Project Closure Checklist - Download Now DOC by HC121003063046

VIEWS: 4 PAGES: 9

									                               Project Closeout Report
 Project Name              CFIS                                                 Date                    08/25/10
 Executive Sponsor         Mary Herrera                                         Lead Agency             SOS
 Project Manager           Jose Hernandez                                       Agency Code             37000


 PROJECT DESCRIPTION (PROVIDE A BRIEF DESCRIPTION AND PURPOSE FOR THIS PROJECT)
      This project will transition the New Mexico Secretary Of State’s Campaign Finance Reporting System
      from the old Political Finance Reporting System (PFRS) to the new Campaign Finance Information System
      (CFIS). The objective is to assist the Secretary of State in providing a more user-friendly campaign finance
      reporting system to be used by candidates running for public office, political action committees, lobbyists,
      receipting associated with these functions, and to provide better service to the general public.




                                                    Schedule and Budget
 Planned Start Date                        12/01/10                     Actual Start Date                        12/01/10
 Planned End Date                          03/26/10                     Actual End Date                          03/26/10
 Planned Cost: (Budget)                  $176,500.00                    Actual Cost: (Total)                    $176,500.00
      Professional                      $161,500.00                         Professional                      $161,500.00
       Services                                                               Services
      IV&V                               $5000.00                           IV&V                               $5000.00
      Software                           $6,000.00                          Software                           $6,000.00
       Enhancements
      Network                                0.0                            Network                               0.0

      1 year                             $4000.00                           Other                              $4000.00
       Maintenance




 Appropriation History (Include all Funding sources,   e.g. Federal, State, County, Municipal laws or grants)

                           Amount                                              Funding Source(s)
    Fiscal Year
 FY 2008              $176,500.00           House Bill 2, Laws of 2008, Section 7, Item 19
                                            FY10 End of Appropriation




                          This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                                         Page 1 of 9
                                Project Closeout Report

                                                    Scope Verification
 Requirements Review                                                           Yes      No              Explanation/Notes
 Were the project objectives (expected outcomes) accomplished?                   x
 Were all Deliverables submitted and accepted?                                   x
 Did the IV&V vendor verify that all deliverables met the requirements?          x
 Have all contracts been closed?                                                 x
 Have all final payments been made (i.e., invoices paid)                         x
 Has adequate knowledge transfer been completed?                                 x




 TRANSITION TO OPERATIONS: (DESCRIBE AGENCY PLAN TO MIGRATE PROJECT SOLUTION TO PRODUCTION.
 INCLUDE DOIT IMPACT IF DIFFERENT THAN PREVIOUS REPORT)
 On the week of March 26, 2010, RTS developers made final modifications to the system as requested by the Secretary
 Of State’s office, and prepared the system to go live on Friday, March 26, 2010. The changes to the system included
 adding new functionality to the public reports such as filters, building out the archived pdf tables and requiring users to
 change their passwords at first login.

 In preparation for deployment, SOS staff shut off access to the old system performed a database dump for RTS
 developers. On Thursday, March 25, 2010, RTS developers imported the data from the old system and created new
 accounts on the “quality” environment. SOS staff sent a DNS domain request to DoIT and on Friday, March 26, the
 domain was sent via DNS to RealTimeSites IP address. On Friday, March 26, 2010, the Campaign Finance Information
 System (CFIS) was deployed. RTS will continue monitoring the system and fixing errors that might arise as users
 begin to access the new system.




                                               Maintenance/Operations
                                                                               Yes      No              Explanation/Notes
                                                                                             $ 4,000 for the first year of
 Are there recurring maintenance/operational costs for the product/service?      x
                                                                                             maintenance support
                                                                                             A new software reporting tool
                                                                                             was purchased and
                                                                                             implemented into the system to
                                                                                             provide better reporting
 Are there any recommended enhancements or updates?                             x            methods. Any further
                                                                                             enhancements or updates
                                                                                             recommended by SOS staff
                                                                                             will be handled in the second
                                                                                             revision.
 Funding source for maintenance/operational costs?     (Describe) An agreement was made by both SOS and RTS at the
 creation of the contract that RealTimeSites would maintain and support the new CFIS for one year at a cost of $4,000.00
 dollars. Funding source for maintenance/operational costs will come out of the SOS operating budget.


                           This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                                    Page 2 of 9
                               Project Closeout Report
 BUSINESS PERFORMANCE MEASURES (COMPLETE FOR ALL PHASES)
 COMMENTS:




 PHASES             COMPLETION DATE                  GOALS/OBJECTIVES                   AMOUNT                RESULTS

                                                                                                      Project Charter and
                                                                                                      Project Management
                                         Develop Project Charter and follow the                       plan were developed.
                    12/01/09             IT project certification timeline and         $0.0           Project certifications
                                         gates process recommended by DoIT.                           were performed with
                                                                                                      the TARC and PCC as
 Initiation:                                                                                          scheduled.
                                                                                                      Functional and
                                                                                                      technical specifications
                                                                                                      were completed by
                                         Develop functional and technical
                                                                                                      both SOS and RTS
                                         specifications of new CFIS application.
                                                                                                      staff. Contractor was
                                         Identify contractor capable of
                    12/01/10                                                           $40,00         selected to create
                                         performing IV&V report of CFIS
                                                                                                      IV&V reports.
                                         project. Perform a network security
                                                                                                      Network security
                                         assessment of SOS IT environment.
                                                                                                      assessment of SOS
                                                                                                      network system was
 Planning:                                                                                            performed.
                                                                                                      An independent
                                                                                                      validation and
                                                                                                      verification of the
                                                                                                      CFIS project was
                                         Develop IV&V by selected contractor.
                                                                                                      completed by POD. All
                                         Complete all deliverables by selected
                    01/01/10 thru                                                                     deliverables specified
                                         contractor including functional and           $136,500
                    03/26/10                                                                          in the contract were
                                         technical specifications of new CFIS.
                                                                                                      completed on time.
                                         Deploy new CFIS by 03/26/10.
                                                                                                      Deployment of new
                                                                                                      CFIS took place March
                                                                                                      26, 2010 as mentioned
 Implementation:                                                                                      on the contract.
                                         Conduct a closeout of new CFIS project                       Results pending on
                    04/07/10             by DoIT’s project oversight and               $0.0           designated day of
 Closeout:                               compliance division consultant.                              closeout




                         This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                                   Page 3 of 9
                                 Project Closeout Report
 LESSONS LEARNED
     1. It is very crucial that the project team understand and identify all aspects of the project business flow during
        the creation of the functional specifications and the technical specifications.
     2. Develop a strong project team committed to the duration of the project willing to work as a team, extended
        hours, and involved at every stage of the project from the initiation to the closeout phase.
     3. Have a contingency plan ready for the unexpected.
     4. Avoid doing high level projects simultaneously by prioritizing, planning and improved communication from
        upper management down to supporting staff.
     5. Maintain current documentation of ongoing project through weekly meetings, weekly project status reports,
        crucial dates and milestones.




      IT System Analysis
      On this document, or as an attachment, provide a summary response, including changes, to the
      following IT infrastructure topics relating to this project:

              Describe or estimate this project’s impact on the State Datacenter infrastructure.
                    o Hardware (List type of hardware anticipated. Keep in mind the State Datacenter may have pre-built hardware
                       stacks available): Not Applicable for the first year of deployment of the new CFIS.


                    o Network (Include Diagram): Not Applicable


                    o Software / Applications (Provide application schematic if available): Component Art Tool software was
                       used to produce reports
                    o Hosting Considerations (If not hosted at the State Datacenter describe your strategy to host at the State
                       Datacenter):
                        The new system will be hosted at RealTimeSites for the first year of deployment. Additional information and
                        diagram are as follows:
               Network Architecture The application servers reside at the Prism Technologies data center. Following successful
               deployment, the contractor will host and fully support the CFIS system for the Secretary of State for one year. The
               Secretary of State, after this first year, will then develop a plan to migrate the CFIS system to the New Mexico
               Department of Information Technology’s (DoIT) Data Center for hosting purposes.

               During this first year of hosting by the Contractor, the Secretary of State will develop a migration plan, to include all
               migration specifications and requirements. The Agency will own the new system and its source code in its entirety
               after completion of the project. The Contractor will provide hosting for the first full year of project deployment.
               Prism Technologies 219 Central NW Albuquerque, NM 87102 (505) 212-0694

               The Prism data center is a state-of-the-art Internet data center: 24x7x365 on-site tech staff; direct, highly scalable and
               super fast connections to most of the top Internet backbones; power generator; UPS; cooling system; pre-action fire
               suppression system. The application servers are connected to the internet via redundant connections from Cedar
               Networks (45 Mb/s) and Time Warner Telecom (20 Mb/s). The application and its database will have primary servers
               and hot spare servers in the data center.



                           This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                                       Page 4 of 9
                         Project Closeout Report
                     Note: Network diagram next page




                    This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                Page 5 of 9
                             Project Closeout Report


 Business Continuity Strategy
 On this document, or as an attachment, provide a summary response, including changes, of
 your business Continuity Strategy.
 Emergency and Disaster Management
 RealTimeSites will conduct daily incremental backups of the operating environment and data
 comprising the CFIS application. Backups are moved to a secure off site location on a weekly
 basis and retained for a period of 1 month unless otherwise requested. Documentation that
 addresses disaster recovery for the CFIS application will be generated and made available to
 Secretary of State and RealTimeSites staff.



 4.0 BACKUP AND OFFSITE STORAGE Policy and PROCEDURES
 Backup and retention schedules and procedures are critical to the recovery of an agency’s
 applications and data.

  Hardware
  Software (including version),                                   ASP.NET Pages: Web Pages hold units
                                                                  of functionality which usually are
                                                                  accessed by the user

  Data file back-up and retention schedules                       Conduct daily incremental backups of the
                                                                  Operating environment and data comprising the CFIS
                                                                  application and retained for a period of
                                                                  1 month unless otherwise requested

  Snap shot                                                       A snapshot of the entire monthly backup
                                                                   Data files and operating system files
                                                                  will be done at the end of each month
                                                                  and submitted to SOS IT designated
                                                                  personnel.
  Off-site storage details                                        Backups are moved to a secure off
                                                                  site location on a weekly basis

  Contact and authority designation for personnel to              RealTimeSites – Chief Technology Officer
  retrieve media.




 Business Resumption: The Prism data center where the application server will reside is a state-
 of-the-art internet data center with 24/7 365days on site tech staff, direct, highly scalable and
 super fast connections to most of the top internet backbones; power generator, UPS, cooling
 system and pre-action fire suppression system.
 Operational Recovery Planning: The application servers will be connected to the internet via
 redundant connections from the Cedar Networks (45 Mb/s) and Time Warner Telecom (20 Mb/s).
 The application and its database will have primary servers and hot spare servers in the data
 center.


                        This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                            Page 6 of 9
                               Project Closeout Report



 Security Strategy (Application and Data Security Process, Plan, or Standard)
 The following security questionnaire addresses application and data security strategy.
 What are your security requirements?
    Password Encryption
    Password and User ID Required
    Administrative access for maintenance purposes
    Ethics established procedures for user id and password

 Physical Security:
     Do you have physical security for the hardware of this project? Yes.

         Do you have access control and video surveillance included in your security solution? Yes.

         Who is responsible for physical security? If yes please explain in detail your physical security.

          RealTimeSites Contractor

 Cyber Security:
        Has your network undergone an independent security assessment? Yes.
        If yes did it include application security? Yes.

         Who will have access to this application?
         Public
         SOS Staff
         Filers

          Will users need to logon with a username and password for security purposes? Explain authorization
          solution.

          CFIS Administration (access only by Secretary of State Administrators). Main function is to set up new
          accounts, manage accounts, manage elections and run reports.

          Campaign Finance Data Entry (access only by Campaign Finance Administrators). Main function is to
          enter all required financial data relevant to campaign and submit reports according to filing deadlines.

          Lobbyist Data Entry (access only by Lobbyist Finance Administrators). Main function is to enter all
          required financial data relevant to lobbying activities (expenditures, special events, contributions and
          bundling); submit reports.

          Public Reports (public access). Main function: To allow public to easily view financial data within
          campaigns and across campaigns. Heighten transparency of Campaign Finance data.

          Will your data be accessed from the Internet? If so what is your encryption solution?
          Yes.
               o For public access, there is no encryption solution because the data is public record.
               o The security layer will provide Authorization/Authentication capabilities to an user that interacts
                  with the application. Communications between the client browser and the server will be
                          This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                               Page 7 of 9
                                Project Closeout Report
                    encrypted via Secure Socket Layer (SSL).




 Is any of the following sensitive personal information collected or stored in the database
     or presented to users? (Please check all that apply)

                                                      Collected from            Stored in               Presented to
                                                           user                 database                   users
        First and last name                                Yes                    Yes                       Yes
        Date of birth                                       No                     No                       No
        Address                                            Yes                    Yes                       Yes
        Social Security Number                              No                     No                       No
        Driver License Number                               No                     No                       No
        Credit/debit card number                            No                     No                       No
        Checking/savings account number                     No                     No                       No
        Account number                                      No                     No                       No
        Password                                           Yes                    Yes                       No


 Do you maintain and administer intrusion detection?
 Yes,

 Do you maintain and administer a firewall? If not who does?
 Yes,

 Do you monitor and review security equipment logs?
 Yes.

 Please explain in detail your cyber security.
      We monitor for unusual activity.
      We have deep packet inspection firewalls.
      We monitor unsuccessful application logins and take action as deemed necessary.
      We have tested for SQL injection vulnerability.




                           This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                                      Page 8 of 9
                             Project Closeout Report




 Project Sign Off
 The signatures below certify that this project has been completed in accordance to the specified budget,
 schedule, scope, and achieved the intended outcome.
 Stakeholders                                         Name: Signature                              Date
 Executive Sponsor
 (or Designee):                                                                                     04/09/10
 Mary Herrera
 Lead Agency Head
 (or Designee):                                                                                     04/09/10
 Don Francisco Trujillo II
 CIO IT Lead:
                                                                                                    04/09/10
 Venkatesh Dhagumudi
 Project Manager:
                                                                                                    04/09/10
 Jose Hernandez




                       This is a controlled document; this version supersedes all other versions.
Revision: 3/16/10                                                                                      Page 9 of 9

								
To top