XLC Complexity Levels & The Project Process Agreement
All projects are complex in some way. Why should I care about "rating" how complex my project is?
One of the key benefits the XLC provides is tailoring the level of oversight - the number of reviews and artifacts the project team needs to complete. This allows everyone to work together to ensure any given project can move as quickly as possible to meet business and end-user needs while catching issues early to minimize delays and wasted resources.
You should go to the XLC Complexity Levels page of this website or go to the CMS XLC Detailed Description Document for the full details.
There are 3 Project Complexity Levels:
Level 1
A project that requires minor changes to existing services systems, and / or environments and does not affect the state of any security controls or requirements.
Level 2
A complexity level 2 project is defined as either of the following:
- A project that requires an isolated change with minimal impact to existing systems / environments and does not significantly affect the state of any security controls or requirements
- A project that requires minor changes to one or more systems / environments that are incremental to the initial build with limited impact and do not significantly affect the state of any security controls or requirements.
Level 3
A complexity level 3 project is defined as either of the following:
- A project that requires a new, one-of-a-kind design and development effort to support enterprise, center or department specific IT solution
- A project for a system that has or will have significant security and risk implications.
- This effort could be an initial, major development, modernization, or enhancement effort and requires project teams to document detailed requirements, design, and technical solution specifications.
Determining YOUR project’s complexity level
Using the first tab of the Project Process Agreement you can determine your project’s complexity.
Determining YOUR project’s reviews
The figure below shows the reviews indicated for each complexity level. These reviews are determined and documented using the Excel-based Project Process Agreement (PPA). The Project Complexity Level and PPA will be reviewed by Division of IT Governance (DITG).
Determining YOUR project’s artifacts
The figure below shows the artifacts indicated for each review. These artifacts are determined and documented using the Excel-based Project Process Agreement (PPA). The Project Complexity Level and PPA will be reviewed by Division of IT Governance (DITG).
PHASES | Initiation, Concept & Planning | Requirements Analysis & Design | Development & Testing | Imple- | Operations & Maintenance | |||||||
ARTIFACTS | REVIEWS | AR | ISR | PBR | RR | PDR-DDR | ERR1 (VRR) | ERR2 ERR3 (IRR, PRR) | ORR | PIR/ AOA | DR | |
Project Process Agreement |
| P/B |
|
|
|
|
|
|
|
| ||
Project Charter |
| P/F |
|
|
|
|
|
|
|
| ||
Project Management Plan |
|
| P/F |
|
|
|
|
|
|
| ||
Project Schedule |
|
| B | I | I | I | I | F |
|
| ||
Risk Register |
|
| P | I | I | I | I | F |
|
| ||
Issues List |
|
| P | I | I | I | I | F |
|
| ||
Action Items |
|
| P | I | I | I | I | F |
|
| ||
Decision Log |
|
| P | I | I | I | I | F |
|
| ||
Lessons Learned Log |
|
| P | I | I | I | I | F |
|
| ||
Project Closeout Report |
|
|
|
|
|
|
|
| P/F |
| ||
Information Security Risk Assessment |
| P | I | I | I | I | F |
| U |
| ||
System Security Plan |
| P | I | I | I | I | F |
| U |
| ||
Privacy Impact Assessment |
| P | I | I | I | I | F |
| U |
| ||
Contingency Plan |
| P | I | I | I | I | I | I | F |
| ||
Contingency Plan Test |
|
|
|
|
|
| P/F |
| U |
| ||
Security Assessment |
|
|
|
|
|
| P/F |
| U |
| ||
Authorization Package |
|
|
|
|
|
| P/F |
| U |
| ||
Plan of Action & Milestones |
|
|
|
|
|
|
| P/F |
|
| ||
CMS CIO-Issued Authority to Operate |
|
|
|
|
|
|
| P/F |
|
| ||
Security Monitoring Reports |
|
|
|
|
|
|
|
| P/F |
| ||
IT Intake Request Form | P/F |
|
|
|
|
|
|
|
|
| ||
Enterprise Architecture Analysis Artifacts | P | I | F |
|
|
|
|
|
|
| ||
Business Case |
| P/F |
|
|
|
|
|
|
|
| ||
Requirements Document |
| P | I | B |
|
|
|
|
|
| ||
High-Level Technical Design |
| P/F |
|
|
|
|
|
|
|
| ||
Section 508 Assessment Package |
| P | I | I | I | I | I | F |
|
| ||
Logical Data Model |
|
| P | F |
|
|
|
|
|
| ||
Release Plan |
|
| P | I | F |
|
|
|
|
| ||
System of Records Notice |
|
|
| P | F |
|
|
|
|
| ||
Test Plan |
|
|
| P | I | B |
|
|
|
| ||
System Design Document |
|
|
|
| P/B |
|
|
|
|
| ||
Database Design Document |
|
|
|
| P | F |
|
|
|
| ||
Physical Database/Model |
|
|
|
| P/F |
|
|
|
|
| ||
Interface Control Document |
|
|
|
| P/B |
|
|
|
|
| ||
Data Use Agreement |
|
|
|
| P | I | I | F |
|
| ||
Test Case Specification |
|
|
|
| P | F |
|
|
|
| ||
Data Conversion Plan |
|
|
|
| P | F |
|
|
|
| ||
Computer Match Agreement/Interagency Agreement |
|
|
|
| P/F |
|
|
|
|
| ||
Implementation Plan |
|
|
|
| P | I | I | F |
|
| ||
User Manual |
|
|
|
| P | I | I | F |
|
| ||
Operations & Maintenance Manual |
|
|
|
| P | I | I | F |
|
| ||
Business Product/Code |
|
|
|
|
| P/B |
|
|
|
| ||
Version Description Document |
|
|
|
|
| P | B |
|
|
| ||
Training Plan |
|
|
|
|
| P/F |
|
|
|
| ||
Test Summary Report |
|
|
|
|
|
| P | F |
|
| ||
Training Artifacts |
|
|
|
|
|
| P | F |
|
| ||
System Disposition Plan |
|
|
|
|
|
|
|
| P/F |
| ||
Post Implementation Report |
|
|
|
|
|
|
|
| P/F |
| ||
Annual Operational Analysis Report |
|
|
|
|
|
|
|
| P/F |
| ||
Disposition Closeout Certificate |
|
|
|
|
|
|
|
|
| P/F | ||
Artifacts are completed per the Project Process Agreement | ||||||||||||
Project Management Artifacts |
|
|
|
|
| B – Baseline F – Final I – Interim P – Preliminary U – Update Yearly | ||||||
Security Artifacts |
|
|
|
|
| |||||||
Systems Development Artifacts |
|
|
|
|
| |||||||
|
|
|
|
|
| |||||||
Reviews are conducted per the Project Process Agreement | ||||||||||||
AR – Architecture Review ISR – Investment Selection Review PBR – Project Baseline Review RR – Requirements Review | PDR – Preliminary Design Review DDR – Detail Design Review ERR – Environment (Validation, Implementation, Production) Readiness Review ORR – Operational Readiness Review | |||||||||||
- Page last Modified: 04/30/2012 2:44 PM
- Help with File Formats and Plug-Ins