Steering comittee nov 1 2013

1

Information Technology Steering CommitteeLiquor Stores N.A. Ltd.

Committee MeetingNovember 1, 2013

2

1. Project Status Review• Network and Application monitoring findings, PCI project review

2. New ProjectsSysaid for Property ManagementGallo wines

3. Other Issues• Store hardware age• Windows XP

4. Set schedule for next meeting

Meeting Objectives

3

Network & App Monitoring FindingsProblems Identified

SSC User Desktops• HP ML310 are 5 year old servers, video card not meant for this type

of use, no management in place (patches, AV)

Stores Network• Cabling issues – overlong runs, kinks, bent, pinched and/or

crushed• Insufficient telco service (limited upload)• Config issues - Poor use of UPS, inconsistent device setups• NO OS or app patch management or AV management• 5 year old equipment• New switched out of date on IOS version

Stores WiFi – W&B• Too high, not meshed and cooler access is blocked

Replace

PCI,

Rewire, fix

Fix

4


Application Monitoring• SQL Express is old and limited in functions – Till freezes

when log exceeds 80 mb or database exceeds 4gb• Tills freeze when db maintenance not done – not

automated• Receipt printers fail and cause till to freeze• No SQL alerting or monitoring for health of DB

Equipment issues• Five year old machines and Windows XP at the stores• Dlink/linksys switches used• Cables fail after heavy use

Fix

Replace

5


Application Monitoring - SSC• SQL not configured properly – many non-standard settings• Not optimized

Equipment issues - Datacenter• Two SPOOFs found – ASA and switch • No comprehensive test environment

Fix

Fix

PCI ComplianceOverall StatusDate: Oct 31, 2013 G

• Completing requirements gathering and planning of project streams

• Design and testing ongoing for store and core network components

• Working with external service providers and cabling vendors for store touch

• Finish network design components• Select resources and begin store visit• Select service providers for store touch

• Approval of budget for PCI project• Approval of security resource

Key Accomplishments/Highlights

Upcoming Key Activities/Deliverables

Project Summary:Develop and deploy the necessary systems, hardware, policies and procedures to remediate the findings of the PCI assessment and attain compliance sign-off

Asks/Decisions

Milestone Plan Date % comp

G Requirements Oct 31st95%

G Design for network components Nov 30th30%

G Development of deployment plan Nov 22nd 20%

G Proof of concept for Store Touch Dec 31st 0%

G Store Touch Project June 30th 2014 0%

G Network Touch Project June 30th 2014 0%

G Security Standards & Policies Project June 30th 2014 0%

G ITIL Functional Areas Project June 30th 2014 0%

G PCI Compliance Assessment July 31st 2014 0%

G Project Completed Aug 8th 2014 0%

Key Issues & Risks / Mitigation Plan• Resourcing constraints for internal resources who will be responsible for a number of deliverables in

all areas of the project. Need to hire security resource as soon as possible to integrate into project.• Many other business and IT projects in the coming year have potential impact on the PCI project and

the resource availability. Program and resource planning will be required.• Lack of complete information on store environments, IT inventory, cabling. Need to complete an IT

supervised visit to the stores to collect information• Unknown interconnected components in network could affect project. Plan of action needs to be

implemented based on recent network review.

7

PCI Project CostsArea Cost Notes

Store Touch $800,000 Visit to each store for data collection and documentation of systems and cabling, Replacement of all network switches, re-cabling at 43 stores, wiring standardization, lockable cage for network gear, labeling and new standard images for switches, router and wireless access points plus testing

Network Touch $110,000 Network re-design for IP and DNS configuration, Intrusion detection/intrusion prevention system and network sniffer

Security Standards and Policies $0 All work to be done by PM or internal resource pool

ITIL Functional Areas $260,000 Anti Virus System, Logging and monitoring system, software update system, test environment, 2 factor authentication, DVR upgrades, File integrity system, security training module for staff

PM $180,000 Full time PM to oversea all aspects of PCI project to completion

Contingency $250,000 20% based on current lack of complete information regarding store environments and the current flux of the IT organization for staffing and availability of resources

TOTAL $1,600,000

8

Timeline for PCI Project

2013

Sep Oct Nov Dec

2014

Jan Feb Mar Apr May Jun Jul Aug 2014

Project EndAug 8

PCI Audit for ComplianceJul 31

PCI Projects CompletedJun 30

PCI Sub-Projects StartJan 6

Network redesign and testing completedNov 29

Jul 28 - Jul 31 PCI Audit and Compliance Review

Jan 6 - Jun 30 ITIL Functional Areas Project

Jan 6 - Jun 30 Security Standards and Policies Project

Jan 6 - Jun 30 Network Touch Project

Jan 6 - Jun 30 Store Touch Project

Nov 29 - Dec 31 Finalize Store Touch plans and procedures

Oct 4 - Nov 29 Network and Store Touch design and testing

Sep 9 - Oct 4 Project Planning and information gathering

Network MonitoringOverall StatusDate: Sep. 13, 2013 G

• Monitoring complete• 90% of findings identified with

recommendations

• Complete final report and recommendations



Project Summary:Diagnose technical issues and develop a pragmatic approach and plan to repair critical components / interfaces. .

Asks/Decisions

Milestone Original Date/Current Plan Date

% comp

G Project Charter Sept. 13th/Sept 13th 100%

G Monitoring Complete Sept 30th/Oct 30th80%

G Results Analyzed Oct 14th/Oct 25th 70%

G Remediation Plan Approved Oct 21st/Nov 1st 70%

G Visit to Pivot COLO to inspect and document the state of the installation at the site.

Oct 28th 100%

G Transactional perfmom analysis of LSLP-RMSABDB with analyst assistance

Nov 1st 50%

G COLO ASA sysloging to capture VPN drop failures from ASA logs

Nov 4th 90%

G Assembly of final report PPT with conclusions and recommendations

Nov 4th 50%

Key Issues & Risks / Mitigation Plan• Issues can be hard to track when they are intermittent and cannot be

reproduced via a specific set of steps. • We will monitor and track the times for specific occurrences and

based on time noted will relate back to the monitoring findings/logs

Enterprise Software SelectionOverall StatusDate: Nov 1, 2013 G

• Project in full swing• Workshops completed• Vendors Engaged• NDA Process begun

• Draft RFP document and issue it



Project Summary:Select a new enterprise software solution which can be implemented to support all the major business processes.

Asks/Decisions


% comp

G Project Charter Sept. 13th/Sept. 13th 100%

G Functional Requirements workshops Oct 25th/Oct 30th 100%

G RFP Issued Oct 31st/Nov 15th0%

G Vendors Response Received Nov 22th/Nov 29th0%

G Vendor Demos Dec 6th/Dec 6th 0%

G Vendor Selection Dec 13th/Dec 13th 0%

G 0%

G 0%

G 0%

Key Issues & Risks / Mitigation Plan

RMS CleanupOverall StatusDate: Nov. 1, 2013

ON HOLD

• Beer section completed week ending Sept 13th

• Hierarchy design completed in conjunction with the buyers

• Data entry continues when resources can be applied.



Project Summary:Apply a new hierarchy to product descriptors in RMS and apply the new format at the item level to : To provide meaningful descriptions to items, To categorize items in a consistent and standard format, To update existing item information where applicable, To develop a standardized format for entering new items

Asks/Decisions

Milestone Plan Date % comp

G Project Charter Sept. 13th 100%

G Complete Item Clean-up Dec 5th 30%

G Validate Item Clean-up Dec 20th 0%

G Test Changes Dec 30th0%

G Deploy to Live environment Jan 27th0%

G 0%

G 0%

G 0%

G 0%

Key Issues & Risks / Mitigation Plan• Resource Availability to do the data entry

• Resources are deployed when available

Telecom RationalizationOverall StatusDate: Oct 31, 2013 G

• Project was just initiated• Telus and Shaw have been engaged in a

preliminary fashion• Telus has delivered their proposal

• Receive more Canadian Proposals and compare them in terms of pricing and service levels

• Are two vendors enough?



Project Summary:The Company spends approx. $1 million annually on telecom related services (telephone, internet, fax, etc.) across 23 different vendors. The goal is to reduce the spend through rationalization and vendor reductions.

Asks/Decisions


% comp

G Rationalization of services – Initiate in Canada

Sept. 20th50%

G Review of Canadian vendor proposals Oct 11th/Nov 15th 50%

G Selection of preferred Canadian vendor Oct 25st/Nov 22nd 0%

G Establish timetable for the transition of Canadian services

Nov 8th/Dec 2nd 0%

G Rationalization of services – Initiate in Kentucky / Alaska

Oct 18th/Dec 2nd 0%

G Review and selection of KY and AK vendors

Nov 25th /Jan 13th 0%

G Establish timetable for the transition of KY and AK services

Dec 12th/Jan 20th 0%

G 0%

G 0%

Key Issues & Risks / Mitigation Plan

Sharepoint IntranetOverall StatusDate: Nov. 1, 2013 G

• Platform has been deployed

• Receive Canadian Proposals and compare

• Content must be configured and loaded

• Any critical requirements that would affect schedule?



Project Summary:Create and deploy a new intranet technology platform.

Asks/Decisions


% comp

G Migrate intranets internally Sept. 23rd 100%

G Fix existing intranet functionality Sep 30th 100%

G Create team sites reflective of old team Nov 4th 90%

G Training Dec 2nd 0%

G Live Rollout Dec 9th 0%

G 0%

G 0%

G 0%

G 0%

Key Issues & Risks / Mitigation Plan• Availability of resources for the project

• Office coordinator will apply time to the project to create and continue forward momentum

WebSite MigrationOverall StatusDate: Nov. 1, 2013 Y

• Project is being initiated


• Migrate sites and leave integration functions behind



Project Summary:Migrate all the LSGP web sites to a new hosting and design partner. Refurbish the sites and create a central site at a top level domain.

Asks/Decisions


% comp

G Agreement with host company Sept. 30th 100%

G Relocate external websites Oct 14th / Nov 4th70%

G Restore web apps Oct 21th / Nov 8th70%

G Relocate internal websites Sep 30th / Nov 8th70%

G Restore email functionality Oct 21st / Nov 8th10%

G 0%

G 0%

G 0%

G 0%

Key Issues & Risks / Mitigation Plan• Maintain uptime for all functions during the move.

• Phase the move and use parallel testing prior ro cutting live

Scan Safe ImplementationOverall StatusDate: Nov 1, 2013 G

• Project is not re-initiated yet


• Deploy massive IOS upgrade with compliance to PCI requirement.

• We may be grouping the PCI project with the ScanSafe as they may be having same objectives and using the same resources.



Project Summary:Migrate all the LSGP web sites to a new hosting and design partner. Refurbish the sites and create a central site at a top level domain.

Asks/Decisions

Milestone Original Date/Current Plan

Date

% comp

G Upgrade IOS (Pilot testing with 3 stores) 13/10/29 100%

G Install ScanSafe (Testing pilot with 3 stores) 13/10/29 100%

G Map similarities between ScanSafe and PCI IOS upgrade requirement

13/11/08 0%

G Deploy Massive IOS upgrade for all stores 13/12/20 0%

G Deploy ScanSafe to all store 13/12/25 0%

G Support and manage troubleshooting 14/01/10 0%

G

G

G

Key Issues & Risks / Mitigation Plan• PCI requirement may be similar to ScanSafe and we need to decide

if both projects could be joined• Contractors may be required physically at the store level if there

are any issues with the IOS upgrade• Lose of connectivity may cause some business down time at the

store level.

16

In the future, projects are to be prioritized based on the following criteria and suggested weightings (for discussion):

Expense reduction (25 percent)Revenue increase (25 percent)Strategic (25 percent)Legal/regulatory/security (25 percent)

For example, on a scale of 1 to 10, determine the degree to which a project results in expense reduction:

1 – no expense reduction10 – expense reduction of > $1M

Next steps – define metrics for each criteria.

Criteria for Project Prioritization

Steering comittee nov 1 2013

Technology

Transcript of Steering comittee nov 1 2013