UiSol

Enterprise IT Risk Management

Project Objective
The goal of Enterprise Information Technology Risk Management Project (EITRMP) was to implement integrated processes, supported by the necessary hardware and software tools, to improve IT Risk Management capabilities across the enterprise at a West Coast Investor Owned Utility (IOU)

An important goal was to standardize the IOU’s System Life Cycle Model (SLCM) and integrate a single enterprise IT Service Support process, based on the Information Technology Infrastructure Library (ITIL) framework. The goal was to deploy the necessary software and hardware systems to support a fully integrated and automated ITIL process.

Project Scope
EITRMP was a major strategic initiative at the IOU.  The work was organized in seven workstreams:

  • IT Service Management (ITSM) according to ITIL
  • Configuration Management
  • Configuration Management Database (CMDB)
  • Inventory of IT assets
  • Mapping application and service relationships
  • Continuous identification and automated audit to keep CMDB up to date
  • Comprehensive reporting on assets, dependencies, configurations and changes
  • Problem Management
  • Analyze incident and create problems
  • Root cause analysis of problems
  • Find resolution and manage known problems
  • Change Management
  • Filter and accept changes
  • Prioritize, fund and assign changes
  • Assess, plan and approve changes
  • Coordinate changes
  • Release Management
  • Build
  • Test
  • Implement
  • Incident Management
  • Identify and record
  • Classify and assign
  • Investigate and diagnose
  • Resolve and recover
  • Review and close
  • IT Asset Management
    • Tool selection, implementation, and integration
    • IT Procurement
    • Vendor Management
    • IT Asset Lifecycle Management
    • Documentation Management and Ownership Repository
    • Software License Compliance
    • IT Asset Identification Process
  • User Access Control
  • Tool acquisition
  • Tool implementation
  • Tool integration
  • Automation of User Access Provisioning Processes
  • Information Systems Security
  • Security Monitoring
  • Operations Security
  • Security Vulnerability Assessment
  • Security Investigation and Incident Response
  • Security Event Correlation
  • Business Continuity Planning
  • Tool acquisition
  • Methodology implementation for Business Impact Analysis (BIA) and Business Resumption Planning
  • Pilot project
  • IT Security Risk Management
  • Tool acquisition
  • Methodology implementation
  • Pilot project
  • Network Disaster Recovery
  • Disaster recovery systems for a data center
  • Redundant network

The scope of work included acquisition of a significant number of new software and hardware and their integration within the existing infrastructure. Integration is being performed using a service oriented architecture (SOA) using BEA integration platform.

Services Provided by UISOL
EITRMP implementation involves many vendors and service providers assisting with each of the workstreams.  UISOL ran the overall Program Management Office that oversaw the implementation of EITRMP and provided a number of services in the IT Service Management Workstream and User Access Control, which were the largest initiatives within the EITRMP.

Specific services that UISOL provided include:

  • Set up and management of the overall EITRMP PMO
  • Development and update of the Integrated Project Schedule for the entire EITRMP initiative
  • SME to the IOU’s IT Service Management Team in the area of Release Services
  • Project Planning and Management
  • Business Process Management SME
  • Business Process modeling using Savvion modeling tool
  • System requirement definition
  • Vendor selection process consulting
  • Hardware and OS architecture, (Windows Server 2003 and AIX, Oracle 10, Weblogic, Jboss, IIS, Microsoft SMS, MOM)
  • System Acceptance test planning and execution
  • Acceptance test of Mercury ITG, MAM, and BAC
  • Mercury Quality Center and LoadRunner
  • Test environment design, setup and configuration
  • Test design, automation, execution, and reporting
  • Development of an IT Risk Dashboard, showing risk metrics in the following areas:
  • Information Security
  • SOX and other Regulatory Compliance
  • Business Continuity/Disaster Recovery
  • IT Change Management process
  • Security Training
  • Risk Assessment
  • IT Asset Management
  • Management of the User Access Control (UAC) rollout

List of Systems
EITRMP involved implementation of a number of new systems at the IOU and their integration with existing legacy infrastructure at the IOU, particularly all systems that were subject to SOX compliance.  A partial list of systems that were integrated as part of EITRMP includes:

  • Mercury
  • Remedy
  • SAP PM
  • SAP HR
  • Customer Information and Billing System (SPL CorDaptix)
  • Active Directory
  • Power Procurement Systems (e.g., nMarket)

Featured Case Studies

California Demand Response Business Network (DRBizNet)

Print this page