The purpose of this rule is to implement the provisions of section 282.0051(3) FS, establishing project management and oversight standards with which state agencies must comply when implementing information technology projects.  

  • Notice of Proposed Rule

     

    AGENCY FOR STATE TECHNOLOGY

    RULE NOS.: RULE TITLES:

    74-1.001 Purpose and Applicability; Definitions

    74-1.002 Risk and Complexity Assessment

    74-1.003 Initiation

    74-1.004 Planning

    74-1.005 Execution

    74-1.006 Monitoring and Controlling

    74-1.007 Closeout

    74-1.008 Compliance with the Florida Information Technology Project Management and Oversight Standards

    74-1.009 Agency for State Technology Oversight

    PURPOSE AND EFFECT: The purpose of this rule is to implement the provisions of Section 282.0051(3), F.S., establishing project management and oversight standards with which state agencies must comply when implementing information technology projects.

    SUMMARY: The proposed rulemaking adopts new rules that establish Rules 74-1.001 through 74-1.009, F.A.C. as the Florida Information Technology Project Management and Oversight Standards, and provides project management and standards that state agencies must comply with when implementing information technology projects.

    SUMMARY OF STATEMENT OF ESTIMATED REGULATORY COSTS AND LEGISLATIVE RATIFICATION: The Agency has determined that this will not have an adverse impact on small business or likely increase directly or indirectly regulatory costs in excess of $200,000 in the aggregate within one year after the implementation of the rule. A SERC has not been prepared by the Agency.

    The Agency has determined that the proposed rule is not expected to require legislative ratification based on the statement of estimated regulatory costs or if no SERC is required, the information expressly relied upon and described herein: the economic review conducted by the Agency.

    Any person who wishes to provide information regarding a statement of estimated regulatory costs, or provide a proposal for a lower cost regulatory alternative must do so in writing within 21 days of this notice.

    RULEMAKING AUTHORITY: 282.0051(18) FS.

    LAW IMPLEMENTED: 282.0051 FS.

    A HEARING WILL BE HELD AT THE DATE, TIME AND PLACE SHOWN BELOW:

    DATE AND TIME: April 27, 2015, 2:00 p.m.

    PLACE: Via telephone conference call at: 1(888)670-3525, participant pass code is: 889 868 0249

    For anyone wishing to attend in person: First District Court of Appeal, 2000 Drayton Drive, Room 1183, Tallahassee, Florida 32399

    THE PERSON TO BE CONTACTED REGARDING THE PROPOSED RULE IS: Shelley McCabe at (850)412-6057 or at shelley.mccabe@ast.myflorida.com

     

    THE FULL TEXT OF THE PROPOSED RULE IS:

     

    74-1.001 Purpose and Applicability; Definitions.

    (1) Purpose and Applicability

    (a) Rules 74-1.001, F.A.C., through 74-1.009, F.A.C., will be known as the Florida Information Technology Project Management and Oversight Standards.

    (b) The purpose of this Rule is to:

    Establish project management and oversight standards when implementing information technology (IT) projects. These standards are documented in Rule 74-1.002, F.A.C., through 74.1.008, F.A.C. State Agencies must comply with these standards when implementing IT projects, and Cabinet Agencies are required to either adopt these standards or adopt alternative standards based on best practices and industry standards. However, in accordance with Section 282.00515, F.S., for projects that have a total cost of $25 million or more and that impacts one or more other agencies, Cabinet Agencies must adopt the standards documented in Rule 74-1.002, F.A.C., through 74.1-008, F.A.C.

    Establish oversight standards that the Agency for State Technology (AST) will use for oversight of IT projects. These standards apply to IT projects of State Agencies that have a total cost of $10 million or more and that are funded in the General Appropriations Act or any other law; and IT projects of Cabinet Agencies with a total cost of $25 million or more and that impact one or more other agencies. (Per Sections 282.0051(4) and 282.0051(15) (a) (b), F.S.). These standards are documented in Rule 74-1.009, F.A.C.

    (c) Operations and Maintenance (O&M) activities intended to support an existing product or service to keep it in conformance with its originally intended specifications are exempt from these standards.

    (d) These standards, per Section 282.0051(3), F.S., also address:

    Performance measurements and metrics that objectively reflect the status of an IT project based on a defined and documented project schedule, cost, and scope.

    Methodologies for calculating acceptable variances in the projected versus actual schedule, cost, and scope of an IT project.

    Reporting requirements, including requirements designed to alert all defined stakeholders that an IT project has exceeded acceptable variances.

    Content, format, and frequency of project updates.

    (e) In 2016, AST will begin conducting annual assessments to determine Agency compliance with the the Florida Information Technology Project Management and Oversight Standards set forth in Rule 74.1.008, F.A.C., (Per Section 282.0051(10), F.S.).

    (f) State Agencies and Cabinet Agencies will incorporate the Florida Information Technology Project Management and Oversight Standards set forth in this rule in competitive solicitations and procurement documents or contract agreements for IT projects.

    (2) Definitions.

    (a) The following terms are defined:

    1. Action Item - A documented event, task, activity, or action that needs to take place. Action Items are discrete units that are assigned to a single person for tracking and reporting until resolution.

    2. Agency(ies) - For purposes of this Rule means State Agencies, Cabinet Agencies that do not adopt alternative project management standards based on best practices and industry standards pursuant to section 282.00515, F.S., and Cabinet Agencies with IT projects that have a total project cost of $25 million or more and that impact one or more other Agencies.

    3. AST – Agency for State Technology.

    4. Baselined Schedule - The agency-approved version of the project schedule that can be changed only through formal change control procedures. This document is used as a basis for Earned Value Analysis.

    5. Cabinet Agency(ies) – The Department of Legal Affairs, the Department of Agriculture and Consumer Services, and the Department of Financial Services.

    6. Change Control – a formal process used to ensure that changes to a project (such as documents, deliverables, or baselines) are introduced and approved in a controlled and coordinated manner.

    7. Complexity – Technological and management characteristics of the project and the potential impacts, both positive and negative, that these characteristics could have on the project’s risks.

    8. Corrective Action Plan - A plan that illustrates corrective actions required to bring the project back within established schedule, cost, and scope parameters.

    9. Cost Performance Index (CPI) – A ratio that represents project efficiency in terms of how much a project is actually spending compared to the planned spending as of a specific date.

    10. Earned Value – An approach to measuring project performance that is based on comparing actual progress against planned progress as of a specific date.

    11. Earned Value Analysis - An approach to measuring project performance that is based on comparing actual progress against planned progress.

    12. Independent Verification and Validation (IV&V) –A review of the project plans and other project artifacts by an independent third party. The primary objective of an IV&V is to provide an objective assessment of products and processes throughout the project management lifecycle. In addition, IV&V will facilitate early detection and correction of errors, enhance management insight into risks, and ensure compliance with project performance, schedule, and budget requirements. The IV&V entity must have no technical, managerial, or financial interest in the project (or Agency) and will not have any responsibility for, or participation in, any other aspect of the project.

    13. Information Technology – Equipment, hardware, software, firmware, programs, systems, networks, infrastructure, media, and related material used to automatically, electronically, and wirelessly collect, receive, access, transmit, display, store, record, retrieve, analyze, evaluate, process, classify, manipulate, manage, assimilate, control, communicate, exchange, convert, converge, interface, switch, or disseminate information of any kind or form as defined in Section 282.0041 (11), F.S..

    14. Issue - A significant, certain occurrence impacting planned project execution that the project team must identify and address. An issue must be resolved as soon as possible; otherwise, it will have detrimental effects on the project.

    15. PMP® Certified Project Manager – Project Management Professional (PMP®) is a certification administered by the Project Management Institute that demonstrates experience, education, and competency to lead and direct projects.

    16. Project - An endeavor that has a defined start and end point; is undertaken to create or modify a unique product, service, or result; and has specific objectives that, when attained, signify completion as defined in Section 282.0041 (16), F.S.

    17. Project Change - Something that is outside the documented and approved project scope or is a change to baselined project requirements, project schedule, or project cost (including resource effort). A project change requires approval, by project governance, for additional resources, funding, or modifications to the project schedule.

    18. Project Governance – Project governance is an oversight process aligned with (but separate from) the Agency management structure. Project governance provides the project manager, project team, project sponsor(s), and all stakeholders with structure, processes, decision-making models, and tools to ensure the successful management of the project and delivery of the product. It includes a framework for making project decisions (including project change control and deliverable acceptance) and defining roles, responsibilities, and accountabilities for the success of the project.

    19. Project Life Cycle (PLC) – The project life cycle encompasses all the project management activities of the project grouped by the standard PLC phases of Initiation, Planning, Execution, Monitoring and Control, Execution, and Closure.

    20. Project Oversight – Independent review and analysis of an information technology project that provides information on the project’s scope, completion timeframes, and budget and that identifies and quantifies issues or risks affecting the successful and timely completion of the project as defined in Section 282.0041 (17), F.S.

    21. Project Management Plan - The document that defines how the Agency will execute, monitor, control, and close the project.

    22. Project Schedule – A listing of a project's milestones, activities, and deliverables, with work estimates and start and finish dates. These estimates include budget and resource allocation, as well as task sequencing and dependencies.

    23. Project Sponsor - The State Agency senior management role that approves the allocation of resources for an endeavor, develops a common vision, provides ongoing commitment to the project, and continually assesses success.

    24. Project Variance - A quantifiable or qualitative deviation from an approved baseline or expected value. AST will use Cost Performance Index (CPI) and Schedule Performance Index (SPI) calculations and budget and scope variance analysis to determine the degree of project variance between project baselines and actual project performance.

    25. Risk – An uncertain event or condition which may or may not happen and uncertainties caused by ambiguity or a lack of information. A Risk could have a negative or positive impact on one or more project objectives.

    26. Risk Manager – An individual responsible for managing a project’s risk, such as conducting risk management planning, risk identification, analysis, response planning, and tracking of risks and mitigation throughout the project.

    27. Schedule Performance Index (SPI) – A ratio that represents how efficiently a project is progressing compared to the project’s planned progress.

    28. Scope Baseline – Documented scope and objectives set forth in the agency-approved project plan document.

    29. Scope Variance - Deviation from the documented objectives and scope set forth in the agency-approved project plan documents.

    30. Scope Variance Analysis - An approach to measuring project performance that is based on comparing actual scope against planned scope.

    31. Significant Change - Significant Change are those changes that will modify a project’s approved cost, schedule, or scope, either by themselves or cumulatively, by more than 10%.

    32. Stakeholder – A person, group, organization, or state agency involved in or affected by a course of action as defined in Section 282.0041 (21), F.S.

    33. State Agency(ies) - Any official, officer, commission, board, authority, council, committee, or department of the executive branch of state government; the Justice Administrative Commission; and the Public Service Commission. The term does not include university boards of trustees or state universities. The term does not include the Department of Legal Affairs, the Department of Agriculture and Consumer Services, or the Department of Financial Services as defined in Section 282.0041 (23), F.S. (See Cabinet Agency(ies))

    34. Trend – a series of at least three data points indicating movement upward or downward.

    35. Work Breakdown Structure (WBS) - A hierarchical and deliverable-oriented decomposition of a project into smaller components. The WBS is a framework for overall planning and is the basis for dividing work into definable increments from which schedule, cost, and scope can be defined.

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    74-1.002 Risk and Complexity Assessment.

    (1) The Agency will perform Risk & Complexity Assessments (R&C Assessments) for information technology (IT) projects to evaluate the risk and complexity factors for each IT project. The purpose of the assessments is to determine the minimum level of project management control necessary to manage a given project in order to reduce risk and increase the probability of success.

    (2) These assessments align projects by risk and complexity levels into one (1) of four (4) Risk and Complexity (R&C) Categories, which determine the amount of project management control required. The following diagram indicates the distribution of risk and complexity levels into the R&C Category:

     

     

    Complexity

    Low

    Medium

    High

    Risk

    Low

    1

    1

    2

    Medium

    2

    2

    3

    High

    3

    3

    4

     

    (a) Category 4 represents High Risk and High Complexity projects.

    (b) Category 3 represents High Risk and Medium Complexity projects, High Risk and Low Complexity projects, or Medium Risk and High Complexity projects.

    (c) Category 2 represents Medium Risk and Medium Complexity projects, Medium Risk and Low Complexity projects, or Low Risk and High Complexity projects.

    (d) Category 1 represents Low Risk and Medium Complexity projects or Low Risk and Low Complexity projects.

    (e) Specific lifecycle phase requirements for each category are identified in Rules 74-1.003, F.A.C. - Initiation, 74-1.004, F.A.C. - Planning, 74-1.005, F.A.C. - Execution, 74-1.006, F.A.C. - Monitoring and Controlling, and 74-1.007, F.A.C. - Closure.

    (3) The R&C Assessments are conducted using Form AST-F-0505A, AST Risk & Complexity Assessment Workbook. This workbook is used by Agencies to determine the cumulative R&C Category designation. The R&C Assessment Workbook is divided into seven (7) separate assessment worksheets which are conducted at four (4) key points in the project management life cycle. Form AST-0505A, AST Risk & Complexity Assessment Workbook, is hereby incorporated by reference in this Rule. Form AST-0505A can be found on the AST web site at: http://www.ast.myflorida.com/.

    (a) The Agency must complete a Pre-Charter R&C Assessment (consisting of a Risk worksheet and a Complexity worksheet) at the start of the Initiation phase of the project. During this assessment, the Agency will review priorities and business need, assess the project, and analyze factors that might impact project success. The resulting R&C Category establishes the project management control requirements to be applied during the project Initiation phase. (See Rule 74-1.003, F.A.C. - Initiation)

    (b) The Agency must complete an Initiation Gate R&C Assessment at the end of the Initiation phase following completion of project Initation documentation. During this assessment, the Agency will review Initiation documents,validate or amend the previous R&C assessment findings, and complete the Initiation Gate R&C Assessment (consisting of a Risk worksheet and a Complexity worksheet). This assessment will confirm or adjust the project’s cumulative risk & complexity level and resulting R&C Category, examine the effectiveness of Initiation phase activities, and set requirements for the project Planning phase. (See Rule 74-1.004, F.A.C. - Planning)

    (c) The Agency must complete a Planning Gate R&C Assessment at the end of the Planning phase, following completion of project planning documentation. During this assessment, the Agency will review project documents, validate or amend the previous R&C assessment findings, and complete the Planning Gate R&C Assessment (consisting of a Risk worksheet and a Complexity worksheet). This assessment will confirm or adjust the project’s cumulative risk and complexity level and resulting R&C Category, examine the effectiveness of Planning phase activities, and set requirements for the project Execution and Monitoring and Controlling phases. (See Rule 74-1.005, F.A.C. - Execution and 74-1.006, F.A.C. - Monitoring and Control)

    (d) The Agency must complete an Event-Driven R&C Assessment if the project experiences a significant change, or cumulative changes (in cost, schedule, or scope) from the project baseline. During this assessment, the Agency will review the change control request(s) and project documentation. The Agency will also review, validate or amend the previous R&C assessment findings, and complete the Event-Driven R&C Assessment (consisting of a Risk worksheet). This assessment will confirm or adjust the project’s cumulative risk & complexity level and resulting R&C Category and determine if review and amendment to project management baselines are needed.

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    74-1.003 Initiation

    (1) Project Initiation is the first phase in the project management lifecycle. In the Initiation phase, information technology projects are transitioned from ideas to a viable project proposal (through the Agency’s project request process) for consideration and approval by the Agency’s management.

    (2) The Agency must complete the Pre-Charter Risk and Complexity (R&C) Assessment for the project (see 74-1.002, F.A.C. - Risk and Complexity Assessment). This assessment will provide the project risk and complexity levels and resulting R&C Category, which will define the management control activities required for the Initiation phase.

    (3) The following matrix lists Initation phase activities and documents required for the project based on its R&C Category as determined by the Pre-Charter R&C Assessment.

    (4) If an individual document listed in the matrix below is not required for a given R&C Category, the Agency is still expected to conduct the planning activity and summarize the results in the Project Charter.

    (5) Specific document templates are not prescribed – any project documentation that contains the information specified in the requirements below is acceptable.

     

    INITIATION PHASE

    Risk & Complexity Category

    Documentation or Activity

    Requirements

    4

    3

    2

    1

    Business Case and Alternative Analysis

    Articulate a clear path to a return on investment (ROI) or business value in instances where a positive ROI is not present. Demonstrate a clear understanding of the processes, costs, strengths, and weakness of the Agency’s current business process. Document, identify, and analyze potential solutions. Provide a compelling argument for implementation and examine benefits and risks associated with the recommended course of action as well as not taking the action.

    Required

    Required

    Preparation of a Business Case and Alternatives Analysis is not required; however, the planning in this area must be included in the Project Charter.

    Preparation of a Business Case and Alternatives Analysis is not required; however, the planning in this area must be included in the Project Charter.

    Cost Benefit Analysis

    Document the economic feasibility of the alternatives being considered including the planned project costs, as well as each of the tangible benefits, and then calculate key financial performance metrics such as ROI and payback period.

    Required

    Required

    Preparation of a Cost Benefit Analysis is not required; however, the planning in this area must be included in the Project Charter.

    Preparation of a Cost Benefit Analysis is not required; however, the planning in this area must be included in the Project Charter.

    Project Charter

     

    Document and formally communicate the existence of the project; appoint the project manager; identify the stakeholders and the project governance framework; authorize the expenditure of resources; establish the initial budget, schedule, and scope. This will serve as the basis for detailed planning.

    Required

    Required

    Required

    Required

    Centralized

    Project Repository

    Establish a centralized project repository to house and archive all project documentation. This repository should be documented in project planning materials.

    Required

    Required

    Required

    Required

    Project Manager

    The Project Manager must be PMP® certified.

    Required

    Required

     

     

    Risk Manager

    Appointment of a Risk Manager, other than the Project Manager.

    Recommended

     

     

     

    Independent Verification and Validation (IV&V)

    Employ Independent Verification and Validation (IV&V)

    Recommended

     

    Recommended

     

     

     

    (6) The Agency must complete the Initiation Gate R&C Assessment (see 74-1.002, F.A.C. - Risk and Complexity Assessment). This Assessment will confirm or adjust the project’s risk and complexity levels and the resulting R&C Category, validate Initiation management control requirements, and set management control requirements for the subsequent Planning Phase.

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    74-1.004 Planning.

    (1) In the Planning phase, the Agency develops and approves detailed project planning documents.

    (2) The following matrix lists planning activities and documents required for the project based on the project’s Risk and Complexity (R&C) Category.

    (a) Specific document templates are not prescribed – any project documentation that contains the information specified in the requirements below is acceptable.

    (b) This documentation, whether created separately or combined as a single document, constitutes the Project Management Plan.

    (3) If an individual document listed in the matrix below is not required for a given R&C Category, the Agency is still expected to conduct the planning activity and summarize the results in the Project Plan Summary.

     

    PLANNING PHASE

    Risk & Complexity Category

    Documentation or Activity

    Requirements

    4

    3

    2

    1

    Project Scope and Objectives

    Clearly delineate the project scope, specifically what is in scope and what is out of scope. Include objectives, deliverables, assumptions, and constraints. This will determine scope baselines and variances.

    Discuss how the project scope and objectives trace back through the Project Charter to initial project documents such as the Schedule IV-B.

    Required

    Required

    Required

    Preparation of a formal Scope and Objectives document is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

     

    Work Breakdown Structure (WBS)

    The hierarchical and incremental decomposition of the project into phases, deliverables, and work packages. Identifies all the tasks required to deliver the total scope of work to produce each deliverable. Tasks must be decomposed into subtasks until they can be estimated, observed, and evaluated.

    Required

    Recommended

     

     


    Project Organizational and Governance Structure

    A representation of the project from an organizational perspective. Include an organization chart with stakeholder and governance structures identified. Include a detailed description of the project and the Agency’s governance process with roles, responsibilities, and approval authorities identified for project documents or artifacts, including any processes for final product acceptance. Include reporting and escalation parameters for variances in schedule, cost, and scope.

    Required

    Required

    Preparation of an Organizational & Governance Structure document is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

     

    Preparation of an Organizational & Governance Structure document is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

     

    Resource Plan

    Document the resources required to complete the project and how these resources will be acquired.

    For personnel – identify project roles, skills, number, and resource type required, and specify the method(s) for acquiring new personnel or incorporating and backfilling the current responsibilities of existing personnel.

    For equipment or materials, identify types, quantities, and purpose, and specify the method(s) for acquiring equipment or materials.

    Required

    Required

    Preparation of a Resource Plan document is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

     

    Preparation of a Resource Plan document is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

     

    Project Schedule

    Develop and maintain a schedule that is: fully task, resource, and cost loaded; identifies the total scope of work; base-lined and updated with project progress; and contains the information necessary to provide earned value analysis and support schedule and cost performance index (SPI and CPI) variance analysis and reporting.

    The Project Schedule must be updated weekly.

    The Agency must track and report schedule status in their Project Status Report (see rule 74-1.006, F.A.C. - Monitoring and Controlling for status report requirements and a detailed description of SPI and CPI).

     

    Required

    Required

    Develop, baseline and maintain a schedule that identifies the total scope of work, assigned resources, and task completion dates. The schedule must be updated weekly. The Agency must track and report schedule status in their Project Status Report (See 74-1.006, F.A.C. - Monitoring and Controlling for status report requirements).

     

    Develop, baseline and maintain a schedule that identifies the total scope of work, assigned resources, and task completion dates. The schedule must be updated weekly. The Agency must track and report schedule status in their Project Status Report (See 74-1.006, F.A.C. - Monitoring and Controlling for status report requirements).

     

    Project Budget

    Develop and maintain a Project Budget, which must include specific fiscal year cost totals over the life of the project and the overall total cost of the project. Also include a description of the funding source(s) for the Project and a breakdown of the Project costs by major expense categories.

    Required

    Required

    Required

    Required

    Project Spending Plan

    Develop and maintain a Project Spending Plan, which, as a component of the Project Budget, must include monthly budgeted and actual costs for Other Personal Services (OPS) staff, contractors, deliverables, major project tasks, hardware, Commercial off-the-shelf (COTS) software, miscellaneous equipment, and other costs for each fiscal year.

    Required

    Required

    Preparation of a Project Spending Plan is not required; however, the Agency must include summary spending plan information in the Project Plan Summary with detail required for the Project Status Report (See 74-1.006, F.A.C. - Monitoring and Controlling for detailed requirements for the project status report).

    Preparation of a Project Spending Plan is not required; however, the Agency must include summary spending plan information in the Project Plan Summary with detail required for the Project Status Report (See 74-1.006, F.A.C. - Monitoring and Controlling for detailed requirements for the project status report).

    Communications Plan

    Identify the project information requirements of stakeholders and detail what, when, and how information will be collected and reported.

    This will include the responsibility, frequency, format, and distribution method for meeting summaries, project status reports, project governance meetings, and stakeholder communications, including reporting variances in schedule, cost, or scope and emerging risks or issues.

    Include documentation for Decision Tracking and Action Item Tracking (see Rule 74-1.006, F.A.C. - Monitoring and Controlling).

    Required

    Required

    Required

    Preparation of a Communication Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

    Change Management Plan

    Document the change control process and documentation involved in identifying, escalating, approving, and managing project change requests related to the project’s schedule, cost, or scope baselines, or a change to project deliverables (see Rule 74-1.006, F.A.C. - Monitoring and Controlling). Include a summary of the change governance framework (see Organizational & Governance Structure above).

    Required

    Required

    Required

    Preparation of a Change Management Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

    Quality Management Plan

    Document the processes and procedures for ensuring quality planning, quality assurance, and quality control are all conducted.

     

    Required

    Preparation of a Quality Management Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

    Preparation of a Quality Management Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

    Deliverable Acceptance Plan

    Document each deliverable, the acceptance criteria for each deliverable, and the deliverable acceptance process.

    Required

    Required

    Required

    Preparation of a Deliverable Acceptance Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary

    Risk Management Plan

    Document the process for the descriptive identification (listing), evaluation (probability and impact), prioritization, and response to risks (specified mitigation strategies for each risk), as well as the nature of any time sensitivity to risks that may impact the project. Identify the roles and responsibilities of project staff assigned to risks. Identify and document the process to be used for tracking, periodic review, and update of Risks (see Rule 74-1.006, F.A.C. - Monitoring and Controlling).

    Required

    Required

    Required

    Preparation of a Risk Management Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary. In addition, Agencies must track risks and report their status in the Project Status Report (See 74-1.006, F.A.C. - Monitoring and Controlling for detailed requirements)

    Issue Management Plan

    Document the process for (and the documentation of) the identification, evaluation, prioritization, management, and response to issues impacting the project. Identify and document the process to be used for tracking, periodic review, and update of Issues (see Rule 74-1.006, F.A.C. - Monitoring and Controlling). Identify the roles and responsibilities of project staff.

     

    Required

    Required

    Required

    Preparation of an Issue Management Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

    In addition, Agencies must track issues and report their status in the Project Status Report (See 74-1.006, F.A.C. - Monitoring and Controlling for detailed requirements).

    Procurement Management Plan

     

     

    If procurement is required by the project, document any products or services needed, identify the necessary products and services to be purchased, along with the appropriate purchasing methods, rules, and statutes affecting these activities.

    Required, if applicable

    Required, if applicable

    Required, if applicable

    Preparation of a Procurement Management Plan is not required; however, if applicable, the Agency must include a summary of planning in this area in the Project Plan Summary.

    Organizational Change Management Plan

    Assess and document the impact of delivering the project’s products to the user organization and individual users; the readiness of the user organization and individual users to accept those changes; and identify, describe, and plan the action necessary to facilitate those changes.

    Required

    Required

    Preparation of an Organizational Change Management Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

    Preparation of an Organizational Change Management Plan is not required; however, the Agency must include a summary of planning in this area in the Project Plan Summary.

    System Security Plan

    See Rule Chapter 74-2, F.A.C. - Information Technology Security

    Required

    Required

    Required

    Required

    Requirements Traceability Matrix (RTM)

    Prepare a document (usually a table) that links high-level design and requirements with detailed requirements, detailed design, test plan, and test cases.

    The RTM ensures that all requirements are identified and correctly linked (from high-level to detailed and technical levels) throughout the project.

    Required

    Required

    Required

    Required

    Project Plan Summary

    A document providing an overview of the planning for the management of the project that addresses all of the aforementioned documents and activities.

     

     

    Required

    Required

     

    (4) The Agency must complete the Planning Gate R&C Assessment at the end of the Planning Phase (see 74-1.002, F.A.C. - Risk and Complexity Assessment). This Assessment will confirm or adjust the project’s risk and complexity levels and the resulting R&C Category, validate Planning management control requirements, and set management control requirements for the subsequent Execution and Monitoring and Controlling phases.

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    74-1.005 Execution.

    (1) The Execution phase involves carrying out and managing all the activities described in the Project Management Plan.

    (2) The majority of Execution phase activities and documentation will be associated with the Agency’s specific Systems Development Life Cycle (SDLC) process and requirements.

    (3) All changes to the approved and baselined Project Management Plan (project schedule, cost, or scope) must follow the Agency’s project change control and governance processes.

     

    EXECUTION PHASE

    Risk & Complexity Category

    Documentation or Activity

    Requirements

    4

    3

    2

    1

    Project Schedule

    Execute and update the approved project schedule weekly with actual work effort and project progress (tasks, milestones, and deliverables completed) to track Schedule Performance Index (SPI) and Cost Performance Index (CPI).

     

    Required

    Required

    Execute and update the project schedule with actual work effort and project progress (tasks, milestones, and deliverables completed).

    Execute and update the project schedule to track actual work effort and project progress (tasks, milestones, and deliverables completed).

    Project

    Spending

    Plan

    Maintain the Project Spending Plan and include Spending Plan data in the Monthly Project Status Report (see 74-1.006, F.A.C. - Monitoring and Controlling for status report requirements).

    Required

    Required

     

     

    Procurement Management Plan

    If procurement is required, the Agency will conduct procurements as documented in the approved Procurement Management Plan.

    Required

    Required

    Required

    If required, conduct procurements as documented in the Project Planning Summary.

    Quality Management Plan

    Perform quality assurance activities as specified in the approved Quality Management Plan.

    Required

    Required

    Perform quality assurance activities outlined in the Project Planning Summary.

    Perform quality assurance activities outlined in the Project Planning Summary.

    Communications Plan

    Manage project communications as specified in the approved Communications Plan.

    Required

    Required

    Required

    Manage communications and stakeholder needs as outlined in the Project Planning Summary.

    Provide project status reports as required in this Rule. (see 74-1.006, F.A.C. - Monitoring and Controlling for status report requirements)

    Facilitate communications within the project team and with the project sponsor and stakeholders.

    Required

    Required

     

    Required

    Required

    Deliverable Acceptance Plan

    Execute the Deliverable Acceptance Plan.

    Required

    Required

    Required

    Document deliverable acceptance in accordance with deliverable acceptance processes, criteria, and the project governance process outlined in the Project Planning Summary.

    Organizational Change Management Plan

    Execute the Organizational Change Management Plan.

    Required

    Required

    Facilitate organizational change management as outlined in the Project Planning Summary.

    Facilitate organizational change management as outlined in the Project Planning Summary.

    Operations and Maintenance (O&M) Plan

    Develop an O&M Plan prior to the scheduled completion of the project’s Execution phase. Obtain concurrence from financial, information technology, and operational managers on their readiness to support the system from a budgetary, staffing, technology, and operational perspective after go-live.

    Required

    Required

    Required

    Required

     

    (4) Agency project management activities required during the Execution phase are further described in 74-1.006, F.A.C. - Monitoring and Controlling.

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    74-1.006 Monitoring and Controlling.

    (1) Project Monitoring and Controlling spans all phases of the project and involves the regular review of project status in order to identify variances from approved project schedule, cost, and scope.

    (2) Risk and Complexity (R&C) Category 4 and 3 Projects will use Earned Value analysis to ensure that the schedule provides an accurate representation of project status.

    (a) Schedule Performance Index (SPI)

    1. SPI is a measure of schedule efficiency expressed as a ratio of Earned Value (EV) to Planned Value (PV): SPI = EV/PV, where Earned Value is the measure of work performed expressed in terms of the budget amount authorized for that work, and Planned Value is the authorized budget assigned to scheduled work. Planned Value corresponds to the approved baseline budget.

    2. A SPI value of less than 1.0 indicates that less work was completed, in a given time frame, than was planned.

    3. A SPI value greater than 1.0 indicates that more work was completed, in a given time frame, than was planned.

    (a) Cost Performance Index (CPI)

    1. CPI is a measure of cost efficiency of budgeted resources for the work completed. CPI is expressed as a ratio of Earned Value (EV) to Actual Cost (AC): CPI = EV/AC, where Earned Value is the measure of work performed expressed in terms of the budget amount authorized for that work, and Actual Cost is the realized cost incurred for the work performed on an activity or set of activities during a specific time period.

    2. A CPI value of less than 1.0 indicates a cost overrun for work completed, in a given time frame.

    3. A CPI value greater than 1.0 indicates a cost underrun of performance to date.

    (3) The following matrix details Monitoring and Controlling documentation and activities required for the project based on the project’s R&C Category.

     

    MONITORING AND CONTROLLING PHASE

    Risk & Complexity Category

    Documentation or Activity

    Requirements

    4

    3

    2

    1

    Monitor and Control Project Schedule

    Update the schedule weekly to reflect actual progress toward completion of scheduled tasks, milestones, and deliverables

    Required

    Required

    Required

    Required

    Use SPI to assess schedule variance.

    If SPI analysis indicates a trend towards a variance equal to or greater than 10% (SPI score ≤ 0.90 or ≥ 1.10), communicate the variance explanation to the project stakeholders.

    Required

    Required

     

     

    Evaluate the baselined schedule against current progress.

    1. Identify overdue tasks and compute the percentage of late tasks related to total tasks for the period (Number of Overdue Tasks / Number of Total Tasks).

    2. If this analysis indicates a trend towards a variance, communicate the variance explanation to the project stakeholders.

     

     

    Required

    Required

    If the schedule requires revision, follow the project change control process and the governance process.

    Required

    Required

    Required

    Required

    Monitor and Control Project Cost

    Monitor project costs at least monthly to identify both positive and negative variances between planned and actual expenditures.

    1. Compare planned costs to actual costs captured in the spend plan or the budget.
    2. Identify the difference in planned and actual costs and compute the percentage of cost variance for the period (Cost Variance / Total Planned Cost).
    3. If there is a variance (positive or negative), communicate the variance explanation to the project stakeholders.

    Required

    Required

    Required

    Required

    Use CPI to assess cost variance.

    If the CPI analysis indicates a trend towards a variance equal to or greater than 10% (CPI score ≤ 0.90 or ≥ 1.10), communicate the variance explanation to the project stakeholders.

    Required

    Required

     

     

    If the budget requires revision, follow the approved project change control process and governance process.

    Required

     

     

    Required

    Required

    Required

    Monitor and Control Project Scope

    Monitor project status and product scope, and manage changes to the original and agreed-upon scope as documented in the approved project planning documents.

    If the scope requires revision, follow the approved project change control and governance processes.

    Required

    Required

    Required

    Required

    Monitor and Control Project Quality

    Control quality as documented in the Quality Management Plan or the Project Plan Summary.

    Required

    Required

    Required

    Required

    Monitor and Control Project Change

    Follow the change control process(es) documented in the Change Management Plan or the Project Plan Summary.

    Complete an Event-Driven Risk & Complexity (R&C) Assessment for significant change requests (see 74-1.002, F.A.C. - Risk and Complexity Assessment). This assessment will confirm or adjust the project’s cumulative risk and complexity levels and R&C Category, and assist the Agency in determining whether changes to any project management plan documents and baselines are needed.

    If changes to any project plans, documents, or baselines are needed, follow the approved project change control process and governance processes. When proposing substantial project change requests for governance approval, the request must include the results of the Event-Driven R&C Assessment.

    Maintain a Change tracking log that includes Change description, project impact (scope, schedule, and cost), owner, and status. This log is used to track, enter, review, analyze, update, monitor, and report on project changes.

    Required

    Required

    Required

    Required

    Monitor and Control Project Procurement

    Control procurements as documented in the approved Procurement Management Plan or the Project Plan Summary.

    Required

    Required

    Required

    Required

    Monitor and Control Project Risks

    Control risks as documented in the approved Risk Management Plan or Project Plan Summary.

    Perform risk reassessments to identify new risks, reassess current risks, escalate risks to issues, and close outdated risks.

    Maintain a risk tracking log that includes risk description, owner, response / mitigation strategy, as well as risk probability, impact (or criticality), and tolerance. This log is used to track, enter, review, analyze, update, monitor, and report on risks.

    Required

    Required

    Required

    Required

    Monitor and Control Project Issues

    Control issues as documented in the approved Issue Management Plan or Project Plan Summary. Review issues to identify new issues, reassess current issues, and close resolved issues.

    Maintain an issue tracking log, which includes Issue description, owner, status, and priority. This log is used to track, enter, review, analyze, update, monitor, and report on issues.

    Required

    Required

    Required

    Required

    Decision Tracking

    Maintain a decision tracking log that includes decision description, approval authority, date, project impact (scope, schedule, and cost), and status.

    This log is used to track, enter, review, analyze, update, monitor, and report on decisions.

    Required

    Required

    Required

    Recommended

    Action Item Tracking

    Maintain an action item log that includes Action Item description, owner, dates assigned and due, priority, and status. This log is used to track, enter, review, analyze, update, monitor, and report on action items.

    Required

    Required

    Required

    Recommended

    Requirements Traceability Matrix

    (RTM)

    Review and amend the RTM to capture progressive detail of requirements linkage throughout the project.

    This matrix is used to document and link requirements from their origin to the deliverables that satisfy them.

    Required

    Required

    Required

    Required

    Lessons Learned

    Capture lessons learned from project team and stakeholders throughout the project.

    Required

    Required

    Recommended

    Recommended

     

    (4) The Agency will report project status (as required in the Communications Plan) based on the project’s R&C Category. Form AST-F-0505B, Project Status Report, is hereby incorporated by reference in this Rule. Form AST- F-0505B can be found on the AST web site at: http://www.ast.myflorida.com/. Status reports will include:

     

    MONITORING AND CONTROLLING PHASE

    Risk & Complexity Category

    Documentation

    Requirements

    4

    3

    2

    1

    Interim Project Status Report

    Sections 1, 2, 3, and 5 of the Project Status Report Form

    Weekly

    Weekly

    Bi-weekly

    Bi-weekly

    Monthly Project Status Report

    All Sections of the Project Status Report Form

    Monthly

    Monthly

    Monthly

    Monthly

    Sections

    Items Required

    4

    3

    2

    1

    Section 1 – Project Status Overview

    • Overview of Project Progress.
    • Overall status of schedule, scope, risks, and budget
    • Explanation of any variance

    Required

    Required

    Required

     

    Required

    • Schedule Performance Index (SPI)
    • Cost Performance Index (CPI)

    Required

    Required

     

     

    Section 2 – Project Progress

    A. Project Milestones & Deliverables

    Required

    Required

    Required

    Required

    B. Major Project Tasks & Activities

    Required

    Required

    Required

     

    C. Reports & System Interfaces

    Required

    Required

     

     

    D. Scope Changes

    Required

    Required

    Required

    Required

    Section 3 – Project Issues and Risks

    A. Project Issues

    Required

    Required

    Required

    Required

    B. Project Risks

    Required

    Required

    Required

    Required

    Section 4 – Project Spend Plan

    Attach current project spend plan to Status Report

    Required

    Required

     

     

    A. Major Project Costs

    Required

    Required

    Required

    Required

    B. Identify Planned Cost vs. Actual Cost by Category

    Required

    Required

     

     

    Section 5 – Project Summary

    Scope Statement, Project Objectives, Benefits

    Required

    Required

    Required

    Required

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    74-1.007 Closeout.

    (1) The Agency must perform Project Closeout phase activities after the defined project objectives have been met and the Agency has accepted the project’s product in accordance with their deliverable acceptance criteria and governance process.

    (2) The following matrix lists the closeout activities and documents required for the project based on its Risk and Complexity (R&C) Category.

    (3) Specific document templates are not prescribed – any project documentation that contains the information specified in the requirements below is acceptable.

     

    CLOSEOUT PHASE

    Risk & Complexity Category

    Documentation or Activity

    Requirements

    4

    3

    2

    1

    Lessons Learned

    Identify and document final lessons learned with project team and stakeholders.

    Required

    Required

    Required

    Required

    Project Closeout Report (PCR)

    Document the project’s accomplishments against the project budget, scope, schedule, and performance baselines. Include a discussion of the lessons learned compiled by the project team and stakeholders. The PCR must be completed no later than 60 days after project closure.

    Required

    Required

    Required

    Required

    Post Implementation Review (PIR) Report

     

    Evaluate and document whether the products or services delivered by the project meet the Agency’s business objectives, and provide the expected results and benefits as documented in the Initiation and Planning phases. Validate the cost benefit analysis and projected return on investment analysis. This analysis should be performed six months to one year after the product or service has been implemented, or as otherwise defined in the Project Charter.

    Required

    Required

    Required

     

     

    (4) The Agency must archive all agency and third-party project documentation or artifacts.

    (5) The Agency will ensure that system operations are transitioned to the appropriate support and operational entities in conformance with the Operations and Maintenance Plan.

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    74-1.008 Compliance with the Florida Information Technology Project Management and Oversight Standards.

    (1) Agencies as defined in Rule 74-1.001, F.A.C., must comply with the Florida Information Technology Project Management and Oversight Standards.

    (2) The Florida Information Technology Project Management Standards set forth in Rule 74-1.001 through 74-1.008, F.A.C. will be applied to existing Agency information technology projects based on their current project management lifecycle phase as of July 1, 2015.

    1. Projects that have not been approved for Initiation by the Agency must implement all sections of the standards set forth in this Rule.

    2. Projects that are in the Planning phase will undergo a Planning Gate Risk and Complexity Assessment upon completion of their detailed plans and will be subject to the project management control requirements of the standards set forth in this Rule from that point. (See 74-1.002, F.A.C. - Risk and Complexity Assessment and 74-1.004, F.A.C. – Planning.)

    3. Projects that are in the Execution phase will continue to operate under the specific Agency’s project management procedures, unless a significant Change Request is submitted.

    (3) Agency for State Technology (AST) will annually assess Agency compliance with the standards set forth in this Rule pursuant to Section 282.0051(10), F.S.

    (a) AST will assess compliance with the standards set forth in this Rule via assessments of a subset of the Agency’s IT projects.

    (b) The Agency will provide the documentation or other artifacts required by the standards set forth in this Rule for AST assessment.

    (c) AST will provide results of this compliance assessment to the Agency, the Executive Office of the Governor, the President of the Senate, and the Speaker of the House.

    (4) Agencies may request a waiver from compliance with the standards set forth in this Rule as defined in Section 120.542, F.S.

    (5) Agencies may request alternative compliance with Rule 74-1.003, F.A.C., through Rule 74-1.007, F.A.C., if the Agency has developed equivalent information technology project management and oversight processes and procedures.

    (a) The Agency Head will make an alternative compliance request to AST. The request must include a detailed document (with any necessary reference or template materials) that maps the Agency’s current information technology project management and oversight processes and procedures to the specific requirements of the Florida Information Technology Project Management and Oversight Standards set forth in Rule 74-1.003, F.A.C., through Rule 74-1.007, F.A.C.

    (b) AST will review the Agency’s request to determine if the Agency’s project management and oversight processes and procedures are in compliance with or exceed the standards set forth in Rule 74-1.003, F.A.C., through Rule 74-1.007, F.A.C.

    (c) AST will report its findings for alternative compliance to the requesting Agency within 20 business days of receipt of the request.

    1. If AST determines the Agency’s current information technology project management and oversight processes and procedures meet the requirements of the standards set forth in Rule 74-1.00, F.A.C., through Rule 74-1.007, F.A.C., the AST will acknowledge alternative compliance to the Agency.

    2. If AST determines the Agency’s current information technology project management and oversight processes and procedures do not, in part or all, meet the requirements of the standards set forth in Rule 74-1.003, F.A.C., through Rule 74-1.007, F.A.C., AST will identify those sections of the Agency’s current processes that will be allowed alternative compliance, and the remainder of the Agency’s efforts must adhere to the standards set forth in Rule 74-1.003, F.A.C., through Rule 74-1.007, F.A.C..

    (a) Agencies receiving alternative compliance status are subject to the compliance assessment process described in (2) above.

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    74-1.009 Agency for State Technology (AST) Oversight.

    (1) Section 282.0051(4), F.S., requires AST oversight on Agency information technology projects that have total project costs of $10 million or more and that are funded in the General Appropriations Act or any other law.

    (2) Section 282.0051(15), F.S., requires AST oversight on Cabinet Agency information technology projects with a total project cost of $25 million or more and that impacts one or more other agencies.

    (3) Agencies will participate and assist AST in oversight of a project as follows:

    (a) The Agency and AST will cooperate to establish agreed-upon project oversight parameters (including schedule, cost, and scope) that will serve as the basis against which all project variances will be measured.

    1. The project oversight parameters must be reviewed and approved by the Agency Project Sponsor (or designee), the Agency Project Manager, and the AST Project Assurance Manager.

    2. The project oversight parameters may be revised during the life of the project based upon completion of the Agency’s formal change control and governance process. Revision to the parameters must be reviewed and approved by the Agency Project Sponsor (or designee), the Agency Project Manager, and the AST Project Assurance Manager.

    (b) The Agency will provide the project’s Risk Management Plan to AST within 15 business days of the approval of the project oversight parameters. AST will review the plan and provide comment(s) to the Agency within 15 business days.

    (c) The Agency will update the project schedule weekly and provide the updated schedule to AST. AST will review the project schedule weekly and will identify and track trends in Schedule Performance Index and Cost Performance Index.

    (d) The Agency will update project documentation (schedule, spend plan, scope, risk and issues) at the end of each month and provide these documents to the AST no later than the 10th day of the following month.

    (e) AST will review and document the project’s progress on a monthly basis. The purpose of the review is to determine schedule, cost, and scope variances, and assess project risk and issues.

    1. If the monthly review indicates that the project exceeds acceptable variance ranges (measured against project parameters) in schedule, cost, or scope, AST will perform a diagnostic risk assessment, which will result in preliminary findings and recommendations for project corrective action.

    2. The Agency will respond in writing to AST’s findings and recommendations within 5 business days of receipt of the findings. This response will include a corrective action plan for bringing the project back within acceptable variance ranges.

    3. AST will review the preliminary findings, recommendations, and corrective action plan with the Agency.

    4. AST will finalize the monthly review document (including a summary of the risk assessment, recommendations and the corrective action plan) for review by the Agency and AST management.

    (4) AST will report quarterly to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives on any information technology project that AST identifies as high-risk due to the project exceeding acceptable variance ranges (pursuant to Section 282.0051 (4), F.S.). Following the same process as the monthly review described in (3)(e) above, the quarterly report will include a discussion of the risk assessment, including fiscal risks associated with proceeding to the next stage of the project, and a recommendation for corrective actions required, up to and including suspension or termination of the project.

    (5) Any project meeting the criteria for AST oversight must adhere to the requirements of a Risk and Complexity (R&C) Category 4 project.

    (6) The Agency must use a PMP® Certified Project Manager for any project meeting the criteria for AST oversight. If the Agency designates a third party or vendor project manager, the Agency must also designate an Agency employee in a Project Manager role that is ultimately responsible for the execution of the project effort and that serves as the primary point of contact for AST.

    (7) Independent Verification and Validation (IV&V) must be employed for any project that meets the criteria for AST oversight.

    (a) The Agency will include IV&V activities as part of the major milestones listed in the Project Charter developed during the Project Initiation phase and in the Work Breakdown Structure and Schedule detailed in the Planning phase.

    (b) The Agency will include funding for IV&V in the project budget and spend plan(s).

    (c) IV&V contractors will report directly to the AST on any project that meets the critera for AST oversight. The AST will ensure the appropriate distribution of IV&V artifacts to all project stakeholders.

    Rulemaking Authority § 282.0051(3), Fla. Stat. (2014). Law Implemented § 282.0041, 282.0051 Fla. Stat. (2014).

     

    NAME OF PERSON ORIGINATING PROPOSED RULE: Shelley McCabe, Director of Project Assurance

    NAME OF AGENCY HEAD WHO APPROVED THE PROPOSED RULE: Jason Allison, Executive Director

    DATE PROPOSED RULE APPROVED BY AGENCY HEAD: April 07, 2015

    DATE NOTICE OF PROPOSED RULE DEVELOPMENT PUBLISHED IN FAR: December 22, 2014

Document Information

Comments Open:
4/17/2015
Summary:
The proposed rulemaking adopts new rules that establish rules 74-1.001–74-1.009 as the Florida Information Technology Project Management and Oversight Standards, and provides project management and standards that state agencies must comply when implementing information technology projects.
Purpose:
The purpose of this rule is to implement the provisions of section 282.0051(3) FS, establishing project management and oversight standards with which state agencies must comply when implementing information technology projects.
Rulemaking Authority:
282.0051(18), FS
Law:
282.0051, FS
Contact:
Shelley McCabe at (850) 412-6057 or at shelley.mccabe@ast.myflorida.com
Related Rules: (9)
74-1.001. Purpose and Applicability; Definitions
74-1.002. Risk and Complexity Assessment
74-1.003. Initiation
74-1.004. Planning
74-1.005. Execution
More ...