Governance and Compliance Process

PURPOSESCOPEPROCESS DESCRIPTIONPROCESS INPUTS/OUTPUTSSUPPORTING DOCUMENTATIONREVISION HISTORY

Process Owners: Manager, Business Relationship Management, and Manager, Solutions Development and Support

Note: An owner must be a PCES-level manager.

This document establishes standard processes for the Technology Solution Life Cycle (TSLC) Governance and Compliance phase within the Postal Service Technical Environment.

PURPOSE

The purpose of the Governance and Compliance process is to validate that requirements and design documents meet United States Postal Service (USPS) compliance standards. From a compliance standpoint, nothing changes.

SCOPE

This process applies to all:

PROCESS DESCRIPTION

The Governance and Compliance process, which validates that the required documents are up to date and stored in the TSLC Artifact Library, consists of the following sub-process.

The Business Relationship Management Program Manager (BRM PM) ensures that all of the required artifacts listed below from all of the previous phases have been completed correctly and uploaded to the appropriate location in the TSLC Artifacts Library.

Baseline artifacts are mandatory and must be uploaded before implementation. Tollgate artifacts must be uploaded within 10 business days after the associated Tollgate meeting for projects following the Tollgate process.

Artifact Name Audit Requirements Artifact Upload Location
Business Needs Statement (BNS) Tollgate Project / Initiate and Plan / BNS Tollgate
CCB Document Baseline, Tollgate Program / Change Control Board Document (Required)

Project / Initiate and Plan / Change Control Board Document (Required only if different from Program CCB Document.)
Master Release Inventory Tollgate Project / Initiate and Plan / BNS Tollgate
Documented BNS Tollgate Meeting Minutes Tollgate Project / Initiate and Plan / BNS Tollgate
Documented Stakeholder Approval to Proceed to Baseline Phase Tollgate Project / Initiate and Plan / BNS Tollgate
Requirements with Approval Baseline, Tollgate Project / Release / IT Change Request
Documented Baseline Tollgate Meeting Minutes Tollgate Project / Requirements / Baseline Tollgate
Documented Stakeholder Approval to Proceed to Finalize Release Phase Tollgate Project / Requirements / Baseline Tollgate
SOX Impact Assessment (SIA) SOX Project / Analysis and Design / SOX Impact Assessment Form
Documented Finalize Release Tollgate Meeting Minutes Tollgate Project / Analysis and Design / Finalize Release Tollgate
Documented Stakeholder Approval to Proceed to Implementation Phase Tollgate Project / Analysis and Design / Finalize Release Tollgate
Documented Implementation Tollgate Meeting Minutes Tollgate Project / Customer Acceptance Test / Implementation Tollgate
Final CAT Results with Scripts, and Approval (includes Documented Stakeholder Approval to Proceed to Closeout Phase)
or
CAT Exemption
Tollgate Project / Customer Acceptance Test / Implementation Tollgate
IT Change Request
  • Requirements with Approval
  • SIT:
    • Final SIT Results with Scripts, and Approval
    • or
    • SIT Exemption
  • CAT:
    • Final CAT Results with Scripts, and Approval
    • or
    • CAT Exemption and Post-Production Review (PPR)
Baseline Project / Release / IT Change Request
Documented Tollgate Meeting Minutes Tollgate Project / Release / Closeout Tollgate
PPR Tollgate Project / Release / Closeout Tollgate
Release Metrics Tollgate Project / Release / Closeout Tollgate
Documented Stakeholder Approval to Close Tollgate Project / Release / Closeout Tollgate
C&A Artifacts as called out in AS-805A CISO N/A

PROCESS INPUTS/OUTPUTS

Baseline artifacts are mandatory and must be uploaded prior to release to production unless the project is following the Tollgate process. If Tollgate, documents from the Tollgate must be uploaded within 10 business days of the Tollgate meeting.

Inputs

All artifacts listed in the Process Description section

Outputs

Verify that all artifacts, with emphasis on Baseline, Tollgate, and PCI / SOX (if applicable), are uploaded to the TSLC Artifacts Library.

SUPPORTING DOCUMENTATION

Access supporting documentation from ITWEB (Internal):

Access Supporting Documentation from USPS.com (external):

REVISION HISTORY

Version
Date
Description of Change
1.0 05.10.2013 Agile and Waterfall processes combined; updated for Tollgates, PCI, and general compliance; ownership of TSLC processes transferred from Manager, Solutions Development and Support, to Manager, Business Relationship Management.

Note: This document is Section 508 compliant.
1.1 08.16.2013 Scope, Process:
Updated to clarify that the Requirements must be approved, not the Requirements Traceability Matrix document.
1.2 03.18.2014 Process Description:
Removed baseline indicator from RTM for Sprint 0/Requirements phase.
1.3 02.10.2015 Process Description:
Removed PCI Impact Assessment artifact requirement. PCI Impact Assessment is retired.
1.3.1 06.15.2015 The annual review for functional accuracy and current PCI DSS requirements has been completed: No changes. CR 81805
1.3.2 06.26.2015 Non-substantive update: Update CR for annual review. Remove link and version of PCI DSS.
1.3.3 03.14.2016 Annual Review: No changes. The annual review for functional accuracy and current PCI requirements has been completed. CR 154951
1.3.4 10.31.2016 Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 223948
1.4 05.03.2017 Artifacts were updated as a result of the 2016 Lean Six Sigma effort to improve the TSLC process (approved by Manager, Business Relationship Management and Manager, Solutions Development and Support):
  • Updated artifacts table to contain only Tollgate, Baseline, and SOX artifacts.
  • The Requirements Traceability Matrix (RTM) is no longer a required artifact. Customer business requirements with approval replace the RTM and eliminate the need to upload redundant information.
  • SIT and CAT scripts are combined with the SIT and CAT results and are no longer required as standalone artifacts.
  • Artifacts are now uploaded to the Release phase / IT Change Request folder prior to release to simplify navigation and increase efficiency.

Process Owner: Added Manager, Solutions Development and Support.

Removed references to Waterfall methodology. CR 269601
Powered By OneLink