SERIES: The Art of Effective POC – Part – 3

      Comments Off on SERIES: The Art of Effective POC – Part – 3

Before I start on Part 3, till now we have seen:

Sr Phase Steps
1 Pre POC
  • Identify business requirement and its weightage
  • Multiple products & feature analysis
  • Organization’s budget Vs Cost
  • Product in Architecture
2 During POC
  • Test users
  • Test scenario
  • Simulate test scenario in

This is my last blog on this series of “The Art of Effective POC”. The focus of this blog is on POST-POC activities.

Many IT professional believes, Once Simulation (activity at During-POC) is completed, POC is completed. Answer is NO, a very BIG NO.

Before you conclude on completion of POC, make sure you have answer of below questions:

  • Are you confident that Product is meeting your BUSINESS REQUIREMENT?
  • What would be the BUSINESS IMPACT, if we go ahead with product?
  • What would be the BUSINESS IMPACT, if we do not go ahead with product?
  • Does this product going to meet / support my future BUSINESS GOALS?
  • If we are going ahead with product, what RISK are we carrying? Is these RISKS acceptable to organization?

Q: How do I get an answer of these questions?

A: Follow Phase 3 (Post POC)

Sr Phase Steps
3 Post POC
  • Evaluate weightage score
  • Walk through to CISO
  • Risk communication
  • Decision

Evaluate weightage score

Let’s recall our Pre-POC phase where we had documented BUSINESS REQUIREMENT along with weightage and category. Now it’s time for qualitative analysis. Based on your “Test Scenario Simulation and analysis” in Phase 2, apply simple mathematical analysis to calculate weightage. Calculate Weighate for each BUSINESS REQUIREMENT and arrive at final score for each product.

Though this method is quite subjective but if followed effectively, could be helpful for CISO to take quick decision. The reason or objective behind weightage is to help management to take quick decision.

Walk through to CISO

This is extremely important. At least Project Owner should take CISO walk through for BUSINESS CRITICAL requirements. Reasons are:

  • CISO would be able to take decision with firm confidence.
  • To take feedback / input
  • CISO can relate product features from future BUSINESS GOALS perspective
  • Identify risks

Risk Communication

Companies where Information Security is discussed at Board level, this becomes mandatory requirement.

Q: What is Risk Communication?

A: Process of acknowledging that RISKS have been understood and accepted.

There might be gaps between “what are our expectations” Vs “What product is offering OR what we are procuring”. These gaps could be non compliance against business requirement or information security policy. In simple terms, these gaps are RISKS

These RISKS must be assessed by company’s TOP MANAGEMENT to conclude whether RISKS are acceptable OR not acceptable.

Decision

In give scenario, Decision is “Acknowledging whether product is meeting business requirements or not meeting business requirements”. Decision is taken considering many factors e.g. weightage, CISO’s feedback / input, Risks , future capability and could be many more depend upon size and type of organization.

With This I would like to END this series on “The Art of Effective POC” As promised, please download POC-Template Excel File.

 

Hope this would be useful..