2.150.5 Configuration Verification for IRS Applications (PSL and Non-PSL) Process

Manual Transmittal

April 26, 2021

Purpose

(1) This transmits new IRM 2.150.5, Configuration Management, Configuration Verification for IRS Applications (PSL and Non-PSL) Process.

Material Changes

(1) This is a new IRM.

Effect on Other Documents

IRM 2.150.5 supplements the instructions from IRM 2.150.2 for implementing the configuration verification requirements for IRS applications.

Audience

This IRM is applicable to all Information Technology (IT) organizations, contractors, and other stakeholders having responsibility for configuration management, oversight, and successful day-to-day operations of IRS IT enterprise hardware, software, and applicable documentation.

Effective Date

(04-26-2021)

Nancy Sieger
Chief Information Officer

Program Scope and Objectives

  1. Purpose. This IRM supplements the configuration verification process under IRM 2.150.2 Configuration Management Process. This process specifically supports the configuration verification of IRS Application (Premium Service List (PSL) and Non-PSL) and Tier II server information to ensure that relationships, server attributes, and application interfaces are accurate resulting in validation and update to its configuration item (CI) relationships and attributes including application models in the Enterprise Operation’s (EOps) Universal Configuration Management Data Base (UCMDB) and also in the Enterprise Architecture (EA) As-Built-Architecture (ABA). This is a required activity to ensure and maintain the quality and integrity of the information that resides in the UCMDB and ABA for consumption by various consumers in the Information Technology (IT) organization.

  2. Audience. This IRM is applicable to all IT organizations, contractors, and other stakeholders having responsibility for configuration, management, oversight, and successful day-to-day operations of the IRS IT enterprise hardware, software, and applicable documentation.

  3. Policy Owner. Demand Management & Project Governance (DMPG), under Enterprise Operations, Information Technology.

  4. Program Owner. DMPG is responsible for overseeing the IT Configuration Management (CM) Program that is responsible for the process and providing guidance. Each IT organization is responsible for establishing an internal or local CM process for managing their procedures based upon this process.

  5. Primary Stakeholders. IT organizations having responsibility for ownership and management of IRS applications and infrastructure are practitioners of this process.

  6. Contact Information. To recommend changes or to make any suggestions to this IRM section, e-mail the IT CM Program: it.cm.process@irs.gov

Background

  1. The PSL Revalidation was incepted in 2015 and its purpose is to verify and revalidate IRS critical system, called PSL applications, information that were selected by the IT organization for premium incident response and escalation services. It is a configuration verification activity performed as part of the Filing Season Readiness ensuring that PSL applications and its server relationships and attributes, and application interfaces are accurate in the UCMDB and ABA. The result of the PSL Revalidation is update in its CI record and updated application models and relationships that is used by Change and Incident Management for identification of impacts to other CIs, such as applications and servers.

  2. The PSL Revalidation is expanded to Non-PSL applications to trigger the required configuration verification activities to ensure that all IRS applications in production have current and accurate information in both the UCMDB and ABA.

  3. This process will formally be called Configuration Verification for IRS Applications (PSL and Non-PSL) for the combined but separate efforts.

Authority

  1. This IRM section is sanctioned under IRM 2.150.1 Configuration Management Policy that defines the mandates for the Configuration Management Process.

  2. This IRM section supplements IRM 2.150.2 Configuration Management Process that defines the best practices and standards for Configuration Management

  3. This IRM section is supported by IRM 2.125.1 Change Management Policy and IRM 2.125.2 Change Management Process Description that defines the policy and process for changes to CIs.

  4. This IRM section is supported by IRM 2.15.1 Enterprise Architecture Overview, specifically in IRM 2.15.1.2.1 As-Built-Architecture Architecture under Item (3) that “All IRS organizations that own or manage IT applications in the Current Production Environment (CPE) are required to provide updates to the EA organization so that the ABA remains updated and is as complete as possible in order to answer external data calls for application-related information.” In addition, per TIGTA Audit finding #2020-20-044, all IRS organizations that own ABA applications are required to provide two points of contact, update existing and/or add new applications within 30 days and conduct annual information reviews. This is supported by the Official MEMORANDUM from Associate Chief Information Officer, Enterprise Services, IT.

Roles and Responsibilities

  1. Each process defines at least one role. Each role is assigned to perform specific tasks within the process. The responsibilities of a role are confined to the specific process. They do not imply any functional standing within the hierarchy of an organization. For example, the process manager role does not imply the role is associated with or fulfilled by someone with functional management responsibilities within the organization. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time.

    Process Role Description
    Configuration Management (CM) Process Owner The CM Process Owner is the single point of contact for the process at the enterprise level and is accountable for the overall quality of the process, ensuring that the process is performed as documented and is meeting its objectives. The CM Process Owner’s responsibilities include sponsorship, design, review and continual improvement of the Process and its Metric. Specific responsibilities include-
    • Defines the overall scope, mission, goal, and objectives of the process

    • Ensures consistent execution of the process across the IT organization

    • Ensures that the process, roles, responsibilities and documentation are regularly reviewed and audited

    • Reports on the effectiveness of the process to senior management

    • Accountable for implementation and review of improvement actions

    • Ensures that sufficient resources are in place to support implementation of the process

    • Ensures all relevant staff have the required training in the process and are aware of their role in the process

    • Ensures that the process is in alignment with the process automation tool(s)

    • Resolves any process and cross-functional (departmental) issues

    CM Process Manager The CM Process Manager supports the CM Process Owner and is responsible for the operational management of the process. The Process Manager’s responsibilities include planning and coordination of all activities required to execute, monitor and report on the process. Specific responsibilities include–
    • Designs, develops, and manages improvements to the process; including plans, principles and its implementation

    • Provides training and communication on the standards, policy, and process to CM stakeholders

    • Plans, facilitates and organizes reviews, assessments, and audits on the process and CMDB with the Configuration Auditor

    • Plans and manages the alignment of the CM tools with the process; including evaluating CM tools and their design, requirements, proposed changes, and implementation

    • Develops, coordinates, and maintains the interfaces to other processes.

    • Defines process metrics for measurement, reporting, and improving the process

    • Escalates any issues with the process

    • Maintains scope of the process, function, and CIs that are to be controlled, and information that is to be recorded

    • Ensures that configuration data is available when and where it is needed to support other IT processes

    • Agrees on the structure of the CMDB, including CI types, naming conventions, required and optional attributes and relationships

    • Designs and generates configuration status reports; including management reports

    Configuration Item (CI) Owner The CI Owner is accountable for all activities that directly affects their CI(s). This role is also responsible for all CM process activities associated with the maintenance and support of the CI. Specific responsibilities include –
    • Ensures that all their CIs are recorded, and the associated attributes and relationship information is accurate

    • Ensures configuration audits are performed on the CMDB

    • Provides input to the CI Librarian/ Analyst into what attributes and relationships need to be tracked within the CMDB

    • Accountable for correcting errors associated with their CIs

    Following examples of CI Owners are Application Owners and Server Owners.
    Configuration Item (CI) Librarian/Analyst The CI Librarian/Analyst supports the CM Process Manager and CI Owner and is responsible for supporting, maintaining, controlling, and updating a specific CI or CIs. Specific responsibilities include –
    • Controls the receipt, identification, storage and withdrawal of all supported CIs, including archives of superseded CIs

    • Identifies and records the CIs in the CMDB, and determining relationships

    • Ensures Data Model is accurate

    • Supports generation of status reports on various CMDB parameters and requests

    • Maintains status information on CIs and provides this as appropriate to stakeholders

    • Assists with conducting configuration audits, performing internal audits and validating exceptions

    • Identifies, records and submits incidents relating to CIs

    • Records and maintains CI Types (within scope) in the CMDB

    • Discovers, reconciles, and updates CI records in the CMDB

    • Validates accuracy of CMDB data and report discrepancies

    • Creates and maintains the service and application models for CIs

    • Provides input to the process scope and procedures.

    Application Owner A Business Owner, also referred sometimes as Application Owner, is someone who owns the application and application data. Responsible for any application data updates and/or application maintenance/upgrade requests.
    Curator (ABA) A Curator is someone responsible for ensuring data quality and its maintenance in the System Architect tool.
    PSL Process Manager Responsible for development, management, and maintenance of the PSL Process and facilitating review and approval of proposed applications by IT leadership as a Premium Service application.
    Change Coordinator and Change Analyst Roles under Change Management Process responsible for coordinating and implementing change request submitted by CI Owners or Application Owners to update the server attributes in Asset Manager (AM) and UCMDB.
    Support Teams Consist of the CI Librarian/Analyst, Curator, PSL Process Manager, and Change Coordinator/Analyst that have a role in supporting the configuration verification process.
    Stakeholder Includes the Application Owner and Support Teams and any other individuals that have vested interest in the process.

Program Management and Review

  1. This IRM is based on the on the following guiding principles under IRM 2.150.2 Configuration Management Process with the exception of the Technology and Tools which are used in this process.

    Name Description
    Process Management
    - Statement

    The Configuration Management process will have a single Process Owner and a separate Process Manager, responsible for implementation and ensuring adherence to the process. The process will be reviewed regularly to ensure that it continues to support the business requirements of the enterprise. Process metrics will be focused on providing relevant information as opposed to merely presenting raw data.
    People
    - Statement







    - Rationale

    Roles and responsibilities for the process must be clearly defined and appropriately staffed with people having the required skills and training. The mission, goals, scope and importance of the process must be clearly and regularly communicated by upper management to the staff and business customers of IT. All IT staff (direct and indirect users of the process) shall be trained at the appropriate level to enable them to support the process.

    It is imperative that people working in, supporting or interacting with the process in any manner understand what they are supposed to do. Without that understanding Configuration Management will not be successful.
    Process
    - Statement














    - Rationale

    Modifications to the Configuration Management process must be approved by the Process Owner. The design of the process must include appropriate interfaces with other processes to facilitate data sharing, escalation and workflow. The process must be capable of providing data to support real-time requirements as well as historical/trending data for overall process improvement initiatives. The process must be fully documented, published and accessible to the various stakeholders of the process. The process will be reviewed on a periodic basis to ensure it continues to support organizational goals and objectives (continuous improvement). The process must include Inputs, Outputs, Controls, Metrics, Activities, Tasks, Roles and Responsibilities, Tool and Data requirements along with documented process flows. The process will be kept straight forward, rational, and easy to understand.

    The process must meet operational and business requirements.
    Technology and Tools
    - Statement
















    - Rationale

    All tools selected must conform to the enterprise architectural standards and direction. Existing in-house tools and technology will be used wherever possible, new tools will only be entertained if they satisfy a business need that cannot be met by current in-house tools. The selection of supporting tools must be process driven and based on the requirements of the business. Selected tools must provide ease of deployment, customization and use. Automated workflow, notification and escalation will be deployed wherever possible to minimize delays, ensure consistency, reduce manual intervention and ensure appropriate parties are made aware of issues requiring their attention. The tools used by this process are the following:
    • Universal Configuration Management Database (UCMDB)

    • Universal Discovery

    • UCMDB Browser

    • KISAM/Asset Manager

    • KISAM/Service Manager-Change Management Module

    • Data Collection Self-Service Application (DCSS)

    Technology and tools should be used to augment the process capabilities, not become an end themselves.

Program Control

  1. Program controls are driven by the policies and guiding principles on how the process will operate.

Controls
  1. Controls provide direction on the operation of processes and define constraints or boundaries within which the process must operate.

    Name Description
    CM Policies Policies and mandates for management and control of CIs.
    Change Management Policies Policies and mandates for change control of CIs.
    EA Mandates Requirements and mandates for all IRS applications to be registered and updated in the ABA
    Scope The scope for this process is limited to IRS business application and Tier II server CIs.
    Configuration Verification The frequency of configuration verification to maintain the integrity of the CI and its attributes and relationships.
    Management Reports The frequency and distribution for regularly produced configuration management reports on the status of CIs.
Metrics
  1. Metrics are used for the quantitative and periodic assessment of a process. They should be associated with targets that are set based on specific business objectives. Metrics provide information related to the goals and objectives of a process and are used to take corrective action when desired results are not being achieved and can be used to drive continual improvement of process effectiveness and efficiency.

  2. Management will regularly set targets for process performance, gather quantifiable data related to different functions of this process, and review that data to make informed decisions and take appropriate corrective action, if necessary. All Measurements will have a defined data dictionary, map to the organizational strategic goals, and be documented in a Process Measurement Plan. The Process Measurement Plan template is available in the IT Process Asset Library (IT PAL).

Tailoring Guidelines
  1. This process will not be tailored.

Terms/Definitions/Acronyms

  1. The tables in the Terms/Definitions and Acronyms lists commonly used terms and acronyms in this IRM.

Terms and Definitions
  1. This table lists commonly used terms in the CM Process.

    Term Definition
    Application Collection of software programs that automates a business function and its data provided by a taxpayer or third party to the IRS regarding the applicant's status. Additional descriptions are listed below:
    • An IT component of a system that utilizes IT resources to store, process, retrieve or transmit data or information using IT hardware and software.

    • Each Application may be part of more than one IT Service.

    • An Application runs on one or more servers or clients.

    • Its functionality supports business processes.

    • Interactive applications support business end users directly.

    • Batch applications manage data, and generate reports, etc., as part of a business process.

    • Applications include IRS-specific functionality in support of business requirements as well as generic end-user functionality.

    • Generic functionality includes common desktop applications its functionality include highly complex capabilities that are nevertheless common to many different types of enterprise, such as accounting or customer- relationship-management capabilities.

    • Generic capabilities are typically provided by COTS applications, whereas IRS-specific capabilities generally involve custom-developed applications.

    As-Built-Architecture Represents the IRS’ Current Production Environment (CPE) with business applications, external systems, and external trading partners. It also includes interfaces, key attributes, and information related to Privacy and Civil Liberties Assessments. The ABA allows Business Analysts and Information Technology (IT) professionals to view the CPE from both technical and business perspectives using IRS’ Enterprise Life Cycle’s (ELC) Six Domains of Change, to see interrelationships between technological and business domains, and get information necessary to make informed decisions.
    Configuration Verification Configuration Management activity responsible for confirming that configuration management records and CIs are complete, consistent, and accurate.
    Configuration Management Database (CMDB) A Configuration Management Database (CMDB) is a database that contains all relevant information about the hardware and software components used in an organization. It includes the components, the IT services they support and the relationships between those components. A CMDB provides an organized view of configuration data and a means of examining that data from different perspectives.
    Non-Premium Service List (Non-PSL) Applications that are not in the PSL are called Non-PSL. These applications do not have a distribution system for inviting service providers and management to an escalation. E-mails are sent to service providers selected by the person taking the IMR role. The SOS send the emails. Non-PSL escalations are set to a lower priority than PSL escalations. Non-PSL tickets are worked as capacity permits.
    • A SOS will leave a Non-PSL escalation if a PSL outage requires an escalation and IMS doesn’t have the capacity to work both.

    Premium Service List (PSL) PSL applications are listed on the Premium Service List (PSL) and are linked to a distribution system which utilizes Derdack for automated calls/invites and e-mail distribution lists to an escalation. The Service Operations Specialist (SOS) initiate the Derdack system and send the e-mail. This enables the IT Operations Command Center (ITOCC) to contact service providers and management quickly with accountability. Incident Managers of Record (IMR) are also trained and used to facilitate Assessment, Technical Service Restoration Team (SRT), and Management SRT calls for PSL applications.
    • PSL outages are the SOS highest priority.

    Program A group of related projects managed in a coordinated way to obtain benefits and control not available from managing them individually. Additional descriptions are listed below:
    • Programs may include elements of related work outside the scope of the discrete projects in the program.

    • A collection of related projects and the infrastructure that supports them, including objectives, methods, activities, plans, and success measures.

    Project A managed set of interrelated resources which delivers one or more products to a customer or end use. Additional descriptions are listed below:
    • A group of tasks to accomplish a specific objective, with a beginning and ending date.

    • A project has a definite beginning and typically operates according to a plan. Such a plan is frequently documented and specifies what is to be delivered or implemented, the resources and funds to be used, the work to be done, and a schedule for doing the work.

    • A project can be composed of projects.

    • A temporary organization, with people and other assets required to achieve an objective or other outcome.

    • Each Project has a lifecycle that typically includes initiation, planning, execution, funding, closure etc. that is planned, monitored, and measured, follows a life cycle process, and results in deliverables or end products.

    • A managed set of interrelated activities and resources, including people that deliver one or more products or services to a customer or end user.

    Sub-application Is a part of a larger application (please refer to Application definition). Additional descriptions listed below:
    • Its functionality supports business processes.

    • Collection of one or more software programs that automates a business function.

    • Can reference other sub-applications to any depth.

    Server Signature File (SSF) Process The SSF delivers valuable server data to Configuration Management System tools providing additional insight into IRS Enterprise Operations infrastructure. It validates server attributes (Program-Project, GSS, and ENV), ensure data quality and integrity, and deploy the SSF file to existing and new EOps Tier II servers.
    Tier 1 System Supercomputers and Mainframes Supercomputers and mainframe hardware and software, including peripheral subsystems used in a mainframe system environment.
    Tier II System Minicomputers and Servers Minicomputers (i.e. computers usually containing multiple microprocessors, capable of executing multiple processes simultaneously, and may serve multiple users by way of a communications network) including hardware, software, and peripheral subsystems used in that environment. These systems typically include any hardware operating under a multi-user operating system, such as Windows, UNIX, and LINUX. Typically, these systems support centralized, high-volume enterprise applications. Hardware and software maintenance associated with the above items, including performing system backups, hardware upgrades and maintenance, operating systems upgrades and preventive maintenance tasks. Support for providing backups and daily operation of these systems. Windows-based networking servers: Primary Domain Controllers (PDCs), Backup Domain Controllers (BDCs), Windows Internetwork Servers (WINS), file and print servers and their backup systems; Windows-based application servers; and Microsoft Exchange messaging servers
Acronyms
  1. This table lists commonly used acronyms in the Configuration Management process.

    Acronym Description
    ABA As-Built-Architecture
    AM Asset Manager
    CI Configuration Item
    CM Configuration Management
    CMDB Configuration Management Data Base
    CPE Current Processing Environment
    CR Change Request
    DCSS Data Collection Self-Service
    DMPG Demand Management and Project Governance
    EA Enterprise Architecture
    ENV Environment
    EOps Enterprise Operations
    GSS General Support System
    IRM Internal Revenue Manual
    IRS Internal Revenue Service
    IT Information Technology
    ITOCC IT Operations Command Center
    KISAM Knowledge Incident/Problem Service Asset Management
    PSL Premium Service List
    SSF Server Signature File
    SOP Standard Operating Procedure
    TIGTA Treasury Inspector General for Tax Administration
    UCMDB Universal Configuration Management Data Base

Related Resources

  1. The following lists the primary sources of references used in the development of the CM process.

    • IRM 2.15.1.2.1 As-Built-Architecture Architecture

    • IRM 2.125.1 Change Management Policy

    • IRM 2.125.2 Change Management Process Description

    • IRM 2.150.1 Configuration Management Policy

    • IRM 2.150.2 Configuration Management Process

    • Change Management Procedure

    • DCSS Standard Operating Procedure

Training

  1. Process training involves training all stakeholders about key processes that are crucial for an organization to deliver business objectives. Training provides clarity to employees on a set of procedures that needs to be carried out as part of the process and the best possible way to do them. Listed below are the training resources available for this process:

    • Configuration Management (CM) Overview, ITM Course #23279

    • Change Management Process Overview, ITM Course #43161

    • UCMDB Browser Training

    • UCMDB Browser How-To-Guide

    • DCSS Standard Operating Procedure

Process Workflow

  1. A process workflow consists of Activities and Tasks, Inputs and Outputs, Roles, and Flow Diagrams. It describes the tasks, procedural steps, organizations or people involved, required input and output information, and tools needed for each step of the process.

Main Process Diagram

  1. The Main Process Diagram illustrates the key process activities and process interfaces for Configuration Verification for IRS Applications (PSL and Non-PSL).

    Figure 2.150.5-1

    This is an Image: 75426001.gif

    Please click here for the text description of the image.

Inputs

  1. Process inputs are used as triggers to initiate the process and to produce the desired outputs. Users, stakeholders or other processes provide inputs. The following is a list of inputs for this process:

    Name Description Supplier
    Premium Service List List of select systems critical to the mission of the IRS and approved for Premium Services for Incident Management response and escalation services. PSL Process
    Asset Manager (AM) Project Table List of Programs, Projects, and Applications derived from the ABA, Applications Development portfolio, and sources in Enterprise Operations (EOps) established as the authoritative source for IRS Applications in EOps that is managed and controlled through the SSF Process. KISAM/Asset Manager

Outputs

  1. Each process produces tangible outputs. These outputs can take the form of products or data and can be delivered to a user or stakeholder or they can be used as inputs to other processes. Outputs are measurable in terms of quantity and quality.

    Name Description Recipient
    Verified and Updated CI Information Verified and updated application to server relationships, server inventory, server attributes, and application interfaces. Application Owner

    CM Process Manager

    Curator
    Verification Report Status of configuration verification activity and results. Stakeholders
    Change Request (CR) A CR is the record of a Change proposal for changes to a server CI attributes (Project, GSS, and ENV) that is worked through the Change Management process. Change Coordinator

    Change Analyst

Activities

  1. An activity is a major unit of work to be completed in achieving the objectives of the process. A process consists of a sequence of related activities that transforms inputs into outputs and performed by the roles defined in the process. Activities are measurable in terms of efficiency and effectiveness. The following activities for this process are described in the table below and corresponds to the high-level process flow diagram above.

    ID Name Description
    CVS 1.0 Identify Scope of CIs for Verification This activity is responsible for identifying the scope of CIs, specifically applications and/or servers for the configuration verification process
    CVS 2.0 Identify and Verify CI Owners and Support Teams This activity is responsible for verifying and updating CI Owner information, specifically Application Owners, that will perform verification of application/server relationships, server attributes and application interfaces. This activity also includes identifying the support teams that will implement their activities, such as Change Management, PSL, and ABA, outside of configuration verification.
    CVS 3.0 Plan and Prepare Implementation Requirements This activity is responsible for defining the plans and preparation prior to implementing the configuration verification activities, such as tools used, documentation, schedule, roles/responsibilities and expectations.
    CVS 4.0 Conduct CI Verification and Updates This activity implements the process for configuration verification for the Application Owners.
    CVS 5.0 Generate Report and Close Out This activity is responsible for reporting out the results of the configuration verification activities and close out.

Procedure for Configuration Verification for IRS Applications (PSL and Non-PSL)

  1. This procedure is specific for the application of Configuration Verification for IRS Applications (PSL and Non-PSL) that is maintained in the UCMDB and ABA.

CVS 1.0: Identify Scope of CIs for Verification
  1. This activity establishes the scope of application CIs that will be verified for its relationships and attributes.

    ID Task Name and Description Role RACI Duties
    CVS 1.1 Identify whether PSL or Non-PSL Applications

    The purpose of this task is to determine if the Application CI is a PSL or Non-PSL for scope of the configuration verification
    CM Process Manager

    PSL Process Manager
    R



    I
    PSL Applications are derived from the Premium Service List that is maintained by the PSL Process Manager.

    For PSL Applications, obtain and review latest update of the Premium Service List .

    For Non-PSL Applications, obtain and review the latest update of the AM Project Table. Identify and select applications that correspond to the As-Built-Architecture.

    Note:

    The AM Project Table contains programs, projects, applications, software products, and other miscellaneous items such as organization..

    CVS 1.2 Correlate the applications to the AM Project Table and/or ABA

    The purpose of this task is to establish correlation between the two sources due to differences in standard in naming convention.
    CM Process Manager R For PSL Applications, correlate against the AM Project Table; identify whether Tier I or Tier II system; and for Tier II use the name given in the AM Project Table for verifying its Tier II servers in the UCMDB.

    For Non-PSL Applications, correlate against the ABA; identify whether Tier I or Tier II system; and use the name given in the AM Project Table for verifying its Tier II servers in the UCMDB.
    • If Tier II system, go to CVS-1.3.

    • If not Tier II system, go to CVS-1.4

    CVS 1.3 Verify servers in the UCMDB

    The purpose of this task is to ensure that the application contains a list of servers in the UCMDB.
    CM Process Manager

    CI Librarian/Analyst
    R



    I
    Verify if the application contains a list of servers in the UCMDB. If none, remove the application from server verification.
    CVS 1.4 Verify application interface in the ABA

    The purpose of this task is to ensure that there are application interfaces defined in the ABA.
    CM Process Manager R Verify if the application contains application interfaces in the ABA. If none, remove the application from application interface verification.
    CM 1.5 Finalize CIs for Verification

    The purpose of this task is to establish the scope of CIs for verification and validation.
    CM Process Manager R Finalize the list of applications and based on the number for verification and validation, establish a phase approach to manage and control the work.
  2. RACI is a responsibility matrix that describes the participation by various roles in completing the tasks or deliverables for a project or business process. RACI is derived from the four key responsibilities typically used:

    • Responsible – The person that is assigned to do the work.

    • Accountable – The person that makes the final decision and has ultimate ownership.

    • Consulted – The person that must be consulted before a decision or action is taken.

    • Informed – The person that must be informed that a decision or action has been taken.

Identify Scope of CIs for Verification Cross-Functional Flow Diagram
  1. The following figure illustrates the Identify Scope of CIs for Verification workflow.

    Figure 2.150.5-2

    This is an Image: 75426002.gif

    Please click here for the text description of the image.

CVS 2.0: Identify and Verify CI Owners and Support Teams
  1. This activity identifies and verifies CI Owners and Support Teams to support the verification process.

    ID Task Name and Description Role RACI Duties
    CVS 2.1 Verify and update Application Owner information

    The purpose of this task is to identify and verify Application Owner information for currency.
    CM Process Manager R Verify and update Application Owner information for currency to ensure that correct individuals are the ones responsible for performing verification activities.

    Note:

    Source of information is in the ABA. Application Owners are called Content Providers.

    CVS 2.2 Identify support teams

    The purpose of this task is to identify all support teams that have a role in supporting the configuration verification activities.
    CM Process Manager R Identify and record all the support teams that may have a role in supporting the configuration verification activities. This may include but not limited to Change Coordinator and Change Analyst in the Change Management Process for coordinating and implementing the CR; Curator in the ABA for managing the changes in the ABA; CI Librarian/ Analyst responsible for the UCMDB; and PSL Process Manager for updates to the PSL.
Identify and Verify CI Owners and Support Teams Cross-Functional Flow Diagram
  1. The following figure illustrates the Identify and Verify CI Owners and Support Teams workflow.

    Figure 2.150.5-3

    This is an Image: 75426003.gif

    Please click here for the text description of the image.

CVS 3.0: Plan and Prepare Implementation Requirements
  1. This activity defines the plans and preparations to implement the requirements for the process.

    ID Task Name and Description Role RACI Duties
    CVS 3.1 Conduct planning and preparation

    The purpose of this task is to prepare and plan in executing the verification with the stakeholders.
    CM Process Manager R Conduct planning and preparation in executing the configuration verification activities with the stakeholders.

    This includes but not limited to the following:
    • Establish administrative process and tools, such as SharePoint, to manage and control the configuration verification activities

    • Using the Application Owner information, establish roles and permissions to access SharePoint and/or DCSS

    • Review and revised, if necessary, the UCMDB report template for the Application-Server Verification Report

    • Establish reporting requirements such as report format and contents for the report template, frequency of reporting and target dates, and distribution list

    • Establish and publish documentation for users

    • Establish and define roles and responsibilities with all stakeholders

    • Establish schedule including extended deadlines

    • Establish briefing materials

    CVS 3.2 Conduct Pre Kick-Off Meeting with Support Teams

    The purpose of this task is ensure that all support teams understand the process and expectations for configuration verification.
    CM Process Managers

    Support Teams
    R


    I
    Conduct Stakeholder Kick-Off-Meeting and communicate the plan, process, schedule, and expectations in executing the process.

    Establish how the team will communicate with the customers and identify leads for each team.

    Prepare and distribute meeting minutes.
    CVS 3.3 Conduct Kick-Off-Meeting with Stakeholders

    The purpose of this task is to ensure that all stakeholders understand the plan, schedule, and expectation in executing the process.
    CM Process Manager

    Stakeholders
    R


    I
    Conduct Stakeholder Kick-Off Meeting and communicate the plan, process, schedule, and expectations in executing the process.

    This includes providing training on any tools use in the process.

    Prepare and distribute meeting minutes.
Plan and Prepare Implementation Requires Control Cross-Functional Flow Diagram
  1. The following figure illustrates the Plan and Prepare Implementation Requirements workflow.

    Figure 2.150.5-4

    This is an Image: 75426004.gif

    Please click here for the text description of the image.

CVS 4.0: Conduct CI Verification and Updates
  1. This activity is responsible for establishing and implementing the configuration verification activities to verify, validate, and certify the Application CI information.

    ID Task Name and Description Role RACI Duties
    CVS 4.1 Verify application/server relationship and attributes

    The purpose of this task is to verify Tier II application relationship and server attributes
    Application Owner

    CM Process Manager
    R


    I
    This instruction is applicable for Tier II applications.

    Review and verify the following for accuracy:
    • application to server relationships

    • server inventory for the application

    • server attributes (Project, GSS, and ENV)

    • If there are any changes, follow the instructions for the Change Management Process. A supplemental Change Management guide may be provided that is specific for changes to server attributes. The CM Process Manager will record, track, monitor and report on status of all CRs.

    • If there are no changes, go to CVS-4.4

    I
    CVS 4.2 Verify application interfaces

    The purpose of this task is to verify the application interfaces in the ABA.
    Application Owner

    CM Process Manager
    R


    I
    This instruction is applicable for both Tier I and Tier II applications that contain application interfaces in the ABA.

    Review and verify the following application interfaces in the ABA for currency:
    • interface inputs for this application

    • interface outputs for this application

     
    • If there are any changes, go to CVS-4.3

    • If there are no changes, go to CVS-4.4

    CVS 4.3 Update changes in DCSS

    The purpose of this task is to update the application interfaces in DCSS which is an ABA tool to update the contents in the ABA. Updates can only be made by the Application Owners or Content Providers.
    Application Owner

    CM Process Manager

    Curator
    R



    I

    I
    Updates to the application interfaces is one of the application attributes in the ABA. Changes to the content can only be made by the Business/Application Owner. The DCSS Standard Operating Procedure provides specific instructions for using the ABA Data Collection Self-Service application based on roles defined. Please refer to this SOP for further instructions in using DCSS and updating contents in the ABA.

    Note:

    If the Application Owner is not listed as a Content Provider in the ABA, a request must be made to the ABA Team mailbox: as.built.arch@irs.gov

    CVS 4.4 Certify Validation Application Owner

    CM Process Manager

    Curator
    R


    I



    I
    After completing the verification, certify the validation for both PSL and Non-PSL applications.

    This includes certifying in DCSS that the application interfaces have been reviewed and verified. Changes that have been made in DCSS does not need to be certified since updates have been made to the content.
Conduct CI Verification and Updates Cross-Functional Flow Diagram
  1. The following figure illustrates the Conduct CI Verification and Updates workflow.

    Figure 2.150.5-5

    This is an Image: 75426005.gif

    Please click here for the text description of the image.

CVS 5.0: Generate Report and Close out
  1. The activity is responsible for summarizing and reporting out the results of the configuration verification activities and close out .

    ID Task Name and Description Role RACI Duties
    CVS
    5.1.
    Gather and collect data

    The purpose of this task is to gather and collect data on the results of the configuration verification activities based on target dates established for reporting.
    CM Process Manager R Based on the defined target dates, gather and collect data on the results of the configuration verification activities.

    Note:

    Data is collected from SharePoint that was established for the Application Owners to validate and certify their verification activities. Additional data may be collected from other tools such as KISAM/Service Manager-Change Management module to report on the number and status of the CRs.

    CVS
    5.2
    Summarize results

    The purpose of this task is summarize the results of the verification activities and measure against target dates
    CM Process Manager R Aggregate the data based on the reporting requirements defined in the report template. This includes tables and charts to measure progress against the target dates.

    Summarize the results including performance measurements.

    Note:

    Report template may be modified with data collected from other tools.

    CVS
    5.3
    Generate and distribute report

    The purpose of this task is to generate and distribute the report to stakeholders
    CM Process Manager

    Stakeholders
    R


    I
    Send draft report for peer review and finalize.

    Distribute final report to stakeholders.

    Update distribution list as received from stakeholders.

    Update final report for any corrections/updates received from stakeholders, and redistribute.
    CVS
    5.4
    Conduct Close Out

    The purpose of this task is to close out all the activities
    CM Process Manager R Based on the established deadline, complete the following close out activities:
    • Generate and distribute final report

    • Download and archive final data used in SharePoint

    • Remove permissions to update SharePoint to lock the data from further updates


    CRs will continue to be tracked, monitored, and reported after close out.
    CVS
    5.5
    Conduct lessons learned

    The purpose of this task is to conduct lessons learned to improve the process.
    CM Process Manager

    Stakeholders
    R


    I
    Develop or tailor existing lessons learned template

    Determine key activities such as communication, customer support, verification process, including supporting activities (e.g., Change Management, PSL Process, etc.) for process improvement.

    This includes documentation or lack thereof and work products used such as server list, CR templates, etc.

    This also includes tools used such as SharePoint, DCSS, UCMDB, KISAM/Service Manager-Change Management module used in the process.

    Note:

    Lessons Learned is usually conducted for the PSL Revalidation. This activity is optional for Non-PSL Revalidation.

Generate Report and Close Out Cross-Functional Flow Diagram
  1. The following figure illustrates the Generate Report and Close Out workflow.

    Figure 2.150.5-6

    This is an Image: 75426006.gif

    Please click here for the text description of the image.