Access Management: Path to Improvement Presented by NFC Access Management Branch.
-
Upload
frederica-hall -
Category
Documents
-
view
221 -
download
0
Transcript of Access Management: Path to Improvement Presented by NFC Access Management Branch.
Access Management:Path to Improvement
Presented by NFC Access Management Branch
2
Problem StatementNFC Manages over 45,000 access accounts for its information systems and constantly fields new requests for system access. In FY 2012, NFC did not meet customer needs in provisioning these access accounts in a timely
manner. Customer needs as specified in the Service Level Agreements was an average of 5 days. NFC’s actual average time to provision access was more than 19 days. Fewer than
20% of the access requests were completed within the agreed upon standard. The backlog of requests was approximately three weeks. Because of this backlog, customers submitted expedited
requests, which only exasperated the situation. As a result, customers were very dissatisfied with NFC’s access provisioning. To address this, NFC
started a major process improvement effort to meet customer needs for access provisioning.
(from USDA Signature Process Improvement Initiative)
3
Change is vital, improvement the logical form of change.
James Cash Penney
4
DISCOVERY
• Large backlog of requests
• Lengthy processing time
• Unrealistic customer expectations
• Lack of automation
• Frequent distractions for Admins
Admins:Chaotic
Provisioning
ASOs:Numerous
Complaints
Everybody:Frustration
5
IMPLEMENTATION
2011 2012 2013 2014 2014+
CHALLENGE IMPACT ACTION
• Chaotic communication • ASOs’ concerns not addressed timely
• Resumed/revamped/• increased User Group
meetings
• High volume of incorrect access requests
• Rework for ASOs• Delayed processing of
request• Incorrect access given
• Began to develop access forms
• Stale, infrequent Training • Low attendance• No new information
• Used Webinars • Scheduled Weekly• Removed cost
6
IMPLEMENTATION
2011 2012 2013 2014 2014+
ISSUE IMPACT ACTION
• Inability to accurately track requests
• Lost Requests• Disorderly processing of
Requests
• Implement Remedy Requester Console (USDA)
• FIFO Processing
• Website stale • Lack of information • Updated website
• Large number of ASO training courses
• Reduced resources available to process requests
• Changed Weekly to Monthly training
7
IMPLEMENTATION
2011 2012 2013 2014 2014+
CHALLENGE IMPACT ACTION
• High number of expedited requests
• Delays processing of other requests
• LIFO processing
• Implemented Expedite Policy
• No SLA • Expectation that all requests completed in 5 days
• Rewrote SLAs based on # userIDs and Complexity
• Manual delivery of notices and reports
• Time consuming • Implemented GovDelivery
• All users not in RRC • Extra work to collect performance measures
• Implemented non-USDA to RRC
8
IMPLEMENTATION
2011 2012 2013 2014 2014+CHALLENGE IMPACT ACTION
• Access not tracked by LOB • Difficult tracking / billing • Added RRC Summary Lines
• Manual training registration
• Lost attendees• Less time to process
requests
• Set up automatic scheduling for TSO training
• Effort by admins on non-critical tasks
• Less time to process complex requests
• Transferred password resets to OSC
• Information not covered in existing training
• Incident tickets, inquiries and questions
• Added Reports & Intermediate Training
• Lack of managed customer feedback
• Multiple sources for customer feedback
• Distributed automated surveys
9
IMPLEMENTATION
2011 2012 2013 2014 2014+CHALLENGE IMPACT ACTION
• Expedited requests processed before due dates
• No credit for processing access requests early
• Updated SLA: # userIDs, Complexity and Average Number of Days
• No access forms • Incorrect, incomplete access requests
• Lengthens processing time• Adversely impacts metrics
• Published Access Request Forms
• Implemented cancellation & mandatory forms use policies
• Manual training registration • Lost attendees• Less time to process
requests
• Expanded automated scheduling to ASO training
10
Improvements Realized
Changes to SLAsExample 1 is completed with a better average number of days and total combined days than Example 2, but fails the old SLA target. Example 2 met the old SLA target, but requests were completed in a greater number of days. Under the new SLA based on average number of days, both examples would have passed.
Example 1 – Simple Average days: 4 Total days to complete: 8 SLA Percent: 50% Status: Failed Request 1 - 2 days Passed
Request 2 - 6 days Failed Example 2 – Simple Average days: 5 Total days to complete: 10 SLA Percent: 100% Status: Passed Request 1 - 5 days PassedRequest 2 - 5 days Passed
11
Changes to SLAs
4. SLA Performance Metrics using Volume, Complexity & Average Number of Days
(Estimated Turnaround Time in business days)
Access Request
Type
Target: The average processing time of all requests will meet or exceed the time frames
shown 95% of the time
<=10 User IDs
11-30 User IDs
31-50 User IDs
>50User IDs
Simple
5 days
10 days
15 days
Negotiated
Moderate
10 days
15 days
20 days
Negotiated
Complex
15 days
20 days
25 days
Negotiated
2. SLA Performance Metrics using Volume only
<=10
UserIDs
11-30
UserIDs
31-50
UserIDs
>50
UserIDs
5 days
10 days
30 days
Negotiated
3. SLA Performance Metrics using Volume & Complexity
(*Estimated Turnaround Time in business days)
Request
Type
Average
ProcessingTime
Per User ID
Request Completion Time FrameTarget: The processing time of all requests will meet or exceed the time frames shown 95%
of the time
<=10 UserIDs
11-30
UserIDs
31-50
UserIDs
>50
UserIDs
Simple
30 min
5 days
10 days
15 days
Negotiated
Moderate
2 hrs
10 days
15 days
20 days
Negotiated
Complex
8 hrs
15 days
20 days
25 days
Negotiated
1. All requests 5 days
12
Training Averages
TRAININGCOURSE
AVERAGE ASOs TRAINED PER
MONTHASO Basic 6
Remedy Requester Console
11
ASO Intermediate 1
TIPS 8DPRW ASOs 3
Average of 14 ASOs added per
month (Mainframe Apps)
Average of 56 ASOs added per month (DPRS,
CLER)
13
Volume Variations
Ends of CY & FY are high volume periods
14
Improvements Realized
Goal: Decrease in Incident Tickets. Password Resets transferred to OSC in January 2013.
15
Improvements Realized
75% decrease in average number of days to process a request
16
Improvements Realized
Decrease in Expedited requests after Expedite policy implemented January 2013
17
Improvements RealizedExpanded Training
• BEFORE: 1 ASO Training Class– Quarterly– Fee based– Maximum class size: 12
• AFTER: 5 SO Training Classes– Monthly– ASO Basic– Remedy Requester Console– Intermediate– Specialized courses (Security Coordinators, DPRS, CLER, TIPS, etc.)– No cost– Maximum class size: 25
18
THE WAY AHEAD
2011 2012 2013 2014 2014+CHALLENGE IMPACT ACTION
• Unnecessary account deletions due to inactivity
• Users repeatedly lose access• ASOs repeatedly request
access
• Email users of inactive accounts
• Failure to use access forms • Continued inaccurate/ incomplete requests
• Automate Access Request Entry
• Complex, tedious provisioning of access
• Longer time to process requests
• Greater probability of errors
• Automate Access Provisioning
• Tickets assigned incorrectly • Longer time to resolve incidents
• Use checklist/form to triage/assign trouble tickets
• All SOs not in RRC • Extra work to collect performance measures
• Add remaining SOs to RRC
• Too many profiles • Excessive access combinations• Difficult to manage
• Use Role Based Access
• Increasing training needs • Fewer resources to process requests
• Develop web based training
19
THE WAY AHEAD
2011 2012 2013 2014 2014+
ACTIONContinuously monitor and evaluate performance
Update policies & procedures as necessary
RESULT
Improve Processes
GOAL
Improve Customer Service