Help
Secure Collaboration in A&D
What are your business process requirements for managing access control and content classification?
April 27th, 2009 | Secure Collaboration in A&D | Posted by Richard Prince
One of the most daunting tasks in secure collaboration is the process of organizing your business IP so that advanced technology can be employed to control and record access.
Collecting disparate and fragmented information across the enterprise is a gargantuan task. Many organizations have difficulty implementing secure collaboration solutions because they cannot get beyond the task of identifying data sources and grouping the underlying content.
For example, organizations may have myriad instances of File Servers which are used as information archives. You may also have a variety of repositories or “silos” for data such as engineering or manufacturing documents, Bills of Materials, change management artifacts/records, manufacturing work instructions, etc.
A core capability of leading secure collaboration technology solutions is content classification where business IP can be tagged or annotated according to security characteristics. Other core capabilities include access control mechanisms, audit logging and access reporting as well as physical considerations such as HTTPS, Single Sign On (SSO), and Firewalls.
The discussion this week is intended to focus on the business or organizational implications of implementing and deploying technology solutions. Some typical questions include:
- What types of business process implications do you anticipate as it relates to organizing enterprise content for classification?
- What types of business repositories need to be assessed and considered?
- Can you define some typical access control requirements which you feel might be required for your organization?
- Do you understand the different forms of access control?
- Does your organization currently use technology to electronically control and secure IP? How effective are these applications?
- Are there instances where your organization is using a particular technology for collaboration even though that application was never intended to be used for collaborating across diverse and distributed groups? What business problems or inefficiencies were introduced because of the misapplication of technology?
- What other business process implications do you see as you approach this task?
Please share your experiences and best practices regarding organizing and classifying IP.
What are your technology requirements for secure collaboration?
April 20th, 2009 | Secure Collaboration in A&D | Posted by Richard Prince
Having examined some of the challenges relating to secure collaboration and the regulations mandating control of IP, the focus will shift to a discussion regarding technology solutions for secure collaboration.
When selecting a technology solution for secure collaboration, it is important to focus on business process requirements as well as linkage to strategic objectives before analyzing providers and applications.
Collaboration can be an effective strategy to grow market share, become more competitive or to develop new markets. As such, it is important to understand these strategic drivers. Likewise, it is imperative that the organization understand a variety of issues related to business process requirements such as:
- Have you identified all stakeholders and the various enterprise-wide collaborating communities?
- Are your business process requirements for collaboration defined and documented?
- What are your vehicles for collaboration?
- What are the forms of preexisting technology and infrastructure for enabling collaboration?
Once these topics have been answered, you can evaluate and select an appropriate, secure collaboration solution.
- In evaluating technology solutions, what are your requirements for secure collaboration?
- What are your needs for content classification?
- How detailed are your needs for access control?
- Does your organization have an identity management solution where users can be vetted and approved, based upon their organization and citizenship?
- How does your organization designate users and groups in the context of secure collaboration?
- Are you familiar with the concept of Integrated Digital Environments (IDEs) and can you identify some best-in-class implementation of an IDE?
- Can you describe some best-in-class methodologies for secure collaboration?
Describe your experiences with implementing secure collaboration technology solutions.
Has regulatory compliance affected your efforts to achieve secure collaboration?
April 13th, 2009 | Secure Collaboration in A&D | Posted by Richard Prince
Almost all A&D organizations have different classes of IP which must be secured and managed. These classes are typically designated based on the nature of the underlying content and the degree to which regulations or internal policies dictate processes for controlling access. Some typical content designations include the following:
- Proprietary Information subject to Proprietary Information Agreements (PIAs)
- Confidential Information subject to Non-Disclosure Agreements (NDAs)
- Secret or Top Secret content
- Classified or Unclassified content
- ITAR or Export Control regulations, subject to US State Dept. authorized agreements
This week’s discussion is focused upon understanding which types of regulations and requirements are prevalent within your organization and within your industry segment as it relates to secure collaboration. The goal of this discussion will be to identify different forms of regulatory requirements and to discuss some of the challenges related to managing content in these classes. Specifically:
- Are there specific classes which are more difficult to manage than others?
- Are some classes very technical and as such more difficult to understand and manage?
- How does your organization continuously train and educate employees regarding these regulations and their associated requirements as they evolve?
- What are some of the typical problems you see with how your IP is managed according to these regulations?
- In general terms, what are some best practices you would be willing to share regarding how your organization manages content subject to regulatory requirements?
Please share your experiences and best practices regarding regulatory compliance.
Is your shared working environment effective for secure collaboration?
April 6th, 2009 | Secure Collaboration in A&D | Posted by Richard Prince
Collaboration within the extended enterprise and across the value chain has transformed the way weapons systems and A&D products are developed, manufactured and sustained. Yet, the impetus behind collaboration accelerated so quickly that many organizations adopted inefficient and inferior methodologies to traverse distributed environments. While they achieved some success, they also significantly increased the risk of inadvertent or incorrect transfer of business IP.
In many cases, these methodologies relied upon Shared Working Environments (SWEs) such as File Servers and Public Folders as the application/technology for collaboration. While this provided a mechanism for personnel to post content which could be accessed by teams or groups, the environment lacked a controlled collaboration process. Controlled collaboration entails business processes and best-of-breed technology solutions which provide an electronic audit trail of activities (who accessed data, what data was accessed and what form of access (content, meta data, etc.), when did it happen and what was the context for the collaboration (program, project, product, etc.).
During the first week of this discussion, we encourage your input regarding your experiences using SWEs. In essence, we want the good, the bad and the ugly regarding your experience using these types of environments.
Here are some questions to kick off what I hope will be a lively discussion:
- How are SWEs used in your organization and how successful are they?
- Typically, what are the different forms of SWE collaboration within A&D organizations?
- Which ad hoc and uncontrolled collaboration methodologies have you encountered and why they represent business risk?
- How has the lack of controlled collaboration adversely affected program and project performance?
- How significant is the risk of inadvertent IP or technology disclosure in your daily working environment?
Please comment on what is driving your organization to address uncontrolled and ad hoc collaboration as manifested in SWEs.
Enhancing S1000D
March 30th, 2009 | Product Information Delivery for S1000D | Posted by Charlie Cartwright
S1000D encourages all interested parties to contribute to the specification. S1000D Chapter 1.5, titled Request for Change, identifies the process for requesting/suggesting a change to the Specification.
Everyone is encouraged and may submit a change that they think will enhance the specification. Changes are coordinated in the international community and are incorporated only after international approval has been secured.
Please share lessons learned and suggestions for improvement that you would like to see in the S1000D specification.
Implications of U.S. Military Adoption of S1000D
March 23rd, 2009 | Product Information Delivery for S1000D | Posted by Charlie Cartwright
Both the U.S. Air Force and U.S. Army have announced that they will be willing and able to accept technical publications produced to S1000D Issue 4.0. To that end both are producing Business Rules for their service. The U.S. Army Business Rules are in review and sign-off now. The USAF Business Rules are expected to be available at the end of the summer 2009.
What do you see as the implications of the U.S. Air Force and U.S. Army S1000D Policy Guidance?
Implementing the S1000D Documentation Process
March 16th, 2009 | Product Information Delivery for S1000D | Posted by Charlie Cartwright
S1000D Chapter 2 describes the Documentation Process. This process represents “best practice” for producing technical manuals. It is; however, different from the traditional processes in place at many companies. This process change is critical in implementing S1000D.
Describe your experiences with implementing the S1000D documentation process?
S1000D Business Rule Creation and Implementation
March 9th, 2009 | Product Information Delivery for S1000D | Posted by Charlie Cartwright
Within S1000D there are a number of decisions that each project or organization must make. These Business Rules are decisions on how to implement S1000D. S1000D Chapter 2.5 Documentation process – Business rules provides detailed information and guidance related to S1000D Business Rules.
In Issue 4 an attempt was made to gather the Business Rule decisions that must be made into prescribed and easily identified segments of each chapter. These paragraphs are entitled “Business Rules Decisions.” Issue 4.0 has about 676 paragraphs that contain Business Rules Decisions information.
In S1000D Issue 3.0 and earlier issues, the specification is less direct in pointing out areas where Business Rules decisions must be made. The paragraphs that contain Business Rule information in Issue 3 have various titles and key phrases. Issue 3.0 has 319 paragraphs where ‘…projects must decide…”, 52 paragraphs where “… the project must decide…”, 27 paragraphs were items are “… by project decision…”, 18 paragraphs where “…project decides…”, and 14 paragraphs where “…a project decision…” must be made.
Please share your experiences and best practices with S1000D business rule creation and implementation?
Drivers for S1000D Implementation
March 2nd, 2009 | Product Information Delivery for S1000D | Posted by Charlie Cartwright
S1000D Specification Chapter 1.3 Paragraph 2 states:
A benefit of the CSDB is to enable production of platform-independent output in either page oriented or IETP.
Data managed in S1000D is not duplicated in the CSDB. Data modules enable data to be stored once and used for multiple outputs. A single change to an individual data module can update multiple outputs and multiple deliveries.
Other benefits of using S1000D are:
- It is based on international neutral standards.
- It reduces maintenance costs for technical information.
- It transforms data into configuration items.
- It allows subsets of information to be generated to meet specific user needs.
- It facilitates the transfer of information and electronic output between disparate systems.
- Many different output forms can be generated from the same base data thus ensuring safety of data and that every user regardless of output form is getting the same message.
- The S1000D data module concept can be applied to legacy data.
- It is non-proprietary and allows neutral delivery of data and management of data.
- The specification incorporates the planning and management, production, exchange, distribution and use of data in electronic form for different types of output (from page oriented to IETP) as shown in Fig 1.
Did you implement or are you considering implementing because of these advantages?
Did you implement or are you considering implementation because of a broader initiative such as Total Life Cycle Systems Management?
Do you see other advantages or disadvantages to implementing S1000D?
Please comment on what is driving your organization to S1000D implementation?
Technologies for Enabling Lifecycle Management
February 23rd, 2009 | Total Lifecycle Systems Management | Posted by Thomas Murphy
Realizing effective Total Life Cycle Systems Management (TLCSM) will involve both significant technical and cultural change. It will require a combination of sustained policy and process improvements, aggressive engineering and logistics workforce development. In addition, appropriate interoperable tools, technologies and environments must support and enable several key concepts simultaneously, including:
- Collaborative Systems Engineering
- Iterative/Spiral Design
- Systems Operational Effectiveness (SOE)
- Design for Supportability
- The new Life Cycle Logistics Flow
Added to these concepts is the complexity of “design” trades that involve accurate Weapon System Configuration, System Performance, System Operational Availability (Ao)/Readiness, Process Efficiency and Life Cycle Cost.
Please share your successful or unsuccessful experiences or knowledge of tools/technologies and environments that you feel support the Life Cycle-oriented concepts described above.