Improved project governance and regulatory compliance with PPM in application lifecycle management
Adhere to increased regulatory requirements while improving demand management, transparency, and traceability.
Around 2005, circumstances conspired which made it clear that managing new IT requests and changes, or IT demand management, required more structure than was in place at the time with this healthcare provider.
A Technical Program Manager for the organization explains further: “The Health Insurance Portability and Accountability Act (HIPAA) was in full swing, and we needed to actively secure our Protected Health Information (PHI) and Personally Identifiable Information (PII) client data. We outsourced our IT management to a third party who managed their own resource and time tracking solution. However, we noticed that projects, requiring capital expenditure, would be initiated by them before having gone through proper due diligence and approval at our end. This, combined with the increased need for federal compliance, made us take a critical look at our processes. We wanted to move to a more agile delivery process and looked for a solution that would support us on this path.”
During our review meetings, PPM reports are key to holding people accountable to delivery dates and updating their project details. This helps us meet our SLAs and do our due diligence.
When the team was introduced to Project and Portfolio Management (PPM) they realized this would give them the opportunity to integrate closely with the third-party provider and support more agile processes. Once PPM was implemented, this became the funnel through which all change requests were channeled. With over 40 technical support teams, the change control process has steps to prioritize requests and put them in the correct queue, typically by application, i.e., Salesforce.com, Oracle, data warehousing, EDI solutions, etc.
PPM triages all requests and sends real-time notifications to the relevant pre-change reviewers who meet twice weekly to qualify incoming requests. If the request passes, it moves to a change control board with an extended audience who can give it the final approval. “Shortly after implementing PPM, we also introduced OpenText™ ALM Quality Center to enable end-to-end traceability and establish a close link between new requirements, defects, and tests throughout the application lifecycle,” says the Technical Program Manager. “Approved requests are entered into ALM Quality Center to take them from ideation to the fulfilment release processes, via development and Quality Assurance.”
The team created a web service that extracts specific information from PPM fields and sends it to the third-party solution so that this mirrors PPM, which is the ultimate source of truth. Requests are ranked by specific application queue and there is constant communication with the technical support teams on prioritization. Every night the prioritization ranking is uploaded to the third-party system via the web service to prevent any overlap or conflict and to maintain integrity between the two systems. HIPAA requires that all HPI and PII data is checked and verified every six months. PPM has rules in place to track and monitor this process automatically and it provides links to sensitive data so that this is held in just one location rather than duplicated around different systems. After years of service, PPM has also become a valuable historical project repository. Project data stays in the system where it remains searchable, rather than be archived. Integration to other relevant repositories ensures no data duplication.
PPM worked great for us out-of-the-box. We have improved transparency, team collaboration, and traceability. PPM ensures the integrity of our demand management processes and keeps us compliant with strict data privacy requirements.
A typical PPM cycle can involve over 50 steps with sub-workflows. Rather than overburdening stakeholders with notifications at every step, PPM has project-specific notification configurations depending on the requirement. It is also used to produce shared and personalized dashboards used daily by all, as well as governance reporting which is reviewed twice weekly during change control board meetings. “During our review meetings, PPM reports are key to holding people accountable to delivery dates and updating their project details. This helps us meet our SLAs and do our due diligence,” comments the Technical Program Manager.
The agile application lifecycle comprising PPM and ALM Quality Center was eventually enhanced by the introduction of the Scaled Agile Framework (SAFe), a set of organization and workflow patterns intended to guide enterprises in scaling lean and agile practices. The organization is currently implementing OpenText™ ALM Octane™ which will give it even more flexibility and integration opportunities for a fully automated end-to-end project workflow.
The Technical Program Manager concludes: “PPM worked great for us out-of-the-box. We have improved transparency, team collaboration, and traceability. PPM ensures the integrity of our demand management processes and keeps us compliant with strict data privacy requirements. Our governance is easier to manage, and track and we can see many more use cases for PPM, outside of IT requests. For example, we converted our business planning process to PPM as it lends itself particularly well to taking ideas that may come out of innovation workshops or state or federal requirements, and matching them to our business strategy and goals, such as inclusion. Micro Focus (now OpenText) has really stepped up to the plate in helping us manage and govern our demand processes and comply with HIPAA regulations.”