 |
 |
 |
 |
| |
|||||
|
|
 |
 Understanding Risks Alleviates COTS-based Systems Woes By Judy Clapp 
The wise manager will recognize risks that are specific to the integration of multiple products into a COTS-based system and will take actions to mitigate and control those risks. There are three major sources of such risk: Operational requirements—Risks associated with using a COTS-based system to meet the functionality and performance requirements of the users. Technical approach—Risks associated with the technical characteristics of the COTS products and their impact on the environment into which they must be integrated as components of a system. Business strategy—Risks associated with the vendor of the COTS products, the need for continued availability of support for the products over time (see article “COTS Software Licensing”), and the funding profile over the life of the system. Among the important techniques for controlling risks are the following, which are interrelated. Market research The rapid turnover in the COTS product marketplace can be both a risk and a missed opportunity for the program manager who is unaware of these changes. Market research is a technique for recognizing and anticipating market-related risks during acquisition in order to manage operational system capabilities and technical and business strategies, and to sustain the system as the market changes. It involves collecting and analyzing information on an ongoing basis to determine the availability in the commercial market of products or services that can support operational requirements, system design, and the system itself. A program manager must continually conduct market research in order to track trends in industry standards, the emergence of technologies and products, and the obsolescence of technology and withdrawal of products from the commercial marketplace. Early and frequent user involvement One source of risk that managers must address in planning to use COTS products occurs when products that are available will not exactly meet the operational requirements stated by the system users. Early and frequent involvement of the users can result in postponing or modifying some operational requirements in order to have early access to capabilities provided by the COTS products. This kind of negotiation can be achieved by stating mission objectives rather than detailed requirements, distinguishing mandatory from desired capabilities, and providing demonstrations and prototypes for users to assess. Early and frequent integration Technical risks center around how well a selected product will perform in the environment provided by the system. For software, the environment is the hardware platforms and configuration, the development tools such as the compiler, and the other software with which it must operate. There are risks that the product will not be reliable, will not meet response time requirements, will not scale up to the system load, and will consume too many resources, and that its interfaces will not be as stated so that it cannot be integrated with other products. Risk mitigation activities include early establishment and use of an integration laboratory for frequent integration and operation of COTS products. This allows the accumulation of actual experience in how well the products integrate and how easily they can be adapted to each other and to the operational requirements. Early and frequent tests can be performed to see how they scale up under realistic loads and how reliable they are. The integration laboratory can be used to demonstrate COTS products to users to gain their acceptance and assure them of the usefulness of the system. Planned replacement and obsolescence Using COTS products can take away the manager’s control over when products are upgraded and which features will be modified. It also introduces uncertainty into the funding profile over the system’s life cycle. The manager can mitigate these risks by planning funding and activities to refresh the hardware and software COTS products on a regular basis. This may mean postponing the introduction of new products and upgrades so that the process can be orderly rather than dependent upon release dates. New products should be tried in the integration laboratory to determine their technical and operational impact and possibly pilot-tested in the field on a limited basis. Upgrade strategies must take into account the impact of new and upgraded products on training, installation, and support. A more detailed list of risks and risk mitigation activities can be found in the Common Risks and Risk Mitigation Actions for Management of a COTS-Based System article. For more information, please contact Judy Clapp using the employee directory. |
Solutions That Make a Difference.® |
|
|