* Required information |
ReadmeProject details
Phase |
| |||
|---|---|---|---|---|
Status |
| |||
Start Date |
| |||
Initiative name ID Provided by DT PMO | not provided yet because need an Envision PB Go | |||
Description of the initiative | Needs description: This project is related to the incident that impacted Torrelavega SodaAsh site and the connection from Dataiku to Vendohm Database. An assessment was done and the team find out more 150 projects that are out of GCP Landing Zone, which represents a high security risk as the projects are not under full DT control. Following non exhaustive actions needs to be taken: Added value: this project is a security remediation plan so the added value is to improve our cloud cybersecurity posture. Please see here more information for this project. Budget estimated: the budget will be estimated in the Strategize phase, however, this budget will be fully included in the actual budget of the Information Security & Compliance platform. So this is not a new budget request. | |||
Domain & Product | ||||
Requested Domain Journey / Platform |
| |||
| Involved Domain Journey/ Platform |
| |||
Initiative Ownership | ||||
Digital Technology Partner | ||||
Product Manager / Service Delivery | ||||
Roadmap & Key objectives | ||||
Roadmap | ||||
2023 Digital Technology Key objective | S&C Cloud cybersecurity posture | |||
Priority | P1 | |||
Phase 1: Envision - High level initiatives
Understand: Why is this initiative proposed? What are the consequences if not done? What are the new capabilities expected?
|
|
First, let´s start with the Problem space
1.1. Reason
* Why is this initiative proposed today?
Explain what are the motivations and the expected objective behind this initiative/ what are the consequences if not done?
|
1.2. Benefits
What are the new capabilities expected?
| No new capabilities only security remediation. |
What will it replace? Is it a new solution or an existing one?
| No replacement and no new solution, only security remediation. |
1.3. Target users
Who are the future users?
Identify the future users (BU, sites...) and population concerned
| No impact on users. |
What is the number of users impacted?
| No impact on users. |
What about the Business Needs?
1.4. Value proposition
What is the value of the initiative?
Financial Business expectation (ROI, benefits, savings,...) + Qualitative Business expectation (business value, market fit, visibility,...)
| This project is a security remediation plan so the added value is to improve our cloud cybersecurity posture. |
1.5. Business goals
How does the product / deliverable align with the business goals?
| Business is not involved in the project however the objective of this project is to improve our Cloud cybersecurity posture in order to prevent any GCP security issue (data leak, availability issue...). |
1.6. Challenges
Are there any challenges in developing the product?
| No major challenge identified except the timing. |
1.7. Business metrics
How will we measure success?
| Complexity level were defined here - so success measurement will be performed based on this complexity level. |
1.8. Cybersecurity
Please duplicate this template in this folder. Then, for the envision phase, answerto the initiative card tab and to the 7 high-level questions in the "Security Scoring" tab. These questions will help the SIP team to determine the level of cybersecurity & compliance support you will need. Please contact the team by email: @SIP_team@solvay.com
If not able to answer yet, explain it at the Envision gate and it will be the DTLT to decide if green light or not considering with the high level of uncertainty
| The "Initiative Card" and the "Security Scoring" are fulfilled. Please find here the SIP Tool. |
1.9. Up to investment
Estimated Delivery phase start date*
| Estimated Delivered end Quarter* Q4 2023 |
What is the coherent money to commit on the initiative?*
| 2023 (in K€)* | 2024 (in K€)* | 2025 (in K€) | |
|---|---|---|---|
Estimated size of investment (high level) | 135k€ | between 150 k€ and 200 k€ |
What is the coherent run and build commit on the initiative?
Only run cost impact - TCO over 10Y will be finalized during the strategize phaseEstimated run costs (estimation high level) per year on xxYear (xx= duration of the contract if known) + Type of run cost No run costs. | Type of savings expected /year for DT (Ex: Contracts, FTE, ...) |
1.10. Resources
What skills and talents do we need?
Here kind of skills required in order to start to fill the Capacity Planning. If name already available please write the name
This list will be adjusted in the Strategize phase but here are some assumptions:
|
1.11. Methodology to apply (refer for Accolade)
Do you think if your initiative is compatible with a waterfall approachor with an agile approach?
|
If the initiative will be done in Agile methodology, please contact during the strategize phase Nicolas LOVAGNINI
Phase 2: Strategize
Understand: How this bring value? Which pain points will it removes? Will it be delivered in Agile or Waterfall?
|
|
Now, we can move on to the Solution space
2.0 Scope / Deliverables
What is your list of scope if waterfall initiatives (technical, functional & organizational) / deliverables foreseen? What are your list of Epics if Agile initiatives?
EPIC 1: Study and arbitrate 150 projects with each Head of Platforms to define planning for Wave 2 & 3
EPIC 2: Quick win actions (decomm & replatform) projects into Landing Zone
EPIC 3: Rebuild of Vendohm application into AWS
EPIC 4: Decom projects linked to Dataiku
|
2.1. Actions to complete
| Mandatory actions * (please contact them together if possible) | ||
|---|---|---|
Description of the action / task | Contact | Document & examples (please make your own copy and insert new link here) |
Contact each relevant pool lead to book resources in the capacity planning tool
| Complete Capacity planning tool | |
Complete Accolade
| Claire Bazin | Complete Accolade |
Review with Enterprise Architect the actual solution answering the objective
| Complete Architecture Impact Analysis (AIA) Alexandre Mathé | |
Check you have confirmed the involvement of each platform | Revert to SDM of each Platform | |
Identify security needs (Confidentiality, Integrity, Availability) and define security measures to be implemented by the initiative team
| Complete the security questionnaire in “SIP Support tool” The questionnaire applied only for EPIC 3 - Vendohm rebuild | |
Support for budget estimation (via the Workload & Cost), Financial evaluation (Total Cost of Ownership over 10Y), saving validation
| W&C: to be filled in to Accolade in preparation phase TCO over 10Y: | |
If Data Governance is required: identify the business objects
| Data Governance Strategise for Initiative Briefs | |
| Optional | ||
If any relation needed with a supplier
| ||
If it concerns a key supplier, a sourcing strategy has to be defined
| ||
If conformity by design is required
| GMP (pharma), ISO | |
2.2. Users needs
What do users dislike about the current solution?
Applicable when a new solution is developed
| N/A |
What tools or features do your users wish to have?
| N/A |
What value will it add to the user´s lives?
| Security improvement |
What alternative do we have?
| Keep the current solution but with security issues |
2.3. Risk Analysis
What are the risks (refer to Risk analysis matrix in Accolade)?
Are there any internal / external constraints and what are the preventive actions associated?
Identify risks and mitigation plans
| https://biarritz.solvay.com/Project/Page/getlayout?projectid=12255&layoutid=21 |
2.3. Solvay One Planet Objectives
What is the qualitative assessment of Hardware/ Data processing/ Project’s contribution to Solvay One Planet?
- Is the business ambition you will support improving or not sustainability? no - Will you increase or decrease the number of hardware we need to operate? How much ? yes, by database optimization for EPIC-3 Vendohm we will reduce CPU consumption - Will you generate or transfer an important amount of data, especially videos? How much? for EPIC-3 Vendohm the current data stored is 18TO => will be reduced |