Adaptive Processes Capabilities
Version: 15.0
Adaptive Processes Consulting Private Limited
Experience World Class Processes!
ISO 9001:2008 Certified
#51, 3rd
Cross, Church Road,
6th Block Annex, Koramangala, Bangalore – 560095
Tel: +91-9743-21-9990
Email: [email protected]
©This document is the property of and proprietary to Adaptive Processes Consulting Pvt. Ltd.
Contents of this document should not be disclosed to any unauthorized person. This document may not, in whole or in
part, be reduced, reproduced, stored in a retrieval system, translated, or transmitted in any form or by any means,
electronic or mechanical.
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 2 of 50
Table of Contents
1 About Adaptive Processes Consulting ................................................................................................... 4
2 Adaptive Services .................................................................................................................................. 6
3 Adaptive Managed Assurance Services ................................................................................................. 7
4 Benefits of Managed Compliance Services ........................................................................................... 7
10. Multi-model implementation ............................................................................................................. 7
11. Adaptive’s approach to multi-model systems implementation .......................................................... 8
5 Adaptive Training Services ................................................................................................................... 9
6 Adaptive Training Portfolio ................................................................................................................. 10
7 Partial list of our esteemed Clients ...................................................................................................... 13
8 Our Success Stories ............................................................................................................................. 14
9 Sample Client Testimonials ................................................................................................................. 16
10 Adaptive client references whom partner can speak to .................................................................... 16
11 Awards and Achievements ............................................................................................................... 17
12 Our system development approach .................................................................................................. 17
13 Merging of Agile and CMMI ........................................................................................................... 18
14 Proposed high level implementation plan ........................................................................................ 19
15 Proposed Time Line – ISO 9001 ...................................................................................................... 19
16 Proposed Time Line – ISO 27001 .................................................................................................... 20
17 Proposed Time Line – ISO 20000 .................................................................................................... 20
18 Proposed Time Line – CMMI L3..................................................................................................... 21
19 Proposed Project Structure ............................................................................................................... 23
20 Roles and Responsibilities ............................................................................................................... 24
21 Project Risk Management ................................................................................................................ 25
22 Communication Management .......................................................................................................... 26
23 Escalation Management ................................................................................................................... 28
24 GRCPerfect – Project Governance and Compliance System for CMMI ......................................... 29
25 Advantages of GRCPerfect .............................................................................................................. 29
26 GRCPerfect Functional Architecture ............................................................................................... 30
27 Sample Workflows in GRCPerfect .................................................................................................. 30
28 Model Mapping – CMMI ................................................................................................................. 35
29 Modules for Compliance Management (ISO 9001, ISO 27001, ISO 20000) .................................. 43
30 Adaptive Management System ........................................................................................................ 44
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 3 of 50
31 Employee Services Module.............................................................................................................. 44
32 GRCPerfect Support Mechanism ..................................................................................................... 44
33 Definition of Defect Severities and SLA for resolution (in Working Days) .................................... 45
34 Change Request Implementation ..................................................................................................... 45
35 Adaptive Case Studies ..................................................................................................................... 46
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 4 of 50
1 About Adaptive Processes Consulting
Adaptive Processes is formed with a view to help organizations establish and improve Quality, Security,
Environment, Health and Safety processes in a faster, better and simpler way. We developed world’s first
database driven Quality and Information Security Management System which has been filed for a patent.
We are also certified for prestigious international standard, ISO 9001:2008 from DNV.
Adaptive is also an official member of NASSCOM – Largest association of IT and ITES organizations in
India. We are in process of becoming an official partner of Software Engineering Institute (SEI), USA.
GRCPerfect, an Enterprise Project Governance, Risk and Compliance Management System, is designed
to help companies implement Quality and Information Security Management Systems. It is extremely
user-friendly, simple, easy to maintain yet very effective. It has pre-built processes for CMMI L3, ISO
27001, ISO 9001, ISO 14001, ISO 20001 and ISO 18001.
Some of the unique advantages and benefits Client will acquire when dealing with Adaptive are:
Commitment to Client success – Adaptive is fully committed to Client’s success in implementing
the project. Client can keep 10% of the project fees as project success fee which will be payable to
Adaptive only upon satisfactory completion of the project.
Spirit of Collaboration
Adaptive believes in close collaboration with our clients for mutual benefit. By partnering with
Adaptive, Client gets full access to world-class personnel, systems and processes that Adaptive has
developed with a cumulative experience above 100 person-years. Adaptive is willing to customize it’s
product (GRCPerfect) to meet Client’s requirements in case Client wishes to implement same. Our
solution is also available to Client as an Open-Code option which enables Client to obtain the source
code of the product with additional fees.
GRCPerfect – Enterprise Project Governance, Risk and Compliance Management System -
Comprehensive CMMI, ISO 27001, ISO 9001 and ISO 20000 Management Tool
GRCPerfect is a comprehensive process implementation support tool. It is fully web-based and has
role permission based access to various modules to manage CMMI Level 3, ISO 27001, ISO 9001
and ISO 20000 and Agile project management activities. GRCPerfect works as a comprehensive
metrics management system for above standards.
Comprehensive Metrics Management System – GRCPerfect works as a comprehensive metrics
management system for CMMI, ISO 9001 and ISO 27001. Future plans to include ISO 20000 and
Agile.
Proven Capabilities – Adaptive has successfully completed over 20 CMM and ISO projects with
cumulative experience of more than 100 person-years. Adaptive has encapsulated all of its learning
and best practices into its implementation methodologies.
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 5 of 50
Personalized Attention – With Adaptive, you are assured of personalized attention from every
member in Adaptive. We take pride in the fact that almost all our Clients have come back repeatedly
to us for their process improvement needs.
Cost Savings - 50%+ cost reduction over traditional methods of process definition and
implementation due to proven tool kits and process implementation system, GRCPerfect.
Effort Savings - More than 50% effort saving from Client side due to automation of processes and
metrics due to proven tool kits and process implementation system, GRCPerfect.
Time Savings – Minimum 3 months effort savings due to proven toolkits for CMMI, Business
Analysis, ISO 9001, ISO 27001, ISO 20000 and BS 25999 due to proven tool kits and process
implementation system, GRCPerfect.
eLearnings – Adaptive has developed eLearning products in CMMI, Business Analysis, ISO 9001,
ISO 27001, ISO 20000, BS 25999 and Internal Audit for continuous learning and also for awareness
development which will be available to Client at no additional cost.
Ongoing Support - Process sustenance support including complete Quality Process Outsourcing
beyond assessment / certification.
A single partner for multiple frameworks – The complexity of integrating multiple implementation
vendors in any project presents numerous and added challenges and risks. With Adaptive, Client can
rest assured that an end-to-end GRC solution will always be provided under a single umbrella.
Accreditations – Adaptive has been certified against ISO 9001:2008 (www.ISO.org), the
international certification for quality of its products and services from DNV, World’s leading
management systems certification agency (www.DNV.com).
Adaptive is an official member of NASSCOM, www.Nasscom.in, the premier industry association
for Software and BPO companies in India.
Adaptive is an endorsed Education Provider for International Institute of Business Analysis
(www.iiba.org), Canada.
We are in the process of obtaining partnership with Software Engineering Institute
(http://www.sei.cmu.edu/), Carnegie-Mellon University which has developed the CMM framework.
We are also in the process of obtaining partnership with Scrum Alliance (www.scrumalliance.org),
the leading association of Agile practitioners in the world.
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 6 of 50
2 Adaptive Services
Process Definition
We do rapid process definition using Adaptive Portfolio Management System; an application based
configurable management system which is already compliant to industry leading Quality and Security
standards (CMMI, ISO 9001, Agile, ISO 27001 etc.) and industry best practices.
Process Implementation
We provide complete hand holding to the Client organization to implement processes.
We plan, conduct and report project audit activities, meet training requirements and coordinate with
external agencies.
Process Improvements
We execute Process Improvement Projects using Six Sigma methodology.
Process Trainings
We provide complete gamut of Trainings for our Clients. Our trainings are designed and developed with
extensive experience in software process implementation and consulting. They are designed for various
durations depending on intensity and user community needs.
Adaptive eLearning for CMMI, ISO 9001, ISO 27001, ISO 20000, BS 25999, Business Analysis and
Internal Audit
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 7 of 50
Adaptive eLearning products are comprehensive eLearning solutions for above mentioned frameworks
with certification tests. This helps various participants in the process improvement journey to understand
core concepts behind the standards/models and also test their understanding.
3 Adaptive Managed Assurance Services
1. Establish required management system (s) (policies, processes, templates, guidelines, checklists,
training materials etc.)
2. Plan and conduct quarterly internal audits and follow-up on closure
3. Plan and conduct quarterly management reviews
4. Plan and co-ordinate external audits
5. Follow up and closure of external audit findings
6. Conduct awareness programs for new joiners on the management system every month
7. Collect and publish quarterly process performance metrics
8. Plan and conduct annual Customer Satisfaction Survey
9. Quarterly update Management Systems (QMS, ISMS, EMS, OHMS etc.) as per processes being
modified
10. Access to Adaptive eLearnings for ISO 9001, ISO 27001, CMMI, Internal Audit, Agile and any
future eLearnings developed by Adaptive
11. Keep customer abreast of any update to implemented standards
4 Benefits of Managed Compliance Services
1. Complete ownership and accountability of process management for QMS, ISMS, ITSM and BCMS
2. Zero fees for GRCPerfect – Adaptive Enterprise Governance, Risk and Compliance Management
System
3. Continual improvement using Lean and Six Sigma
4. Multi-client experience to improve organization’s processes
5. Significantly reduced overall cost
6. Process management system
7. Zero recruitment or training cost
8. Periodic internal audit trainings
9. 20% discounts on Adaptive trainings
10. Multi-model implementation
Adaptive is one of world’s leading multi-model implementation organizations. Adaptive is possibly the
first company in the world to develop a management system and management system deployment system
(GRCPerfect) catering to the requirements of the following standards
1. CMMI
2. ISO 9001
3. ISO 27001
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 8 of 50
4. Balanced Score Card
5. PCMM
6. BS 25999
7. HIPAA
8. Agile (In progress)
9. ISO 20000 and ITIL (In progress)
Adaptive has implemented following multi-model implementations for its clients:
1. HARMAN – CMMI and ASPICE
2. Infinite Computers - CMMI, Agile, ISO 9001, ISO 27001, Six Sigma
3. Ness technologies – Agile, CMMI, ISO 9001 and ISO 27001
4. Ascendum - CMMI, Agile, ISO 9001, ISO 27001
5. Accel Frontline – ISO 20000 and ISO 27001
6. Cross-domain – ISO 27001, HIPAA and BS 25999
7. Clutch Group - ISO 9001 and ISO 27001
8. MACH – Six Sigma, ISO 9001 and ITIL
9. Proteans Software (Now part of Symphony Services) – ISO 27001 and BS 25999
11. Adaptive’s approach to multi-model systems implementation
1. Always develop systems based on organizational needs – best practices exist to serve the organization
– organization does not exist to serve the best practices
2. Practical approach to solve a business need - Our principal and senior consultants come with
significant software development experience
3. Adaptive has is a software development unit of its own.
4. Integrate Quality, Security, HR Management Systems
5. Develop blended learning with both eLearnings on ISO, CMMI, IIBA frameworks and class-room
based trainings for effective implementation
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 9 of 50
5 Adaptive Training Services
Adaptive Processes provides complete range of services in GRC and process management area.
Adaptive is an Endorsed Education Provider for International Institute of Business Analysis (IIBA),
Canada (http://tinyurl.com/IIBA-Adaptive-EEP)
More than 100 training with close to 2000 person-days of trainings conducted
Entire spectrum of trainings in project, risk and process management
Courses conducted in Bangalore, New Delhi, Pune, Chennai, Bangkok
Courses attended by participants from USA, UK, Australia, Singapore, Dubai
Extremely good feedback ratings
Candidates can pay online in our e-Commerce portal (http://www.adaptiveecom.com/Products)
Our classes are conducted over weekend to help participants minimize their absence from work
Assistance provided for accommodation in Bangalore
Our program delivery methodology is highly interactive with
1. Conceptual theoretical inputs
2. Practical implementation approaches
3. In-class exercises
4. Role plays
5. Sample quizzes
Adaptive has developed more eLearnings on following subjects. These eLearnings have built in quizzes
to test understandings.
1. CMMI
2. Business analysis
3. ISO 9001
4. ISO 27001
5. ISO 20000
6. Agile and Scrum
7. BS 25999
8. QMS Internal Audit
9. Configuration Management
Our faculties are highly experienced with multiple project implementation experience in CMMI, ISO
9001, ISO 27001, and ISO 20001. They have also carried out more than 100 audits for various clients
such as Infosys, IBM, Siemens, and Zenith Software etc. Our faculties provide areas of improvement for
each participant.
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 10 of 50
Our handout materials content entire slide deck presentation used by the faculty. It also contains other
useful reference. It contains additional space for writing in-class learnings as well. We have provided one
sample copy for ISO 9001 Internal Auditor program as reference for you.
Sample Training Feedbacks:
1. It was a lot of fun and learning at the same time. Thank to LN and all of you for the wonderful time
together. Lets keep in touch. – Mahesh Shenoy, Founder and CEO, Thoughtnet
2. Thanks for a very informative & interactive training. It will be very useful for us on our roles that we
performing. - Regards, Maruthi Prasad, iSoft
3. Faculty with excellent knowledge – Manoj Nair, Mafoi
4. I would definitely recommend this training to others in Accenture!! - Sukirti Sen, Business
Analyst, Accenture
5. It is highly appreciated and acknowledged that the training was very useful and purposeful.
Special thanks to you to make it interactive and collaborative. - S Balamurugan, Senior
Solution Architect, Unisys
6. Thanks for conducted wonderful session and shared your excellent knowledge with us. I felt
this session was knowledge enhancement for me. Hope it will increase my confidence and
perform my roles well in my projects. - Chandra Sekhar Challa (Value Labs)
7. Thanks for the class it was very interesting and informative. - Sheeja Abraham, Azkonobel
More feedbacks can be viewed at
http://tinyurl.com/Linkedin-BA-feedback
http://tinyurl.com/BA-feedback
Current program details can be found at http://www.adaptiveprocesses.com/training-calender.html
6 Adaptive Training Portfolio
Category Course Name # of
Days
eLea
rnin
g
Primary Audience
Cer
tifi
cati
on
CMMI CMMI for Services 2 Yes Quality Managers, Project
Managers, Team Members
CMMI Introduction to CMMI 2 Yes Quality Managers, Project
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 11 of 50
for Development Managers, Team Members
CMMI CMM Implementation
Workshop
3 Yes Quality Managers, Project
Managers, Team Members
Software Engineering Good Programming
Practices
0.5 Developers
Software Engineering Introduction to
Software Quality
0.5 Quality Professionals
Software Engineering Requirements
Management
1 Business Analysts, Project
Managers
Software Engineering Software Engineering
Principles
1 Quality Managers, Quality
Professionals, SQA, Project
Managers, Team Leads
Software Engineering Introduction to
Software QA
3 Quality Managers, Quality
Professionals, SQA
Software Engineering Software Reviews 0.5 Quality Managers, Quality
Professionals, SQA, Project
Managers, Team Leads
Software Engineering Software Testing
Principles
0.5 Testers, SQA, Project
Managers, Team Leads
Software Engineering Software Metrics 0.5 Quality Managers, Quality
Professionals, SQA, Project
Managers, Team Leads
Software Engineering Statistics for Project
Managers
0.5 Project Managers, Team
Leads, Quality Managers
Software Engineering Statistical Process
Control
0.5 Project Managers, Team
Leads, Quality Managers
Software Engineering Quality and Security
Introductions
0.5 Developers
Project Management Introduction to MS-
Project
1 Project Managers, Team
Leads
Project Management Project Management
Basics
2 Project Managers, Team
Leads
Project Management Prograrm Management 3 Program Managers, Project
Managers
Project Management Certified BPO Team
Lead
3 BPO Team Leads Yes
Project Management Stakeholder
Management
0.5 Project Managers, Team
Leads
Risk Enterprise Risk
Management
1 IT Managers, IT
Professionals, Quality
Managers
Risk Certified Risk Analyst 2 IT Managers, IT
Professionals, Quality
Managers
Yes
Agile Certified Agile
Practitioner
2 Yes Project Managers, Team
Members
Yes
Agile Introduction to Agile
and Scrum
1 Yes Project Managers, Team
Members
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 12 of 50
Biz Analysis Certified Business
Analyst
3 Business Analysts, Project
Managers
Yes
Biz Excellence Integrated
Management Systems
1 Quality Managers, SQA
Biz Excellence Continual
Improvement Tools
and Techniques
1 Quality Managers, SQA
BS 25999 Business Continuity
Management
1 Yes IT Managers, BCM
Professionals
BSC Balance Score Card 1 Quality Managers, SQA
CoBIT Introduction to COBIT 2 IT Managers, Quality
Managers
Excel Excel for Executive
Managers
1 Managers
ISO 14001 Introduction to ISO
14000 (EMS)
1 Facility Managers, Quality
Managers
ISO 18001 Introduction to ISO
18001 (OHS)
1 Facility Managers, Quality
Managers
ISO 27001 Certified ISO 27001
Internal Auditor and
Implementer
3 Yes Quality Managers, Project
Managers, Team Members
Yes
ISO 27001 Certified ISO 27001
Implementer
2 Yes IT Managers, IT
Professionals, Quality
Managers
Yes
ISO 27001 Certified ISO 27001
Internal Auditor
2 Yes IT Managers, IT
Professionals, Quality
Managers
Yes
ISO 27001 Introduction to ISO
27001:2005
1 Yes IT Managers, IT
Professionals, Quality
Managers
ISO 9001 Certified ISO 9001
Internal Auditor
2 Yes Quality Managers, SQA,
Internal Auditors
Yes
ISO 9001 Introduction to ISO
9001:2008
1 Yes Quality Managers, SQA,
Internal Auditors, Project
Managers
ISO 9001 Certified ISO 9001
Internal Auditor and
Implementer
3 Yes Quality Managers, SQA,
Internal Auditors, Project
Managers
Yes
Six Sigma Six Sigma Green Belt 3 Quality Managers, Quality
Professionals, SQA, Project
Managers, Team Leads
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 13 of 50
7 Partial list of our esteemed Clients
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 14 of 50
8 Our Success Stories
CMMI
IBM Global Services India – Implementation and sustenance of CMMI Level 5
Infosys Technologies – Implementation and sustenance of CMMI Level 5
IGate Corporation – Implementation and sustenance of CMMI Level 5
Implementing CMMI L3 at Ascendum Solutions
Infinite Computers (GRCPerfect Implementation and QMS Definition for CMMI v1.2 Level 5
implementation)
Turning Point (GRCPerfect Implementation and QMS Definition for CMMI v1.2 Level 3
implementation)
AXA Group Solutions (CMMI L3 implementation Support)
Manhattan Associates (CMMI Training)
OTIS Software (CMMI Training and Gap Analysis)
ISO 27001:2005
AccelFrontline (Implemented ISO 27001 and ISO 20001)
Zenith Software - Completed ISO 27001 certification
JuriMatrix (Clutch group) – Completed ISO 27001 certification
People Tech Group – Completed ISO 27001 certification
Crossdomain - Implemented ISO 27001
Photon Infotech – ISMS system definition
Proteans – ISMS system definition
Metlife – ISO 27001 Pre-certification Audit
Tusker Legal Process Outsourcing - ISMS definition as per ISO 27001
Ness Technologies – ISO 27001 Internal Audit Training and Co-ordination
Management Systems Outsourcing
EmPower Research
V2Soft
Ness Technologies
MACH Teledata
ISO 9001:2008
Clutch Group, Leading LPO player in the world
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 15 of 50
Empower Research, leading KPO organization in India (Completed ISO 9001 implementation)
Ness Technologies India, part of Largest Israeli IT company (ISO 9001 and CMMI
implementation)
Vati Consulting, Premier Recruitment Process Outsourcing and HR Consulting Firm (ISO 9001
implementation)
Vana Solutions, High-tech solutions provider (ISO 9001 and CMMI implementation)
INSZoom, World’s Leading Immigration Management Software Products organization
Bang (SQA Support)
ObjectWin (SQA Support)
ITIL / ISO 20000
Accel Frontline
MACH Teledata
OnMobile, leading Mobile Value Added Service Provider
HIPAA
Crossdomain – India’s leading Payroll Services organization
Six-Sigma
AkzoNobel – World’s No.1 paint manufacturer
Multinational Automated Clearing House (MACH), World Leader in roaming solutions
Internal Audit Services
Metlife Insurance
Textron
Training
Manhattan Associates, World Leader in Supply Chain Management (CMMI Training)
Mafoi Consulting
Triumph Software Services
OTIS Software
Unisys
Sanovi
QMS Reengineering
Ness Technologies
Infinite Computers
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 16 of 50
9 Sample Client Testimonials
I would like to thank you (LN) and your team on behalf of ZSL management team for helping us in
getting the successful ISMS assessment audit by DNV. I am confident that your APMS tool will help us
in minimizes our effort in managing Information Security. We thoroughly enjoyed working with you and
look forward to work together for our future endeavors.
- R Natarajan, Chief Operating Officer, Zenith Software Ltd
I find it very easy to do business with you. Thank you for the contribution to our system. We have a great
and open working relationship. We really respect your contributions in helping our organization.
- Puneet Chaddha, Former Head-Delivery, Ness Technologies
Adaptive has been prompt and fast in responding to our requirement, I am extremely happy with their
people competence, and range of service provided. Adaptive would be my obvious choice for any of our
process need. I would recommend this team to my circle.
- SK Mishra, Head-Quality, Infinite Computer Solutions
Adaptive responded to all our requirements immediately. Their service was very good and satisfying. I
appreciate Adaptive resource commitment and hard work. He was very helpful and always ready to go
extra mile to help us out.
- Ruhi Sharma, QA-Director, Arctern Consulting Pvt. Ltd.
10 Adaptive client references whom partner can speak to
Client Name and
Location
Contact Person, Number Products and
Services rendered
Period
Infinite Computers,
Bangalore
SK Mishra
SVP and Head-Quality and Compliance
+91-98450-82566
GRCPerfect
ISO 9001, ISO
27001, CMMI and
Agile
On going
from 2008
Cross-domain
Solutions,
Bangalore
Gobinda Chandra Patra
Head-IT
+91-98454-94113
GRCPerfect
ISO 27001
HIPAA
May 2010
Zenith Software
and BPO
Bangalore
Ramakrishna Udupa
Head-Quality
+91-94492-85553
GRCPerfect
ISO 27001
Ongoing
from Oct
2009
People Tech Group
Bangalore
Mandar Diwan
Head - Delivery
+91-99010-36192
GRCPerfect
ISO 27001
Dec 2009
Ascendum
Software
Narasimha Murthy
Head-Delivery
+91.96633.09374
CMMI and ISO
9001
Aug 2011
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 17 of 50
Ness Technologies
India Bangalore
Satydarshi Mishra
Senior Director
+91-98453-15097
ISO 9001, ISO
27001, CMMI and
Agile
Oct 2006 to
Oct 2009
Accel-Frontline,
Chennai
Ravi Madhavan
Head-MSOC
+91-95000-92359
ISO 27001 and ISO
20000
June 2010
11 Awards and Achievements
Member of NASSCOM
ISO 9001:2008 Certified from DNV on the first year of operation
Winner of Most Innovative Company Award from Pan IIT-IIM Alumni Forum
Certified Microsoft BizSpark Partner
Nominated for prestigious Tata NEN Hottest Start-up
12 Our system development approach
We believe that the Client can benefit significantly implementing best practices available in the industry
such as CMMI for Development, CMMI for Services, Agile, ISO 9001, ISO 27001, ISO 20000 and BS
25999. We have helped our Clients to develop integrated management systems taking inputs from CMMI
for Development, CMMI for Services, Agile, ISO 9001, ISO 27001, ISO 20000, BS 25999 and HIPAA.
Some of the basic principles we follow while designing the system are:
1. The system shall be as simple as possible
2. System shall be designed in layered architecture
3. Maximum possible re-use of existing documentation and practices
4. Usage of terms as practiced in the organization
5. Systems shall be made role-specific
6. Looking at the organization as a wholesome entity
7. Integrated Quality, Security, HR Management System
8. Simple systems
9. Integrated data management system
10. Cross-functional teams
11. Regular feedback from all stakeholders regarding process expectations and performance against them
12. Make policies and processes role and context based
13. Tailor processes as per complexity
14. Integrating all audits
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 18 of 50
15. eLearnings
Adaptive’s GRCPerfect comes pre-built with processes for CMMI for Development, CMMI for Services,
Agile, ISO 9001, ISO 27001, ISO 20000 and BS 25999.
Client Existing System Inputs
Project Management Experiences
=
Client QMS
Plus
Adaptive Experiences Inputs
Plus
Best Practice Inputs
13 Merging of Agile and CMMI
Adaptive has helped many of its Clients to integrate their processes for both Agile and CMMI (Infinite,
Ness etc.). The proposed Principal Consultant for the project is also a Certified Scrum Master who has
helped many Clients adopt Agile principles (Ness, Wipro, Infinite etc.).
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 19 of 50
14 Proposed high level implementation plan
15 Proposed Time Line – ISO 9001
Activity Primary Secondary Start Wk End Wk
Project Kick-off and Core Group identification Partner Adaptive 1 1
Understand Current processes and systems Adaptive Partner 2 3
Core group orientation Adaptive Partner 3 3
QMS Manual Preparation Adaptive Partner 3 3
QMS Manual Review and update Adaptive Partner 4 4
QMS Process Definition Partner Adaptive 4 8
QMS Process Review and update Adaptive Partner 6 8
User Awareness Training Partner Adaptive 9 9
Implementation 1 Adaptive Partner 10 14
Metrics collection Adaptive Partner 15 15
Internal Audit Partner Adaptive 16 16
Management review Partner Adaptive 16 16
Closure of Internal Audit Findings Adaptive Partner 17 18
Implementation 2 Partner Adaptive 19 22
Closure of Internal Audit Findings Partner Adaptive 23 24
Document Review Partner,
External
Auditor
Adaptive 24 24
Closure of Documentation Review Findings Partner Adaptive 25 25
Certification Audit Partner, Adaptive 26 26
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 20 of 50
External
Auditor
16 Proposed Time Line – ISO 27001
Activity Primary Secondary Start Wk End Wk
Project Kick-off and Core Group identification Partner Adaptive 1 1
Understand Current processes and systems Adaptive Partner 1 2
Core group orientation Adaptive Partner 2 2
ISMS Policy, SoA definition Adaptive Partner 3 4
ISMS Manual Preparation Adaptive Partner 4 4
ISMS Manual Review and update Adaptive Partner 4 5
Department Wise Infosec Policy Definition Partner Adaptive 5 6
Policy review and update Adaptive Partner 6 6
ISMS Process Definition Partner Adaptive 7 9
ISMS Process Review and update Adaptive Partner 9 10
Business Continuity Planning Partner Adaptive 11 11
Vulnerability assessment and penetration
testing (VAPT)
Adaptive Partner 12 12
User Awareness Training Partner Adaptive 13 13
Implementation 1 Adaptive Partner 13 16
Metrics collection Adaptive Partner 16 16
Internal Audit Partner Adaptive 17 17
Management review Partner Adaptive 18 18
Closure of Internal Audit Findings Adaptive Partner 19 20
Implementation 2 Partner Adaptive 21 22
Business Continuity Planning and testing Adaptive Partner 23 23
Fire Drill Exercise Partner Adaptive 23 23
Closure of Internal Audit Findings Partner Adaptive 24 25
Document Review Partner,
External
Auditor
Adaptive 26 26
Closure of Documentation Review Findings Partner Adaptive 27 29
Certification Audit Partner,
External
Auditor
Adaptive 30 30
Closure of certification audit findings Partner Adaptive 31 32
17 Proposed Time Line – ISO 20000
Activity Primary Secondary Start Wk End Wk
Project Kick-off and Core Group identification Partner Adaptive 1 1
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 21 of 50
Understand Current processes and systems Adaptive Partner 1 2
Core group orientation Adaptive Partner 2 2
SMS Manual Preparation Adaptive Partner 3 3
SMS Manual Review and update Adaptive Partner 4 4
SMS Process Definition Partner Adaptive 5 9
SMS Process Review and update Adaptive Partner 9 10
Service Continuity Planning Partner Adaptive 11 11
User Awareness Training Partner Adaptive 13 13
Implementation 1 Adaptive Partner 13 16
Metrics collection Adaptive Partner 16 16
Internal Audit Partner Adaptive 17 17
Management review Partner Adaptive 18 18
Closure of Internal Audit Findings Adaptive Partner 19 20
Implementation 2 Partner Adaptive 21 22
Service continuity testing Adaptive Partner 23 23
Closure of Internal Audit Findings Partner Adaptive 24 25
Document Review Partner,
External
Auditor
Adaptive 26 26
Closure of Documentation Review Findings Partner Adaptive 27 29
Certification Audit Partner,
External
Auditor
Adaptive 30 30
Closure of certification audit findings Partner Adaptive 31 32
18 Proposed Time Line – CMMI L3
Activity Week Responsibility
Start End Primary Secondary
Plan for CMMI Implementation 1 8 Adaptive Client
Secure Sponsorship and Funding 1 2 Client Adaptive
Core Team Training 2 2 Adaptive Client
Understand current processes and systems 2 4 Adaptive Client
Conduct gap analysis 4 4 Adaptive Client
Suggest data infrastructure 5 8 Client Adaptive
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 22 of 50
Define Policies and Processes 5 10 Adaptive Client
Progress review 10 10 Client Adaptive
Implementation Cycle 1 11 21 Client Adaptive
Train all project members on CMMI 11 18 Adaptive Client
Identify FAR groups 12 13 Client Adaptive
Conduct practice implementation review 12 15 Adaptive Client
Implement QMS 11 20 Adaptive Client
Review of progress 21 21 Client Adaptive
Internal Assessment 22 29 Adaptive Client
Identify Assessment Team Members 22 22 Client Adaptive
Develop Assessment Plan 22 22 Adaptive Client
Prepare assessment questionnaires 22 23 Adaptive Client
Conduct Assessment 24 25 Adaptive Client
Present Findings 26 26 Adaptive Client
Close internal assessment findings 26 28 Client Adaptive
Review of progress 29 29 Client Adaptive
Pre-Appraisal 30 32 EA Client
Intro to CMMI training and Pre-Appraisal by Lead
Appraiser
30 30 EA Client
SCAMPI Training(Overview) by LA (2-one day
session )
30 30 EA Client
Gather Data 31 31 EA Client
Reporting Results 32 32 EA Client
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 23 of 50
Review of progress 32 32 Client Adaptive
Implementation Cycle 2 33 36 Client Adaptive
Close gaps identified during Pre-appraisal 33 34 Client Adaptive
Improve and release new version of QMS 33 36 Adaptive Client
Final Appraisal / Audit 37 44 EA Client
Final Appraisal 37 38 EA Client
Close appraisal findings 39 44 Client Adaptive
19 Proposed Project Structure
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 24 of 50
20 Roles and Responsibilities
Role Name Job Description
Client Representative Obtain consensus among various stakeholders
Execute projects on time, within budget, adhering to quality standards
Managing all deliverables of the project
Responsibility for team and team direction
Set project standards
Regularly interact with Senior Management
Defines and allocates project tasks
Adaptive Principal
Consultant
Works closely with the Client process manager
Provides inputs on standard requirements
Conducts trainings
Participates in key management reviews
Provides guidance to team on implementation
Adaptive Senior
Consultant
Understands current processes and updates the same for standard
Conducts practice implementation reviews
Participates in internal and external assessments
Assists Project Managers on process implementation
Reviews metrics data
Client SEPG Core
team
Provides inputs on current processes and updates the same for standard
Conducts practice implementation reviews
Participates in internal and external assessments
Assist Project Managers on process implementation
Review metrics data
Adaptive Consultant Assists Adaptive Senior Consultant
Updates processes for standard
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 25 of 50
Follows-up on practice implementation reviews
Participates in internal and external assessments
Assist Project Managers on process implementation
Assists Project Managers to collect metrics data
21 Project Risk Management
A steering committee shall be formed between Client and Adaptive. The steering committee is proposed
to have following members:
Client Delivery Head
Client Representative
Client Quality / IT Team
Adaptive CEO
Adaptive Principal Consultant
This Steering Committee shall meet at least once in month or as needed to discuss project progress, risks,
issues, and resource requirements.
The major risks associated with the project will be identified, and relevant interventions made to contain
them. The risk items shall be prioritized and monitored accordingly on a continual basis, and corrective
action taken, when necessary.
Adaptive is aware of the various risk factors associated with the assignment, the impact of the risk
factors on the project schedules and the quality and the measures to control and manage the risk factors
are identified. The objective of the planning shall be to highlight the risk factors, analyze the impact of
the risks on project execution and identify strategies to control and minimize the impact of the risk
items.
The table below lists the potential risks that Adaptive foresees in this project along with suitable
mitigation plans.
Risk Probability Mitigation plans
Delay in review and
approvals
Medium - Steering committee to look into the same in every
meeting
- PM to track on weekly basis
Availability of Client
resources
Medium - Client and Adaptive will jointly plan for the resource
requirements. This planning should be done at the start of
each phase and resources required should be informed in
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 26 of 50
Risk Probability Mitigation plans
advance for availability.
- Adequate adjustments need to be made in the project plan
to accommodate any resource conflicts
Loss of skilled
manpower
Medium - Ensure that important knowledge is documented, as well
as spread across more than one person in the team.
- Shadow resources at Adaptive
Delay in selection of
assessment body
Medium - Steering committee to look into the same in every
meeting
- PM to track on weekly basis
Delay in decision on
metrics management
system
Medium - Steering committee to look into the same in every
meeting
- PM to track on weekly basis
Long leave taken by
Client Representative
Medium - Identify this from beginning and if there is any such
possibility, identify back-up Client process manager from
beginning
22 Communication Management
Client project manager is the single point of contact for all project-related information within the project
framework. For issues that need to be escalated beyond the Client project manager, escalation
mechanisms for this engagement have been drawn and detailed under the heading “Escalation process”.
Client PM is responsible for the program management in aspects relating to Adaptive. This includes
communicating and coordinating with third parties like the hardware/software vendor, and the network
provider, as applicable.
Adaptive provides Client access to its internal project management tool which is hosted in a Client
environment to view status of the progress of the project. The application also allows Client to obtain
weekly and monthly status reports for the project.
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 27 of 50
The modes of formal information for the project would be weekly and monthly project review meetings.
The recommended hierarchy of management meetings for the purpose of overall project monitoring and
control is tabled below:
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 28 of 50
Level Description Frequency Key Members
1 Project Steering
Committee Meeting
Once every month Client Delivery Head
Client Representative
Adaptive CEO
Adaptive Principal Consultant
2 Project Status
Review Meeting
Weekly Client Representative
Client Quality / IT Team
Adaptive Principal Consultant
Adaptive Senior Consultant
Adaptive Consultant
23 Escalation Management
The following table outlines the Escalation flow and the people involved in the project:
Escalation
Criteria
First Level Timeline for
Escalation
Second Level Timeline for
Escalation
Delays in getting
approvals
Adaptive Senior
Consultant to
Client PM
Delay of 3
working days
Adaptive Senior
Consultant to Client
Program Manager
Delay of 5
working days
Slippage in project
schedule
Adaptive Senior
Consultant to
Client PM
On weekly
reporting basis
Adaptive Senior
Consultant to Client
Program Manager
On weekly
reporting basis
Slippage in
Delivery
Milestones
Client PM to
Adaptive Senior
Consultant
Delay of 3
working days
Client PM to Adaptive
- Head of Engagement
Delay of 5
working days
Work quality
Issues
Client PM to
Adaptive Senior
Consultant
Weekly Client Program
Manger to Adaptive -
Head of Engagement
If not resolved
by Senior
Consultant
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 29 of 50
24 GRCPerfect – Project Governance and Compliance System for CMMI
GRCPerfect is an Enterprise Governance, Risk, and Compliance Management System. It is designed to
help companies implement Governance, Quality, and Information Security Management Systems in an
integrated manner. It is extremely user-friendly, simple, easy to maintain yet very effective. It has pre-
built processes for CMMI Level 5, ISO 27001, and ISO 9001. GRCPerfect is a complete data
management system for CMMI Level 5, ISO 9001, and ISMS. Some of the key aspects captured are
Complete Program and Project Planning and Tracking supporting CMMI, ISO 9001 and Agile
Schedule, Defect, Effort, Risk, Issue, Change Requests, Quantitative Process Management, Sub-
Process Metrics and other 40+ data capture needed by CMMI, ISO 9001 and ISO 27001
Supports workflow for approvals in Time Sheet, Requests
Complete role-based permissions for data confidentiality and integrity
Multi level view – From Organization to Account to Project
Status and Metrics reports generated automatically from the system
Built on industry standard Microsoft SQL Server and .Net
Completely web-enabled and does not require any installation on user machines
Light-weight interface making it suitable to work on internet
Incorporates requirements of Quality and Security standards such as CMMI, ISO 9001 and ISO
27001
Best practices drawn from internationally renowned organizations
Substantially reduced time and effort in model adoption and implementation
Enables complete context and role based view of policies and processes
Configurable to company’s requirements
Available to the Client as an Open-Code option which enables Client to obtain the source code of the
product with additional fees
25 Advantages of GRCPerfect
Senior Management and Client visibility into Organizational, Account and Project level performance
parameters
Improved data and metrics integrity, thus helping in better decision making
Significant help in ongoing process sustenance beyond audit and assessment
Complete automation of project management artifacts and reporting – significant savings on
management effort
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 30 of 50
26 GRCPerfect Functional Architecture
27 Sample Workflows in GRCPerfect
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 35 of 50
28 Model Mapping – CMMI
Legend
Fully Supported Not supported
Partially supported Not a data requirement
Model requirement GRCPerfect module Process
compliance
Data
compliance
Project planning Schedule
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 36 of 50
Project monitoring and control Executive dash board + reports
Configuration management Not supported
Process and product quality
assurance
Audit management
Measurement and analysis Schedule, defect, risk + reports
Supplier management Vendor master
Requirements management Change request management
Requirements development Product backlog
Traceability matrix
Technical solution Engineering output
Product integration Engineering output
Verification Review, test case management
Validation Test case management
Decision analysis and resolution
(DAR)
Pugh matrix (DAR) module
Integrated project mgmt Minutes of meeting
Action item tracking
Risk management Risk
Organizational process definition Process asset library
Organizational process focus Not a data requirement
Organizational training Training management
Organizational process
performance
All data management modules
Quantitative project management Sub-process metric
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 37 of 50
Causal analysis and resolution Root cause analysis
Organizational innovation and
deployment
Continual improvement request
Project life cycles
28.1 Model Mapping for ISO 27001
Model requirement GRCPerfect module Process
compliance
Data
compliance
Establishing and managing the
ISMS
No data requirement
Documentation requirements No data requirement
Management commitment Management review meeting
Skill gap analysis
Training management
Resource management Capacity planning
Internal ISMS audits Audit management
Management review of the
ISMS
Management review
Isms improvement Continual improvement
Security policy No data requirement
Security organizations No data requirement
Asset classification and control Asset master
Personnel security Training compliance
Physical and environmental
security
Visitor management
Communications and
operations management
It checklists
Access control Access control matrix
Systems development and
maintenance
Security review checklist
Security incident management Incident tracker
Business continuity
management
Business impact analysis
Supplier contacts
Employee contacts
Compliance Audit management
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 38 of 50
28.2 Model Mapping for ISO 9001
Model requirement GRCPerfect module Process
compliance
Data
compliance
Quality Manual Adaptive Management System
Control of Documents Document Control Matrix
Control of Records Record Control Matrix
Quality Objectives Metrics reports
Quality management system
planning
Schedule
Responsibility and authority Schedule
Management representative Not a data requirement
Internal communication Action Item Tracking
Management Review Minutes of Meeting
Action Item Tracking
Competence, awareness and
training
Employee Skill Profile
Training Master
Skill gap analysis (In Progress)
Requirements Estimation
Review
Design and development
planning
Schedule
Design and development review Review
Verification Test Cases
Validation Test Cases
Purchasing Supplier Evaluation
Customer Satisfaction In progress
Internal Audit Audit planning and reporting
Monitoring and measurement of
processes
Metrics reports
Monitoring and measurement of
products
Metrics reports
Continual improvement Root cause analysis (In progress)
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 39 of 50
28.3 Model Mapping for ISO 20000
Model requirement GRCPerfect module Process
compliance
Data
compliance
Management responsibility Adaptive Management system
Governance of processes
operated by other parties
Minutes of meeting
Action item tracking
Documentation management Adaptive Management system
Resource management Staffing master
Task management
Establish and improve the SMS Continual Improvement Request
Plan new or changed services Schedule
Design and development of
new or changed services
Schedule
Transition of new or changed
services
Schedule
Service level management Schedule
Service reporting Dashboards and reports
Service continuity and
availability management
Asset level risk and continuity plan
Budgeting and accounting for
services
Not supported
Capacity management Capacity planner
Action Item Tracking
Information security
management
Asset Risk Analysis
Business relationship
management
Not supported
Supplier management Supplier master
Supplier evaluation
Incident and service request
management
Incident Reporting
Service Request
Problem management Root cause analysis
Configuration management Not supported
Change management Change management
Release and deployment
management
Schedule
28.4 List of Modules for ISO 27001 Implementation
# Module Name Key Features
1 Asset Management Asset Master including Allocation, Movement and Component tracking
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 40 of 50
Asset Service Records
2 Risk Management Threat and Vulnerability analysis
Automated Risk Analysis and Treatment Plan
3 Impact Analysis Business Impact Analysis
4 Statement of
Applicability
Definition of controls as per ISO 27001
5 Access Control
Matrix
Defining various permissions for information assets
6 Capacity Planner Define Capacity Requirements and Availability
7 Incident
Management
Incident Tracking
Allocation of Incidents
8 Material Movement Material Movement Tracker
9 Visitor Management Visitor Tracker
10 Critical Contacts Critical Contact Management
11 Audit Management Audit Planning and Audit Reporting
12 Management Review
Meetings
Auto-generation of Management Review Agenda as per ISO 27001
Action Item Tracking
13 Training
Management
Plan and tracking of QMS / ISMS Trainings
14 QMS / ISMS Quiz
Management
Plan and track results of QMS / ISMS Trainings
15 Root Cause Analysis
Capture Root Cause Analysis
28.5 List of Modules for Project Governance Management System (CMMI)
# Module Name Key Features
1 Executive dashboard Provides 5 key metrics performances of all projects in a single page
(Schedule, Defect, Effort, Risk and Compliance)
Senior management can drill down to any project where there are
issues
2 Size and Effort
Estimation
Supports Function Point, Use Case Point and Complexity based
estimation
Supports approval mechanism
Module and Phase-wise distribution
Size variance analysis
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 41 of 50
Integration with Schedule (Planned)
3 Organizational Risk
Master
Provides a master list of risks for projects
Project managers can inherit risks to their projects from Org Risk
4 Decision Analysis
and Resolution
Provides pre-built DAR templates
Organization can add more custom templates
5 Key Performance
Indicator
implementation
Provision for defining various KPI parameters
Different KPI parameters can be set for different types of projects and
functions
Can be summarized at higher level
6 Project Overview Captures project characteristics, project stakeholders and objectives
Helps understand risks, issues and defects at organization level wrt
project characteristics
7 Schedule
Management
Define custom project life cycles
Allows auto-creation of Work Breakdown Structure
Schedule import from MS-Project
Integrated reviews checklist and creation of defects
Schedule allocation notification
Integrated test cases and creation of defects
Integration with Defects, Issues, Change Requests Module
Integrated with time sheet for effort capture
8 Defect Management Enables orthogonal classification of defects
Capture of defect history
Defect Allocation notification
Can be imported through Excel
Integration with schedule and time sheet
Supports orthogonal classifications
9 Risk Management Captures Risk History with Mitigation and Contingency Plan
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 42 of 50
Computation of Risk Prioritization Number
Risk Allocation notification
Integration with schedule
Integration with Org. Risk Management Module
10 Issues/Action Items Captures Issues / Action Item Details
Issue/Action Item Allocation notification
Integration with schedule
11 Change
Management
Captures Change Requests Details
Integration with schedule
12 Time sheet Weekly Time Sheet
Integration with schedule for planned tasks
Provision to capture un-planned tasks
Time sheet approval
Ability to capture data from two different perspectives – Metrics and
Billing
13 Minutes of Meeting Captures meeting agenda, decisions taken
Integration with Action Item Tracking
14 Quantitative Process
Management
Define Project Metrics
Milestone-wise metrics data capture
15 Sub-Process Metrics Set Statistical Process Control Limits
Verify if measures fall within control limits
16 Reports More than 50 standard reports
Dashboards for Schedule, Risk, Defects and Issues
Defect Trend
Risk Trend
Weekly and Monthly Status Reports
Audit Findings Summary etc.
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 43 of 50
29 Modules for Compliance Management (ISO 9001, ISO 27001, ISO 20000)
# Module Name Key Features
1 Process
Implementation
Indicator Database
(PIID)
Pre-built Process Implementation Indicator Database for CMMI
Assessment
2 Audit Management Audits Planning and Tacking of Internal Auditors
Audit Reporting and Tracking
Non-conformity analysis wrt internal policies and processes and also the
standards
3 Training
Management
Training Plan, Training Attendance and Feedback capturing
4 Management
Review Meetings
Auto-generation of Management Review Agenda
Action Item Tracking
5 Vendor Management Vendor Master including Vendor Evaluation
6 Appraisal Employee Appraisal Management
7 Root Cause Analysis Capture Root Cause Analysis
8 Org. Process
Repository
Captures qualitative data on organizational process performance
9 Continual
Improvement
Request
Capture Process Change Requests
10 CMMI Quiz
Management
Plan and track results of CMMI Trainings
11 CSAT Survey Plan and capture data for Client Surveys
12 Employee Data
Management
Employee Education, Skill, Competency mapping
Skill gap analysis based on organizational roles and skill matrix
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 44 of 50
30 Adaptive Management System
# Module Name Key Features
1 Software life-cycles 8 comprehensive software life-cycles – Agile, Waterfall, Maintenance,
Support, Reengineering, Porting, Package Implementation and Testing
2 Processes 50+ comprehensive processes and procedures for Delivery, HR, IT and
other functions
3 Process Artifacts 500+ standardized process artifacts for CMMI, ISO 27001 and ISO 9001
4 eLearning Contains eLearning on CMMI, ISO 27001, ISO 9001, Internal Audit,
Configuration Management and Agile
5 Model Support Complete support to CMMI, ISO 27001, and ISO 9001. Will be upgraded
soon for ISO 20000 and COBIT.
31 Employee Services Module
# Module Name Key Features
1 Employee Directory Can see company employee information
2 Leave Apply leave
3 Request Tracking Request for any service
4 Improvement
Request
Suggest process improvement requests
5 Incident Tracking Report incidents
6 Attendance Attendance system integration
32 GRCPerfect Support Mechanism
Any defect arising out of Adaptive Product design and development will be serviced free of cost by
Adaptive over the life of the product. Following aspects will be considered as Defects
1. Application not being usable due to design / coding deficiencies
2. Any wrong calculation logic or report
3. Validations which are considered industry accepted practice
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 45 of 50
Rest will be considered as Change Requests. Defects / Change Requests should be submitted by email to
[email protected]. Defects and Change Requests will be classified as per the definitions
provided below.
33 Definition of Defect Severities and SLA for resolution (in Working Days)
Severity Definition SLA for
Response
SLA for
Resolution
1 Disastrous – system cannot be used without corrective action
being taken
4 Hours 1 Day
2 Major – system can be used with major functional restrictions 1 Day 1 week
3 Minor – system can be used with minor functional
restrictions
2 Days Quarterly
Release
4 Cosmetic – system can be used with full functionality 2 Days Quarterly
Release
34 Change Request Implementation
Priority Definition Estimated Effort (Person-
Hour) (PH)
SLA for
Implementation
1 Has legal or revenue implications
< 16 1 Week
16 to 40 2 Weeks
40 to 160 4 Weeks
> 160 Case by case basis
2 Has implications for organizational
audit/assessment/Senior
Management reporting
< 16 2 Weeks
16 to 40 4 Weeks
40 to 160 6 Weeks
> 160 Case by case basis
3 All others < 16 2 Weeks
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 46 of 50
16 to 40 6 Weeks
40 to 160 8 Weeks
> 160 Case by case basis
35 Adaptive Case Studies
35.1 Case study 1 - Improvement of SLA adherence for a leading telecom roaming solutions
partner
Background
Client is the leading Data Clearing House, operating in Telecom sector. Each of the telecom operators
send files containing call records to their Roaming Partners, when the latter’s end user uses the operator
network for connectivity. These files are sent to Client and who in-turn does various levels of validation
including the Tariff check which is one of the first processes to be checked. These files have to be send to
the respective operator within a period of 10 days.
Tariff check happens before any other checking and any delay in this process will lead to a Bull-Whip
Effect causing delays in all other processes. This delay, if over 10 days, can lead to monetary loss for the
client.
Challenges faced by the client
High volume of tickets = Around 400-500 per day
Dependency on information from External Entities
Internal SLA of 3 days – including weekends and other holidays
Highly fluctuating value of the file, that may range from zero of several hundred dollars
Similar amount of effort required for treating files
No existing measurements of tracking system in place
Adaptive Solution
Adaptive studied the ticket resolution process and through statistical analysis found that the prioritization
rule followed in the project and modified the same.
Files treatment got prioritized based on associated monetary value, hence in the event of a Client liability,
the amount incurred would be comparatively lesser.
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 47 of 50
Results
Prior to the project
Post Project
The response time has come down – with 94% of files being treated with 1.5 days and only 0.15% going
beyond internal SLA. This means that the other teams also have sufficient time even if the files are
stopped for other types of errors.
35.2 Case study 2 - Multinational IT Services Organization
Domain: Software Development
Employee Strength: 7000-8000
Standard: ISO 9001 /ISO 27001/Project Reviews/Process Automation
Company Brief:
Organization is a global IT services provider working in software product engineering, enterprise
application integration, software distribution, outsourcing, or turnkey application development.
Client wanted a reliable Process consulting organization which will provide comprehensive SEPG, SQA,
CMMI Level 3 and ISO 27001 support
Challenge:
11127.35
2492.812924.78
17091.76
3319.241959.48
11801.89
1500.03299.64
11459.62
3739.88
467.18
16575.32
6373.17
496.29
14821.70
5383.16
2305.79
16366.18
5708.89
333.29
18307.80
4704.55
263.65
9392.63
2182.99
74.65
10545.23
961.8724.250
5000
10000
15000
20000
APR MAY JUN JUL AUG SEP OCT NOV 1st-15th
DEC
15th-
31st DEC
Analysis based on value of the Treated Files ( In K-SDR)
Within 1.5 Day's Within 1.5 -3 Day's More than 3 Day's
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 48 of 50
With continued growth in their business, the organization needed to adopt a comprehensive approach to
managing its SEPG, SQA, CMMI Level 3 and ISO 27001 initiatives through a single system that supports
the needs of organization and leverage technology for sustainability, consistency, efficiency and
transparency across different verticals
Their existing system for managing documentation, risk, controls and reporting of internal controls had a
number of limitations including:
Risk Management was weak
Disparate project management methodologies and tools across EDCs
Each EDC was becoming an island of excellence without sharing best practices and learnings across
the organization
Organizational QMS was highly unstructured, in most cases in-complete
Many processes were missing to execute projects successfully
Processes remained in peoples’ memory and laptops
Very little usage of organizational QMS
Inconsistencies in project execution across EDCs
Organization not benefiting from the engineering and project management maturity those were
present in the EDCs
People transition used to create a drop in process performance
Project Based QMS:
No mechanism sharing project information to be provided to all team members
No structured induction method
No estimation method
Significant % of team were freshers
These limitations significantly needed to be taken care for governance, compliance and risk management
requirements such as ISO 9001, ISO 27001. The team realized that they needed to replace their current
system with a next-generation solution that provided a comprehensive platform for internal controls to
support effective CMMI Level 3 and ISO 27001 management
Solutions:
After detailed evaluation and understandings of current organizational processes, based on the
understanding client’s processes and their gap for effective quality system management, a comprehensive
solution was provided to the client, which included process definition, training, implementation, project
reviews, internal audits and external audit support.
Comprehensive risk management and project review parameters were defined based on which all
EDCs reviewed there projects monthly
Standardized all organization’s processes to bring uniformity in process conformance activities across
all ODCs in the organization
Re-engineered complete QMS : 50+ processes and 100+ templates standardized
Obtained best practices from all EDCs and published standardized processes
Defined complete processes including all Project Management and Engineering artifacts
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 49 of 50
Developed project intranet based on open-source Twiki platform which is updated periodically
All new team members trained in all project processes and tools
Developed estimation method for future iterations
Organization wide training for effective implementation was provided to employee (including project
reviews, incident management, risk management and role based system)
Systematic and consistent audit process across different verticals in the organization was defined
An effective CSAT process was developed
Benefits:
Process Automation: By automating the compliance management processes the organization has
dramatically reduced the time being spent by staff members, IT Manager, and senior managers on CMMI
Level 3 and ISO 27001 related activities.
Consistent Process: Adaptive brought about a consistent process across the enterprise, eliminating any
deviations and error eliminating the cost and time associated with repeated processes and multiple checks.
Project Review: Monthly project reviews helped the organization to identify problems in the projects
early in the life which helped them in effective project management
Customer Communication: Periodic CSAT helped the company to understand client paint points and
take corrective actions on the same
Stakeholder Appreciations: Current QMS highly appreciated both internally and by external auditor
Collaboration: Employees are able to carry out team activities in a productive manner with the
collaborative environment that the improved system provided.
Resource Utilization: With the entire compliance process streamlined and automated with the adaptive
support, the organization can better utilize its resources.
35.3 Case Study 3 – Large Financial BPO Organization
Domain: BPO (Insurance)
Employee Strength: 800+
Standard/Focus: Business Continuity Management
Company Brief:
Organization specializes in rendering a wide range of knowledge process outsourcing services for major
Indian and multinational companies.
Client wanted a reliable Process consulting organization which will provide them an effective business
continuity solution
Challenge:
Adaptive Capabilities
Adaptive and Partner Confidential Version 15.0 Page 50 of 50
With continued growth in their business and requirements from client, the organization needed to adopt a
comprehensive approach to managing its operations in case of a disaster
There was no existing system for the organization to sustain itself during a disaster:
No process for business continuity and disaster recovery was present
Critical Asset identification and asset prioritization was weak
Backups for critical systems and operations were absent
Risk Management was weak
These limitations significantly needed to be taken care for compliance and risk management requirement.
The team realized that they needed to have robust system that could face disasters and/or try to avoid
them altogether
Solutions:
After detailed evaluation and understandings of current organizational processes, based on the
understanding client’s processes and their gap for effective disaster management system, a comprehensive
solution was provided to the client, which included risk management, business impact analysis.
All critical assets of the organization were identified and rated based on their confidentiality, integrity
and availability values
Based on asset criticality risk analysis and vulnerability assessment was performed
Business impact analysis was performed for critical assets
Different disaster scenarios were identified and action plan for each scenario prepared
Conducted BCM testing for different scenarios like network outage, city outage etc.
Benefits:
Organization will be able to face disasters with drastically less damage
All the project objectives were successfully achieved
BCM capability developed was highly appreciated both internally and by customer of the client