SlideShare a Scribd company logo

FLS_EA_Checklist_AppName_v5.pptx

Download as PPTX, PDF
S
ssuser7b9cdf

ERB

Business
1 of 15
2019 Flowserve Corporation :: Proprietary & Confidential 1 EA / ARB Review Checklist
2019 Flowserve Corporation :: Proprietary & Confidential Project Name Purpose of the project Sponsoring organization App/Solution Owner Submitter Date 2 Type of Solution Custom Developed – Flowserve DC X Licensed Solution – Flowserve DC ⎕ Licensed Solution - Vendor Hosted ⎕ Licensed Solution – Desktop ⎕ Subscription - SaaS ⎕ Level 1 Support Org Level 2 Support Org Level 3 Support Org
2019 Flowserve Corporation :: Proprietary & Confidential ARB Questionnaire ARB Questionnaire Yes- X No- X Is this a new business capability? X Is this a new application? < ivms 4200 client software> X Does the application integrate with other applications? X Is the application hosted at OneNeck? X * Have you identified affected Business process ? <Please provide Business Process here> X * Enterprise Architecture Principles and Solution guidelines are followed ? (link) Will your project/application involve • Military or government data, • Credit Card transactions (PCI), • Personally Identifiable Information (PII), • changes to financially relevant systems, • public websites, • new roles within existing systems or any other involvement from Information Security? X Do you have the Software Vendor’s Completed Security & Privacy Questionnaire? X 3 NOTE: * Items are mandatory to be marked as Yes. If ANY of the above answers are yes(other than *), please be prepared to answer more detailed questions from the Office of Enterprise Architecture. Please be aware of below tone of discussion: Review team encouraged to be professional, with no personal bias. Project team strongly encouraged to present facts, and not preferences. (No verbal approvals for critical decisions are accepted by Review team. Please have documented proof or email approvals ready) You must be prepared to provide below documents during the review meeting: • Business requirement Document • Data Flow Document • Technical Architecture Diagram • Security & Privacy Document • Data classification/sensitivity
2019 Flowserve Corporation :: Proprietary & Confidential • Please provide a high level business process flow diagram -Proposed 4 Business Process Flow
2019 Flowserve Corporation :: Proprietary & Confidential • Please provide an overview of the technology – Application Platform, Programming Language, Operating System, Database type and the security protocols implemented. 5 Technology Overview Presentation Tier Logic Tier Data Tier The Layer that provides security, esp important for external partner facing applications. Security Tier aka User Interface, the top level of the application. Does this require a pc/desktop install required? Ie Thick/Thin Client? The Logical layer where all logical decisions are implemented . The Data layer is where all data is stored. Reporting Tier What is the reporting tool/platform? Is it PowerBI, Alteryx, Custom SQL Report, etc • N/A The NVR does not require a client to function, playback, or record for daily operations. • On the NVR’s embedded OS • The NVR’s software (embedded OS) provides security for the hardware. No cloud functions. • On NVR’s local storage drives
2019 Flowserve Corporation :: Proprietary & Confidential • Please provide an integration diagram highlighting the applications used in the business solution and means of integration, internal and external. • Please see the first network diagram on slide 4. 6 Systems Integration
2019 Flowserve Corporation :: Proprietary & Confidential • Please provide the names of the servers if you are planning on hosting on existing servers. • If you will be requesting new servers, please identify the number of servers, where will they be hosted, and who will be managing them. Please work with the IT Manager responsible for your department to identify these. • N/A 7 Servers
2019 Flowserve Corporation :: Proprietary & Confidential 8 Detailed Check-List Please answer to the best of your knowledge. These are not mandatory questions but to assist you in performing the due diligence
2019 Flowserve Corporation :: Proprietary & Confidential System Element Function Responsible Team Application Technical Support Technical support of the APP itself. How is it configured and how is it maintained and Change Management, license compliance [Name the team] Application Functional Support How to support, functional queries. SME’s , training, defining Queries. Configuring UI. ECC compliance . [Name the team] Request Access How are users granted access to this application. What approvals are needed. [Unisys] Data Access How to request , who to approve. Combination of App owner, OneNeck and Nsight support teams depending where that data resides. Hosting Support Depending where the application is deployed , DC. Cloud or Edge, support for the servers needs to be provided. Backup/Restore. Health of server(s) OneNeck and Nsight support teams depending where the servers resides. Network Infrastructure that connects Servers to Client Network Services Browser Support Support for PC config and issues Deskside services Commercial and Contract Renewal , disputes, Vendor Management Support Matrix
2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Comments Will the solution contain employee user data? No Will the solution contain customer data? No Will the solution contain confidential or sensitive information such as Military or Government? No Will the solution contain financial data? No Will the solution contain personally identifiable information (PII)? No Does the solution provide the ability to enforce data retention policies? Yes Does the solution provide the ability to encrypt data in transit? Yes Does the solution provide the ability to encrypt data at rest? Yes Does the solution provide the ability to view or export historical data? Yes Does the solution provide the ability to extract our data? Describe the various methods. No Does the solution provide the ability to bulk load data? Describe the various methods. No Can the solution generate reports? What reporting does this solution provide? No 10 Data
2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Comments Does the solution provide the ability to integrate with SAML 2.0, for Single Sign-On? List the identity providers your solution integrates with. No Does the solution have account management capabilities? Describe the user provisioning & de-provisioning and role modification & permissions, single user additions and bulk loads. Yes Does the solution provide integration with Web Services APIs? (i.e. SOAP, REST) Please describe and provide documentation for the APIs. No Does the solution provide the transfer of Flowserve’s data via a secure transfer method?.(i.e. secure FTP, https, etc.). Describe the various secure integration methods. No Does the solution provide the ability to filter data retrieval via web services by attributes? No Does the solution provide the ability to retrieve data as single records or as batches via web services for those solutions that contain high volumes (1M plus) of data? No 11 Integrations
2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Comments Will this be hosted within the Flowserve network at one of Flowserves existing physical or private cloud locations? No Will this be hosted by a third party outside of Flowserve network (outside of Flowserve data centers and private cloud)? No What will be the method of accessing this application? Client Application via LAN TCP/IP What tier will this application be, tier 1, 2, 3 or 4? Tier 1 Does the solution provide high-availability and fault-tolerance that can recover from events within a datacenter? Please describe. (Events to include: High load, hardware, software or network failure) No Does the solution provide a backup and recovery plan that at a minimum must include full weekly backups and daily incremental backups? No Do you have a business continuity and disaster recovery plan? Describe how you would recover from a natural disaster. Yes Pull NVR hardware/drives and test. Replace if needed. Exchanges HDDs too if needed. Does the solution provide additional development, testing, and/or staging environments in addition to the production environments? No Does the cloud solution provide documentation on the segregation of infrastructure from other customers or other environments? Please provide and describe. N/A 12 Infrastructure – Hosting & Networking
2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Please Explain Does the solution have or the security utilities with best practices in place? Yes Does the solution support multi-factor authentication? Describe what methods are available. YES user name/password login, login via email, or pattern login. Does the solution provide the ability to control network access to the application by named IPs or IP ranges, also referred to as restricting access by IP, or control network access to the application by device? Yes Does the solution provide the ability to enforce Flowserve specified password policies? Yes Does the solution provide the ability to control application functionality access by roles for all users, also referred to as Roles Based Access Control (RBAC), via methods such as by attribute or based on a hierarchy? Yes Does the solution provide the ability to audit and export user accounts and historical user activity? Yes Does the solution provide the ability to log user activity for security monitoring? Yes What type and level of encryption does the solution support? AES (Advanced Encryption Standard) 13 Security
2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Please Explain Does the solution comply with United States federal and (fifty) states data privacy laws? (i.e. SB1386, MA201, Nevada597) Yes Does the solution comply with international data privacy laws? (i.e. European Privacy Laws, Safe Harbor, bi-lateral agreements between countries, ITAR) Yes Does the vendor promptly notify Flowserve of any non-compliance by solution with such laws (in 1. and 2. above) related to Flowserve’s data? Yes Can the vendor provide supporting documentation / information regarding compliance with such laws (in 1. and 2. above)? Yes Does the vendor notify Flowserve of any 3rd Party requests for our data or information, including but not limited to, those related to legal or other administrative proceedings? Yes Does the vendor obtain Flowserve’s authorization for any release of our data or information to any 3rd Party? Yes Can the vendor provide their policies on customer’s rights for request to audit and audit rights? Yes Does the solution provide options for opting out of secondary use of Flowserve’s data to 3rd parties, partners, etc? No Does the solution provide the ability to retrieve or export Flowserve’s data upon termination of service? No Does the solution provide the ability / requirement to destroy all Flowserve data upon termination of service after retrieval / export, including data stored on backups? Yes Does the solution provide remedies for breach of SLA compliance and other requirements? Yes Does the vendor use any 3rd party OEM embedded in the product? Can the vendor provide a list of all 3rd party vendors and their relationships? No 14 Compliance
15

Recommended

VMworld 2013: Exploring Technology Trends within Financial Services
VMworld 2013: Exploring Technology Trends within Financial Services VMworld 2013: Exploring Technology Trends within Financial Services
VMworld 2013: Exploring Technology Trends within Financial Services VMworld
 
M.S. Dissertation in Salesforce on Force.com
M.S. Dissertation in Salesforce on Force.comM.S. Dissertation in Salesforce on Force.com
M.S. Dissertation in Salesforce on Force.comArun Somu Panneerselvam
 
SAP D-Code/TechEd 2014|DEV203|Extending SuccessFactors using SAP HANA Cloud P...
SAP D-Code/TechEd 2014|DEV203|Extending SuccessFactors using SAP HANA Cloud P...SAP D-Code/TechEd 2014|DEV203|Extending SuccessFactors using SAP HANA Cloud P...
SAP D-Code/TechEd 2014|DEV203|Extending SuccessFactors using SAP HANA Cloud P...SAP HANA Cloud Platform
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa sUmesh Kodmur
 
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfImprove_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfمنیزہ ہاشمی
 
SAP Cloud Platform SLAs and ITSM Process
SAP Cloud Platform SLAs and ITSM ProcessSAP Cloud Platform SLAs and ITSM Process
SAP Cloud Platform SLAs and ITSM ProcessSAP Cloud Platform
 
Telliant-Pres-_9-2-22 (1).pdf
Telliant-Pres-_9-2-22 (1).pdfTelliant-Pres-_9-2-22 (1).pdf
Telliant-Pres-_9-2-22 (1).pdfSethNarayanan1
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3GovCloud Network
 

Recommended

VMworld 2013: Exploring Technology Trends within Financial Services
VMworld 2013: Exploring Technology Trends within Financial Services VMworld 2013: Exploring Technology Trends within Financial Services
VMworld 2013: Exploring Technology Trends within Financial Services VMworld
 
M.S. Dissertation in Salesforce on Force.com
M.S. Dissertation in Salesforce on Force.comM.S. Dissertation in Salesforce on Force.com
M.S. Dissertation in Salesforce on Force.comArun Somu Panneerselvam
 
SAP D-Code/TechEd 2014|DEV203|Extending SuccessFactors using SAP HANA Cloud P...
SAP D-Code/TechEd 2014|DEV203|Extending SuccessFactors using SAP HANA Cloud P...SAP D-Code/TechEd 2014|DEV203|Extending SuccessFactors using SAP HANA Cloud P...
SAP D-Code/TechEd 2014|DEV203|Extending SuccessFactors using SAP HANA Cloud P...SAP HANA Cloud Platform
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa sUmesh Kodmur
 
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfImprove_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfمنیزہ ہاشمی
 
SAP Cloud Platform SLAs and ITSM Process
SAP Cloud Platform SLAs and ITSM ProcessSAP Cloud Platform SLAs and ITSM Process
SAP Cloud Platform SLAs and ITSM ProcessSAP Cloud Platform
 
Telliant-Pres-_9-2-22 (1).pdf
Telliant-Pres-_9-2-22 (1).pdfTelliant-Pres-_9-2-22 (1).pdf
Telliant-Pres-_9-2-22 (1).pdfSethNarayanan1
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3GovCloud Network
 
Cloud workload migration guidelines
Cloud workload migration guidelinesCloud workload migration guidelines
Cloud workload migration guidelinesJen Wei Lee
 
Top 10 Tips for Implementing Desktop Virtualisation.
Top 10 Tips for Implementing Desktop Virtualisation. Top 10 Tips for Implementing Desktop Virtualisation.
Top 10 Tips for Implementing Desktop Virtualisation. Kingfin Enterprises Limited
 
JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? ManageForce
 
Best Practices for Integrating Applications Development
Best Practices for Integrating Applications DevelopmentBest Practices for Integrating Applications Development
Best Practices for Integrating Applications DevelopmentKovair
 
Why SaaS BI
Why SaaS BIWhy SaaS BI
Why SaaS BIBirst
 
Licensing and Subscription Management to Grow Revenues in the Cloud
Licensing and Subscription Management to Grow Revenues in the CloudLicensing and Subscription Management to Grow Revenues in the Cloud
Licensing and Subscription Management to Grow Revenues in the CloudFlexera
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCisco DevNet
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
CloudOps evening presentation from Salesforce.com
CloudOps evening presentation from Salesforce.comCloudOps evening presentation from Salesforce.com
CloudOps evening presentation from Salesforce.comAlistair Croll
 
Avoiding disaster recovery disasters
Avoiding disaster recovery disastersAvoiding disaster recovery disasters
Avoiding disaster recovery disastersVeritas Technologies LLC
 
Avoiding disaster recovery disasters
Avoiding disaster recovery disastersAvoiding disaster recovery disasters
Avoiding disaster recovery disastersAlexandra Matthiesen
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 
Service Virtualization 101
Service Virtualization 101Service Virtualization 101
Service Virtualization 101Stefana Muller
 
VMworld_PivotalCF_And_Containers
VMworld_PivotalCF_And_Containers VMworld_PivotalCF_And_Containers
VMworld_PivotalCF_And_Containers James Watters
 
Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesBest Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesEnterprise Management Associates
 
Tartaglia Matthew3
Tartaglia Matthew3Tartaglia Matthew3
Tartaglia Matthew3Matthew Tartaglia
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
18 May 2017 - Vuzion Love Cloud
18 May 2017 - Vuzion Love Cloud18 May 2017 - Vuzion Love Cloud
18 May 2017 - Vuzion Love CloudVuzion
 
Softengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 

More Related Content

Similar to FLS_EA_Checklist_AppName_v5.pptx

Cloud workload migration guidelines
Cloud workload migration guidelinesCloud workload migration guidelines
Cloud workload migration guidelinesJen Wei Lee
 
Top 10 Tips for Implementing Desktop Virtualisation.
Top 10 Tips for Implementing Desktop Virtualisation. Top 10 Tips for Implementing Desktop Virtualisation.
Top 10 Tips for Implementing Desktop Virtualisation. Kingfin Enterprises Limited
 
JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? ManageForce
 
Best Practices for Integrating Applications Development
Best Practices for Integrating Applications DevelopmentBest Practices for Integrating Applications Development
Best Practices for Integrating Applications DevelopmentKovair
 
Why SaaS BI
Why SaaS BIWhy SaaS BI
Why SaaS BIBirst
 
Licensing and Subscription Management to Grow Revenues in the Cloud
Licensing and Subscription Management to Grow Revenues in the CloudLicensing and Subscription Management to Grow Revenues in the Cloud
Licensing and Subscription Management to Grow Revenues in the CloudFlexera
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCisco DevNet
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
CloudOps evening presentation from Salesforce.com
CloudOps evening presentation from Salesforce.comCloudOps evening presentation from Salesforce.com
CloudOps evening presentation from Salesforce.comAlistair Croll
 
Avoiding disaster recovery disasters
Avoiding disaster recovery disastersAvoiding disaster recovery disasters
Avoiding disaster recovery disastersAlexandra Matthiesen
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 
Service Virtualization 101
Service Virtualization 101Service Virtualization 101
Service Virtualization 101Stefana Muller
 
VMworld_PivotalCF_And_Containers
VMworld_PivotalCF_And_Containers VMworld_PivotalCF_And_Containers
VMworld_PivotalCF_And_Containers James Watters
 
Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesBest Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesEnterprise Management Associates
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
18 May 2017 - Vuzion Love Cloud
18 May 2017 - Vuzion Love Cloud18 May 2017 - Vuzion Love Cloud
18 May 2017 - Vuzion Love CloudVuzion
 
Softengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi
 

Similar to FLS_EA_Checklist_AppName_v5.pptx (20)

Cloud workload migration guidelines
Cloud workload migration guidelinesCloud workload migration guidelines
Cloud workload migration guidelines
 
Top 10 Tips for Implementing Desktop Virtualisation.
Top 10 Tips for Implementing Desktop Virtualisation. Top 10 Tips for Implementing Desktop Virtualisation.
Top 10 Tips for Implementing Desktop Virtualisation.
 
JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing?
 
Best Practices for Integrating Applications Development
Best Practices for Integrating Applications DevelopmentBest Practices for Integrating Applications Development
Best Practices for Integrating Applications Development
 
Why SaaS BI
Why SaaS BIWhy SaaS BI
Why SaaS BI
 
Licensing and Subscription Management to Grow Revenues in the Cloud
Licensing and Subscription Management to Grow Revenues in the CloudLicensing and Subscription Management to Grow Revenues in the Cloud
Licensing and Subscription Management to Grow Revenues in the Cloud
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overview
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
CloudOps evening presentation from Salesforce.com
CloudOps evening presentation from Salesforce.comCloudOps evening presentation from Salesforce.com
CloudOps evening presentation from Salesforce.com
 
Avoiding disaster recovery disasters
Avoiding disaster recovery disastersAvoiding disaster recovery disasters
Avoiding disaster recovery disasters
 
Avoiding disaster recovery disasters
Avoiding disaster recovery disastersAvoiding disaster recovery disasters
Avoiding disaster recovery disasters
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
 
Service Virtualization 101
Service Virtualization 101Service Virtualization 101
Service Virtualization 101
 
VMworld_PivotalCF_And_Containers
VMworld_PivotalCF_And_Containers VMworld_PivotalCF_And_Containers
VMworld_PivotalCF_And_Containers
 
Best Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility ArchitecturesBest Practices for Building Scalable Visibility Architectures
Best Practices for Building Scalable Visibility Architectures
 
Tartaglia Matthew3
Tartaglia Matthew3Tartaglia Matthew3
Tartaglia Matthew3
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
18 May 2017 - Vuzion Love Cloud
18 May 2017 - Vuzion Love Cloud18 May 2017 - Vuzion Love Cloud
18 May 2017 - Vuzion Love Cloud
 
Softengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi - Inspired Software Engineering
Softengi - Inspired Software Engineering
 

Recently uploaded

A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxAbhayThakur200703
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewasmakika9823
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 

Recently uploaded (20)

A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 

FLS_EA_Checklist_AppName_v5.pptx

  • 1. 2019 Flowserve Corporation :: Proprietary & Confidential 1 EA / ARB Review Checklist
  • 2. 2019 Flowserve Corporation :: Proprietary & Confidential Project Name Purpose of the project Sponsoring organization App/Solution Owner Submitter Date 2 Type of Solution Custom Developed – Flowserve DC X Licensed Solution – Flowserve DC ⎕ Licensed Solution - Vendor Hosted ⎕ Licensed Solution – Desktop ⎕ Subscription - SaaS ⎕ Level 1 Support Org Level 2 Support Org Level 3 Support Org
  • 3. 2019 Flowserve Corporation :: Proprietary & Confidential ARB Questionnaire ARB Questionnaire Yes- X No- X Is this a new business capability? X Is this a new application? < ivms 4200 client software> X Does the application integrate with other applications? X Is the application hosted at OneNeck? X * Have you identified affected Business process ? <Please provide Business Process here> X * Enterprise Architecture Principles and Solution guidelines are followed ? (link) Will your project/application involve • Military or government data, • Credit Card transactions (PCI), • Personally Identifiable Information (PII), • changes to financially relevant systems, • public websites, • new roles within existing systems or any other involvement from Information Security? X Do you have the Software Vendor’s Completed Security & Privacy Questionnaire? X 3 NOTE: * Items are mandatory to be marked as Yes. If ANY of the above answers are yes(other than *), please be prepared to answer more detailed questions from the Office of Enterprise Architecture. Please be aware of below tone of discussion: Review team encouraged to be professional, with no personal bias. Project team strongly encouraged to present facts, and not preferences. (No verbal approvals for critical decisions are accepted by Review team. Please have documented proof or email approvals ready) You must be prepared to provide below documents during the review meeting: • Business requirement Document • Data Flow Document • Technical Architecture Diagram • Security & Privacy Document • Data classification/sensitivity
  • 4. 2019 Flowserve Corporation :: Proprietary & Confidential • Please provide a high level business process flow diagram -Proposed 4 Business Process Flow
  • 5. 2019 Flowserve Corporation :: Proprietary & Confidential • Please provide an overview of the technology – Application Platform, Programming Language, Operating System, Database type and the security protocols implemented. 5 Technology Overview Presentation Tier Logic Tier Data Tier The Layer that provides security, esp important for external partner facing applications. Security Tier aka User Interface, the top level of the application. Does this require a pc/desktop install required? Ie Thick/Thin Client? The Logical layer where all logical decisions are implemented . The Data layer is where all data is stored. Reporting Tier What is the reporting tool/platform? Is it PowerBI, Alteryx, Custom SQL Report, etc • N/A The NVR does not require a client to function, playback, or record for daily operations. • On the NVR’s embedded OS • The NVR’s software (embedded OS) provides security for the hardware. No cloud functions. • On NVR’s local storage drives
  • 6. 2019 Flowserve Corporation :: Proprietary & Confidential • Please provide an integration diagram highlighting the applications used in the business solution and means of integration, internal and external. • Please see the first network diagram on slide 4. 6 Systems Integration
  • 7. 2019 Flowserve Corporation :: Proprietary & Confidential • Please provide the names of the servers if you are planning on hosting on existing servers. • If you will be requesting new servers, please identify the number of servers, where will they be hosted, and who will be managing them. Please work with the IT Manager responsible for your department to identify these. • N/A 7 Servers
  • 8. 2019 Flowserve Corporation :: Proprietary & Confidential 8 Detailed Check-List Please answer to the best of your knowledge. These are not mandatory questions but to assist you in performing the due diligence
  • 9. 2019 Flowserve Corporation :: Proprietary & Confidential System Element Function Responsible Team Application Technical Support Technical support of the APP itself. How is it configured and how is it maintained and Change Management, license compliance [Name the team] Application Functional Support How to support, functional queries. SME’s , training, defining Queries. Configuring UI. ECC compliance . [Name the team] Request Access How are users granted access to this application. What approvals are needed. [Unisys] Data Access How to request , who to approve. Combination of App owner, OneNeck and Nsight support teams depending where that data resides. Hosting Support Depending where the application is deployed , DC. Cloud or Edge, support for the servers needs to be provided. Backup/Restore. Health of server(s) OneNeck and Nsight support teams depending where the servers resides. Network Infrastructure that connects Servers to Client Network Services Browser Support Support for PC config and issues Deskside services Commercial and Contract Renewal , disputes, Vendor Management Support Matrix
  • 10. 2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Comments Will the solution contain employee user data? No Will the solution contain customer data? No Will the solution contain confidential or sensitive information such as Military or Government? No Will the solution contain financial data? No Will the solution contain personally identifiable information (PII)? No Does the solution provide the ability to enforce data retention policies? Yes Does the solution provide the ability to encrypt data in transit? Yes Does the solution provide the ability to encrypt data at rest? Yes Does the solution provide the ability to view or export historical data? Yes Does the solution provide the ability to extract our data? Describe the various methods. No Does the solution provide the ability to bulk load data? Describe the various methods. No Can the solution generate reports? What reporting does this solution provide? No 10 Data
  • 11. 2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Comments Does the solution provide the ability to integrate with SAML 2.0, for Single Sign-On? List the identity providers your solution integrates with. No Does the solution have account management capabilities? Describe the user provisioning & de-provisioning and role modification & permissions, single user additions and bulk loads. Yes Does the solution provide integration with Web Services APIs? (i.e. SOAP, REST) Please describe and provide documentation for the APIs. No Does the solution provide the transfer of Flowserve’s data via a secure transfer method?.(i.e. secure FTP, https, etc.). Describe the various secure integration methods. No Does the solution provide the ability to filter data retrieval via web services by attributes? No Does the solution provide the ability to retrieve data as single records or as batches via web services for those solutions that contain high volumes (1M plus) of data? No 11 Integrations
  • 12. 2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Comments Will this be hosted within the Flowserve network at one of Flowserves existing physical or private cloud locations? No Will this be hosted by a third party outside of Flowserve network (outside of Flowserve data centers and private cloud)? No What will be the method of accessing this application? Client Application via LAN TCP/IP What tier will this application be, tier 1, 2, 3 or 4? Tier 1 Does the solution provide high-availability and fault-tolerance that can recover from events within a datacenter? Please describe. (Events to include: High load, hardware, software or network failure) No Does the solution provide a backup and recovery plan that at a minimum must include full weekly backups and daily incremental backups? No Do you have a business continuity and disaster recovery plan? Describe how you would recover from a natural disaster. Yes Pull NVR hardware/drives and test. Replace if needed. Exchanges HDDs too if needed. Does the solution provide additional development, testing, and/or staging environments in addition to the production environments? No Does the cloud solution provide documentation on the segregation of infrastructure from other customers or other environments? Please provide and describe. N/A 12 Infrastructure – Hosting & Networking
  • 13. 2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Please Explain Does the solution have or the security utilities with best practices in place? Yes Does the solution support multi-factor authentication? Describe what methods are available. YES user name/password login, login via email, or pattern login. Does the solution provide the ability to control network access to the application by named IPs or IP ranges, also referred to as restricting access by IP, or control network access to the application by device? Yes Does the solution provide the ability to enforce Flowserve specified password policies? Yes Does the solution provide the ability to control application functionality access by roles for all users, also referred to as Roles Based Access Control (RBAC), via methods such as by attribute or based on a hierarchy? Yes Does the solution provide the ability to audit and export user accounts and historical user activity? Yes Does the solution provide the ability to log user activity for security monitoring? Yes What type and level of encryption does the solution support? AES (Advanced Encryption Standard) 13 Security
  • 14. 2019 Flowserve Corporation :: Proprietary & Confidential Key Question Yes/No/NA Please Explain Does the solution comply with United States federal and (fifty) states data privacy laws? (i.e. SB1386, MA201, Nevada597) Yes Does the solution comply with international data privacy laws? (i.e. European Privacy Laws, Safe Harbor, bi-lateral agreements between countries, ITAR) Yes Does the vendor promptly notify Flowserve of any non-compliance by solution with such laws (in 1. and 2. above) related to Flowserve’s data? Yes Can the vendor provide supporting documentation / information regarding compliance with such laws (in 1. and 2. above)? Yes Does the vendor notify Flowserve of any 3rd Party requests for our data or information, including but not limited to, those related to legal or other administrative proceedings? Yes Does the vendor obtain Flowserve’s authorization for any release of our data or information to any 3rd Party? Yes Can the vendor provide their policies on customer’s rights for request to audit and audit rights? Yes Does the solution provide options for opting out of secondary use of Flowserve’s data to 3rd parties, partners, etc? No Does the solution provide the ability to retrieve or export Flowserve’s data upon termination of service? No Does the solution provide the ability / requirement to destroy all Flowserve data upon termination of service after retrieval / export, including data stored on backups? Yes Does the solution provide remedies for breach of SLA compliance and other requirements? Yes Does the vendor use any 3rd party OEM embedded in the product? Can the vendor provide a list of all 3rd party vendors and their relationships? No 14 Compliance
  • 15. 15

Editor's Notes

  1. Contact: Mark Woolgar (IT Support)
  2. Contact: John Breen (IT CyberSecurity)
  3. Contact: Deepak Shukla(Integrations), John Breen(Security)
  4. Contact: Phil Miller (Hosting), Nick Paine (Networks)   Tier 1 – The loss of the application affects more than 50% of the enterprise AND directly impacts business operations Tier 2 – The loss of the application affects 25% to 50% of the enterprise AND directly impacts business operations Tier 3 –  The loss of the application affects less than 25% of the enterprise AND impacts business operations Tier 4 –  The loss of the application affects one or more sites AND impacts business operations only at those sites (localized impact)
  5. Contact: John Breen (IT Security)
  6. Contact: Nathan Andrzejewski (Compliance); ; Justen Farley (IT Contracts)