor and Control the Process: Monitor and control the risk management process against the plan and take appropriate corrective action.Are you monitoring and controlling the risk management process against the plan and taking appropriate corrective action?

GP 2.9 Objectively Evaluate Adherence: Objectively evaluate adherence of the risk management process and the work products and services of the process to the applicable requirements, objectives, and standards, and address noncompliance.Do you objectively evaluate adherence of the risk management process and the work products and services of the process to the applicable requirements, objectives, and standards, and address noncompliance?

GP 2.10 Review Status with Higher-Level Management: Review the activities, status, and results of the risk management process with management and resolve issues.Do you review the activities, status, and results of the risk management process with management and resolve issues?

Response


33

ESC/EN



Comments


GG 3 Institutionalize a Defined Process. (Capability Level 3 - Defined)

GP 3.1 Establish a Defined Process: Establish and maintain the description of a defined risk management process.Has your organization (e.g., ESC) established and is it maintaining the description of a defined (standardized) risk management process?

GP 3.2 Collect Improvement Information: Collect work products, measures, and improvement information derived from planning and performing the risk management process to support the future use and improvement of the organization’s processes and process assets.Is your organization (e.g., ESC) collecting work products, measures, and improvement information derived from planning and performing the risk management process to support the future use and improvement of the organization’s processes and process assets?

Response


34

ESC/EN



Comments


GG 4 Institutionalize a Quantitatively Managed Process. (Capability Level 4 – Quantitatively Managed)

GP 4.1 Establish a Quality Objectives: Establish and maintain quantitative objectives for the risk management process about quality and process performance based on customer needs and business objectives.Has your organization (e.g., ESC) established and is it maintaining quantitative objectives for the risk management process about quality and process performance based on customer needs and business objectives?

GP 4.2 Stabilize Subprocess Performance: Stabilize the performance of one or more subprocesses of the risk management process to determine its ability to achieve the established quantitative quality and process performance objectives.Has your organization (e.g., ESC) stabilized the performance of one or more subprocesses of the risk management process to determine its ability to achieve the established quantitative quality and process performance objectives?

Response


35

ESC/EN



Comments


GG 5 Institutionalize an Optimizing Process. (Capability Level 5 – Optimizing)

GP 5.1 Ensure Continuous Process Improvement: Ensure continuous improvement of the risk management process in fulfilling the relevant business goals of the organization.Does your organization (e.g., ESC) ensure continuous improvement of the risk management process in fulfilling the relevant business goals of the organization?

GP 5.2 Correct Common Cause of Problems: Identify and correct the root causes of defects and other problems in the risk management process.Does your organization (e.g., ESC) identify and correct the root causes of defects and other problems in the risk management process?

Response


36

ESC/EN

Engineering Process ComplianceStep 3 - Submit Completed Templates and Selected Assets






ConductProcess

Self- Assessment




PresentResult to

EN Comp Bd

37

ESC/EN

Engineering Process ComplianceStep 3 - Submit Completed Templates and Selected Assets

Complete Templates in Step 2 and Submit them to ESC/EN one week prior to the date of the EN Compliance Review

Complete the following Process Assets to ESC/EN two weeks prior to the date of the EN Compliance Review

Electronic Submittal is Preferred

Risk Management ProcessSelected Asset List

Requirements ProcessSelected Asset List

38

ESC/EN

Engineering Process ComplianceStep 4 - Appear Before EN Compliance Board






ConductProcess

Self- Assessment




PresentResult to

EN Comp Bd

39

ESC/EN

Engineering Process ComplianceStep 4 - Appear Before EN Compliance Board

Compliance Board Agenda

- Introductions

- Chief Engineer Presentation

- Comments By Program Management (Optional)

- Question and Answer Period

- Assignment of Action Items Board Duration

- One Process 1 - 2 hours

- Two Processes 2 - 4 hours Participants

- Chief Engineer

- Process Facilitator(s)

- Support (as required)

- Program Management (Optional)

40

ESC/EN

Engineering Process CompliancePoints of Contact

EN Compliance Board Secretary

- Name / Phone / E-Mail EN Compliance Board Members

- Chair: Name / Phone / E-Mail

- Member: Name / Phone / E-Mail



- Member: Name / Phone / E-Mail EN Engineering Process Improvement Team

- Jeff Higginson / 16137 / [email protected]

- Mike Bloom / 13387 / [email protected]

- Joe Duquette / 16373 / [email protected]

- Jen Anderson /15466 / [email protected]

esc/en engineering process compliance procedures august 2002

Documents

risk management process

optimizing process

escen process concepts

managed process gg

defined process gg

completed templates

self assessment slide

en compliance board