In this stage, the comprehensive security solution is defined, detailed, and planned for roll-out. The security solution definition, design, and implementation plans are created as follows:
1. Identify the candidate solution approaches to address the security problems. The documentation should include business processes, organizational impact, technical capabilities, and costs associated with each candidate solution. Prioritize the capabilities and create a transitional plan for implementing the leading candidate security solution, which includes the identity management solution.
2. Create a detailed definition for each security solution you will implement. Each solution definition should include the business processes, organizational impact, and technology architecture of the solution.
3. Create detailed solution design documents for each security solution that needs to be implemented. These documents, which include the IT architecture, security architecture, and requirements specification, identify the business background, the business need for a security solution that includes identity management, and the business and technical requirements for the security solution. For more information about creating architecture documents and requirements specifications for a security solution, refer to the IBM Redbook Identity Management Design Guide with Tivoli Identity Manager, SG24-6996, at the IBM Redbook Web site:
4. Create a detailed project implementation plan for each security solution. The project implementation plan describes the project details for implementing the preferred identity management solution. It includes the business processes, organizational impact, technology architecture of the solution, and the detailed requirements for the solution. To generate this information, the project team should interview and meet with the key people and teams involved in identity management. The persons involved can include the CIO, IT executive, security management and administration team, operations personnel, help desk personnel, key technical teams (for example, the operating system administrators), application development teams, and business managers. These interviews and meetings will enable the team to develop a comparison of how the system currently works and how it can be improved.
In determining the goals and objectives of the project implementation plan, ensure that the project team clearly differentiates its requests from the genuine requirements. The project owners should drive the requirements for the proposed plan, although others may contribute to an understanding of the need for the requirements. It is critical that the project owner and the project team agree on the current state of the identity issues and the requirements for implementing an identity management solution before starting the project deployment.
Using the information gathered from the security solution documentation, interviews, and workshops, the project team produces the documents that are used to execute the project implementation plan. These documents should include:
* Project charter for identity management
* Statements of work (SOW)
* Project definition report
* Requirements document
* Functional specifications
* Existing system analysis
* Phased implementation plan
* Training plan