SlideShare a Scribd company logo

DevSecOps PLM L2 Playbook.pdf

N
NotTelling5

This document provides an overview of the DevSecOps Product Line Management Playbook. It details how the Office of Information and Technology expects Product Lines to implement Lean-Agile and DevSecOps practices while transitioning from project-focused to product-focused work. The playbook contains two levels of maturity for Product Lines to work through over time, with specific plays and acceptance criteria for each level. The playbook aims to help Product Lines deliver value to customers through iterative delivery and alignment with business needs.

Technology
1 of 33
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
THE DEVSECOPS PRODUCT LINE MANAGEMENT PLAYBOOK Version 2.0 May 2021
i Executive Summary and Approval The DevSecOps Product Line Management (PLM) Playbook details how the Office of Information and Technology (OIT), Development, Security, and Operations (DSO) leadership expects Product Lines to implement Lean-Agile and DevSecOps practices while moving from a project centric to a product centric focus. As the Department of Veterans Affairs (VA) continually strives to improve project and product management effectiveness and efficiency, VA welcomes any insight that users can provide. Users should send their comments and suggestions for improvements to the PLM Playbook to the Agile Center of Excellence (ACOE), ACOEMethodology@va.gov for review and consideration. The PLM Playbook applies to all IT products aligned to Product Lines in the Software Product Management, Infrastructure Operations, and Product Engineering groups within the DevSecOps organization. Others outside of DevSecOps may use the Playbook for situational awareness as needed. The DevSecOps PLM Playbook 2.0 is approved by: X Reginald Cummings Executive Director, Infrastructure Operations X Drew Myklegard Executive Director, Product Engineering X Daniel McCune Executive Director, Software Product Manag... McCune, Daniel Digitally signed by McCune, Daniel Date: 2021.04.28 15:23:33 -05'00' Reginald W. Cummings 1463975 Digitally signed by Reginald W. Cummings 1463975 Date: 2021.04.30 09:58:19 -05'00' David A. Myklegard 590747 Digitally signed by David A. Myklegard 590747 Date: 2021.04.30 11:31:43 -04'00'
ii Revision History Version Date Description 1.0 July, 2020 First Issuance 2.0 May 2021 Added PLM Maturity Level 2 Table of Contents Product Line Management Playbook Overview......................................................................1 Introduction.........................................................................................................................1 Purpose................................................................................................................................1 PLM Benefits........................................................................................................................2 OIT PLM Evolution................................................................................................................2 PLM Maturity Level 1...............................................................................................................3 Product Line Plays................................................................................................................4 Common PL Backlog Toolset ...............................................................................................6 Product Plays .......................................................................................................................6 Agile Center of Excellence (ACOE) Support.............................................................................8 ACOE Enablement and Coaching Teams..............................................................................8 PLM Maturity Roadmap ..........................................................................................................8 PLM Maturity Level 2...............................................................................................................9 Background..........................................................................................................................9 Purpose................................................................................................................................9 Develop a Product Business Value Proposition and Metric ...............................................10 Develop a Product Line and Product Outcome Roadmap..................................................11 Implement DevSecOps Capabilities (Priority - Application Performance Monitoring (APM) ...........................................................................................................................................12 Integrate Matrixed Resources into Product Teams............................................................14 Capture Product Scorecard Metrics...................................................................................15 Develop and Train Product Team Staff ..............................................................................16
iii REFERENCES...........................................................................................................................18 Appendix A – The Big Six Role Descriptions .......................................................................18 IT Product Line Manager ...................................................................................................18 Technical Manager/ (Solution Architect) ..........................................................................18 IT Product Manager...........................................................................................................18 IT Operations Manager......................................................................................................19 Business Owner .................................................................................................................20 Account Manager ..............................................................................................................20 Appendix B – Reference Documents and Recommended Reading.......................................21 Reference Documents........................................................................................................21 Recommended Reading.....................................................................................................21 Appendix C- OIT DevSecOps Capabilities...............................................................................23 Appendix D – List of Acronyms and Glossary of Terms.........................................................24 List of Acronyms.................................................................................................................24 Glossary of Terms ..............................................................................................................25 Table of Figures Figure 1 - PLM Maturity Roadmap........................................................................................... 9
1 Product Line Management Playbook Overview Introduction Product Line Management (PLM) is a framework that focuses on delivering functional products that provide the highest priority work to customers while delivering simplified, reliable, and practical solutions to the business, medical staff, and our Veterans. PLM focuses on grouping products into Product Lines, modernizing software delivery, and releasing software products faster, safer, and more efficiently through DevSecOps technical practices and a maniacal focus and alignment with our customer Faster releases allow Product Teams to quickly learn, adjust, and adapt to customer feedback. Product releases are accelerated through automation, utilizing Agile practices, and adopting Buy-Before-Build solutions. Safety increases assurance that Product Teams are releasing features the user wants, are reliable and secure in production, and avoid additional technical debt. Safety comes from automation, frequent feedback loops from the customer and operations, and solution architectures that avoid or outsource technical debt such as Buy-Before- Build options. Efficiency means teams release and maintain more features with the same staffing and budget levels. Efficiency comes from alignment with the business and their metrics, switching from projects to products, leveraging automation and platforms, and implementing Buy-Before-Build solutions. Product Managers use metrics to relentlessly improve their cycle and release times, guarantee product availability, and stay laser focused on business-centric product delivery that satisfies the customer. Metrics along with budget performance are captured in a Product Status Dashboard that give insight to not only cost and schedule health, but also industry standard DevSecOps metrics. The metrics are reviewed with product stakeholders to offer a comprehensive, transparent view of the Product Line’s (PL) health. In PLM, Product Line Managers are focused on delivering business value by building functional products where the maximum amount of time is spent providing the capabilities needed most by the customer. This enables the organization to move from an environment of missed deadlines to one that reflects iterative delivery and short feedback loops. The Office of Information Technology (OIT), Development, Security, and Operations (DevSecOps) organization will utilize PLM to integrate development, testing, sustainment, and shared services resources to create self-sufficient, persistent, and autonomous Product Teams that own the lifecycle of a product and are capable of consistently delivering value to the customer. Purpose The DevSecOps PLM Playbook is a companion guide to the Veteran-focused Integration Process (VIP) Guide. The Playbook details how DevSecOps leadership expects PLs to implement Product Line Management, DevSecOps,
2 and Lean-Agile principles, methods, practices, and techniques through levels of maturity. These maturity levels contain specific steps or “plays” and the associated acceptance criteria that each PL must work through over time. Once the acceptance criteria is met for all plays in a maturity level, the PL should begin focusing on achieving the next level of maturity. It is important to note that the Playbook is a living document and contains multiple components that enable PLs to achieve each level of maturity. PLM Benefits In Matt McWha’s article, “Product Line Management is Fundamental to the New IT Operating Model” published Feb 2017 on Digital Insights, he describes the benefit of PLM over a project-centric approach. A summary of Mr. McWha’s thoughts on adopting a product vs. project approach are captured below: A product-centric approach differs from the typical project-centric approach to delivering work in a Product Line. Product Lines represent ongoing streams of work that are… supported by dedicated delivery and management resources and are measured based on product outcomes (e.g., cost, volume, value delivery). The shift in the OIT operating model to PLM and toward products over projects promises several potential benefits: • Improved coordination between Product Teams and customer • Improved coordination of product delivery by including systems that are integrated in the same Product Line • Enhanced communication through cross-functional team collaboration • Product teams committed to value delivery of Lean Agile and DevSecOps practices OIT PLM Evolution In the past, the Office of Information and Technology, (OIT) development teams designed and developed software products which were then handed over to sustainment teams to maintain. Both development and sustainment functioned as individual, siloed teams. The separation influenced multiple forms of undesired behaviors: 1. Development sacrificed quality because they didn’t own the final product 2. Sustainment teams were resistant to accept a product they didn’t understand 3. Sustainment teams encountered budget short-falls in subsequent years because development teams neglected to include sustainment funding in the Multi-Year Plan 4. Sustainment teams didn’t design or develop the product. Nor were
3 they involved in requirements gathering, so they didn’t have a good understanding of the product, resulting in a lack of knowledge retention in teams 5. Team maturity was never achieved because staff was moved from one project to another 6. There was no clear evidence of flow or progress due to a lack of customer feedback loops and operational metrics In 2018, OIT embarked on a digital transformation journey and introduced PLM which focused on the principle of “You build it, you own it” (YBIYOI). The YBIYOI concept gave PLs ownership of their products and created one persistent team responsible for both development and sustainment. Implementation of PLM will be an evolution conducted across multiple maturity levels, each consisting of several 'plays' to give PL staff bite-sized chunks to execute. PLM Maturity Level 1 PLM Maturity Level 1 enables PLs and Product Teams to establish a foundation for future advancement of Product Line Management, Scaled Lean Agile, and DevSecOps practices and capabilities by switching from a project to product approach and grouping products into PLs. Maturity Level 1 consists of plays focused on the following areas: • Product Mapping • Assign the Big Six • Functional Organizational Charts • Customer Messaging • Business Metrics • Common Backlog PL Toolset • Acquisition Mapping • Budget Mapping • Product Coordination Product Teams should understand that PLM will not impact their day-to-day activities but will have an impact on how they support their products. There should be a shift in mindset from having to support disjointed projects, to one that supports the greater need of having a functional product. Product Teams should begin thinking about how they will help the product they are working on become or remain a functional product, how they can maximize up-time, and how best to deliver value to the customer. Leadership must understand how PLM changes their responsibilities. This is especially true for the ‘Big Six’ roles. PL Managers must ensure that new or junior IT Product Managers are clear on what their responsibilities are and have a plan to develop the required skills if needed.
4 Product Line Plays Product Mapping “Responsibility is a unique concept... You may share it with others, but your portion is not diminished. You may delegate it, but it is still with you... If responsibility is rightfully yours, no evasion, or ignorance or passing the blame can shift the burden to someone else. Unless you can point your finger at the man who is responsible when something goes wrong, then you have never had anyone really responsible.” - Admiral Hyman G. Rickover The PL Managers and IT Product Managers must completely own the lifecycle of the products they are responsible for to meet the first PLM Principle, “You build it; you own it”. As we move from a project focus to a product focus, a foundational element of PLM is to identify all products supporting the business services agreed upon as in scope for the PL. This is a key exercise that may involve some discussions for products that may have historically had more than one customer. Reach out to other PL Managers to discuss these within the framework of the PLM vision and find consensus on where a product belongs. A product/system should only exist in one PL. Acceptance Criteria: Demonstrate a clear process mapping of products, that includes the following: • List the products in scope for the PL • If a product belongs in another PL, both the gaining and losing PL Managers must agree to the change and update VA Systems Inventory (VASI). Both PL Managers must follow the Product Line Change Request (PLCR) process when moving a product from one PL to another. Assign the Big Six Each PL needs a core leadership team to provide full lifecycle support. The following roles are referred to as the Big Six roles for a PL because they will provide this core leadership. A PL may wish to identify other roles beyond these. See Appendix A for a description of each. • IT Product Line Manager • Technical Manager/Solution Architect • IT Product Manager (there will be more than one per PL) • IT Operations Manager (there may be more than one per PL) • Business Owner (ideally one per PL. Note this is a different role than the business Product Owner for each product who are not part of the core leadership of a PL) • Account Manager Acceptance Criteria: • Identify the federal employees who will fill the Big Six roles for the PL
5 Functional Organizational Chart A Functional Organizational Chart gives staff clear directions on how and where they fit into the organization and from whom to take day-to-day direction. Provide the names of OIT Staff (VA federal employees) working on the products within the PL and their role. Names of additional resources are optional for Maturity Level 1. Considerations for this play: • This is a Functional Organizational Chart. Do not confuse this with a Human Resources Organizational Chart • The Functional Organizational Chart may change in subsequent PLM Levels • Employees dedicated to a product or product team may be identified byrole • Enterprise Program Management Division (EPMD) resources, including former Transition Release and Support (TRS) staff assigned to a PL should not show as matrixed employees. Acceptance Criteria • Functional Organizational Chart shows the names of all federal EPMD employees functionally aligned to a PL and their role • EPMD employees including former TRS staff assigned to a product do not show as matrixed employees on the Functional Organizational Chart • VA Employees filling Big Six roles are identified by name Customer Messaging The customer should know what’s coming and what the shift to PLM means to them. Improving VA’s end-to-end product value delivery to Veterans depends upon the health of the partnership between the Business and OIT. Customers should be made aware we are adopting PLM as part of our continuous improvement of the value, cost, speed, and quality of our services to Veterans. They need to know what aspects of PLM will directly impact them. To continue improving that partnership, the PL should meet with the customer represented by the PL’s Business Owner and the business Product Owners to establish: • Cadenced communication going forward • Shared definitions of value & success • Alignment on objectives & outcomes • Continuous improvement practices • Metrics that matter to the Customer and to Veterans Acceptance Criteria • Show the strategy for communicating to the customer that validates achievement of the requirements above Business Metric The PL business metric is the measure(s) of the key business objective(s) related to the
6 products within the PL. They should be derived with agreement between the PL Business Owner and PL Manager. The metric should be measurable and (ideally) automated. Acceptance Criteria • Show the business metric(s) for the PL Common PL Backlog Toolset The PL Manager and the PL Business Owner should have visibility into the backlogs of all the products’ epics using a single tool. If more than one tool is in use for this PL view of the backlog, identify what tool will be the common tool for the entire PL Backlog in the future. Acceptance Criteria • Name the tool holding the consolidated PL Backlog of work yet to be done, or in progress, across all products in the PL • If more than one tool is in use for the PL, identify what tool will be the common tool for the entire PL's backlog and the schedule for consolidation/integration Product Plays Acquisition Mapping As VA transitions to PLM, the ability to trace acquisitions from the "old" projects to the "new" products is vital. The PLs should show the plan for obligating any unobligated funds. Additionally, consolidating contracts is a goal of PLM; ensure there are a limited number of contracts supporting the products such that the product’s primary contract support is clear. Acceptance Criteria • Provide a list of the acquisitions that will obligate the product’s unobligated funds • Provide a list of all contracts yet to be awarded, and their planned placement/start date • List all Enterprise Project Structure (EPS) numbers that align to each product in the PL • Document current contracts affecting each product in the PL and have an Acquisition Plan for the remainder of the fiscal year. Indicate the vendor for each contract Budget Mapping The PL, in coordination with the Acquisition Management Office (AMO), must have a clear understanding of their funding status to include a Multi-Year Plan and Unfunded Requests (UFRs) covering all products in the PL. They should have a funding strategy for the remainder of the fiscal year and indicate whether customer priorities are funded or unfunded. If there are unfunded requirements, identify UFRs. Acceptance Criteria For the current fiscal year: • Show the total budget for the product
7 • Show how much of the total budget is obligated • Show how much of the total budget is unobligated Product Coordination and Planning Quarterly Planning A key element of PLM is quarterly planning. Each product within the PL will have a quarterly planning meeting to determine the roadmap for the product for the upcoming quarter. Setting a standard cadence for each product across the PL, allows the Product Teams to have a predictable rhythm and velocity. The fixed cadence allows meetings and events (including quarterly events) to be planned and scheduled ahead of time on people’s calendars. Advance notice reduces travel and facility costs, and helps assure that most, if not all, of the stakeholders will be able to participate. Acceptance Criteria • Describe the quarterly product planning meetings that are used to coordinate and discuss priorities and the product roadmap for the coming quarter with the Customer and Product Team • Include the dates for a recent planning meeting and the first/next scheduled meeting Sprint Cycles and Increments Cadence Cadence is the use of a regular, predictive development cycle, e.g., the same Sprint length, repeated over and over by a scrum team. When multiple scrum teams are supporting a product, synchronizing the start and stop dates for the various team's Sprint cycles causes multiple, potentially dependent events to happen at the same time. Acceptance Criteria • Describe how Product Teams in the PL ensure a product focus by synchronizing the Increment and Sprint cadence for all Product Teams that support a product Product Backlog Tool PLM requires the use of a single Backlog management tool for a product; this will provide a view of the product’s priorities (functional and non-functional requirements) in a PL. Acceptance Criteria • Identify the tool(s) holding the backlog for each product • Ensure that all epics in a product's backlog are in the PL Backlog Product Handoffs PLM uses the concept of “You build it, you own it”. This concept eliminates the need for handoffs between individual system teams and promotes cross-functional Product Teams. Cross-functional teams are a hybrid of development, testing, sustainment, system, and shared services.
8 Acceptance Criteria • Describe any handoffs of the product to another Product Team such that the IT Product Manager does not have complete control of the product code. • If the IT Product Manager does not feel they have complete control of the product code describe the plan to resolve. Agile Center of Excellence (ACOE) Support ACOE Enablement and Coaching Teams The Agile Center of Excellence (ACOE) is dedicated to helping PLs through their PLM maturation. ACOE has created a team of PLM Subject Matter Experts, Agile and Scaled Lean Agile experts, and VA PLM pioneers to serve as stewards for VA’s PLM transformation. ACOE will assign a PLM Enablement Team to a PL to aid in gap analysis and support PLs in achieving each maturity level. The PLM Enablement Team assigned to a PL will be composed of only federal employees, so the PL can communicate with them about budget and acquisition plans without the worry of establishing an organizational conflict of interest for a contractor. That said, there are contractors to work on Agile, Scaled Lean Agile, and DevSecOps roles and responsibilities, or any other type of Agile, Scaled Lean Agile, or DevSecOps coaching support that a PL needs. ACOE’s Enablement Team will work shoulder-to-shoulder with the PL, utilizing best practices and lessons learned to get products where they need to be at each maturity level. ACOE Enablement will reach out to PLs individually to initiate PLM support activities. Contact the ACOE Enablement Team at ACOEEnablement@va.gov with any questions on PLM implementation strategies. PLM Maturity Roadmap In 2020, the focus for PLM was on alignment which involved switching from projects to products and aligning products to Product Lines. EPMD and TRS joined forces and initiated the concept of “You Build It, You Own It”. The concept united development and sustainment, creating one persistent Product Team with shared responsibilities. For 2021, the focus is on self-sufficiency. The goal is to create persistent, autonomous, self-sufficient Product Teams. Self-sufficiency can only be achieved by integrating shared resources and adding additional competencies into Product Teams. Integrated resources help to promote cross-functional collaboration and teamwork and ensures that the right people with the right skills are included in team ceremonies, product planning events, and overall product delivery. In essence, this allows the team to work as a single unit and function as “One Team, One Heartbeat”. As we progress through the PLM journey, this roadmap will be expanded to include the plays for future PLM maturity levels.
9 Figure 1 - PLM Maturity Roadmap PLM Maturity Level 2 Background PLM Maturity Level 1 focused on organizing PLs in a way that would enable them to provide business value by delivering functional products to VA customers. The products supported by the PL were evaluated for appropriate alignment to the PL, and budget and acquisitions were reviewed. PLM leadership roles were designated for each PL through the establishment of the Big Six roles. Product team members were functionally aligned to the PL and briefed on the organizational shift to PLM. Team members were made aware that while PLM would not necessarily impact their day-to-day activities, staff would shift their focus to maintaining products rather than individual projects. After communicating the PLM vision to the customer, the PL developed key business metrics to measure the expected value the PL would bring to the business. Product coordination was established with quarterly planning, a single backlog tool, and synchronized Sprint cadences. Purpose PLM Maturity Level 2 is the first significant step in building the foundation for a cross- functional Product Team that includes integrated resources from across the organization capable of implementing PLM, DevSecOps, Agile, and Scaled Lean Agile practices. PLM Maturity Level 2 moves PLs and Product Teams to a customer-oriented collaborative
10 approach. Product Line and Product Team visions and plans are articulated through Outcome Roadmaps. Product Teams identify and build business value propositions and associated business metrics that are captured and reported in the DevSecOps Product Scorecard. Matrixed resources are integrated into Product Teams, resulting in increased cross- functional collaboration. Development of DevSecOps capabilities enable Product Teams to support Continuous Integration/Continuous Delivery (CI/CD) and automation. Based on the PL and Product Team Outcome Roadmaps, training needs will be assessed, and training plans developed. PLM Maturity Level 2 consists of plays focused on the following areas: • Develop a Product Business Value Proposition and Metric • Develop a Product Line and Product Outcome Roadmap • Integrate Matrixed Resources into Product Teams • Implement DevSecOps Capabilities – Priority: Application Performance Monitoring (APM) • Capture Product Scorecard Metrics • Develop and Train Product Team Staff Develop a Product Business Value Proposition and Metric “A value proposition is a “promise of value to be delivered, communicated, and acknowledged”. It requires both the party delivering that value and the stakeholders to have the same understanding.”– Gartner “Metrics provide the data that teams use to continuously improve and to empirically test whether new functionality and processes provide value.” – Gartner IT Product Managers must develop a business value proposition that defines both the purpose of their product and the value it brings to the customer. The value proposition should be clear and concise and should speak to a customer’s challenge and make the case for their product as the problem-solver. The details of the customers’ needs should be just as familiar to the IT Product Manager as the features of their product or the details of the service the product provides and should always focus on how customers define value. Product teams depend on the Business understanding and quantifying their value proposition. Once identified and quantified, Product Teams should create metrics to measure success based on business outcome value (whether the product met the business need). The metrics should be clear and traceable and directly correlate to the needs of the customer. They should also demonstrate the value delivered by the product. These metrics should be reported in VA Product (Line) Accountability and Reporting System (VA PARS). Considerations for this play: • Product Teams must create product business metrics based on the business outcome value
11 • Each Product Team must create a business metric for large or impactful products that is related to the product’s business value proposition • The business metric definition and actuals will be stored under the applicable investment in VA PARS by the Investment Manager • The metric data owner is the responsible individual for delivering the metric’s monthly actual result to the Investment Manager • The business metrics must fall into one of the following categories/sub- categories: • Strategic and Business Results o Business Process Improvement o Action, Time, or Burden Reduction in Activities • Customer Satisfaction (results) o Technology Functionality or Usability o Technology performance subcategory will not be accepted as a Business Metric • Business Metrics should be customer/business focused, not technical in nature (i.e., NOT availability, uptime, defect processing, etc.) • Business metrics should be measurable and automated • Reference the DevSecOps ACOE Product Scorecards Business Metric MS Teams channel for business metric definitions and process guidance • Business Metric Process • Business Metric Dashboard/Examples Acceptance Criteria: • Develop a business value proposition for the product that states the value and benefit it provides to the customer • Develop product business metric(s) to measure success in achieving the business value proposition • Ensure product business metrics (final definition and actuals) are tracked in VA PARS • Collaborate with the Customer, Account Management Office (AMO), Portfolio, Product Line Manager, ACOE Metrics and Analytics (MA), and others as needed to develop the business value proposition and product business metric Develop a Product Line and Product Outcome Roadmap IT Product Line and Product Managers must develop an Outcome Roadmap that focuses on establishing their PL and Product direction. An Outcome Roadmap visualizes the plan for how the PL is going to meet the organization’s key business objectives, how it will benefit VA veterans, and details the direction of the products in the PL and the work required to get there. It serves as a way to communicate key product priorities with internal and external stakeholders. IT Product Line and Product Managers must have a vision and plan for the software products depicted in a multi-year plan showing a roadmap of outcomes that are traceable to a named customer or group of customers. The Outcome Roadmap should include features and major enhancements that improve business outcomes.
12 The IT PL and Product Manager should collaborate with the AMO, Business Owners, and others as needed, to develop their Outcome Roadmap. The Outcome Roadmap should plan for the next four years of the product lifecycle and should provide a detailed visualization for near term outcomes and a high-level visualization for future outcomes. IT PL and Product Managers should discuss their resource strategy to prioritize the work across products, dedicate resources appropriately and eliminate any imbalanced situations. Note: • Quarterly Planning events provide excellent opportunities to validate and strengthen outcome roadmaps Acceptance Criteria: • Develop an Outcome Roadmap for the PL and Product • Identify the products included in the PL roadmap and provide a rationale for those that are not included (i.e. Products without OIT funding, resources, or being decommissioned) • List the capabilities, features, major enhancements, and initiatives that improve overall business outcomes for both the PL and Product Outcome Roadmaps • Identify the customer or group of customers each outcome/capability is traced to • Track the progress of activities and measures and communicate the progress and value of results to stakeholders quarterly • Ensure the PL and Product Outcome Roadmaps support the PL and Product vision and has been communicated to the Portfolio Director, PL and Product Staff, AMO, Business Owners and Product Owners • Ensure the PL and Product backlogs align with the Outcome Roadmap for near term work • Demonstrate the work is prioritized within the PL and Product backlogs and resources are allocated to the highest priority work Implement DevSecOps Capabilities (Priority - Application Performance Monitoring (APM) Product Teams must begin deploying more secure applications into production, delivering fewer vulnerabilities and have the ability to quickly fix security issues before they can be exploited. This can be achieved through the implementation of DevSecOps principles and practices. DevSecOps provides a culture and set of processes that bring development, security, and operations teams together to complete software development and allows products to create and improve products at a faster pace than traditional software and application development methods. Benefits of implementing DevSecOps: • Shorter development cycles • Faster innovation • Reduced deployment failures, rollbacks, and time to recover • Improved communication and collaboration • Increased efficiencies • Increased customer satisfaction • Innovation
13 To achieve PLM Maturity Level 2, teams must improve their DevSecOps capability by implementing Application Performance Monitoring (APM). APM gives teams early detection of problems and supports fast triaging during incident management. APM data must be integrated with the Enterprise Command Center (ECC) so that OIT has a “single pane of glass” view of applications and a standard process for event and incident management. All active products must track and measure the stability of the system using the Monitoring Service Registry (MSR) and must achieve MSR Level 3 by the end of PLM Maturity Level 2.1 Applicable MSR levels are: Monitoring Level Applications/Middleware Description Network and Network Device Description EUX End User Experience Monitoring N/A Level 1 Signs of Life Monitoring (Up/Down Status) Heartbeat/Up-Down Level 2 Infrastructure Monitoring (CPU, thread pools, Response Times, etc.) Capacity Monitoring – (Bandwidth, CPU, Network Interface Card) Level 3 APM (Application, Middleware, Databases) Capacity Monitoring – Advanced (Activity Logging. Transaction Routing) Level 4 Full Business Transaction Monitoring Full Business Transaction Monitoring Teams should strive to continually improve instrumentation to support deeper insights into the behavior and performance of the application. If a team has already implemented APM, they must implement another DevSecOps capability. Reference Appendix C for a complete list of DevSecOps capabilities. Considerations for this play: • Refer to the DevSecOps Implementation Plan in Appendix B for aDevSecOps assessmentthatwillenableProductTeamstoassesstheirDevSecOpsmaturitylevel;capability descriptions; best practices; and tool solutions for each DevSecOps capability • ACOE can provide coaching to assist in the development of the Application Performance Monitoring capability or other DevSecOps 1 Work with the Enterprise Command Center (ECC) team to understand requirements needed to achieve these levels.
14 capabilities upon request. Coaching requests will be triaged and added to the prioritized ACOE backlog • DevSecOps advancement will grow in future PLM maturity levels Acceptance Criteria: • Implement Application Performance Monitoring for the product if it does not already exist • Show that the product has reached Level 3 monitoring with the ECC and is recorded in the MSR system • If APM is already implemented on the product, further advance DevSecOps growth by implementing at least one new DevSecOps capability • If Level 3 Monitoring has been achieved, communicate the plan to implement the new DevSecOps capability to the Portfolio Director, PL Manager, Business Owner, Product Owner, Security, Architecture Engineering, and ITOPS as needed Integrate Matrixed Resources into Product Teams In PLM Maturity Level 1, Product Lines identified and mapped all products in the PL, and assigned employees, by role, to each product in the PL. Former project teams were reorganized into product teams. A Product Team is a cross-functional group of individuals that contain the skills and tools that allow them to build, deploy, monitor, and operate a product from its inception until the time the product is decommissioned. Team members have no individual or siloed responsibility for components. Instead, they pull work from the backlog in priority sequence. The team is not constrained by any outside dependencies, either technical, informational, or process, to deploy their product. A Product Team structure demands that the team communicate, collaborate, and share responsibility for their product. The ideal Product Team is persistent, self-sufficient, fast, and flexible at solving problems and delivering quality products. Building teams capable of self-sufficiency requires resources from multiple pillars inside and outside the DevSecOps organization. The preferred model is to matrix, or embed, resources on the Product Teams, which accomplishes two objectives: 1. Maintains a specialty group trained and held accountable to standards specific to that competency 2. All resources needed to deliver a product work closely together to facilitate quick communication, problem solving, and decision-making For PLM Maturity Level 2, Product Teams must advance collaboration and teamwork by embracing and integrating matrixed resources into their Agile ceremonies and processes. Matrixed resources should be included in the planning and implementation of product delivery activities, when applicable. Considerations for this play: • Teams should set clear expectations by including matrixed resources in the product Responsible, Accountable, Consulted, Informed (RACI) chart
15 • Involve matrixed resources in product events as needed • Reference the Integrated Matrixed Resources matrix on the ACOE PLM SharePoint site for available Matrixed Resources by pillar Acceptance Criteria: • Integrate matrixed resources into Product Team functions as appropriate • Orient the matrixed resources on product operations to enable productive contributions Capture Product Scorecard Metrics As OIT implements DevSecOps, PLM, Agile, and Scaled Lean Agile practices, it is important for Product Teams to aggregate, report, and communicate standard product operational and quality metrics to measure product maturity and health. Product Teams must measure and track their performance to ensure they are continually improving. Operational metrics/data should be aggregated and reported in an authoritative system or tool. The ACOE MA team collects the data and produces a Product Scorecard for the product. A Product Scorecard is a formalized metric system that is used to gauge a product’s performance based on key performance indicators (KPI). The Product Scorecard is also a tool for periodically reviewing progress of a product’s health. By using information in the Product Scorecard, Product Managers can stay on top of any problems that arise and make adjustments that help to keep a Product Team on course. The ACOE MA team currently captures performance metrics at the DevSecOps level in the DevSecOps Product Scorecard. The goal of the DevSecOps Product Scorecard is to: • Measure product quality • Report product quality performance • Indicate areas where improvement is needed • Drive standardization of integration, automation, and transparency Product Teams must understand both their business and operational metrics, review and validate the data, and make appropriate adjustments as needed. The team should make the data available to the ACOE MA team. For this play, Product Teams must ensure data is available in the Product Team’s systems of authority/record to calculate Product Scorecard metrics.2 This allows the ACOE MA team to regularly collect the data directly without impacting Product Teams. If the Product Team is not using a system of authority/record or if the ACOE MA team cannot be given access to the system, the Product Team must provide the data to the ACOE MA team. The following is a list of essential metrics: 1. Automated Test Cases Percentage 2. Mean Time to Restore (MTTR) 2 Includes the four DevSecOps metrics similar to those referenced in the book: Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations by Gene Kim, Jez Humble, and Nicole Forsgren
16 3. Current Open Incidents by Tier Level (1,2,3,4) and Priority (i.e. Major) 4. Total Current Open Defects by Severity and Prod/Non-Prod 5. Current Open High Exposure (Red Zone) Product Technical Risks Count 6. Percentage of Test Executions that Passed 7. Average Story Lead Time 8. Average Defect Lead Time 9. Average Release Cadence to Production/Deployment Frequency 10. Release Failure Percentage 11. Authority to Operate (ATO) 12. 508 Conformance Considerations for this play: • The following may be exclusionary factors for Product Scorecard: o Product metrics covered by another related product (i.e. parent/child) o Products managed by organizations outside of OIT (e.g. VHA, VBA, etc.) o Products targeted for decommissioning within the next six months o True SaaS (licenses only, no interfaces, vendor hosted, no configurations, etc.) • The ACOE MA team will work with each assigned product team that has a DevSecOps Product Scorecard to: o Collect metrics o Standardize metrics o Improve accuracy of Product Scorecard metrics • The goal is that 100% of the required data for the metric calculation is available • The metrics captured are not meant to be punitive in nature but instead are intended to provide a depiction of the current state of a products performance and indicators for areas of improvement • Reference the DevSecOps Product Score Card for more details and the complete list of required data for PSC metrics Acceptance Criteria: • For the products that have a Product Scorecard: o Ensure product data is available in the product data authoritative source (i.e. JIRA. GitHub, VASI, MSR, VA PARS, SNOW, etc.) to calculate, aggregate and report on operational metrics o Validate the data is accurate and current o Provide the missing data ('unknowns' or blank data fields) or the data location so the ACOE MA Analysts can collect the data in the future o Select two Product Scorecard metrics to target for improvement • For PSC candidate products that currently do not have a Product Scorecard: o Demonstrate the data is available in the product data authoritative sources (JIRA. GitHub, VASI, MSR, VA PARS, SNOW, etc.) to calculate, aggregate and report on key Product Scorecard operational metrics Develop and Train Product Team Staff Training is an effective means of improving a PL and Product Teams performance by
17 teaching the basic concepts of PLM, Agile, Scaled Lean Agile, and DevSecOps disciplines. Additionally, it is a way to level-set Product Teams on the foundations of each discipline and their associated implementation methodologies. By providing these courses to their staff, IT PL and Product Managers can advance staff knowledge and understanding so successful implementation can occur. IT PL and Product Managers must determine the short and long-term training needs of their staff to enable them to implement the plays in PLM Maturity Level 2 and beyond. IT Product Managers need to assess immediate training needs required for PLM Maturity Level 2 and develop a Staff Training Plan. Considerations for this play: • Reference the PLM Training Catalog for a list of available training offerings from TMS, Scaled Agile Framework® (SAFe®)3 , LinkedIn Learning, VA IT Campus, Weekly Agile Meetings (WAM), and/or 24/7 eLearning and IT Workforce Development (ITWD) Acceptance Criteria: • Assess staff training needs and identify gaps based on PLM Maturity Level 2 acceptance criteria • Develop a Staff Training Plan for PLM Level 2 based on available training in the Training Catalog or other sources. See Appendix B for guidance on developing a training plan and training plan templates • Execute the portion of the training plan that will enable the Product Team to implement PLM Maturity Level 2 plays 3 SAFe and Scaled Agile Framework are registered trademarks of Scaled Agile, Inc.
18 REFERENCES Appendix A – The Big Six Role Descriptions The Big Six roles for a PL are especially important to provide key leadership for PLM. A PL may wish to identify additional roles. References made below to roles not defined here should refer to definitions provided in other OIT guidance. IT Product Line Manager • The IT Product Line Manager leads the PL teams, with accountability for all team functions and maintains relationships with Business Sponsorship to ensure complete understanding of business objectives and priorities. • They adopt their customers' business objectives and along with the Product Owner(s) they are the voice of the customer to the PL team. They work with PL’s Business Owner(s) and lead strategy for the PL. • They are accountable (and listed in VASI and Enterprise Mission Assurance Support Service) as the IT System Owner for products in their PL and oversee IT Lifecycle activities for all IT products within their PL from the identification of need through retirement and decommissioning. • They also manage the PL backlog as well as oversee PL budget estimation, allocation, and tracking while working with the Deputy IT Portfolio Manager and Account Managers to align investments. • They have an open mind to change and are adaptable. • They have a strong background in DevSecOps practices and principles and have experience building an organization. Technical Manager/ (Solution Architect) • The Technical Manager (works in the capacity of a System Architect/Engineer) is an individual or team that defines the overall architecture of the system. • Defines Nonfunctional Requirements (NFRs), major system elements, subsystems, and interfaces. • Works closely with Portfolio Senior Technical Advisors and Technical Managers to maintain the current technical architecture and environments. • Works closely with Portfolio Senior Technical Advisors and Technical Managers to develop a vision for future technical architecture that aligns with VA and OIT standards and goals. IT Product Manager • The IT Product Manager’s goal is to work with the business Product Owner and IT leadership to define the product direction. • They are responsible for representing the true voice of the business Product Owner. • IT Product Managers who garner firsthand insight to the customer’s struggles can define features and functionality that alleviate the pain points. Product management has content authority for the product backlog. • IT Product Managers are responsible for identifying customer needs, prioritizing
19 features, guiding the work through the Program Kanban, and developing the program vision androadmap. • The IT Product Manager manages every aspect of delivering, operating, and maintaining the product, from formulating and prioritizing requirements with the business Product Owner to design, development, and delivery of capabilities, change management, and ultimate retirement of obsolete functions. • IT Product Managers maximize business value based on changing scope and customer priorities and work closely with the business Product Owner and development teams. • They focus on stated goals, employee development, and needed functions in the longstanding vision of the product. • They maintain a roadmap for their product and determine the conditions by which the product will be decommissioned. • They ensure steps to migrate users and/or functionality as well as proper data retention are established and followed. • They perform as the IT System Steward and are responsible for system owner deliverablesto the IT System Owner. • They resolve all issues pertaining to the product or escalate them to the Product Line Manager. IT Operations Manager • IT Operations Managers are responsible for managing day-to-day operational support of products including operations processes, planning, design, and operations strategy. • They take overall responsibility for leadership, control, and decision-making related to Product Line Operations. • They also ensure Product Teams are identifying application and systems operations representatives that must be present during Program Increment (PI) Planning and scrums. • They represent the escalation Point of Contact for products on High Priority (HPI) and Critical Priority (CPI) Incident calls. • They ensure establishment of Key Performance Indicators (KPI) and other measurement thresholds including adherence to Service Level targets for Product Lines and the related products within. • They work to organize efforts with developers, users and customers regarding application performance, and ticket backlogs. • They validate product roadmaps and assist with the creation of visualization strategies. • They provide a balanced approach to products so that the Product Teams don’t just focus on delivering new capabilities, but address reliability, responsiveness, and resilience of software systems. • They own the following: o Driving down technical debt o Injecting new requirements to drive down sustainment costs o Preventative work to reduce production support issues o Being responsive to production support issues and being efficient at resolving them
20 Business Owner • The Business Owner is responsible for the product visions at the PL level, how to convey them, and must have a solid understanding of user expectations and industry trends. • The Business Owner represents the needs and desires of the business and end-users and communicates between stakeholders and the PL Manager. • The Business Owner serves as an escalation point for business Product Owners and the Product Line Manager. • The Business Owner is a key stakeholder who commonly understands the business environment and is empowered to make decisions. • The Business Owner holds the primary business accountability governance, compliance, and return on investment (ROI). Account Manager • Account Managers provide a critical link between OIT and business partners that ensures strategic alignment between the software and services OIT delivers and the current and future needs of our business partners and ultimately our Veterans. • Account Managers are responsible for the management of service offerings via the Service Catalog as well as relationship management with OIT customers. • They are responsible for confirming the needed Epic and Enabler Backlog • Works with PL Managers and IT Product Managers to confirm Lean Budgets for the PLs (PLs provide resource assessments and workforce analysis) with guardrails that the PL Managers can operate from. • Maintains a strong relationship with customers and PLs.
21 Appendix B – Reference Documents and Recommended Reading Reference Documents The documents listed below may be used in conjunction with maturity levels 2 and beyond to assist PLs with implementing PLM, Scaled Lean Agile, and DevSecOps. Product Line Outcome Roadmap Template PLM Level 2 Playbook Templates and Examp Product Outcome Roadmap Template Business Value Proposition Matrixed Resources RACI DevSecOps Implementation Plan TBD Integrated Matrixed Resources by Pillar Integrated Matrixed Resources PLM Training Plan Guidelines Template PLM Training Plan Template.doc Training Needs Assessment and Training Plan Template (Excel) PLM Training Needs Assessment and Train PLM Training Catalog PLM Training Catalog Recommended Reading To learn more about best practices for PLM and DevSecOps beyond what is included in the Playbook, explore some of the recommended reading provided here. These resources will provide the ability to learn more about what is needed to successfully implement PLM and DevSecOps. Links to the majority of the books listed below can be found in the PLM Training Catalog. o Accelerate: The Science of Lean Software and DevSecOps – Nicole Forsgren, Jez Humble, and Gene Kim (2018) o The DevOps Handbook – Gene Kim, Jez Humble, Patrick Debois, John Willis, and John Allspaw (2016) o Accelerate: Building Strategic Agility for a Faster-Moving World – John Kotter (2014) o The Phoenix Project – Gene Kim, Kevin Behr, George Spafford (2013)
22 o “Moving from Project to Product: Modernizing Traditional Enterprise Operating Models” – IT Revolution/DevSecOps Enterprise Forum (2018) o “The Project to Product Transformation: Practical Guidance from Fourteen Enterprise Journeys” - IT Revolution/DevSecOps Enterprise Forum (2019) o The Unicorn Project: A Novel about Developers, Digital Disruption, and Thriving in the Age of Data – Gene Kim (2019) o Gen P: New Generation of Product Owners Who Care About Customers - Peter Monkhouse, and Joanna Tivig (2019) o Project to Product: How to Survive and Thrive in the Age of Digital Disruption with theFlow Framework – Mik Kersten (2018)
23 Appendix C- OIT DevSecOps Capabilities The information below is a comprehensive list of the DevSecOps Capabilities being implemented at the VA. Reference the DevSecOps Implementation Plan for descriptions, best practices, and VA approved tools for each capability. • Application Lifecycle Management Tools (ALM) • Application Performance Monitoring (APM) • Automated Continuous Delivery • Automated Continuous Integration • Automated Testing • Blue/Green Testing • Business Metrics Monitoring • Canary Testing • Containerization • Continuous Exploration • Continuous/Relentless Improvement • Cloud/VAEC • Dashboards • Feature Flags • Infrastructure as Code (IaC) • Integrated Security • Metrics/KPI’s • Microservices • Pipeline Monitoring • Platform(s) and/or Re-Platforming • Re-Architecting • Refactoring Code • SaaS or Managed Services
24 Appendix D – List of Acronyms and Glossary of Terms List of Acronyms Acronym Description AMO Account Management Office ARM Acquisition Review Module ART Agile Release Train (SAFe) BAM Benefits & Memorials (An OIT Service Line Portfolio) BIA Benefits Integration Application BTT Budget Tracking Tool CI Configuration Item CMDB Configuration Management Database DevSecOps Development + Operations DevSecOps Development+ Security+ Operations EHRM Electronic Health Record Modernization eMASS Enterprise Mission Assurance Support Service EPMD Enterprise Program Management Division EPMO Enterprise Program Management Office EPS Number Enterprise Project Structure Number FMS Financial Management System FSC Health Financial Services Center Health FTE Full Time Employee HCA Health Care Administration IAC Infrastructure as Code iFAMS Integrated Financial and Acquisition Management System ITIL Information Technology Infrastructure Library LGY Loan Guaranty MBMS Memorial Benefits Management System MTTR Mean Time to Restore OIT Office of Information Technology PaaS Platform as a Service PIP Program Increment Planning PL Product Line PLCR Product Line Change Request PLM Product Line Management QP Quarterly Planning RACI Responsible, Accountable, Consulted, Informed SaaS Software as a Service
25 SAFe Scaled Agile Framework SME Subject Matter Expert TBM Technology Business Management TMS Talent Management System TRS Transition Release and Support (former OIT organizational division) VA Veterans Affairs VA PARS VA Product (Line) Accountability and Reporting System VASI VA Systems Inventory VES Veterans Experience Services VHA Veterans Health Administration VIP Veteran-Focused Integrated Process VistA Veterans Information Systems and Technology Architecture Glossary of Terms Term Definition Acceptance Criteria A pre-established set of conditions or requirements a Product Line or product must meet for a play to be achieved within each PLM maturity level. Acquisition Review Module The Acquisition Review Module (ARM) is a new acquisition module in the Budget Tracking Tool (BTT) that will streamline the acquisition and budget review process. Agile Teams Agile teams are cross-functional groups of 5-11 individuals who define, build, test, and deliver an increment of value in a short time box. Agile Release Train (ART) Used in Scaled Agile Framework (SAFe) methodology. The Agile Release Train (ART) is a long-lived team of Agile teams, which, along with other stakeholders, develops and delivers solutions incrementally, using a series of fixed-length Iterations within a Program Increment (PI) timebox. The ART aligns teams to a common business and technology mission. Backlog A prioritized list of everything that is known to be needed in the product. It is the single source of requirements for any changes to be made to the product. The Product Owner is responsible for the Product Backlog, including its content, availability, and ordering.
26 Budget Tracking Tool Budget Tracking Tool (BTT) is an integrated enterprise-wide budget planning, management, and reporting system, is used to plan the annual budget at the obligation level and to manage execution and funds resource allocation through the end of the year. Cadence The approach to achieving commitment and reliability with a system. It is a measure of balance and the rhythmic flow of the process. Sprints of regular time interval or duration establish a cadence for a development effort. Configuration Management Database A Configuration Management Database (CMDB) is a logical representation of assets, services, and the relationships between them that comprise the IT infrastructure of an enterprise. DevOps DevSecOps is a mindset, a culture, and a set of technical practices. It provides communication, integration, automation, and close cooperation among all the people needed to plan, develop, test, deploy, release, and maintain a Solution. DevSecOps DevSecOps is short for development, security, and operations. Its focus is to make everyone accountable for security with the objective of implementing security decisions and actions at the same scale and speed as development and operations decisions and actions. Enabler Technical items that support the development of future business requirements bringing visibility to all the work necessary. They help to stabilize the architecture, infrastructure, and maintain customer needs. Epic A large body of work that can be broken down into several smaller stories. Epics often encompass multiple Product Teams and can even be tracked on multiple Kanban Boards. Epics are almost always delivered over a set of Sprints. Financial Management System Financial Management System (FMS) is the VA’s core financial management system. FMS is in the process of upgrading to the Integrated Financial and Acquisition Management System (iFAMS). Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS) The capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not
27 manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Infrastructure as Code (IaC) Infrastructure as Code (IaC) refers to the tools and processes used to track and manage infrastructure resources as code. This code is commonly stored in a version control system and the tools are most effective when applied to virtual environments. Integrated Financial and Acquisition Management System Integrated Financial and Acquisition Management System (iFAMS) is the new financial and acquisition management system soon to replaceFMS. iFAMS will increase the transparency, accuracy, timeliness, andreliability of financial information and will enable VA to improve service to Veterans, increase innovation, and enhance data integrity. Kanban A method to visualize and manage the flow of Features and Capabilities from ideation to analysis, implementation, and release through the Continuous Delivery Pipeline. Lighthouse API Lighthouse is an API platform that gives developers secure access to the VA data they need to build helpful tools and services for Veterans. Platform as a Service (PaaS) Platform as a Service (PaaS) - The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application- hosting environment. Product An item, system, or service offered to or provided for use by a customer. It can be physical or in virtual or in cyber form. A valuable product is: • Relevant – Customers must view it as a way to fulfill a need. • Functional – It must perform as expected. • Adaptable – It must be able to change with trends, time, technology, and user segments. • Communicated – Customers and potential customers must understand how they can benefit from it.
28 Product Line A VA Product Line is a group of related products that address related customer needs. Product Line Change Request The Product Line Change Request (PLCR) Product Line Change Request manages VASI change requests related to re-aligning VASI Product records to Product Lines. Product Owner A member of the Agile Team responsible for defining Stories and prioritizing the Product Backlog to streamline the execution of program priorities while maintaining the conceptual and technical integrity of the Features or components for the team. RACI A RACI chart is a simple matrix used to assign roles and responsibilities for each task, milestone, or decision on a project. RACI stands for Responsible, Accountable, Consulted, Informed. Each letter in the acronym represents a level of task responsibility. Release Installation into Production Environment—includes IOC, full deployment, subsequent releases, maintenance releases, defect repairs, security and other patches, and any changes that are released into production; also used to refer to the package (hardware, software, middleware, documentation, other components) being deployed. Shared Services/Matrixed Resource Shared Services/Matrixed Resource represents the specialty roles, people, and services required for the success of an Agile Release Train (ART) or Solution Train, but that cannot be dedicated full-time. Software as a Service (SaaS) Software as a Service (SaaS) - The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
29 Sprint A short cycle of work (usually 2 weeks) during the Build and Development phase; each Sprint focuses on completing a defined subset of project deliverables. Stakeholder A stakeholder is an individual, group or organization that is impacted by the outcome of a project. They have an interest in the success of the project or product and can be within or outside the organization that is sponsoring the project/product. Sustainment The processes, procedures, people, material, and information required to support, maintain, and operate the software and/or hardware aspects of a system. System Team A specialized Agile Team that assists in building and supporting the Agile development environment, typically including development and maintenance of the toolchain that supports the Continuous Delivery Pipeline. The System Team may also support the integration of assets from Agile teams, perform end- to-end Solution testing where necessary, and assists with deployment and Release on Demand. Technology Business Management Technology Business Management (TBM) is a framework designed to communicate the value of IT to agency stakeholders. TBM focuses on cost transparency, delivering value, identifying the total cost of IT, and shaping demand for IT services. Technology Stack A technology stack, also called a solutions stack, technology infrastructure, or a data ecosystem is a list of all the technology services used to build and run one single application. Telemetry An automated communications process by which measurements and other data are collected at remote points and are subsequently transmitted to receiving equipment for monitoring. VIP Veteran-focused Integration Process; former single path, from beginning to end, for IT releases in the VA.

More Related Content

PPTX
Micro-Frontend Architecture
Livares Technologies Pvt Ltd
 
PPTX
Security and Compliance with SharePoint and Office 365
Richard Harbridge
 
PDF
Generically Call External Classes from Managed Packages
Salesforce Developers
 
PDF
Single sign on using SAML
Programming Talents
 
PDF
OpenID for SSI
Torsten Lodderstedt
 
PPTX
An Overview of Microsoft Teams Architecture | Kushan Lahiru Perera
Kushan Lahiru Perera
 
PPTX
How to Advertise on Facebook in 2020: The ultimate Facebook Ads Guide
Cbitss Technologies
 
PPTX
Salesforce 101
501Partners
 
Micro-Frontend Architecture
Livares Technologies Pvt Ltd
 
Security and Compliance with SharePoint and Office 365
Richard Harbridge
 
Generically Call External Classes from Managed Packages
Salesforce Developers
 
Single sign on using SAML
Programming Talents
 
OpenID for SSI
Torsten Lodderstedt
 
An Overview of Microsoft Teams Architecture | Kushan Lahiru Perera
Kushan Lahiru Perera
 
How to Advertise on Facebook in 2020: The ultimate Facebook Ads Guide
Cbitss Technologies
 
Salesforce 101
501Partners
 

Similar to DevSecOps PLM L2 Playbook.pdf (20)

PDF
Life cycle-management-for-oracle-data-integrator-(odi)
Database & Technology s.r.l.
 
PDF
Whitepaper life cycle-management-for-odi
Minerva SoftCare GmbH
 
DOC
Sanitised Project Plan for Project Management
Sandy Clements
 
PDF
The Ultimate Guide to Choosing a Value Stream Management (VSM) Tool
GauriKale30
 
PDF
Sdlc tutorial
Edress Oryakhail
 
PDF
Sdlc tutorial
Suresh Mca
 
PDF
Understanding the Software Development Lifecycle [SDLC] | A Comprehensive Guide
Soft Suave Technologies
 
PPT
SDLC
Swarnima Tiwari
 
PDF
Different Methodologies Used By Programming Teams
Nicole Gomez
 
PDF
Best Practices In Software Development Life Cycle (SDLC)
GrapesTech Solutions
 
PPTX
Smart Factory – Starter Engagement Design.pptx
longngoai00
 
PDF
Automated legacy portfolio assessment
Ravikumar Kaliyaperumal
 
DOCX
Software Development Life cycle.docx
Anand Krishnan
 
DOC
Venkat Yarrapothu
Venkat Yarrapothu
 
PPS
testing
nazeer pasha
 
PDF
What Are the 7 Phases of SDLC Learn the Software Development Lifecycle & Its ...
JamesParker406701
 
DOCX
Presentation by lavika upadhyay
PMI_IREP_TP
 
DOCX
Key Phases of the Software Development Lifecycle (SDLC) Explained.docx
Integrated IT Solutions
 
PDF
White paper quality at the speed of digital
rajni singh
 
PDF
Keys to Successful Cohabitation: Governance and Autonomous Teams
DevOps.com
 
Life cycle-management-for-oracle-data-integrator-(odi)
Database & Technology s.r.l.
 
Whitepaper life cycle-management-for-odi
Minerva SoftCare GmbH
 
Sanitised Project Plan for Project Management
Sandy Clements
 
The Ultimate Guide to Choosing a Value Stream Management (VSM) Tool
GauriKale30
 
Sdlc tutorial
Edress Oryakhail
 
Sdlc tutorial
Suresh Mca
 
Understanding the Software Development Lifecycle [SDLC] | A Comprehensive Guide
Soft Suave Technologies
 
SDLC
Swarnima Tiwari
 
Different Methodologies Used By Programming Teams
Nicole Gomez
 
Best Practices In Software Development Life Cycle (SDLC)
GrapesTech Solutions
 
Smart Factory – Starter Engagement Design.pptx
longngoai00
 
Automated legacy portfolio assessment
Ravikumar Kaliyaperumal
 
Software Development Life cycle.docx
Anand Krishnan
 
Venkat Yarrapothu
Venkat Yarrapothu
 
testing
nazeer pasha
 
What Are the 7 Phases of SDLC Learn the Software Development Lifecycle & Its ...
JamesParker406701
 
Presentation by lavika upadhyay
PMI_IREP_TP
 
Key Phases of the Software Development Lifecycle (SDLC) Explained.docx
Integrated IT Solutions
 
White paper quality at the speed of digital
rajni singh
 
Keys to Successful Cohabitation: Governance and Autonomous Teams
DevOps.com
 
Ad

Recently uploaded (20)

PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
A Presentation on Touch Screen Technology
memembruh336
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Encapsulation theory and applications.pdf
gurumoop
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Approach and Philosophy of On baking technology
30anthuong17
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Ad

DevSecOps PLM L2 Playbook.pdf

  • 2. i Executive Summary and Approval The DevSecOps Product Line Management (PLM) Playbook details how the Office of Information and Technology (OIT), Development, Security, and Operations (DSO) leadership expects Product Lines to implement Lean-Agile and DevSecOps practices while moving from a project centric to a product centric focus. As the Department of Veterans Affairs (VA) continually strives to improve project and product management effectiveness and efficiency, VA welcomes any insight that users can provide. Users should send their comments and suggestions for improvements to the PLM Playbook to the Agile Center of Excellence (ACOE), ACOEMethodology@va.gov for review and consideration. The PLM Playbook applies to all IT products aligned to Product Lines in the Software Product Management, Infrastructure Operations, and Product Engineering groups within the DevSecOps organization. Others outside of DevSecOps may use the Playbook for situational awareness as needed. The DevSecOps PLM Playbook 2.0 is approved by: X Reginald Cummings Executive Director, Infrastructure Operations X Drew Myklegard Executive Director, Product Engineering X Daniel McCune Executive Director, Software Product Manag... McCune, Daniel Digitally signed by McCune, Daniel Date: 2021.04.28 15:23:33 -05'00' Reginald W. Cummings 1463975 Digitally signed by Reginald W. Cummings 1463975 Date: 2021.04.30 09:58:19 -05'00' David A. Myklegard 590747 Digitally signed by David A. Myklegard 590747 Date: 2021.04.30 11:31:43 -04'00'
  • 3. ii Revision History Version Date Description 1.0 July, 2020 First Issuance 2.0 May 2021 Added PLM Maturity Level 2 Table of Contents Product Line Management Playbook Overview......................................................................1 Introduction.........................................................................................................................1 Purpose................................................................................................................................1 PLM Benefits........................................................................................................................2 OIT PLM Evolution................................................................................................................2 PLM Maturity Level 1...............................................................................................................3 Product Line Plays................................................................................................................4 Common PL Backlog Toolset ...............................................................................................6 Product Plays .......................................................................................................................6 Agile Center of Excellence (ACOE) Support.............................................................................8 ACOE Enablement and Coaching Teams..............................................................................8 PLM Maturity Roadmap ..........................................................................................................8 PLM Maturity Level 2...............................................................................................................9 Background..........................................................................................................................9 Purpose................................................................................................................................9 Develop a Product Business Value Proposition and Metric ...............................................10 Develop a Product Line and Product Outcome Roadmap..................................................11 Implement DevSecOps Capabilities (Priority - Application Performance Monitoring (APM) ...........................................................................................................................................12 Integrate Matrixed Resources into Product Teams............................................................14 Capture Product Scorecard Metrics...................................................................................15 Develop and Train Product Team Staff ..............................................................................16
  • 4. iii REFERENCES...........................................................................................................................18 Appendix A – The Big Six Role Descriptions .......................................................................18 IT Product Line Manager ...................................................................................................18 Technical Manager/ (Solution Architect) ..........................................................................18 IT Product Manager...........................................................................................................18 IT Operations Manager......................................................................................................19 Business Owner .................................................................................................................20 Account Manager ..............................................................................................................20 Appendix B – Reference Documents and Recommended Reading.......................................21 Reference Documents........................................................................................................21 Recommended Reading.....................................................................................................21 Appendix C- OIT DevSecOps Capabilities...............................................................................23 Appendix D – List of Acronyms and Glossary of Terms.........................................................24 List of Acronyms.................................................................................................................24 Glossary of Terms ..............................................................................................................25 Table of Figures Figure 1 - PLM Maturity Roadmap........................................................................................... 9
  • 5. 1 Product Line Management Playbook Overview Introduction Product Line Management (PLM) is a framework that focuses on delivering functional products that provide the highest priority work to customers while delivering simplified, reliable, and practical solutions to the business, medical staff, and our Veterans. PLM focuses on grouping products into Product Lines, modernizing software delivery, and releasing software products faster, safer, and more efficiently through DevSecOps technical practices and a maniacal focus and alignment with our customer Faster releases allow Product Teams to quickly learn, adjust, and adapt to customer feedback. Product releases are accelerated through automation, utilizing Agile practices, and adopting Buy-Before-Build solutions. Safety increases assurance that Product Teams are releasing features the user wants, are reliable and secure in production, and avoid additional technical debt. Safety comes from automation, frequent feedback loops from the customer and operations, and solution architectures that avoid or outsource technical debt such as Buy-Before- Build options. Efficiency means teams release and maintain more features with the same staffing and budget levels. Efficiency comes from alignment with the business and their metrics, switching from projects to products, leveraging automation and platforms, and implementing Buy-Before-Build solutions. Product Managers use metrics to relentlessly improve their cycle and release times, guarantee product availability, and stay laser focused on business-centric product delivery that satisfies the customer. Metrics along with budget performance are captured in a Product Status Dashboard that give insight to not only cost and schedule health, but also industry standard DevSecOps metrics. The metrics are reviewed with product stakeholders to offer a comprehensive, transparent view of the Product Line’s (PL) health. In PLM, Product Line Managers are focused on delivering business value by building functional products where the maximum amount of time is spent providing the capabilities needed most by the customer. This enables the organization to move from an environment of missed deadlines to one that reflects iterative delivery and short feedback loops. The Office of Information Technology (OIT), Development, Security, and Operations (DevSecOps) organization will utilize PLM to integrate development, testing, sustainment, and shared services resources to create self-sufficient, persistent, and autonomous Product Teams that own the lifecycle of a product and are capable of consistently delivering value to the customer. Purpose The DevSecOps PLM Playbook is a companion guide to the Veteran-focused Integration Process (VIP) Guide. The Playbook details how DevSecOps leadership expects PLs to implement Product Line Management, DevSecOps,
  • 6. 2 and Lean-Agile principles, methods, practices, and techniques through levels of maturity. These maturity levels contain specific steps or “plays” and the associated acceptance criteria that each PL must work through over time. Once the acceptance criteria is met for all plays in a maturity level, the PL should begin focusing on achieving the next level of maturity. It is important to note that the Playbook is a living document and contains multiple components that enable PLs to achieve each level of maturity. PLM Benefits In Matt McWha’s article, “Product Line Management is Fundamental to the New IT Operating Model” published Feb 2017 on Digital Insights, he describes the benefit of PLM over a project-centric approach. A summary of Mr. McWha’s thoughts on adopting a product vs. project approach are captured below: A product-centric approach differs from the typical project-centric approach to delivering work in a Product Line. Product Lines represent ongoing streams of work that are… supported by dedicated delivery and management resources and are measured based on product outcomes (e.g., cost, volume, value delivery). The shift in the OIT operating model to PLM and toward products over projects promises several potential benefits: • Improved coordination between Product Teams and customer • Improved coordination of product delivery by including systems that are integrated in the same Product Line • Enhanced communication through cross-functional team collaboration • Product teams committed to value delivery of Lean Agile and DevSecOps practices OIT PLM Evolution In the past, the Office of Information and Technology, (OIT) development teams designed and developed software products which were then handed over to sustainment teams to maintain. Both development and sustainment functioned as individual, siloed teams. The separation influenced multiple forms of undesired behaviors: 1. Development sacrificed quality because they didn’t own the final product 2. Sustainment teams were resistant to accept a product they didn’t understand 3. Sustainment teams encountered budget short-falls in subsequent years because development teams neglected to include sustainment funding in the Multi-Year Plan 4. Sustainment teams didn’t design or develop the product. Nor were
  • 7. 3 they involved in requirements gathering, so they didn’t have a good understanding of the product, resulting in a lack of knowledge retention in teams 5. Team maturity was never achieved because staff was moved from one project to another 6. There was no clear evidence of flow or progress due to a lack of customer feedback loops and operational metrics In 2018, OIT embarked on a digital transformation journey and introduced PLM which focused on the principle of “You build it, you own it” (YBIYOI). The YBIYOI concept gave PLs ownership of their products and created one persistent team responsible for both development and sustainment. Implementation of PLM will be an evolution conducted across multiple maturity levels, each consisting of several 'plays' to give PL staff bite-sized chunks to execute. PLM Maturity Level 1 PLM Maturity Level 1 enables PLs and Product Teams to establish a foundation for future advancement of Product Line Management, Scaled Lean Agile, and DevSecOps practices and capabilities by switching from a project to product approach and grouping products into PLs. Maturity Level 1 consists of plays focused on the following areas: • Product Mapping • Assign the Big Six • Functional Organizational Charts • Customer Messaging • Business Metrics • Common Backlog PL Toolset • Acquisition Mapping • Budget Mapping • Product Coordination Product Teams should understand that PLM will not impact their day-to-day activities but will have an impact on how they support their products. There should be a shift in mindset from having to support disjointed projects, to one that supports the greater need of having a functional product. Product Teams should begin thinking about how they will help the product they are working on become or remain a functional product, how they can maximize up-time, and how best to deliver value to the customer. Leadership must understand how PLM changes their responsibilities. This is especially true for the ‘Big Six’ roles. PL Managers must ensure that new or junior IT Product Managers are clear on what their responsibilities are and have a plan to develop the required skills if needed.
  • 8. 4 Product Line Plays Product Mapping “Responsibility is a unique concept... You may share it with others, but your portion is not diminished. You may delegate it, but it is still with you... If responsibility is rightfully yours, no evasion, or ignorance or passing the blame can shift the burden to someone else. Unless you can point your finger at the man who is responsible when something goes wrong, then you have never had anyone really responsible.” - Admiral Hyman G. Rickover The PL Managers and IT Product Managers must completely own the lifecycle of the products they are responsible for to meet the first PLM Principle, “You build it; you own it”. As we move from a project focus to a product focus, a foundational element of PLM is to identify all products supporting the business services agreed upon as in scope for the PL. This is a key exercise that may involve some discussions for products that may have historically had more than one customer. Reach out to other PL Managers to discuss these within the framework of the PLM vision and find consensus on where a product belongs. A product/system should only exist in one PL. Acceptance Criteria: Demonstrate a clear process mapping of products, that includes the following: • List the products in scope for the PL • If a product belongs in another PL, both the gaining and losing PL Managers must agree to the change and update VA Systems Inventory (VASI). Both PL Managers must follow the Product Line Change Request (PLCR) process when moving a product from one PL to another. Assign the Big Six Each PL needs a core leadership team to provide full lifecycle support. The following roles are referred to as the Big Six roles for a PL because they will provide this core leadership. A PL may wish to identify other roles beyond these. See Appendix A for a description of each. • IT Product Line Manager • Technical Manager/Solution Architect • IT Product Manager (there will be more than one per PL) • IT Operations Manager (there may be more than one per PL) • Business Owner (ideally one per PL. Note this is a different role than the business Product Owner for each product who are not part of the core leadership of a PL) • Account Manager Acceptance Criteria: • Identify the federal employees who will fill the Big Six roles for the PL
  • 9. 5 Functional Organizational Chart A Functional Organizational Chart gives staff clear directions on how and where they fit into the organization and from whom to take day-to-day direction. Provide the names of OIT Staff (VA federal employees) working on the products within the PL and their role. Names of additional resources are optional for Maturity Level 1. Considerations for this play: • This is a Functional Organizational Chart. Do not confuse this with a Human Resources Organizational Chart • The Functional Organizational Chart may change in subsequent PLM Levels • Employees dedicated to a product or product team may be identified byrole • Enterprise Program Management Division (EPMD) resources, including former Transition Release and Support (TRS) staff assigned to a PL should not show as matrixed employees. Acceptance Criteria • Functional Organizational Chart shows the names of all federal EPMD employees functionally aligned to a PL and their role • EPMD employees including former TRS staff assigned to a product do not show as matrixed employees on the Functional Organizational Chart • VA Employees filling Big Six roles are identified by name Customer Messaging The customer should know what’s coming and what the shift to PLM means to them. Improving VA’s end-to-end product value delivery to Veterans depends upon the health of the partnership between the Business and OIT. Customers should be made aware we are adopting PLM as part of our continuous improvement of the value, cost, speed, and quality of our services to Veterans. They need to know what aspects of PLM will directly impact them. To continue improving that partnership, the PL should meet with the customer represented by the PL’s Business Owner and the business Product Owners to establish: • Cadenced communication going forward • Shared definitions of value & success • Alignment on objectives & outcomes • Continuous improvement practices • Metrics that matter to the Customer and to Veterans Acceptance Criteria • Show the strategy for communicating to the customer that validates achievement of the requirements above Business Metric The PL business metric is the measure(s) of the key business objective(s) related to the
  • 10. 6 products within the PL. They should be derived with agreement between the PL Business Owner and PL Manager. The metric should be measurable and (ideally) automated. Acceptance Criteria • Show the business metric(s) for the PL Common PL Backlog Toolset The PL Manager and the PL Business Owner should have visibility into the backlogs of all the products’ epics using a single tool. If more than one tool is in use for this PL view of the backlog, identify what tool will be the common tool for the entire PL Backlog in the future. Acceptance Criteria • Name the tool holding the consolidated PL Backlog of work yet to be done, or in progress, across all products in the PL • If more than one tool is in use for the PL, identify what tool will be the common tool for the entire PL's backlog and the schedule for consolidation/integration Product Plays Acquisition Mapping As VA transitions to PLM, the ability to trace acquisitions from the "old" projects to the "new" products is vital. The PLs should show the plan for obligating any unobligated funds. Additionally, consolidating contracts is a goal of PLM; ensure there are a limited number of contracts supporting the products such that the product’s primary contract support is clear. Acceptance Criteria • Provide a list of the acquisitions that will obligate the product’s unobligated funds • Provide a list of all contracts yet to be awarded, and their planned placement/start date • List all Enterprise Project Structure (EPS) numbers that align to each product in the PL • Document current contracts affecting each product in the PL and have an Acquisition Plan for the remainder of the fiscal year. Indicate the vendor for each contract Budget Mapping The PL, in coordination with the Acquisition Management Office (AMO), must have a clear understanding of their funding status to include a Multi-Year Plan and Unfunded Requests (UFRs) covering all products in the PL. They should have a funding strategy for the remainder of the fiscal year and indicate whether customer priorities are funded or unfunded. If there are unfunded requirements, identify UFRs. Acceptance Criteria For the current fiscal year: • Show the total budget for the product
  • 11. 7 • Show how much of the total budget is obligated • Show how much of the total budget is unobligated Product Coordination and Planning Quarterly Planning A key element of PLM is quarterly planning. Each product within the PL will have a quarterly planning meeting to determine the roadmap for the product for the upcoming quarter. Setting a standard cadence for each product across the PL, allows the Product Teams to have a predictable rhythm and velocity. The fixed cadence allows meetings and events (including quarterly events) to be planned and scheduled ahead of time on people’s calendars. Advance notice reduces travel and facility costs, and helps assure that most, if not all, of the stakeholders will be able to participate. Acceptance Criteria • Describe the quarterly product planning meetings that are used to coordinate and discuss priorities and the product roadmap for the coming quarter with the Customer and Product Team • Include the dates for a recent planning meeting and the first/next scheduled meeting Sprint Cycles and Increments Cadence Cadence is the use of a regular, predictive development cycle, e.g., the same Sprint length, repeated over and over by a scrum team. When multiple scrum teams are supporting a product, synchronizing the start and stop dates for the various team's Sprint cycles causes multiple, potentially dependent events to happen at the same time. Acceptance Criteria • Describe how Product Teams in the PL ensure a product focus by synchronizing the Increment and Sprint cadence for all Product Teams that support a product Product Backlog Tool PLM requires the use of a single Backlog management tool for a product; this will provide a view of the product’s priorities (functional and non-functional requirements) in a PL. Acceptance Criteria • Identify the tool(s) holding the backlog for each product • Ensure that all epics in a product's backlog are in the PL Backlog Product Handoffs PLM uses the concept of “You build it, you own it”. This concept eliminates the need for handoffs between individual system teams and promotes cross-functional Product Teams. Cross-functional teams are a hybrid of development, testing, sustainment, system, and shared services.
  • 12. 8 Acceptance Criteria • Describe any handoffs of the product to another Product Team such that the IT Product Manager does not have complete control of the product code. • If the IT Product Manager does not feel they have complete control of the product code describe the plan to resolve. Agile Center of Excellence (ACOE) Support ACOE Enablement and Coaching Teams The Agile Center of Excellence (ACOE) is dedicated to helping PLs through their PLM maturation. ACOE has created a team of PLM Subject Matter Experts, Agile and Scaled Lean Agile experts, and VA PLM pioneers to serve as stewards for VA’s PLM transformation. ACOE will assign a PLM Enablement Team to a PL to aid in gap analysis and support PLs in achieving each maturity level. The PLM Enablement Team assigned to a PL will be composed of only federal employees, so the PL can communicate with them about budget and acquisition plans without the worry of establishing an organizational conflict of interest for a contractor. That said, there are contractors to work on Agile, Scaled Lean Agile, and DevSecOps roles and responsibilities, or any other type of Agile, Scaled Lean Agile, or DevSecOps coaching support that a PL needs. ACOE’s Enablement Team will work shoulder-to-shoulder with the PL, utilizing best practices and lessons learned to get products where they need to be at each maturity level. ACOE Enablement will reach out to PLs individually to initiate PLM support activities. Contact the ACOE Enablement Team at ACOEEnablement@va.gov with any questions on PLM implementation strategies. PLM Maturity Roadmap In 2020, the focus for PLM was on alignment which involved switching from projects to products and aligning products to Product Lines. EPMD and TRS joined forces and initiated the concept of “You Build It, You Own It”. The concept united development and sustainment, creating one persistent Product Team with shared responsibilities. For 2021, the focus is on self-sufficiency. The goal is to create persistent, autonomous, self-sufficient Product Teams. Self-sufficiency can only be achieved by integrating shared resources and adding additional competencies into Product Teams. Integrated resources help to promote cross-functional collaboration and teamwork and ensures that the right people with the right skills are included in team ceremonies, product planning events, and overall product delivery. In essence, this allows the team to work as a single unit and function as “One Team, One Heartbeat”. As we progress through the PLM journey, this roadmap will be expanded to include the plays for future PLM maturity levels.
  • 13. 9 Figure 1 - PLM Maturity Roadmap PLM Maturity Level 2 Background PLM Maturity Level 1 focused on organizing PLs in a way that would enable them to provide business value by delivering functional products to VA customers. The products supported by the PL were evaluated for appropriate alignment to the PL, and budget and acquisitions were reviewed. PLM leadership roles were designated for each PL through the establishment of the Big Six roles. Product team members were functionally aligned to the PL and briefed on the organizational shift to PLM. Team members were made aware that while PLM would not necessarily impact their day-to-day activities, staff would shift their focus to maintaining products rather than individual projects. After communicating the PLM vision to the customer, the PL developed key business metrics to measure the expected value the PL would bring to the business. Product coordination was established with quarterly planning, a single backlog tool, and synchronized Sprint cadences. Purpose PLM Maturity Level 2 is the first significant step in building the foundation for a cross- functional Product Team that includes integrated resources from across the organization capable of implementing PLM, DevSecOps, Agile, and Scaled Lean Agile practices. PLM Maturity Level 2 moves PLs and Product Teams to a customer-oriented collaborative
  • 14. 10 approach. Product Line and Product Team visions and plans are articulated through Outcome Roadmaps. Product Teams identify and build business value propositions and associated business metrics that are captured and reported in the DevSecOps Product Scorecard. Matrixed resources are integrated into Product Teams, resulting in increased cross- functional collaboration. Development of DevSecOps capabilities enable Product Teams to support Continuous Integration/Continuous Delivery (CI/CD) and automation. Based on the PL and Product Team Outcome Roadmaps, training needs will be assessed, and training plans developed. PLM Maturity Level 2 consists of plays focused on the following areas: • Develop a Product Business Value Proposition and Metric • Develop a Product Line and Product Outcome Roadmap • Integrate Matrixed Resources into Product Teams • Implement DevSecOps Capabilities – Priority: Application Performance Monitoring (APM) • Capture Product Scorecard Metrics • Develop and Train Product Team Staff Develop a Product Business Value Proposition and Metric “A value proposition is a “promise of value to be delivered, communicated, and acknowledged”. It requires both the party delivering that value and the stakeholders to have the same understanding.”– Gartner “Metrics provide the data that teams use to continuously improve and to empirically test whether new functionality and processes provide value.” – Gartner IT Product Managers must develop a business value proposition that defines both the purpose of their product and the value it brings to the customer. The value proposition should be clear and concise and should speak to a customer’s challenge and make the case for their product as the problem-solver. The details of the customers’ needs should be just as familiar to the IT Product Manager as the features of their product or the details of the service the product provides and should always focus on how customers define value. Product teams depend on the Business understanding and quantifying their value proposition. Once identified and quantified, Product Teams should create metrics to measure success based on business outcome value (whether the product met the business need). The metrics should be clear and traceable and directly correlate to the needs of the customer. They should also demonstrate the value delivered by the product. These metrics should be reported in VA Product (Line) Accountability and Reporting System (VA PARS). Considerations for this play: • Product Teams must create product business metrics based on the business outcome value
  • 15. 11 • Each Product Team must create a business metric for large or impactful products that is related to the product’s business value proposition • The business metric definition and actuals will be stored under the applicable investment in VA PARS by the Investment Manager • The metric data owner is the responsible individual for delivering the metric’s monthly actual result to the Investment Manager • The business metrics must fall into one of the following categories/sub- categories: • Strategic and Business Results o Business Process Improvement o Action, Time, or Burden Reduction in Activities • Customer Satisfaction (results) o Technology Functionality or Usability o Technology performance subcategory will not be accepted as a Business Metric • Business Metrics should be customer/business focused, not technical in nature (i.e., NOT availability, uptime, defect processing, etc.) • Business metrics should be measurable and automated • Reference the DevSecOps ACOE Product Scorecards Business Metric MS Teams channel for business metric definitions and process guidance • Business Metric Process • Business Metric Dashboard/Examples Acceptance Criteria: • Develop a business value proposition for the product that states the value and benefit it provides to the customer • Develop product business metric(s) to measure success in achieving the business value proposition • Ensure product business metrics (final definition and actuals) are tracked in VA PARS • Collaborate with the Customer, Account Management Office (AMO), Portfolio, Product Line Manager, ACOE Metrics and Analytics (MA), and others as needed to develop the business value proposition and product business metric Develop a Product Line and Product Outcome Roadmap IT Product Line and Product Managers must develop an Outcome Roadmap that focuses on establishing their PL and Product direction. An Outcome Roadmap visualizes the plan for how the PL is going to meet the organization’s key business objectives, how it will benefit VA veterans, and details the direction of the products in the PL and the work required to get there. It serves as a way to communicate key product priorities with internal and external stakeholders. IT Product Line and Product Managers must have a vision and plan for the software products depicted in a multi-year plan showing a roadmap of outcomes that are traceable to a named customer or group of customers. The Outcome Roadmap should include features and major enhancements that improve business outcomes.
  • 16. 12 The IT PL and Product Manager should collaborate with the AMO, Business Owners, and others as needed, to develop their Outcome Roadmap. The Outcome Roadmap should plan for the next four years of the product lifecycle and should provide a detailed visualization for near term outcomes and a high-level visualization for future outcomes. IT PL and Product Managers should discuss their resource strategy to prioritize the work across products, dedicate resources appropriately and eliminate any imbalanced situations. Note: • Quarterly Planning events provide excellent opportunities to validate and strengthen outcome roadmaps Acceptance Criteria: • Develop an Outcome Roadmap for the PL and Product • Identify the products included in the PL roadmap and provide a rationale for those that are not included (i.e. Products without OIT funding, resources, or being decommissioned) • List the capabilities, features, major enhancements, and initiatives that improve overall business outcomes for both the PL and Product Outcome Roadmaps • Identify the customer or group of customers each outcome/capability is traced to • Track the progress of activities and measures and communicate the progress and value of results to stakeholders quarterly • Ensure the PL and Product Outcome Roadmaps support the PL and Product vision and has been communicated to the Portfolio Director, PL and Product Staff, AMO, Business Owners and Product Owners • Ensure the PL and Product backlogs align with the Outcome Roadmap for near term work • Demonstrate the work is prioritized within the PL and Product backlogs and resources are allocated to the highest priority work Implement DevSecOps Capabilities (Priority - Application Performance Monitoring (APM) Product Teams must begin deploying more secure applications into production, delivering fewer vulnerabilities and have the ability to quickly fix security issues before they can be exploited. This can be achieved through the implementation of DevSecOps principles and practices. DevSecOps provides a culture and set of processes that bring development, security, and operations teams together to complete software development and allows products to create and improve products at a faster pace than traditional software and application development methods. Benefits of implementing DevSecOps: • Shorter development cycles • Faster innovation • Reduced deployment failures, rollbacks, and time to recover • Improved communication and collaboration • Increased efficiencies • Increased customer satisfaction • Innovation
  • 17. 13 To achieve PLM Maturity Level 2, teams must improve their DevSecOps capability by implementing Application Performance Monitoring (APM). APM gives teams early detection of problems and supports fast triaging during incident management. APM data must be integrated with the Enterprise Command Center (ECC) so that OIT has a “single pane of glass” view of applications and a standard process for event and incident management. All active products must track and measure the stability of the system using the Monitoring Service Registry (MSR) and must achieve MSR Level 3 by the end of PLM Maturity Level 2.1 Applicable MSR levels are: Monitoring Level Applications/Middleware Description Network and Network Device Description EUX End User Experience Monitoring N/A Level 1 Signs of Life Monitoring (Up/Down Status) Heartbeat/Up-Down Level 2 Infrastructure Monitoring (CPU, thread pools, Response Times, etc.) Capacity Monitoring – (Bandwidth, CPU, Network Interface Card) Level 3 APM (Application, Middleware, Databases) Capacity Monitoring – Advanced (Activity Logging. Transaction Routing) Level 4 Full Business Transaction Monitoring Full Business Transaction Monitoring Teams should strive to continually improve instrumentation to support deeper insights into the behavior and performance of the application. If a team has already implemented APM, they must implement another DevSecOps capability. Reference Appendix C for a complete list of DevSecOps capabilities. Considerations for this play: • Refer to the DevSecOps Implementation Plan in Appendix B for aDevSecOps assessmentthatwillenableProductTeamstoassesstheirDevSecOpsmaturitylevel;capability descriptions; best practices; and tool solutions for each DevSecOps capability • ACOE can provide coaching to assist in the development of the Application Performance Monitoring capability or other DevSecOps 1 Work with the Enterprise Command Center (ECC) team to understand requirements needed to achieve these levels.
  • 18. 14 capabilities upon request. Coaching requests will be triaged and added to the prioritized ACOE backlog • DevSecOps advancement will grow in future PLM maturity levels Acceptance Criteria: • Implement Application Performance Monitoring for the product if it does not already exist • Show that the product has reached Level 3 monitoring with the ECC and is recorded in the MSR system • If APM is already implemented on the product, further advance DevSecOps growth by implementing at least one new DevSecOps capability • If Level 3 Monitoring has been achieved, communicate the plan to implement the new DevSecOps capability to the Portfolio Director, PL Manager, Business Owner, Product Owner, Security, Architecture Engineering, and ITOPS as needed Integrate Matrixed Resources into Product Teams In PLM Maturity Level 1, Product Lines identified and mapped all products in the PL, and assigned employees, by role, to each product in the PL. Former project teams were reorganized into product teams. A Product Team is a cross-functional group of individuals that contain the skills and tools that allow them to build, deploy, monitor, and operate a product from its inception until the time the product is decommissioned. Team members have no individual or siloed responsibility for components. Instead, they pull work from the backlog in priority sequence. The team is not constrained by any outside dependencies, either technical, informational, or process, to deploy their product. A Product Team structure demands that the team communicate, collaborate, and share responsibility for their product. The ideal Product Team is persistent, self-sufficient, fast, and flexible at solving problems and delivering quality products. Building teams capable of self-sufficiency requires resources from multiple pillars inside and outside the DevSecOps organization. The preferred model is to matrix, or embed, resources on the Product Teams, which accomplishes two objectives: 1. Maintains a specialty group trained and held accountable to standards specific to that competency 2. All resources needed to deliver a product work closely together to facilitate quick communication, problem solving, and decision-making For PLM Maturity Level 2, Product Teams must advance collaboration and teamwork by embracing and integrating matrixed resources into their Agile ceremonies and processes. Matrixed resources should be included in the planning and implementation of product delivery activities, when applicable. Considerations for this play: • Teams should set clear expectations by including matrixed resources in the product Responsible, Accountable, Consulted, Informed (RACI) chart
  • 19. 15 • Involve matrixed resources in product events as needed • Reference the Integrated Matrixed Resources matrix on the ACOE PLM SharePoint site for available Matrixed Resources by pillar Acceptance Criteria: • Integrate matrixed resources into Product Team functions as appropriate • Orient the matrixed resources on product operations to enable productive contributions Capture Product Scorecard Metrics As OIT implements DevSecOps, PLM, Agile, and Scaled Lean Agile practices, it is important for Product Teams to aggregate, report, and communicate standard product operational and quality metrics to measure product maturity and health. Product Teams must measure and track their performance to ensure they are continually improving. Operational metrics/data should be aggregated and reported in an authoritative system or tool. The ACOE MA team collects the data and produces a Product Scorecard for the product. A Product Scorecard is a formalized metric system that is used to gauge a product’s performance based on key performance indicators (KPI). The Product Scorecard is also a tool for periodically reviewing progress of a product’s health. By using information in the Product Scorecard, Product Managers can stay on top of any problems that arise and make adjustments that help to keep a Product Team on course. The ACOE MA team currently captures performance metrics at the DevSecOps level in the DevSecOps Product Scorecard. The goal of the DevSecOps Product Scorecard is to: • Measure product quality • Report product quality performance • Indicate areas where improvement is needed • Drive standardization of integration, automation, and transparency Product Teams must understand both their business and operational metrics, review and validate the data, and make appropriate adjustments as needed. The team should make the data available to the ACOE MA team. For this play, Product Teams must ensure data is available in the Product Team’s systems of authority/record to calculate Product Scorecard metrics.2 This allows the ACOE MA team to regularly collect the data directly without impacting Product Teams. If the Product Team is not using a system of authority/record or if the ACOE MA team cannot be given access to the system, the Product Team must provide the data to the ACOE MA team. The following is a list of essential metrics: 1. Automated Test Cases Percentage 2. Mean Time to Restore (MTTR) 2 Includes the four DevSecOps metrics similar to those referenced in the book: Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations by Gene Kim, Jez Humble, and Nicole Forsgren
  • 20. 16 3. Current Open Incidents by Tier Level (1,2,3,4) and Priority (i.e. Major) 4. Total Current Open Defects by Severity and Prod/Non-Prod 5. Current Open High Exposure (Red Zone) Product Technical Risks Count 6. Percentage of Test Executions that Passed 7. Average Story Lead Time 8. Average Defect Lead Time 9. Average Release Cadence to Production/Deployment Frequency 10. Release Failure Percentage 11. Authority to Operate (ATO) 12. 508 Conformance Considerations for this play: • The following may be exclusionary factors for Product Scorecard: o Product metrics covered by another related product (i.e. parent/child) o Products managed by organizations outside of OIT (e.g. VHA, VBA, etc.) o Products targeted for decommissioning within the next six months o True SaaS (licenses only, no interfaces, vendor hosted, no configurations, etc.) • The ACOE MA team will work with each assigned product team that has a DevSecOps Product Scorecard to: o Collect metrics o Standardize metrics o Improve accuracy of Product Scorecard metrics • The goal is that 100% of the required data for the metric calculation is available • The metrics captured are not meant to be punitive in nature but instead are intended to provide a depiction of the current state of a products performance and indicators for areas of improvement • Reference the DevSecOps Product Score Card for more details and the complete list of required data for PSC metrics Acceptance Criteria: • For the products that have a Product Scorecard: o Ensure product data is available in the product data authoritative source (i.e. JIRA. GitHub, VASI, MSR, VA PARS, SNOW, etc.) to calculate, aggregate and report on operational metrics o Validate the data is accurate and current o Provide the missing data ('unknowns' or blank data fields) or the data location so the ACOE MA Analysts can collect the data in the future o Select two Product Scorecard metrics to target for improvement • For PSC candidate products that currently do not have a Product Scorecard: o Demonstrate the data is available in the product data authoritative sources (JIRA. GitHub, VASI, MSR, VA PARS, SNOW, etc.) to calculate, aggregate and report on key Product Scorecard operational metrics Develop and Train Product Team Staff Training is an effective means of improving a PL and Product Teams performance by
  • 21. 17 teaching the basic concepts of PLM, Agile, Scaled Lean Agile, and DevSecOps disciplines. Additionally, it is a way to level-set Product Teams on the foundations of each discipline and their associated implementation methodologies. By providing these courses to their staff, IT PL and Product Managers can advance staff knowledge and understanding so successful implementation can occur. IT PL and Product Managers must determine the short and long-term training needs of their staff to enable them to implement the plays in PLM Maturity Level 2 and beyond. IT Product Managers need to assess immediate training needs required for PLM Maturity Level 2 and develop a Staff Training Plan. Considerations for this play: • Reference the PLM Training Catalog for a list of available training offerings from TMS, Scaled Agile Framework® (SAFe®)3 , LinkedIn Learning, VA IT Campus, Weekly Agile Meetings (WAM), and/or 24/7 eLearning and IT Workforce Development (ITWD) Acceptance Criteria: • Assess staff training needs and identify gaps based on PLM Maturity Level 2 acceptance criteria • Develop a Staff Training Plan for PLM Level 2 based on available training in the Training Catalog or other sources. See Appendix B for guidance on developing a training plan and training plan templates • Execute the portion of the training plan that will enable the Product Team to implement PLM Maturity Level 2 plays 3 SAFe and Scaled Agile Framework are registered trademarks of Scaled Agile, Inc.
  • 22. 18 REFERENCES Appendix A – The Big Six Role Descriptions The Big Six roles for a PL are especially important to provide key leadership for PLM. A PL may wish to identify additional roles. References made below to roles not defined here should refer to definitions provided in other OIT guidance. IT Product Line Manager • The IT Product Line Manager leads the PL teams, with accountability for all team functions and maintains relationships with Business Sponsorship to ensure complete understanding of business objectives and priorities. • They adopt their customers' business objectives and along with the Product Owner(s) they are the voice of the customer to the PL team. They work with PL’s Business Owner(s) and lead strategy for the PL. • They are accountable (and listed in VASI and Enterprise Mission Assurance Support Service) as the IT System Owner for products in their PL and oversee IT Lifecycle activities for all IT products within their PL from the identification of need through retirement and decommissioning. • They also manage the PL backlog as well as oversee PL budget estimation, allocation, and tracking while working with the Deputy IT Portfolio Manager and Account Managers to align investments. • They have an open mind to change and are adaptable. • They have a strong background in DevSecOps practices and principles and have experience building an organization. Technical Manager/ (Solution Architect) • The Technical Manager (works in the capacity of a System Architect/Engineer) is an individual or team that defines the overall architecture of the system. • Defines Nonfunctional Requirements (NFRs), major system elements, subsystems, and interfaces. • Works closely with Portfolio Senior Technical Advisors and Technical Managers to maintain the current technical architecture and environments. • Works closely with Portfolio Senior Technical Advisors and Technical Managers to develop a vision for future technical architecture that aligns with VA and OIT standards and goals. IT Product Manager • The IT Product Manager’s goal is to work with the business Product Owner and IT leadership to define the product direction. • They are responsible for representing the true voice of the business Product Owner. • IT Product Managers who garner firsthand insight to the customer’s struggles can define features and functionality that alleviate the pain points. Product management has content authority for the product backlog. • IT Product Managers are responsible for identifying customer needs, prioritizing
  • 23. 19 features, guiding the work through the Program Kanban, and developing the program vision androadmap. • The IT Product Manager manages every aspect of delivering, operating, and maintaining the product, from formulating and prioritizing requirements with the business Product Owner to design, development, and delivery of capabilities, change management, and ultimate retirement of obsolete functions. • IT Product Managers maximize business value based on changing scope and customer priorities and work closely with the business Product Owner and development teams. • They focus on stated goals, employee development, and needed functions in the longstanding vision of the product. • They maintain a roadmap for their product and determine the conditions by which the product will be decommissioned. • They ensure steps to migrate users and/or functionality as well as proper data retention are established and followed. • They perform as the IT System Steward and are responsible for system owner deliverablesto the IT System Owner. • They resolve all issues pertaining to the product or escalate them to the Product Line Manager. IT Operations Manager • IT Operations Managers are responsible for managing day-to-day operational support of products including operations processes, planning, design, and operations strategy. • They take overall responsibility for leadership, control, and decision-making related to Product Line Operations. • They also ensure Product Teams are identifying application and systems operations representatives that must be present during Program Increment (PI) Planning and scrums. • They represent the escalation Point of Contact for products on High Priority (HPI) and Critical Priority (CPI) Incident calls. • They ensure establishment of Key Performance Indicators (KPI) and other measurement thresholds including adherence to Service Level targets for Product Lines and the related products within. • They work to organize efforts with developers, users and customers regarding application performance, and ticket backlogs. • They validate product roadmaps and assist with the creation of visualization strategies. • They provide a balanced approach to products so that the Product Teams don’t just focus on delivering new capabilities, but address reliability, responsiveness, and resilience of software systems. • They own the following: o Driving down technical debt o Injecting new requirements to drive down sustainment costs o Preventative work to reduce production support issues o Being responsive to production support issues and being efficient at resolving them
  • 24. 20 Business Owner • The Business Owner is responsible for the product visions at the PL level, how to convey them, and must have a solid understanding of user expectations and industry trends. • The Business Owner represents the needs and desires of the business and end-users and communicates between stakeholders and the PL Manager. • The Business Owner serves as an escalation point for business Product Owners and the Product Line Manager. • The Business Owner is a key stakeholder who commonly understands the business environment and is empowered to make decisions. • The Business Owner holds the primary business accountability governance, compliance, and return on investment (ROI). Account Manager • Account Managers provide a critical link between OIT and business partners that ensures strategic alignment between the software and services OIT delivers and the current and future needs of our business partners and ultimately our Veterans. • Account Managers are responsible for the management of service offerings via the Service Catalog as well as relationship management with OIT customers. • They are responsible for confirming the needed Epic and Enabler Backlog • Works with PL Managers and IT Product Managers to confirm Lean Budgets for the PLs (PLs provide resource assessments and workforce analysis) with guardrails that the PL Managers can operate from. • Maintains a strong relationship with customers and PLs.
  • 25. 21 Appendix B – Reference Documents and Recommended Reading Reference Documents The documents listed below may be used in conjunction with maturity levels 2 and beyond to assist PLs with implementing PLM, Scaled Lean Agile, and DevSecOps. Product Line Outcome Roadmap Template PLM Level 2 Playbook Templates and Examp Product Outcome Roadmap Template Business Value Proposition Matrixed Resources RACI DevSecOps Implementation Plan TBD Integrated Matrixed Resources by Pillar Integrated Matrixed Resources PLM Training Plan Guidelines Template PLM Training Plan Template.doc Training Needs Assessment and Training Plan Template (Excel) PLM Training Needs Assessment and Train PLM Training Catalog PLM Training Catalog Recommended Reading To learn more about best practices for PLM and DevSecOps beyond what is included in the Playbook, explore some of the recommended reading provided here. These resources will provide the ability to learn more about what is needed to successfully implement PLM and DevSecOps. Links to the majority of the books listed below can be found in the PLM Training Catalog. o Accelerate: The Science of Lean Software and DevSecOps – Nicole Forsgren, Jez Humble, and Gene Kim (2018) o The DevOps Handbook – Gene Kim, Jez Humble, Patrick Debois, John Willis, and John Allspaw (2016) o Accelerate: Building Strategic Agility for a Faster-Moving World – John Kotter (2014) o The Phoenix Project – Gene Kim, Kevin Behr, George Spafford (2013)
  • 26. 22 o “Moving from Project to Product: Modernizing Traditional Enterprise Operating Models” – IT Revolution/DevSecOps Enterprise Forum (2018) o “The Project to Product Transformation: Practical Guidance from Fourteen Enterprise Journeys” - IT Revolution/DevSecOps Enterprise Forum (2019) o The Unicorn Project: A Novel about Developers, Digital Disruption, and Thriving in the Age of Data – Gene Kim (2019) o Gen P: New Generation of Product Owners Who Care About Customers - Peter Monkhouse, and Joanna Tivig (2019) o Project to Product: How to Survive and Thrive in the Age of Digital Disruption with theFlow Framework – Mik Kersten (2018)
  • 27. 23 Appendix C- OIT DevSecOps Capabilities The information below is a comprehensive list of the DevSecOps Capabilities being implemented at the VA. Reference the DevSecOps Implementation Plan for descriptions, best practices, and VA approved tools for each capability. • Application Lifecycle Management Tools (ALM) • Application Performance Monitoring (APM) • Automated Continuous Delivery • Automated Continuous Integration • Automated Testing • Blue/Green Testing • Business Metrics Monitoring • Canary Testing • Containerization • Continuous Exploration • Continuous/Relentless Improvement • Cloud/VAEC • Dashboards • Feature Flags • Infrastructure as Code (IaC) • Integrated Security • Metrics/KPI’s • Microservices • Pipeline Monitoring • Platform(s) and/or Re-Platforming • Re-Architecting • Refactoring Code • SaaS or Managed Services
  • 28. 24 Appendix D – List of Acronyms and Glossary of Terms List of Acronyms Acronym Description AMO Account Management Office ARM Acquisition Review Module ART Agile Release Train (SAFe) BAM Benefits & Memorials (An OIT Service Line Portfolio) BIA Benefits Integration Application BTT Budget Tracking Tool CI Configuration Item CMDB Configuration Management Database DevSecOps Development + Operations DevSecOps Development+ Security+ Operations EHRM Electronic Health Record Modernization eMASS Enterprise Mission Assurance Support Service EPMD Enterprise Program Management Division EPMO Enterprise Program Management Office EPS Number Enterprise Project Structure Number FMS Financial Management System FSC Health Financial Services Center Health FTE Full Time Employee HCA Health Care Administration IAC Infrastructure as Code iFAMS Integrated Financial and Acquisition Management System ITIL Information Technology Infrastructure Library LGY Loan Guaranty MBMS Memorial Benefits Management System MTTR Mean Time to Restore OIT Office of Information Technology PaaS Platform as a Service PIP Program Increment Planning PL Product Line PLCR Product Line Change Request PLM Product Line Management QP Quarterly Planning RACI Responsible, Accountable, Consulted, Informed SaaS Software as a Service
  • 29. 25 SAFe Scaled Agile Framework SME Subject Matter Expert TBM Technology Business Management TMS Talent Management System TRS Transition Release and Support (former OIT organizational division) VA Veterans Affairs VA PARS VA Product (Line) Accountability and Reporting System VASI VA Systems Inventory VES Veterans Experience Services VHA Veterans Health Administration VIP Veteran-Focused Integrated Process VistA Veterans Information Systems and Technology Architecture Glossary of Terms Term Definition Acceptance Criteria A pre-established set of conditions or requirements a Product Line or product must meet for a play to be achieved within each PLM maturity level. Acquisition Review Module The Acquisition Review Module (ARM) is a new acquisition module in the Budget Tracking Tool (BTT) that will streamline the acquisition and budget review process. Agile Teams Agile teams are cross-functional groups of 5-11 individuals who define, build, test, and deliver an increment of value in a short time box. Agile Release Train (ART) Used in Scaled Agile Framework (SAFe) methodology. The Agile Release Train (ART) is a long-lived team of Agile teams, which, along with other stakeholders, develops and delivers solutions incrementally, using a series of fixed-length Iterations within a Program Increment (PI) timebox. The ART aligns teams to a common business and technology mission. Backlog A prioritized list of everything that is known to be needed in the product. It is the single source of requirements for any changes to be made to the product. The Product Owner is responsible for the Product Backlog, including its content, availability, and ordering.
  • 30. 26 Budget Tracking Tool Budget Tracking Tool (BTT) is an integrated enterprise-wide budget planning, management, and reporting system, is used to plan the annual budget at the obligation level and to manage execution and funds resource allocation through the end of the year. Cadence The approach to achieving commitment and reliability with a system. It is a measure of balance and the rhythmic flow of the process. Sprints of regular time interval or duration establish a cadence for a development effort. Configuration Management Database A Configuration Management Database (CMDB) is a logical representation of assets, services, and the relationships between them that comprise the IT infrastructure of an enterprise. DevOps DevSecOps is a mindset, a culture, and a set of technical practices. It provides communication, integration, automation, and close cooperation among all the people needed to plan, develop, test, deploy, release, and maintain a Solution. DevSecOps DevSecOps is short for development, security, and operations. Its focus is to make everyone accountable for security with the objective of implementing security decisions and actions at the same scale and speed as development and operations decisions and actions. Enabler Technical items that support the development of future business requirements bringing visibility to all the work necessary. They help to stabilize the architecture, infrastructure, and maintain customer needs. Epic A large body of work that can be broken down into several smaller stories. Epics often encompass multiple Product Teams and can even be tracked on multiple Kanban Boards. Epics are almost always delivered over a set of Sprints. Financial Management System Financial Management System (FMS) is the VA’s core financial management system. FMS is in the process of upgrading to the Integrated Financial and Acquisition Management System (iFAMS). Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS) The capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not
  • 31. 27 manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Infrastructure as Code (IaC) Infrastructure as Code (IaC) refers to the tools and processes used to track and manage infrastructure resources as code. This code is commonly stored in a version control system and the tools are most effective when applied to virtual environments. Integrated Financial and Acquisition Management System Integrated Financial and Acquisition Management System (iFAMS) is the new financial and acquisition management system soon to replaceFMS. iFAMS will increase the transparency, accuracy, timeliness, andreliability of financial information and will enable VA to improve service to Veterans, increase innovation, and enhance data integrity. Kanban A method to visualize and manage the flow of Features and Capabilities from ideation to analysis, implementation, and release through the Continuous Delivery Pipeline. Lighthouse API Lighthouse is an API platform that gives developers secure access to the VA data they need to build helpful tools and services for Veterans. Platform as a Service (PaaS) Platform as a Service (PaaS) - The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application- hosting environment. Product An item, system, or service offered to or provided for use by a customer. It can be physical or in virtual or in cyber form. A valuable product is: • Relevant – Customers must view it as a way to fulfill a need. • Functional – It must perform as expected. • Adaptable – It must be able to change with trends, time, technology, and user segments. • Communicated – Customers and potential customers must understand how they can benefit from it.
  • 32. 28 Product Line A VA Product Line is a group of related products that address related customer needs. Product Line Change Request The Product Line Change Request (PLCR) Product Line Change Request manages VASI change requests related to re-aligning VASI Product records to Product Lines. Product Owner A member of the Agile Team responsible for defining Stories and prioritizing the Product Backlog to streamline the execution of program priorities while maintaining the conceptual and technical integrity of the Features or components for the team. RACI A RACI chart is a simple matrix used to assign roles and responsibilities for each task, milestone, or decision on a project. RACI stands for Responsible, Accountable, Consulted, Informed. Each letter in the acronym represents a level of task responsibility. Release Installation into Production Environment—includes IOC, full deployment, subsequent releases, maintenance releases, defect repairs, security and other patches, and any changes that are released into production; also used to refer to the package (hardware, software, middleware, documentation, other components) being deployed. Shared Services/Matrixed Resource Shared Services/Matrixed Resource represents the specialty roles, people, and services required for the success of an Agile Release Train (ART) or Solution Train, but that cannot be dedicated full-time. Software as a Service (SaaS) Software as a Service (SaaS) - The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
  • 33. 29 Sprint A short cycle of work (usually 2 weeks) during the Build and Development phase; each Sprint focuses on completing a defined subset of project deliverables. Stakeholder A stakeholder is an individual, group or organization that is impacted by the outcome of a project. They have an interest in the success of the project or product and can be within or outside the organization that is sponsoring the project/product. Sustainment The processes, procedures, people, material, and information required to support, maintain, and operate the software and/or hardware aspects of a system. System Team A specialized Agile Team that assists in building and supporting the Agile development environment, typically including development and maintenance of the toolchain that supports the Continuous Delivery Pipeline. The System Team may also support the integration of assets from Agile teams, perform end- to-end Solution testing where necessary, and assists with deployment and Release on Demand. Technology Business Management Technology Business Management (TBM) is a framework designed to communicate the value of IT to agency stakeholders. TBM focuses on cost transparency, delivering value, identifying the total cost of IT, and shaping demand for IT services. Technology Stack A technology stack, also called a solutions stack, technology infrastructure, or a data ecosystem is a list of all the technology services used to build and run one single application. Telemetry An automated communications process by which measurements and other data are collected at remote points and are subsequently transmitted to receiving equipment for monitoring. VIP Veteran-focused Integration Process; former single path, from beginning to end, for IT releases in the VA.