During the planning and initiation phases, we verify that the project scope is well understood, the proper resources are engaged, and communication with stakeholders occurs. Our planning focuses on the tools we identify as necessary to execute each project. We complement these tools with specific contract management deliverables such as the Task Order project plan.
We execute our project plan with the active involvement of our managers and technical staff, each focused on their own duties and project activities to deliver timely and quality work products as expected by the customer. Our analysis is conducted on the highest risk aspects of the project. This risk management approach addresses high risk issues immediately by assigning an owner for each risk, properly identifying, categorizing, and prioritizing the risks, and then determining an acceptable response.
We analyze the impact of risk avoidance, transfer, mitigation, and acceptance. In addition to analysis of the product or services we deliver, we analyze the processes we use to identify and implement efficiencies. We track progress and continually review to the best possible process improvement solution.
Our Program Management Plan will list and describe the processes that our team will apply on individual task orders. As part of the onboarding process, all team members will be trained on these processes. Detailed descriptions of the processes will be available on the IT GURUS Intranet. The processes will be placed under configuration management control to ensure that all changes to them are made in systematic manner. As part of every client effort, IT GURUS will apply its state-of-art Continuous Process Improvement (CPI) methodology.
IT GURUS is an industry leader in development and application of business transformation/Continuous Improvement (CI) methods, such as Lean Six Sigma, and ITIL. Our CPI methods and tools have enabled us to provide significant benefits to our customers.
Metrics are critical to our project monitoring and control processes. IT GURUS uses commercially-available tools along with financial, scheduling, and performance management expertise to monitor and provide readily accessible, accurate contract and Task Order metrics.
IT GURUS maintain data on our SharePoint Portal and monitor metrics at regularly scheduled intervals. The Program Portal includes a dashboard where metrics, targets, and upcoming action items are co-located on one screen. This level of transparency increases accountability by providing Government stakeholders and our Management Team with up-to-date performance metrics on all open Task Orders and dashboard-level views of project status.
IT GURUS provides customers with weekly and/or monthly status reports, providing a management summary for all Task Orders along with budgetary and resource information, depending on the contract requirements. IT GURUS is able to take complex projects and reduce them down to simple documents which synthesize large amounts of data into concise and informative information for stakeholders.
IT GURUS fully understands the importance of thoroughly understanding complex requirements for information security contracts. We recognize that each TO could involve dozens of stakeholders with varying requirements and/or priorities. Engaging and maintaining communication with stakeholders, fully understanding stakeholder needs, and managing expectations is especially critical in the information security environment. Our customers can rely on IT GURUS to be a solid contractor with creative yet proven processes, tools, and trained leadership and staff that will work collaboratively and assist stakeholders in making smart compromises and tradeoffs for the enterprise. IT GURUS has developed a Communication Plan which we will tailor for each TO, based upon PMBOK, and our own CMMI Level 3-based best practices. This information is documented and available to our employees on our SharePoint site.
IT GURUS has specific practices to meet the unique requirements of the information security environment. For example, documentation of security requirements pertaining to the interconnections of a given system is essential to the assurance of a system’s inventory and information flow paths. Such documentation, in the form of Memorandums of Understanding (MOU) and Interconnection Security Agreements (ISA), addresses the technical, functional, and policy compliance aspects of an interconnection and ensures that all stakeholders mutually understand and consent to the terms for the establishment, maintenance, and monitoring of the interconnection.
IT GURUS has extensive expertise in developing information security MOUs and ISAs and will bring proven templates and processes for these artifacts to our clients.
The goal of IT GURUS is to implement and manage projects and deliverables to meet federal IT security standards. To accomplish that, IT GURUS leverages its experience integrating the full range of information security solutions into security programs across the federal government and the private sector.
Our information security experts have a deep understanding of the interrelationship between corporate industry best practices and the National Institute of Standards and Technology (NIST) guidelines and standards, including Federal Information Processing Standard Publication (FIPS) 199, FIPS 200, NIST Special Publication (SP) 800-30 Revision 1, 800-37 Revision 1, 800-39 and NIST SP 800-53 Revision 3 and Revision 4, and how these best practices, guidelines and standards are synthesized into a holistic Risk Management Framework (RMF).
IT GURUS has an independently assessed Quality Assurance (QA) system that we will tailor and apply to the contract and Task Order requirements. Our quality control system engages stakeholders at key milestones and incorporates lessons learned and best practices so that they can be applied to future orders. IT GURUS employ industry-proven approaches for overall quality management and control, focusing on rigorous internal Quality Control (QC) inspection and feedback. Our CMMI Level 3-certified QA processes enable us to deliver consistent, measurable results, high-quality products, and continuous process improvements.
IT GURUS’ testing support for the federal government is based on CMMI Level 3 processes and encompasses all aspects of testing (e.g. unit, integration, and acceptance). Our test team is composed of the Test Lead (TL) and Test Specialists. The test team reviews software documents and attends the software requirement and design peer reviews. The test team prepares the Software Integration Test (SIT) Description and Test Procedures document. The SIT Description and Test Procedures provide details on the sequence of the software to be integrated, test cases, test scenarios, test scripts, testing tools and techniques, and descriptions of the test procedures specific to testing software components upon integration into the system. The RTM is updated with the traceability of each test case to the appropriate software requirements. The SIT Description and Test Procedures and RTM is peer reviewed by project staff. The test team also prepares the System Test Description. The System Test Description provides details on test cases, testing tools and techniques, and descriptions of the test procedures specific to testing the system as a whole. The System Test Description is peer reviewed by project. At the completion of the System Test, a Test Readiness Review (TRR) is conducted with members of the Program Management Office (PMO), user community, and federal government test personnel to summarize, at a high level, what was tested and answer questions.
IT GURUS follows NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems. This Guide is the management and control of secure configurations for an information system to enable security and facilitate the management of risk. This Guide builds on the general concepts, processes, and activities of configuration management by attention on the implementation and maintenance of the established security requirements of the organization and information systems.
IT GURUS works with agency stakeholders to prepare and manage their Configuration Management Plans, or integrate their CM Plans into existing security plans. We provide input into agency Configuration Control Boards, or Change Management Boards, and provide tools that give them a comprehensive picture of overall hardware and software configurations so they can track and enforce configuration compliance.
IT GURUS will develop a secure baseline for all hardware and software installations and configurations in support of agency stakeholders. We will track baseline changes over time and ensure consistency with operational requirements and security policy and practices. The baseline may, depending on requirements, include: network settings, device types and names, installed software, software configurations, patch levels, access controls, and physical and logical placement in the network.
IT GURUS will ensure consistency of implementation across the enterprise and a consistent dissemination of security controls and standards throughout by providing central management of hardware and software changes within each client enterprise.
IT GURUS monitors configuration changes for its clients, as requested. We will employ vulnerability tools to actively probe for weaknesses in each client enterprise. Each workstation and fileserver that is added to the network is scanned for security compliance before such access is granted.
Non-compliant machines are reported to our clients’ Points of Contact (POC).
At each phase of this security model, IT GURUS provides expert documentation of current baselines and periodic reports of changes within our client’s enterprise. Our solution provides standard or customized reports on the current state of the enterprise, along with comparisons with historical data to show deviations from accepted implementations.
IT GURUS maintains an Engineering Review Board (ERB) to review existing and proposed new
technology and solutions. The ERB is a select subset of IT GURUS’ information security experts tasked to investigate the ramifications of introducing new technologies or solutions into the information security environment of our clients’ enterprises. The ERB will be on the forefront of technology planning to evaluate the IT marketplace and make recommendations for technology refresh and enhancements. The board will provide a technical review yet, at the same time, provide possible dependencies proposed changes could create (e.g., licensing issues, technical compatibility, physical requirements, etc.), impact analysis from adopting proposed emerging technologies, and determine and prioritize the level of effort in implementing those changes.
IT GURUS has developed a set of processes for responding to classified requirements up to and including Top Secret (TS). We have the ability to provide already cleared and qualified employees to respond to Task Orders. Given the complexity and time-consuming process for obtaining security clearances, it is critical we have cleared staff upon order award, as well as reach back and access to appropriate cleared and credentialed staff should there be surges in classified requirements.
IT GURUS is a GSA IT Schedule 70 BPA holder. The company provides information security expertise as its primary focus as well as infrastructure, enterprise and Cloud support (i.e., FedRAMP).
IT GURUS maintains a database of personnel with active security clearances and renewal requirements/schedules. To maintain employee clearances, we initiate background updates as required. IT GURUS has a qualified Facility Security Officer (FSO) currently on staff and a detailed e-QIP (SF-86) Applicant Instruction Guide that provides employees with detailed instructions for completing personnel security questionnaires and investigative forms (SF-86, SF-85P, SF-85, etc.). Our proven process and experienced FSO allows us to expedite responses to classified requirements.
The management and staff at IT GURUS are actively engaged in the federal information security community with active participation in security and technology organizations. We leverage these relationships to stay abreast of emerging security developments and requirements across industry and government, and to identify opportunities to better serve customers by continuously developing our information security capabilities to meet their specific needs.
IT GURUS maintains a Cyber Security Practice Area (CSPA), a community of practice that brings together information security thought leaders from across the organization to develop innovative approaches to federal information security challenges and share lessons learned.
IT GURUS trains all personnel who will work on any client site, using our role-based IT Security Training Program. The program focuses on building a toolkit our personnel use to solve security problems and equipping our personnel with the general knowledge needed to support client tasks, with an emphasis on improving actual system security. At the client’s request, the Training Program can also be delivered to federal employees.
IT GURUS’ ability to source, select, hire, and replace qualified staff is greatly enhanced by our professional recruiting staff, proven processes, competitive benefits, and professional development opportunities. IT GURUS has been highly successful in using the competency based recruiting process. As a result, IT GURUS can provide its customers with access to an extensive pool of cleared information security experts and other resources throughout the United States and the world.
In the event that positions or anticipated positions cannot be filled from our available pool of resources, IT GURUS will initiate its competency-based recruiting process to secure the right person for the position.
The result of this process is a better match between job requirements and individual skills. On average, IT GURUS can fill an open requisition in 15 days. The final staff selection will be coordinated and executed by the Program Manager because the PM is intimately familiar with the Statement of Work and thoroughly understands the staffing requirements for each task and sub-task.