Access Management:Path to Improvement

Presented by NFC Access Management Branch

2

Problem StatementNFC Manages over 45,000 access accounts for its information systems and constantly fields new requests for system access. In FY 2012, NFC did not meet customer needs in provisioning these access accounts in a timely

manner. Customer needs as specified in the Service Level Agreements was an average of 5 days. NFC’s actual average time to provision access was more than 19 days. Fewer than

20% of the access requests were completed within the agreed upon standard. The backlog of requests was approximately three weeks. Because of this backlog, customers submitted expedited

requests, which only exasperated the situation. As a result, customers were very dissatisfied with NFC’s access provisioning. To address this, NFC

started a major process improvement effort to meet customer needs for access provisioning.

(from USDA Signature Process Improvement Initiative)

3

Change is vital, improvement the logical form of change.

James Cash Penney

4

DISCOVERY

• Large backlog of requests

• Lengthy processing time

• Unrealistic customer expectations

• Lack of automation

• Frequent distractions for Admins

Admins:Chaotic

Provisioning

ASOs:Numerous

Complaints

Everybody:Frustration

5

IMPLEMENTATION

2011 2012 2013 2014 2014+

CHALLENGE IMPACT ACTION

• Chaotic communication • ASOs’ concerns not addressed timely

• Resumed/revamped/• increased User Group

meetings

• High volume of incorrect access requests

• Rework for ASOs• Delayed processing of

request• Incorrect access given

• Began to develop access forms

• Stale, infrequent Training • Low attendance• No new information

• Used Webinars • Scheduled Weekly• Removed cost

6

IMPLEMENTATION

2011 2012 2013 2014 2014+

ISSUE IMPACT ACTION

• Inability to accurately track requests

• Lost Requests• Disorderly processing of

Requests

• Implement Remedy Requester Console (USDA)

• FIFO Processing

• Website stale • Lack of information • Updated website

• Large number of ASO training courses

• Reduced resources available to process requests

• Changed Weekly to Monthly training

7

IMPLEMENTATION

2011 2012 2013 2014 2014+

CHALLENGE IMPACT ACTION

• High number of expedited requests

• Delays processing of other requests

• LIFO processing

• Implemented Expedite Policy

• No SLA • Expectation that all requests completed in 5 days

• Rewrote SLAs based on # userIDs and Complexity

• Manual delivery of notices and reports

• Time consuming • Implemented GovDelivery

• All users not in RRC • Extra work to collect performance measures

• Implemented non-USDA to RRC

8

IMPLEMENTATION

2011 2012 2013 2014 2014+CHALLENGE IMPACT ACTION

• Access not tracked by LOB • Difficult tracking / billing • Added RRC Summary Lines

• Manual training registration

• Lost attendees• Less time to process

requests

• Set up automatic scheduling for TSO training

• Effort by admins on non-critical tasks

• Less time to process complex requests

• Transferred password resets to OSC

• Information not covered in existing training

• Incident tickets, inquiries and questions

• Added Reports & Intermediate Training

• Lack of managed customer feedback

• Multiple sources for customer feedback

• Distributed automated surveys

9

IMPLEMENTATION

2011 2012 2013 2014 2014+CHALLENGE IMPACT ACTION

• Expedited requests processed before due dates

• No credit for processing access requests early

• Updated SLA: # userIDs, Complexity and Average Number of Days

• No access forms • Incorrect, incomplete access requests

• Lengthens processing time• Adversely impacts metrics

• Published Access Request Forms

• Implemented cancellation & mandatory forms use policies

• Manual training registration • Lost attendees• Less time to process

requests

• Expanded automated scheduling to ASO training

10

Improvements Realized

Changes to SLAsExample 1 is completed with a better average number of days and total combined days than Example 2, but fails the old SLA target. Example 2 met the old SLA target, but requests were completed in a greater number of days. Under the new SLA based on average number of days, both examples would have passed.

Example 1 – Simple Average days: 4 Total days to complete: 8 SLA Percent: 50% Status: Failed Request 1 - 2 days Passed

Request 2 - 6 days Failed Example 2 – Simple Average days: 5 Total days to complete: 10 SLA Percent: 100% Status: Passed Request 1 - 5 days PassedRequest 2 - 5 days Passed

11

Changes to SLAs

4. SLA Performance Metrics using Volume, Complexity & Average Number of Days

(Estimated Turnaround Time in business days)

Access Request

Type

Target: The average processing time of all requests will meet or exceed the time frames

shown 95% of the time

<=10 User IDs

11-30 User IDs

31-50 User IDs

>50User IDs

Simple

5 days

10 days

15 days

Negotiated

Moderate

10 days

15 days

20 days

Negotiated

Complex

15 days

20 days

25 days

Negotiated

2. SLA Performance Metrics using Volume only

<=10

UserIDs

11-30

UserIDs

31-50

UserIDs

>50

UserIDs

5 days

10 days

30 days

Negotiated

3. SLA Performance Metrics using Volume & Complexity

(*Estimated Turnaround Time in business days)

Request

Type

Average

ProcessingTime

Per User ID

Request Completion Time FrameTarget: The processing time of all requests will meet or exceed the time frames shown 95%

of the time

<=10 UserIDs

11-30

UserIDs

31-50

UserIDs

>50

UserIDs

Simple

30 min

5 days

10 days

15 days

Negotiated

Moderate

2 hrs

10 days

15 days

20 days

Negotiated

Complex

8 hrs

15 days

20 days

25 days

Negotiated

1. All requests 5 days

12

Training Averages

TRAININGCOURSE

AVERAGE ASOs TRAINED PER

MONTHASO Basic 6

Remedy Requester Console

11

ASO Intermediate 1

TIPS 8DPRW ASOs 3

Average of 14 ASOs added per

month (Mainframe Apps)

Average of 56 ASOs added per month (DPRS,

CLER)

13

Volume Variations

Ends of CY & FY are high volume periods

14

Improvements Realized

Goal: Decrease in Incident Tickets. Password Resets transferred to OSC in January 2013.

15

Improvements Realized

75% decrease in average number of days to process a request

16

Improvements Realized

Decrease in Expedited requests after Expedite policy implemented January 2013

17

Improvements RealizedExpanded Training

• BEFORE: 1 ASO Training Class– Quarterly– Fee based– Maximum class size: 12

• AFTER: 5 SO Training Classes– Monthly– ASO Basic– Remedy Requester Console– Intermediate– Specialized courses (Security Coordinators, DPRS, CLER, TIPS, etc.)– No cost– Maximum class size: 25

18

THE WAY AHEAD

2011 2012 2013 2014 2014+CHALLENGE IMPACT ACTION

• Unnecessary account deletions due to inactivity

• Users repeatedly lose access• ASOs repeatedly request

access

• Email users of inactive accounts

• Failure to use access forms • Continued inaccurate/ incomplete requests

• Automate Access Request Entry

• Complex, tedious provisioning of access

• Longer time to process requests

• Greater probability of errors

• Automate Access Provisioning

• Tickets assigned incorrectly • Longer time to resolve incidents

• Use checklist/form to triage/assign trouble tickets

• All SOs not in RRC • Extra work to collect performance measures

• Add remaining SOs to RRC

• Too many profiles • Excessive access combinations• Difficult to manage

• Use Role Based Access

• Increasing training needs • Fewer resources to process requests

• Develop web based training

19

THE WAY AHEAD

2011 2012 2013 2014 2014+

ACTIONContinuously monitor and evaluate performance

Update policies & procedures as necessary

RESULT

Improve Processes

GOAL

Improve Customer Service