Project Managers are required by the organization to make sure customer business needs are being met. They must ensure project requirements are sufficiently defined including data security requirements. They help coordinate maintenance and creation of services for the client. The project manager must support and enforce project lifecycle policies and processes. The Project Manager coordinates team members and makes sure the project is on track and on schedule. Coordinates business DR plans. Enterprise problem resolution (Works with purchasing, system engineering.
Project Managers must be excellent communicators. They should understand project risk, project scheduling, be able to estimate costs and manpower requirements for project by consulting with staff. They need to understand how the organization functions together and know who is required to contribute to projects.
Policies Affecting the Project Manager
Must Take Specific action
Privacy and Confidentiality Policy - Must be sure projects meet the requirements of this policy such that exceptions do not compromise the confidentiality of data.
Internet Connection Policy - Must be sure the project being implemented complies with the policy. Users are only allowed to connect to the internet using specific methods.
Approved Application Policy - Must be sure that software used for planned projects is approved or can be approved for use. The project manager must be sure the project schedule allows new applications to be evaluated.
Wireless Communication Policy - Be sure use of wireless on projects uses approved technologies.
Network Documentation Policy - Must be sure new projects that require changes to networking or additions to networking have those changes documented according to this policy. Project managers should plan for documentation time in the project.
Internet DMZ Equipment Policy - Defines standards and configuration requirements for networking equipment used in the DMZ.
Router Security Policy - Project managers must be sure the project requirements requirements are in compliance with this policy. The policy limits some protocols, defines router and switch requirements, configurations, and documentation required.
IT Equipment Purchase and Failure Prevention Policy - Project managers must be sure equipment is purchased according to this policy.
Software Licensing Policy - Project managers must be sure software required by the project is licences in compliance with this policy.
Intellectual Property rights Policy - Where intellectual property is used for or created during project development, the project manager must be sure it is registered according to the policy.
Computer and Printer Naming Policy - The Project manager must be sure new equipment is named according to the policy.
IP Address Assignment Policy - The Project manager be sure equipment put into place complies with the policy and understand how the IP addresses are assigned or who to go to got IP address assignments.
Authentication Mechanism Policy - Requires authentication mechanisms on all electronic devices with computer data (not including entertainment audio or video). The Project manager must be sure equipment being purchased meets this policy.
Computer Center Operations Policy - Provides the requirements for the computer center. The Project manager must make sure that equipment required by the project goes into facilities meeting the policy requirements.
System Availability Policy - This policy is used to ensure that the support for the systems supporting the business will meet the business needs. The Project manager relies on the Systems Engineer for advise in this area.
Server Setup and Configuration Policy - Must be sure systems are designed with required redundancy and capacity to meet the business need. The Project manager should work with the systems engineer and clients to project future capacity needs.
Data Classification Policy - Must be sure the system adequately protects the data using various means including encryption both for storage and transmission depending upon the needs of the data.
Information Sensitivity Policy - When business systems or processes are set up the project manager must work with the systems engineer to ensure that the mechanisms used to protect the data are adequate for the needs of the data. For example effective storage and transmission encryption protocols must be used to secure sensitive data.
Risk Assessment Policy - The project manager must be sure time is scheduled for a project risk assessment and that it is done in a timely manner.
Encryption Policy - The project manager must work with the systems engineer to ensure that projects use approved encryption protocols appropriately.
Application Implementation Policy - The project manager must ensure that the development life cycle is followed and that programming tasks are done in a manner in compliance with the policy.
Disaster Recovery Policy - The project manager works with the systems engineer to be sure there is a disaster recovery policy covering all critical business systems and projects. the project manager coordinates disaster recovery plans with the business.
Change Management Policy - The project manager must be sure the project schedule allows changes to be done according to the policy.
Third Party IT Service Policy - The project manager must be sure when third parties are used to provide services or equipment, this policy is enforced.
Software Standards Policy - The project manager works with the systems engineer to be sure the SDLC methodology is followed and software standards and testing requirements are adhered to.
Business Continuity Policy - The project manager must be sure business continuity is considered for the project and is effective.
Development Life Cycle Policy - The project manager must use the development life cycle methodology to implement the project.
Preventative Maintenance Policy - Preventative maintenance must be considered during project planning and implementation.
Technology Planning Policy - The project manager works with the systems engineer to be sure projects and business processes are documented and added to the information architecture model.
External Requirements Policy - The project manager must be aware of this policy to ensure that projects comply with any external requirements depending upon the business function.
Service Level Policy - When service level agreements are required to support projects or business processes, the project manager and systems engineer must be sure the service level agreement protects the organization and properly supports the business process.
Service Reliability and Continuity Policy - Projects must comply with this policy in a similar manner as the business continuity policy.
Service Quality Policy - The project manager must priortize the criticality of the business process being supported by the project. The PM must be sure capabilities and needs are correctly analyzed and that the certification/accredidation process is followed.
Quality Policy - The project manager works with the systems engineer to help ensure quality activities are followed during project development. Some of these activities include code reviews and testing.
Must be Aware
Password Policy - Needs to know what capabilities applications and systems should provide related to the password policy such as account reset, password complexity requirements, maximum password age, and password reset functionality.
Network and Server Scanning Policy - Need to understand when server scanning is required, such as to implement new firewall rules or check systems for PCI compliancy.
Perimeter Security Policy - The Project manager should be familiar with this policy since it specifies network structure, traffic flow policy, and change processes.
Asset Control Policy - Requires assets to be tracked by location in a database. The project manager must be aware of the requirements of this policy when projects require assets to be moved.
Server Documentation Policy - The Project manager must allow time for and require servers to be documented as they are placed in service.
Insurance Purchase Policy - The project manager must be aware of the need to purchase insurance depending on organizational directives when project risk exceeds a set limit and inform management when those conditions exist.
Segregation of Duties Policy - The project manager must be aware that projects and the management of servers and business processes must adhere to this policy.
Auditing Policy - The project will be audited at an early phase to be sure the proper controls are designed into the project. The project will be audited to be sure it meets security standards, coding practices, operational requirements, disaster recovery, and internal controls.
Acquisition and Maintenance Policy - The project manager must be sure the projects follow the acquisition and management framework which includes patch management, document publication, document retention, development standards, and other items.
Configuration Management Policy - Project managers must allow changes to systems to be logged and documented during the life of the project.
Contracting Policy - Requires all third party contracts and services to be identified. Where third parties are used in projects, the project manager must be aware of this policy's requirements.
Supplier Policy - Requires all third party contracts and services to be identified. Where third parties are used in projects, the project manager must be aware of this policy's requirements.
Cost Management Policy - The project maanger is responsible for ensuring that the costs of their project are estimated and tracked.
Service Monitoring Policy - Requires services to be monitored for quality which may require modifications to systems, services, information technology functions, or business functions.
Internal Controls Policy - Project managers must be familiar with this policy so they can help provide suggestions for improvements to internal controls.
Affects Job but Awareness not Required
* Computer Training Policy - Is trained in various technical areas.
* User Privilege Policy - May require more than basic access depending upon the organization.