Documente Academic
Documente Profesional
Documente Cultură
Team 2 -
Stan Craychee
Josh Heneby
Omar Parsa
Jonathan Bolton
CentrexIT
3934 Murphy Canyon Rd
Ste B102
San Diego, CA 92123
1
Table of Contents
List of Exhibits
● Current Logical DFD ______________________________________________________________12
● Current Logical Use Cases ________________________________________________________17
● Current Logical ERD ______________________________________________________________18
● Proposed Logical DFD_____________________________________________________________19
● Proposed Logical Use Cases_______________________________________________________24
● Proposed Logical ERD_____________________________________________________________25
● Proposed Physical DFD____________________________________________________________26
● Proposed Physical ERD____________________________________________________________32
● Interview 1 Notes__________________________________________________________________33
● Interview 2 Notes__________________________________________________________________34
● Expected Risk Matrix______________________________________________________________36
● Gantt Chart________________________________________________________________________37
● Current Standard Operating Procedure provided by CentrexIT__________________43
3
I. Executive Summary
The Media Sanitation process at CentrexIT is currently ineffective, and it
is not compliant with the National Institute of Standards and Technology (NIST)
guidelines. The current procedure is difficult to follow, and many client assets
are not making it through the process to completion due to a disorganized
tracking process. CentrexIT estimates that 50% of the media that they receive
are not making it through the entire process or are wiped by a non-NIST
compliant program. The proposed system will incorporate Wasp’s AssetCloud
barcode scanning software for inventory management to replace the old
handwritten notes system. The potential implementation of the Barcode
Scanning Inventory Management software and hardware will cost approximately
$1188 annually. For our system, we will only be using the NIST Certified
software Blancco for wiping drives instead of using the non-NIST Certified
Parted Magic software. It will cost an estimated $1,250 a year on licenses to wipe
drives with Blancco. Also, the new process replaces the current method of
storing media devices in an unsecured cardboard box with a locked storage
container. Overall, our proposed system will help CIT technicians track, keep
secure, manage, reprovision, wipe, and destroy media more effectively. Our
proposed solution removes the risk of lawsuits for lost data. Also, 100% of all
media will now be wiped with NIST compliant software compared to 50% before.
anything the client may still need from it both manually and with a third-
party application called BelArc. This check is done to find any leftover
software or license keys. Technicians save the BelArc scan to a CentrexIT
client data repository in CentrexIT’s server 63. The CIT tech then places a
sticky note containing the device serial number and client name on the
device. If there is no serial number available, the model number or the
user from the c: drive will be used. Then the CIT tech stores the devices in
a cardboard box (with attached sticky note and colored sticker still on
device) and the sanitization process begins. A secure media sanitization
vendor who is ISO 9001 certified (ProShred) is dispatched to CentrexIT
HQ at the end of each quarter to provide onsite destruction of any storage
media scheduled for disposal. ProShred provides a receipt of all storage
media destroyed with serial numbers for clients at their request (the
receipt from ProShred acts as an official certification of destruction). For
repurposed media, CIT personnel performing the sanitization will run a
third party data removal program called Parted Magic when they know
that the client doesn’t need the log. This program is NIST certified, but
does not give a certificate of proof upon completion and provides a low-
quality log of the wipe. A CIT tech will use a program called Blancco when
the client specifically asks for a certificate of proof that device was wiped
and/or wants the log. Blancco provides a NIST approved wipe, but also
provides a detailed log uploaded to a cloud server along with an official
certification of the wipe. Blancco charges per license to wipe data but
Parted Magic does not; however, CIT needs to use Blancco to remain NIST
800-88 r1 certified as a media sanitation provider. The CIT tech then
reinstalls anything necessary from the BelArc system inventory scan
which is saved to the client data repository file. The CIT tech returns the
computer/device back to the client along with the certification for the
wipe if required. At the end of the wiping or destruction process, the help
desk manager closes out the ConnectWise service tickets through email.
The help desk manager only knows which tickets to close by cross-
checking the receipt of destruction and the media wipe logs with the
service tickets. Finally, a CIT tech will return the repurposed media
devices (with the wipe log if requested) to the client or the client can
6
come pick them up. Then the CIT tech will give the receipt of destruction
to the client for destroyed devices.
currently use for approx. 50% of media wipes) to using a NIST certified
program called Blancco (which they currently use for approx. 50% of
wipes). CentrexIT will stop using Parted Magic altogether, and instead use
Blancco for 100% of device wipes. Using Blancco in place of Parted Magic
ensures that CentrexIT remains NIST certified for their media sanitization
process as well as it provides CentrexIT with an actual PDF certificate
with each wipe (Parted Magic gives no certificate) which can then be
downloaded, signed off, and given to the client with the repurposed
media. Blancco provides a much more detailed log of the wipes than
Parted Magic, and Blancco’s log of the wipe is uploaded to a cloud server
while Parted Magic’s is not.
2. Intangible
9
D. Feasibility Analysis
1. Operational
Given our analysis, our proposed system will work in this
organization. There is little required training to implement the
proposed system and CentrexIT already owns a barcode scanner
(usually these cost up to $1,000) and a barcode label printer.
CentrexIT has the means to afford Wasp’s AssetCloud system. They
already have a securable container, so all they need is a new lock
that would cost no more than $10.
10
2. Technical
Our chosen organization can handle the technical aspects of
our solution. They already have the necessary hardware and most
of the software in place to implement the proposed system.
CentrexIT is familiar with and could easily use all the proposed
hardware in our solution, and learning how to use Wasp’s
AssetCloud (which is similar to an Excel spreadsheet) should not be
a problem for the tech-minded IT professionals at CentrexIT.
3. Schedule
Regarding the schedule feasibility, our organization can
acquire, develop and implement our solution in their specific time
frame (CentrexIT’s deadline is the end of the next quarter) by the
end of the first quarter in 2018. If prioritized, our proposed system
would not take them more than two months to implement.
4. Economic
The cost of the Wasp Barcode Scanning Inventory
Management System, AssetCloud, is $1188 for one user account
per year. CentrexIT will only need one user account. Blancco will
cost $5 per license (one license equals one device wipe). On
average, CentrexIT wipes 250 drives a year leading to $5 x 250 =
$1,250 in wipe costs annually. Proshred will cost $3.95 per drive if
the number of media drives being destroyed exceeds 500. If the
number of media drives is under 500, then it will cost $4.25. On
average, CentrexIT destroys 1,000 drives per year (around 250 per
quarter) leading to $4.25 x 250 x 4 quarters = $4,250 in destruction
costs annually. After implementing our proposed system,
CentrexIT will be less at risk of a costly lawsuit caused by the
potential loss of data or lack of certifications.
VII. Conclusion
Our system should be adopted because it increases security, keeps
CentrexIT NIST certified, provides effective documentation, and our system is
feasible given CentrexIT’s technical, operational, and economic abilities. Our
proposed system guarantees that CIT will receive all the benefits it has to offer
by the end of the first quarter in 2018 if implemented. CentrexIT is running the
risk of facing millions of dollars in lawsuits in the coming years and possibly
losing massive amounts of client data if they do not implement our proposed
solution. Our proposed system could easily be up and working within weeks and
would solve all of the problems associated with the current operating procedure.
VIII. Exhibits
b) Functional Decomposition
13
14
c) Level - 0
e) Use Cases
17
1. Proposed Logical
a) Context
b) Functional Decomposition
20
21
c) Level - 0
e) Use Cases
24
a) Context
b) Functional Decomposition
27
28
c) Level - 0
29
c. Other exhibits
33
Interview #1 form
CentrexIT
Get an understanding of the landscape at the company regarding strategy, goals, systems in place, important processes that
support that strategy and goals, desires.
Goals -
•What are your organization’s overall goals for this year?
•What needs to happen for that to happen?
•How do your information systems help you get there? Or not.
•What specific goals do you want from your apps and systems?
Systems in Place -
•How do your information systems help you reach organizational goals? Or not.
•What applications and systems are you using the most right now?
•How are they working out for you?
Econ - cost/ROI
Labor hours and costs. Data collection = collecting #s. Analyze later
Process in scope.
Control & security - strike a balance
How do you keep your IT infrastructure secure?
Efficiency - resource use/unit of output
GrowIT
How do you make client’s IT infrastructure secure?
organizational/human interface
Finance and marketing work together, does that interface work well and how is it supported by info systems?
SAP has interfaces for customers, how do contract terms get communicated
How does the interface work between people in the organization?
Interview #2 Form
Current Process Analysis
What is the standard operating procedure?
What people are involved in the process?
What technology is involved in the process?
System requirements?
What kind of standards and policies are there for the process?
What kind of performance measures? How to measure success or customer satisfaction?
How is media sanitation scheduled?
What is the problem with the current process? (Keep asking why to get to the root cause) is there a cause to the problem? Is
there any part of the old system that you really didn’t like (even if it works)?
What were your ideas for a new system and why aren’t those plans working out how you’d like? Proposed physical? Proposed
logical?
What does the new system need to do? For CentrexIT, for the customer?
Economics (cost/ROI)
People:
Data:
Procedure: How are costs traced? Are the costs too high? What would be considered too high?
35
Interface: How are the order costs processed between you and the customer? What transaction processing
service is used?
Technology: Do you use any software that helps w the costs?
Closed-Ended Questions
• How many telephone orders are received per day?
• How do customers place orders?
• What information is missing from the monthly sales report?
Open-Ended Questions
• What do you think about the way invoices are currently
processed?
• What are some of the problems you face on a daily basis?
• What are some of the improvements you would like to see in the
way invoices are processed?
Probing Questions
• Why?
• Can you give me an example?
• Can you explain that in a bit more detail?