Initiative brief

(lightbulb) Readme

* Required information

Project details

Phase

  • Envision
  • Strategize

Status

   Current status: IN PROGRESS

UNDER REVIEWAPPROVEDNOT APPROVED

Start Date


 

Initiative name

ID Provided by DT PMO

Vulnerability data management (Group Security).

Description of the initiative

Vulnerability team objective: to detect vulnerabilities. Ex. SAP/ Microsoft can send reports of vulnerabilities regarding the codes. Reduction of 6M to 0,5M of vulnerabilities. 

Needs: The Vulnerability Team (represented by Gareth WILLIAMS Xavier Paulus ) is using a web application named CrowdStrike to protect endpoints based in the Cloud. 

The Vulnerability team needs to extract those data and store them in a safe place. Extraction needed because necessary to make long term analyses (data are stored only 45 days in the platform CrowStrike - too short term).

The team needs also to run them, in order to build report of vulnerabilties to be shared with DT. DT will then apply the necessary patches based on these reports.

Process to run data: 
1- combine the data
2- aggregate the data (that remediation can fix all these vulnerabilities)
3- prioritize 
4- generate reports to the DT + external partners of DT (Cap, Infosys) normally 

Added Value: Solution which replace the serviecs rendered by Accenture until end of Dec 2022. 

Storage solution identified: to build a server (advice of architecture MATHE, Alexandre

(Alternative not chosen: platform storage + transformation function : product on the market ("mango DB" > massive search, but not a standard for Solvay > architecture board refused). 

Users: 
- the person creating the dashboards / reports (3-4 pers of Vulnerability team )
- the persons to be informed as DT team mainly.

Domain & Product

Requested Domain Journey / Platform

  • Platf1- Data & Analytics & AI Platform
  • Platf2 A- Develop, Test & Deploy Platform
  • Platf2 B- Multi experience Platform
  • Platf2 C- Ent. Business Systems Platform
  • Platf3 A- Ecosystem Platform
  • Platf3 B- Hybrid & Cloud Platform
  • Platf3 C- Intelligent Asset Platform
  • Platf4- Info Security and Compliance Platform
  • Platf5- Workplace Platform
  • Journ1- Digital Customer Journey
  • Journ2- Digital Ops & Corporate Enablement Journey
  • Journ3- Digital Employee Journey
  • Journ4- Prepare the Future & Connected Research Journey
  • DTmng3- DT Enablement & Transformation
Involved Domain Journey/ Platform
  • Platf1- Data & Analytics & AI Platform
  • Platf2 A- Develop, Test & Deploy Platform
  • Platf2 B- Multi experience Platform
  • Platf2 C- Ent. Business Systems Platform
  • Platf3 A- Ecosystem Platform
  • Platf3 B- Hybrid & Cloud Platform
  • Platf3 C- Intelligent Asset Platform
  • Platf4- Info Security and Compliance Platform
  • Platf5- Workplace Platform
  • Journ1- Digital Customer Journey
  • Journ2- Digital Ops & Corporate Enablement Journey
  • Journ3- Digital Employee Journey
  • Journ4- Prepare the Future & Connected Research Journey
  • DTmng3- DT Enablement & Transformation

Initiative Ownership

Digital Technology Partner

Gareth WILLIAMS Xavier Paulus 

Product Manager / Service Delivery

Claire FRABOLOT MATHE, Alexandre 

Roadmap & Key objectives

Roadmap


2023 Digital Technology Key objective


Priority

Enter the level of priority of your initiative: P1 must do by day 1/ P2 can do/ P3 parked for now

Phase 1: Envision - High level initiatives

Do

  • Create Envision brief if the initiative is part of the validated roadmap

  • Highlight roadmap value
  • Request a budget for Strategize if you need one
  • Security scoring 
  • RADAR/SENTRI

Don´t

  • Request platform resources if the business capability is already identified and clear
  • Write portfolio epics, epics and user stories

  • Identify squad resources

First, let´s start with the Problem space

1.1. Reason

* Why is this initiative proposed today?

End of the contract with Actenture at the end of December 2022. Services to be internalized. 

1.2. Benefits

What are the new capabilities expected?

  • Dedicated server to store the data / classification 


What will it replace? Is it a new solution or an existing one?

New solution replacing the services rendered by Accenture until end of Dec. 2022. 

1.3. Target users

Who are the future users?

  • Vulneability team (2 users)
  • DT LT as viewers (in order to apply the priority patches issued from the reports). 
  • ExCom as viewer. 
  • Externals as Capgemini. 


What is the number of users impacted?

  • around 20.


What about the Business Needs?

1.4. Value proposition

What is the value of the initiative?

  • Services costs of Accenture savings. 
  • More reliability of the data shared with DT. 
  • Data centralised in one and safe place (today stored on individual computers), facilitate the PO2 split and transition. 

1.5. Business goals

How does the product / deliverable align with the business goals?

  • Reinforce the security of the group (mainly for DT). 

1.6. Challenges

Are there any challenges in developing the product?

  • Availability of the internal resources due to PO2. 

1.7. Business metrics

How will we measure success?

  • volume of documents stored in the new server
  • number of vulnerability detected 
  • number of priority patches 

1.8. Cybersecurity

Please duplicate this template iand contact the SIP teaùm in order to get your corresponding folder. Then, for the envision phase, answer to the initiative card tab and  to the 7 high-level questions in the "Security Scoring" tab. These questions will help the SIP team to determine the level of cybersecurity & compliance support you will need. Please contact the team by email: @SIP_team@solvay.com


1.9- Involvment of Data Domains

If your initiative is working with data, please select the domain which is impacted:

  • Marketing & Sales (Customer & Market segment / Price conditions & CMIR)
  • Supply Chain Management (Routes & Rates)
  • Procurement (Master data: Vendors, Contracts, Material (Group)/ Reference Data: Payment terms, Structures)
  • Finance (Management (MAC)/ Financial (FAC)/ Treasury)
  • HR (HR Master Data (Employee, Personal, Identity))
  • Industrial (BOM, Asset Hierarchy, MES Tag, Process Batch)
  • R&I (Products, Equipments/ Projects)
  • Structures & shared referential (Structures/ Shared referential data/ Finished goods)
  • Sustainability

1.10. Up to investment


What is the coherent time to commit on the initiative?*

Estimated Delivery phase start date*

 

Estimated Delivered end Quarter*

Q3 2023


What is the coherent money to commit on the initiative?*


2023 (in K€)* 2024 (in K€)* 2025 (in K€)

Estimated size of investment (high level)

 Project management : XX 

Server  : XX 

Functionalities : XX 

Services : XX 

Server  : XX 

Functionalities : XX 

Services : XX 

Server  : XX 

Functionalities : XX 

Services : XX 


What is the coherent run and build commit on the initiative?

Estimated run costs (estimation high level) per year on xxYear (xx= duration of the contract if known) + Type of run cost

Server run costs : XX EUR / year 

Other functionalities : XX EUR / year 


Type of savings expected /year for DT (Ex: Contracts, FTE, ...)  

Accenture fees: XX EUR / Year 

Please add here the required envelop needed to work on the strategize phase - if needed (maximum 40k€) :

XX EUR 

1.11. Resources

What skills and talents do we need? 

Alexandre Mathe + Data analytics expert


1.12. Methodology to apply (refer for Accolade)

Do you think if your initiative is compatible with a waterfall approachor with an agile approach?

  • Agile model
  • Waterfall model
  • I do not know at this stage

If the initiative will be done in Agile methodology, please contact during the strategize phase Nicolas LOVAGNINI

Phase 2: Strategize

Do

  • Identify portfolio epics and epics within each portfolio epics
  • Create a document / slide / spreadsheet to build your epics and put a link in the bief
  • Estimate experts and budget by portfolio epics or by increment
  • Show SMART KPI (Specific, Measureable, Archievable, Relevant, and Time-Bound)
  • Evaluate the impact on Solvay One Planet objectives

Don´t

  • Identify squad resources (naming)
  • Write user stories


Now, we can move on to the Solution space

2.0 Scope / Deliverables

What is your list of scope if waterfall initiatives (technical, functional & organizational) / deliverables foreseen? What are your list of Epics if Agile initiatives?


2.1. Actions to complete 

Mandatory actions (please contact them together if possible)

Description of the action / task

Contact

Document & examples (please make your own copy and insert new link here)

Contact each relevant pool lead to book resources in the capacity planning tool

  • check once done to inform the contact       ARPIN, Florine  

ARPIN, Florine 

Complete Capacity planning tool

Complete Accolade

  • check once done to inform the contact       Claire Bazin   
Claire Bazin Complete Accolade

Review with Enterprise Architect the actual solution answering the objective

Françoise BERGAME (Structure)

Complete Architecture Impact Analysis (AIA)

ARB & AIA

Check you have confirmed the involvement of each platform


Revert to SDM of each Platform

Identify security needs (Confidentiality, Integrity, Availability) and define security measures to be implemented by the initiative team

Benjamin POISSONNET 
Complete the security questionnaire in “SIP Support tool

Support for budget estimation (via the Workload & Cost), Financial evaluation (Total Cost of Ownership over 10Y), saving validation

Jill Wilson 

W&C: to be filled in to Accolade in preparation phase

TCO over 10Y: 

xxxx - Business Case/Financial evaluation 10Y

If Data Governance is required: identify the business objects

Philippa de Glanville 

Data Governance Strategise for Initiative Briefs
Optional

If any relation needed with a supplier

BLANCHER, Alexis 


If it concerns a key supplier, a sourcing strategy has to be defined

Isabelle Auboeuf 


If conformity by design is required

Emmanuelle Bureau 

GMP (pharma), ISO

2.2. Users needs

What do users dislike about the current solution?

Applicable when a new solution is developed



What tools or features do your users wish to have?



What value will it add to the user´s lives?



What alternative do we have?


2.3. Risk Analysis

What are the risks (refer to Risk analysis matrix in Accolade)?


2.3. Solvay One Planet Objectives

What is the qualitative assessment of Hardware/ Data processing/ Project’s contribution to Solvay One Planet?

- Is the business ambition you will support improving or not sustainability?

- Will you increase or decrease the number of hardware we need to operate? How much ?

- Will you generate or transfer an important amount of data, especially videos? How much?

My tasks

  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date
  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date
  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date



  • No labels