You are on page 1of 12

Security Implementation Questionnaire

Version 3.0
Prerequisites
Successful completion of the Design Phase is required and all other predecessors, including customer sign-offs
up to this point.
Document Instructions
• This header page and the Partner cover page should be deleted; they are
intended to provide instructional value only.
• This document is formatted using Word “forms” and Active X checkboxes. By
default the checkboxes are active. The checkbox fields are only accessible when the document is not in
design mode and macro security is set to medium. You must choose to “Enable Macros” when you open
the document.
• This document is locked for editing other than the fields that are to be
completed. The forms fields are only accessible when the document is locked. If you need to make
changes to the content of the document, unprotect, edit and then lock the document when ready to use
electronically. There is no password locking the document.
To unprotect the document: To protect the document:
1. Click Tools> 1. Click View > Toolbars, choose Forms and Control Toolbox
Unprotect document 2. Click the Protect Form icon.
a. If Protect Form icon is not active, click the Exit Design Mode icon.
b. The Protect Form icon should now be accessible.
• Where applicable replace <Partner Logo> with you logo graphic, otherwise delete that reference.
• Revised date is the “SaveDate” field. To update: switch to view header/footer mode; right click field, choose
update.
Document Owner
The recommended owner of this document is Partner Project Management and Engineering.
Version Control
This document will be kept current on the Lifecycle Services Web site. It is recommended that rather than
archiving this document, you download it each time you need it.

Document Owner(s) Version Number Date Nature of Update


                       
Changes are logged in the revision history at the end of the document. A minor update involves minor corrections
or adjustments to language. A major update involves the introduction of new content, or a significant substantive
change to existing content.

Document History
Version Release Date Description of Change
                 
TM

Service Practice Templates for


Partners

Security Implementation Questionnaire


Version 3.0

<Customer Name>
<Insert Partner Logo>
<Partner Address>

<Partner Website>

Cisco
Corporate Headquarters
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Table of Contents

Table of Contents...........................................................................................................................3

Document Overview.......................................................................................................................4

Project Resources and Stakeholders...........................................................................................5

Implementation Readiness............................................................................................................6

Pre-Implementation Follow-Up Items...........................................................................................9

Post-Implementation Issues List................................................................................................10

Legal Disclaimer...........................................................................................................................11

March 2008 Implementation Questionnaire 3


Company Confidential. A printed copy of this document is considered uncontrolled.
Document Overview

The purpose of the Implementation Questionnaire is to act as a “pre-flight” checklist


and to verify that all Planning and Design activities have been successfully completed,
gaps have been addressed, and implementation plans are completed and ready for
execution. Partner should confirm that all “systems are go” for the pending solution
implementation and subsequent migration.

March 2008 Implementation Questionnaire 4


Company Confidential. A printed copy of this document is considered uncontrolled.
Project Resources and
Stakeholders

It is critical to a successful implementation, that all project resources, including not


only the partner resources, but those of the customer, telco, and 3rd party application
organizations, be present at the time the Implementation Questionnaire is reviewed
and answered. It should be clear that any member of the extended team should raise
any concerns during this meeting in order to proactively address outstanding issues
and ensure a successful, smooth implementation and migration. This section will
document those attendees present.
Table 1

Name Organization Title Project Role


                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

                       

March 2008 Implementation Questionnaire 5


Company Confidential. A printed copy of this document is considered uncontrolled.
Implementation Readiness

The following questions should be asked by the Project Manager to the extended project team
PRIOR to executing the Implementation and Migration Plans. This is the final opportunity to
calibrate the project team members (partner, customer, and 3rd party organizations), to ensure all
outstanding items have been appropriately addressed, and that “all systems are go” for the
pending implementation. As a result of the questionnaire, all outstanding issues or concerns
should be documented in Section 3 and satisfactorily addressed prior to the implementation and
migration process.

Site Readiness
1) Do all project resources have the necessary building access and associated Yes/No
access procedures for the implementation?
2) Have any off-hours building or security considerations relative to access Yes/No
been addressed?
3) Are all sites ready for implementation relative to environmental readiness? Yes/No
a. Has power been verified? Yes/No
b. Have the appropriate receptacles been verified? Yes/No
4) Has all equipment been racked, stacked, and provisioned? Yes/No
5) Have you gathered all the system administrator passwords and/or super Yes/No
user passwords of all servers/applications ready for installation/
implementation?
6) Have any and all Site Readiness gaps identified in prior assessments been Yes/No
satisfactorily resolved?

Solution Design
1) Does the end-to-end solution, as designed and scheduled to be Yes/No
implemented, address all customer requirements within the scope of the
project?
2) Have all solution gaps, relative to the system requirements process, been Yes, No, N/A
satisfactorily resolved?
3) Have all system requirements been validated relative to required Yes/No
functionality post-implementation?
4) Are the detailed designs finalized for all 3rd party applications? Yes, No, N/A
rd
a. Have the 3 party application support resources been defined? Yes, No, N/A
rd
b. Is the escalation process for 3 party application resources Yes, No, N/A
documented?
5) Are the detailed system designs finalized? Yes / No
6) Are the detailed security designs finalized? Yes, No, N/A
7) Have all outstanding change management cases been satisfactorily Yes / No
addressed and incorporated into the detailed designs?

March 2008 Implementation Questionnaire 6


Company Confidential. A printed copy of this document is considered uncontrolled.
Network Readiness
1) Has the recommended network remediation been satisfactorily completed? Yes, No, N/A
2) Are all software license codes/revision levels at the agreed upon levels for Yes / No
solution implementation?
3) Is the network infrastructure fully compliant to support the new solution? Yes / No
4) Have all gaps and vulnerabilities been satisfactorily resolved? Yes, No, N/A
5) Have all network security and vulnerability gaps been satisfactorily Yes, No, N/A
resolved?
6) Have all new circuits been appropriately terminated? Yes, No, N/A
a. If applicable, have DMARCs been extended as appropriate? Yes, No, N/A
b. If applicable have new circuits been tested and verified? Yes, No, N/A
7) Have all circuit/service change requests been confirmed by telco? Yes, No, N/A
a. Have Firm Order Commit (FOC) dates / order completion dates been Yes, No, N/A
verified?
b. Is telco scheduled to change service/port numbers during the Yes, No, N/A
scheduled windows?
8) Are the appropriate telco escalation contacts documented and on-call? Yes / No

Staging Completion
1) Have all solution components been ordered and delivered to the appropriate Yes / No
locations?
2) Are any solution components on back order? Yes / No
3) Has the Staging Plan been successfully executed? Yes / No
4) Has all other equipment and components been unboxed and verified? Yes / No

Operations Readiness
1) Have all of the Operations Recommendations been satisfactorily Yes / No
implemented?
2) Has the Operations Plan been fully executed and are the associated network Yes / No
management and support processes ready for the implementation process?

Project Implementation Readiness


1) Is the change management process finalized and in place? Yes / No
2) Has the Migration Plan been finalized? Yes / No
3) Is the Implementation Plan finalized? Yes / No
4) Have the escalation processes been finalized and clearly communicated? Yes / No
a. Is the escalation process clearly defined and in place? Yes / No
5) Have all necessary legacy changes been successfully implemented? Yes, No, N/A
6) Have the necessary windows been scheduled and approved? Yes / No

March 2008 Implementation Questionnaire 7


Company Confidential. A printed copy of this document is considered uncontrolled.
7) Are all project resources scheduled and committed for implementation? Yes / No
a. Do all project resources understand the implementation sequence of Yes / No
events?
8) Have cut sheets/task lists/implementation checklists been distributed and Yes / No
reviewed?
9) Have the success criteria been defined, documented, and communicated to Yes / No
all project resources?
10)Are the “Situation Room” / support bridges established and communicated? Yes / No
11)Has the risk mitigation strategy / back out plan been finalized, if necessary? Yes / No
12)System Acceptance Testing Yes / No
a. Has system acceptance test criteria been identified and approved via Yes / No
System Acceptance Test Plan?
b. Have acceptance testing responsibilities and windows been assigned? Yes / No
13)Service Assurance Yes / No
a. Has service assurance taken place, and does the customer have an Yes / No
adequate level of services contracted relative to their business and
operational requirements?

End User Preparation and Training


1) Is the end user population aware of the pending implementation and Yes / No
associated timelines?
2) Has the IT Strategy questionnaire been utilized and the results analyzed? Yes / No
a. If any gaps were identified, have they been satisfactorily addressed? Yes, No, N/A
3) Are the customer training plans finalized and rooms scheduled? Yes / No
4) Has the “first day of business” support structure been finalized and Yes / No
communicated to end users?

Road Blocks to Success


1) Is any member of the team aware of any other open items or areas of Yes / No
concern that may impact the successful implementation and migration of
this project?

Table 2

March 2008 Implementation Questionnaire 8


Company Confidential. A printed copy of this document is considered uncontrolled.
Pre-Implementation Follow-Up
Items

Any question above with a “No” answer should be documented in the table below and
resolved prior to implementation. The table below will assist in the tracking and
resolution of any pre-implementation issues that may disrupt the successful
completion of this project.
Table 3

Item Issue Owner Timeframe


#

                       


                       
                       
                       
                       
                       
                       
                       
                       

March 2008 Implementation Questionnaire 9


Company Confidential. A printed copy of this document is considered uncontrolled.
Post-Implementation Issues List

The following table should be used to manage post-implementation high level system
issues that need resolution. Day 2 Support detailed issues will be managed through
the help desk outlined in the Operations Plan.
Table 4

Priority Issue Owner Dependency Timeframe


Priority                        

Priority                        

Priority                        

Priority                        

Priority                        

Priority                        

Priority                        

Priority                        

Priority                        

March 2008 Implementation Questionnaire 10


Company Confidential. A printed copy of this document is considered uncontrolled.
Legal Disclaimer

The Templates that accompany this Terms of Use document may be used by a Cisco-authorized reseller
solely in connection with reseller’s activities to promote and sell Cisco services. Reseller’s use of such
Templates is subject the reseller’s systems integrator agreement or indirect channel partner agreement
(ICPA), between reseller and Cisco.
Cisco owns and shall continue to own all right, title and interest in and to the Templates. Reseller may
modify the templates to suit particular business opportunities; however, Cisco assumes no responsibility for
the accuracy of the information in the Templates or of any modifications made by reseller to such templates.
Cisco reserves the right to change the programs or products covered by the Templates at any time without
notice. Mention of non-Cisco products or services is for information purposes only and constitutes neither an
endorsement nor a recommendation.
ALL TEMPLATES ARE PROVIDED "AS IS" WITH ALL FAULTS AND WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESSED OR IMPLIED. CISCO AND ITS SUPPLIERS DISCLAIM ALL
WARRANTIES, EXPRESSED OR IMPLIED INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR
ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO’S LIABILITY WITH REPSECT TO THE TEMPLATES EXCEED THE
AMOUNTS PAID FOR THE TEMPLATES BY YOU. CISCO AND ITS SUPPLIERS SHALL NOT BE
LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES
INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR REVENUES WHETHER ARISING IN
CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF CISCO OR ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

March 2008 Implementation Questionnaire 11


Company Confidential. A printed copy of this document is considered uncontrolled.