[Business Domains - Initiative Briefs]

Products related to Business Domains - Initiative briefs

Initiative Briefs related to.....


[Platforms - Initiative Briefs]


12226 - Sentri V2 + Sentri SIP Module (GS budget)

Initiative brief

(lightbulb) Readme

* Required information

Project details

Phase

  • Envision
  • Strategize

Status

IN PROGRESS 

Start Date

 

Initiative name

12226

Sentri V2 + Sentri SIP Module

Description of the initiative

What is Sentri V1?

  • A risk based asset classification and security control tool intended for IT asset owners.
  • Series of questions aimed at asset type as well as data Confidentiality, Integrity, Availability and Business Impact to establish a risk profile score.
  • Delivers a simplified, targeted and meaningful set of security controls based on industry standard control frameworks aimed specifically at the assessed asset.
  • Includes the ability to declare Privacy, DFARS (NIST), Export Compliance and other regulatory data. Links asset owners to associated support teams.

What is Sentri V2?

  • Better define cloud in line with Cloud Office, CMDB and EA Tools
  • Performance enhancements  
  • Overall management of the tool
  • Loaded on New Hardware feature - define and enable. 
  • Review roles within SENTRI
  • Product owner form defined (poss not product owner that completed the assessment)
  • Reason for asset reassessment to be indicated by asset owner
  • Reassessment intervals / automated emails 
  • Asset list - move the “completed” status - it’s misleading

What is SIP module?

The new SIP methodology was launched in October 2022 with the objective to implement Security Integration in Project approach (also called Security By Design). The SIP Team is using an semi-automatic Google Spreadsheet for the moment and want now to use Sentri to develop an integrated solution.

While Sentri V2 will mainly evaluate applications in run phase, the SIP tool is used for the design/build phase.

Added value/objectives:

  • Add automation to the actual Methodology including versioning and stop using Spreadsheets and emails
  • Validation workflow between stakeholders (product manager, SIP team, security architects)
  • By starting with the Sentri SIP Module data and information from the project can be shared to the Sentri V2.
  • A single tool for Design and Run phases for cybersecurity and compliance assessment

 Global Budget: 30K€

This is a project not in DT Budget but in Group Security.

Domain & Product

Requested Domain Journey / Platform

  • Platf1- Data & Analytics & AI Platform
  • Platf2 A- Develop, Test & Deploy Platform
  • Platf2 B- Multi experience Platform
  • Platf2 C- Ent. Business Systems Platform
  • Platf3 A- Ecosystem Platform
  • Platf3 B- Hybrid & Cloud Platform
  • Platf3 C- Intelligent Asset Platform
  • Platf4- Info Security and Compliance Platform
  • Platf5- Workplace Platform
  • Groupe Security
  • Journ1- Digital Customer Journey
  • Journ2- Digital Ops & Corporate Enablement Journey
  • Journ3- Digital Employee Journey
  • Journ4- Prepare the Future & Connected Research Journey
  • DTmng3- DT Enablement & Transformation
Involved Domain Journey/ Platform
  • Platf1- Data & Analytics & AI Platform
  • Platf2 A- Develop, Test & Deploy Platform
  • Platf2 B- Multi experience Platform
  • Platf2 C- Ent. Business Systems Platform
  • Platf3 A- Ecosystem Platform
  • Platf3 B- Hybrid & Cloud Platform
  • Platf3 C- Intelligent Asset Platform
  • Platf4- Info Security and Compliance Platform
  • Groupe Security
  • Platf5- Workplace Platform
  • Journ1- Digital Customer Journey
  • Journ2- Digital Ops & Corporate Enablement Journey
  • Journ3- Digital Employee Journey
  • Journ4- Prepare the Future & Connected Research Journey
  • DTmng3- DT Enablement & Transformation

Initiative Ownership

Digital Technology Partner

Group Security ownership (=> Keith Roth/Chris Turner)

Product Manager / Service Delivery

Benjamin Poissonnet for DT and Keith Roth for GS

Roadmap & Key objectives

Roadmap


2023 Digital Technology Key objective

n/a

Priority

P2

Phase 1: Envision - High level initiatives

Do

  • Create Envision brief if the initiative is part of the validated roadmap

  • Highlight roadmap value
  • Request a budget for Strategize if you need one
  • Security scoring 
  • RADAR/SENTRI

Don´t

  • Request platform resources if the business capability is already identified and clear
  • Write portfolio epics, epics and user stories

  • Identify squad resources

First, let´s start with the Problem space

1.1. Reason

* Why is this initiative proposed today?

  • Sentri V2: there is a need to improve the 1st version by bringing more functionalities and more details related to security controls to be implemented.
  • SIP Module:
    • There is a need to optimize and automate the SIP tool including validation workflows.
    • The major benefit is to centralize the SIP assessment in a single tool more user-friendly and connected to GS existing Sentri module to have continuity between Design, Build and Run security and risks control management
    • New capabilities expected will be validation workflow, automatic versioning system and centralized information.

1.2. Benefits

What are the new capabilities expected?

  • Sentri V2: see here more details
  • SIP module: see here more details and here also


What will it replace? Is it a new solution or an existing one?

Sentri V2: no replacement or no new solution - only improvement of existing solution

SIP module in Sentri: replacement of existing G Spreadsheet (example here)

1.3. Target users

Who are the future users?

Sentri V2: All Applications and Services Owners

SIP module: All Product and Project managers 


What is the number of users impacted?

500+ 1st year and then +1000 after 1 year


What about the Business Needs?

1.4. Value proposition

What is the value of the initiative?

    • Sentri V2: there is a need to improve the 1st version by bringing more functionalities and more details related to security controls to be implemented.
    • SIP Module:
      • There is a need to optimize and automate the SIP tool including validation workflows.
      • The major benefit is to centralize the SIP assessment in a single tool more user-friendly and connected to GS existing Sentri module to have continuity between Design, Build and Run security and risks control management
      • New capabilities expected will be validation workflow, automatic versioning system and centralized information.

1.5. Business goals

How does the product / deliverable align with the business goals?

Global business goal is to improve our cybersecurity posture from envision phase to deliver value and also Run phase for existing solutions.

1.6. Challenges

Are there any challenges in developing the product?

Sentri V2: no

SIP module: yes there is few customization that Vanenburg will have to implement, we will need to focus on the quality of the final solutoin 

1.7. Business metrics

How will we measure success?

Vanenburg final solution to be aligned with specifications with the budget that will be validated.

1.8. Cybersecurity

Please duplicate this template in this folder. Then, for the envision phase, answerto the initiative card tab and  to the 7 high-level questions in the "Security Scoring" tab. These questions will help the SIP team to determine the level of cybersecurity & compliance support you will need. Please contact the team by email: @SIP_team@solvay.com

Security scoring

1.9. Up to investment


What is the coherent time to commit on the initiative?*

Estimated Delivery phase start date*

 

Estimated Delivered end Quarter*

Q2 2023


What is the coherent money to commit on the initiative?*


2023 (in K€)* 2024 (in K€)* 2025 (in K€)

Estimated size of investment (high level)

30 

00


What is the coherent run and build commit on the initiative?

Estimated run costs (estimation high level) - on 10Y (if already known)

not known

Type of savings expected /year for DT (Ex: Contracts, FTE, ...)  

0

1.10. Resources

What skills and talents do we need? 

Risks management and project follow-up with Vanenburg 


1.11. Methodology to apply (refer for Accolade)

Do you think if your initiative is compatible with a waterfall approachor with an agile approach?

  • Agile model
  • Waterfall model
  • I do not know at this stage

If the initiative will be done in Agile methodology, please contact during the strategize phase Nicolas LOVAGNINI

Phase 2: Strategize

Do

  • Identify portfolio epics and epics within each portfolio epics
  • Create a document / slide / spreadsheet to build your epics and put a link in the bief
  • Estimate experts and budget by portfolio epics or by increment
  • Show SMART KPI (Specific, Measureable, Archievable, Relevant, and Time-Bound)
  • Evaluate the impact on Solvay One Planet objectives

Don´t

  • Identify squad resources (naming)
  • Write user stories


Now, we can move on to the Solution space

2.0 Scope / Deliverables

What is your list of scope if waterfall initiatives (technical, functional & organizational) / deliverables foreseen? What are your list of Epics if Agile initiatives?


2.1. Actions to complete 

Mandatory actions (please contact them together if possible)

Description of the action / task

Contact

Document & examples (please make your own copy and insert new link here)

Contact each relevant pool lead to book resources in the capacity planning tool

  • check once done to inform the contact       ARPIN, Florine  

ARPIN, Florine 

Complete Capacity planning tool

Complete Accolade

  • check once done to inform the contact       Claire Bazin   
Claire Bazin Complete Accolade

Review with Enterprise Architect the actual solution answering the objective

Françoise BERGAME (Structure)

Complete Architecture Impact Analysis (AIA)

ARB & AIA

Check you have confirmed the involvement of each platform


Revert to SDM of each Platform

Identify security needs (Confidentiality, Integrity, Availability) and define security measures to be implemented by the initiative team

Benjamin POISSONNET 
Complete the security questionnaire in “SIP Support tool

Support for budget estimation (via the Workload & Cost), Financial evaluation (Total Cost of Ownership over 10Y), saving validation

  • check once done to inform the contact           Jill Wilson   

Jill Wilson 

W&C: to be filled in to Accolade in preparation phase

TCO over 10Y: 

xxxx - Business Case/Financial evaluation 10Y

Optional

If any relation needed with a supplier

BLANCHER, Alexis 


If it concerns a key supplier, a sourcing strategy has to be defined

Isabelle Auboeuf 


If conformity by design is required

Emmanuelle Bureau 

GMP (pharma), ISO

If Data Governance is required: identify the business objects

Philippa de Glanville 

Data Governance Strategise for Initiative Briefs

2.2. Users needs

What do users dislike about the current solution?

Applicable when a new solution is developed



What tools or features do your users wish to have?



What value will it add to the user´s lives?



What alternative do we have?


2.3. Risk Analysis

What are the risks (refer to Risk analysis matrix in Accolade)?


2.3. Solvay One Planet Objectives

What is the qualitative assessment of Hardware/ Data processing/ Project’s contribution to Solvay One Planet?

- Is the business ambition you will support improving or not sustainability?

- Will you increase or decrease the number of hardware we need to operate? How much ?

- Will you generate or transfer an important amount of data, especially videos? How much?

My tasks

  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date
  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date
  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date



  • No labels