AMD FS - Quantum Secure

advertisement
SAF E
Physical Identity & Access Management (PIAM)
Scoping Workshop Guide
2012 v1
Table of Contents
1
2
INTRODUCTION ....................................................................................................................................................................................... 3
1.1
WORKSHOP OBJECTIVES .................................................................................................................................................................................. 3
1.3
POTENTIAL WORKSHOP PARTICIPANTS ................................................................................................................................................................ 4
1.4
PREPARATION & LOGISTICS .............................................................................................................................................................................. 5
1.5
WORKSHOP OUTPUTS ..................................................................................................................................................................................... 6
1.6
CONFIDENTIALITY ........................................................................................................................................................................................... 6
TYPICAL SCOPING WORKSHOP AGENDA .................................................................................................................................................. 7
APPENDIX: MUTUAL NON-DISCLOSURE AGREEMENT ....................................................................................................................................... 9
Quantum Secure Confidential
Scoping Workshop Guide
Page 2 of 9
1 Introduction
Quantum Secure SAFE solution suite is a comprehensive, enterprise level suite of physical security
automation, compliance, and operational tools that can be formed to meet an exact customers needs
through its modular structure and configurability. Determining the right approach to meeting full
strategic objectives may require consultative discussions with key stakeholders within the business
areas affected to understand priorities, benefits, and implications of implementing the SAFE suite both
technically and functionally. This document defines the typical participants, agenda, and outputs for
this type of workshop.
1.1 Workshop Objectives

Inform all potential stakeholders of the potential capabilities and benefits the solution to their
respctive areas of responsibility. These may not be security related people, for example:
Compliance, Legal, IT, HR, Health & Safety, Facilities Management, Contracted Third-parties,
etc..

Identify clear goals / metrics and ROI to support customer business case justification

Assist the customer to develop strategic goals using SAFE and build a roadmap of appropriate
steps and phases to align with business, commercial, and technical constraints

Help the customer sponsor(s) identify any responsibilities and required activities within a typical
implementation to help determine the right project team, level of effort, and required
coordinations

Apply Quantum Secure’s general security and industry experience to identify best practices and
additional benefits or applications of the SAFE solution in the customer’s environment

Answer all customer questions about Quantum Secure Products & Techncologies, Professional
Services and Customer Support capabilities and practices
Quantum Secure Confidential
Scoping Workshop Guide
Page 3 of 9
1.3 Potential Workshop Participants
To fully evaluate the comprehensive value proposition the SAFE solution may provide your business it
frequently makes sense to invite stakeholders from inter-dependent business organizations to
participate in all or part of the planned workshop. The table below attempts to describe the typical
business functions that it may be appropriate to request representation as they may all find benefits in
the SAFE solution as well as play a role during implementation. There may be others appropriate to
your business not listed here:
Potential Workshop Participants
Organization
Description
Security Strategy
(Sponsor)
Individuals / Organization responsible for setting overall customer security program and
policies; Typically project sponsor
Security Operations
Individuals / Organization responsible for manning operational aspects of meeting
security policies for guarding, access control, etc.. May be third-party organization
Compliance, Audit, & Legal
(risk management)
Individuals / Organization responsible for insuring business critical security practices are
interpreted and followed adequately to mitigate business financial, security, and
reputational risks; Represent industry and governmental regulations
Secure Area Stakeholders
Individuals / Organization responsible for monitoring access privileges granted to “high
security” areas of business critical importance; May be approvers for access requests to
these areas; May manage liability
Human Resources
Individuals / Organization responsible for managing ‘trusted’ identities and the processes
around their relationship to the business
Contracts Managers
Individuals / Organization responsible for managing relationship with contracted
personnel providers (Companies); Manage global contract relationship, not identities
Badge Production &
Operations
Individuals / Organization responsible for producing electronic and non-electronic
badges or credentials used to gain physical access to any facilities under the customers
security remit
Visitor Management
Operations
Individuals / Organization responsible for producing electronic and non-electronic visitor
badges or credentials used to manage ‘un-trusted’ identities requiring escorted physical
access to any facilities under the customers security remit
Facilities Management
Individuals / Organization responsible for managing all administrative aspects of
buildings; Contracts with cleaners and infrastructure personnel
Real Estate / Building
Planning
Individuals / Organization responsible for planning real estate usage and needs for large
organizations
Information Technology
Individuals / Organization responsible for network and data centers where SAFE
application may be installed and run; May be considered for system and / or application
maintenance
Keys Management
Operations
Individuals / Organization responsible for managing issuance of metal keys to individuals
requiring physical access to areas controlled by traditional or “cyber” locks, etc…
Physical Access Control
System Administrators
Project / Program
Management
Individuals / Organization responsible for planning, configuring, and maintaining all
physical access control systems (PACS) used in customer business globally
Individuals / Organization responsible for coordinating and managing customer projects
Quantum Secure Confidential
Scoping Workshop Guide
Page 4 of 9
1.4 Preparation & Logistics
The following items should be considered and prepared in order to have an effective workshop:

Customer team and Quantum Secure should be briefed on expected outcomes of workshop
and next steps, responsibilities, etc.

This type of workshop is always more effective if able to be performed face to face, but dial-in
participants are possible and plans for their participation should focus on their areas of interest
during a pre-agreed time

It is helpful if each business area represented pre-prepares a short list of agenda items or areas
of interest (pain points) to schedule their participation and guide the discussions to meet their
expectations; A planned schedule of participation needs to be coordinated to insure people’s
time is used effectively

Quantum Secure will prepare presentations and information gathering tools to insure all
information is conveyed and captured effectively, but the customer is encouraged to assist by
providing similar materials for conveying current systems, processes, etc. These may include at
least the folowing:
Explanation of and sample access to relevant systems (PACS, other related systems
(screenshots))
All related paper forms, process descriptions and policy documentation
Relevant identity attributes from HR, badging, vetting, etc.used
All badge type examples – vistors, contrctors, employees, different technologies, etc.

A projector with large screen to display example of customer systems as well as present
Quantum Secure slides and demos

Any non-disclosure agreements (NDAs) required should be in place to protect business
confidentiality

Customer internal network access for customer employees as well as guest internet access (if
possible)
Quantum Secure Confidential
Scoping Workshop Guide
Page 5 of 9
1.5 Workshop Outputs
Depending on specific customer situation a few different deliverable may be produced as output of the
workshop. The following are examples of typical outputs and it should be agreed which are appropriate
at the beginning of the workshop exercise:

Indicative Pricing – A non-binding quotation estimating software license, service, and
support/maintenance prices for customer use to support budget planning, business
justification, project phasing scenarios, commercial scenarios, etc.

Business Case Justification – Quantum Secure standard deliverable providing agreed business
benefit descriptions including metrics gathered to quantify projected ROI

Statement of Work - Quantum Secure standard deliverable stating the agreed scope, license
requirements, initial professional services time estimates and schedule.

Formal Quotation – A binding quotation of software license, service, and support/maintenance
prices valid for 60 calendar days associated with an accompanying Statement of Work
1.6 Confidentiality
Due to the nature of security procedures and systems discussed, Quantum Secure considers
confidentiality as critical and insures that no information of any type is shared outside of your
organization. All notes and deliverables are shared only with your appointed sponsors, and we
recommend to have mutual non-disclosure agreements in place. The Quantum Secure MNDA is
attached in this documents appendix and can be printed and used if you do not wish to provide your
own. In addition, if any Quantum Secure participating personnel vetting is required, we are happy to
submit information to meet your requirements. Please coordinate with your Quantum Secure Regional
Sales Executive or Reseller.
Quantum Secure Confidential
Scoping Workshop Guide
Page 6 of 9
2 Typical Scoping Workshop Agenda
A typical workshop could be from one to three days depending on scheduling of participants, complexity,
required outputs, etc. The table below provides and example of a typical workshop content and order of
priority. Suggested attendees, duration, and order can all be adjusted if required (suggest a planning call
with key stakeholders to agree final agenda):
Scoping Workshop Agenda (1/2 to 1 Day Example)
Section
Activities

Introductions
SAFE Overview
Round table introductions, reconfirmation of goals,
scope of discussions, and outputs

Review Agenda

SAFE Physical Identity & Access Management solutions
and concepts overview

Discuss customer strategic goals
Attendees
Security Strategy
Security Operations
Project Management
HR
Security Strategy
Security Operations
Contracts Mgmt.
Visitor Operations
Duration
15 mins.
30 mins.
Functional / Operational
“As-Is” Identity
Management
Analysis
Metric Gathering
Detailed Process
Mapping

Agree terminology used around IDs and categories

Identify priorities for improvement, pain points

Identify relevant authoritative systems

Identify relevant reference systems

Gather relevant metric about operational organization
and staff counts

Identify areas for automation

Review current audit, reporting, compliance processes

Map as-is processes to SAFE capabilities for
automation

Create ID Matrix – on/off board & change

Identify relevant, applicable SAFE modules
HR
Security Strategy
Security Operations
Contracts Mgmt.
Visitor Operations
1 hr.
HR
Security Strategy
Security Operations
Contracts Mgmt.
Visitor Operations
30 mins.
HR
Security Strategy
Security Operations
Badge operations
Contracts Mgmt.
Visitor Operations
45 mins. –
3 hours
15 mins.
Questions
Technology
SAFE
Infrastructure /
Admin

Quantum Secure presents server infrastructure
options - SW/HW
Quantum Secure Confidential
Scoping Workshop Guide
Page 7 of 9
IT
Security Operations
45 mins.

High-availability Options

Scalability

Supported equipment and peripherals

Discuss maintenance and support terms

Integrations
PACS Review

Asses each system integration proposed
HR
Contracts
IT
15 mins.

Diagram PACS infrastructure

Discuss strategic plans fo PACS, biometrics, cards, etc..
Physical Access
Control System
Administrators
Security Operations
Security Strategy
15 mins.
15 mins.
Questions
Project Planning
Deployment
Methodology

Present Quantum Secure deployment methodology
phases and deliverables
Project Management
Security Strategy
Security Operations

Review modules and software pricing methods (no
pricing)

Discuss implementation team structure and
responsibilities
Project Management
Security Strategy
Security Operations
Commercials
Approach /
Phasing
Q&A

Identify key dependencies

Agree procurement methods for HW or peripherals
needed

Propose phasing options based on priorities, technical
constraints, etc.
15 mins.
30 mins.
Project Management
Security Strategy
Security Operations
30 mins.

Roll-out planning, training, etc.

Questions and answers applied to each sections above
15 mins.
each
Questions
15 mins.
Quantum Secure Confidential
Scoping Workshop Guide
Page 8 of 9
Appendix: Mutual Non-Disclosure Agreement
Please detach and use this Quantum Secure MNDA or provide your own:
------------------------------------------------------End of Document------------------------------------------------------
Quantum Secure Confidential
Scoping Workshop Guide
Page 9 of 9
Download