User-Friendly RASCI Accountability Matrices

Right now, you’re probably thinking that’s a statement of opposites. Something dreamed up by a consultant to impress, or just to fill a blog page. But wait. What if I taught you to create order in procedural chaos in five minutes flat? ?Would you be interested then?

The first step is to create a story line ?

Let’s imagine five friends decide to row a boat across a river to an island. Mary is in charge and responsible for steering in the right direction. John on the other hand is going to do the rowing, while Sue who once watched a rowing competition will be on hand to give advice. James will sit up front so he can tell Mary when they have arrived. Finally Kevin is going to have a snooze but wants James to wake him up just before they reach the island.

That’s kind of hard to follow, isn’t it ?

Let’s see if we can make some sense of it with a basic RASCI diagram ?

Responsibility Matrix: Rowing to the Island
Activity	Responsible	Accountable	Supportive	Consulted	Informed
Person	John	Mary	Sue	James	Kevin
Role	Oarsman	Captain	Consultant	Navigator	Sleeper

Now let’s add a simple timeline ?

Responsibility Matrix: Rowing to the Island
?	Sue	John	Mary	James	Kevin
Gives Direction	?	?	A	?	?
Rows the Boat	?	R	?	?	?
Provides Advice	S	?	?	?	?
Announces Arrival	?	?	A	C	?
Surfaces From Sleep	?	?	?	C	I
Ties Boat to Tree	?	?	A	?	?

Things are more complicated in reality ?

Quite correct. Although if I had jumped in at the detail end I might have lost you. Here?s a more serious example.

There?s absolutely no necessity for you so examine the diagram in any detail, other to note the method is even more valuable in large, corporate environments. This one is actually a RACI diagram because there are no supportive roles (which is the way the system was originally configured).

Other varieties you may come across include PACSI (perform, accountable, control, suggest, inform), and RACI-VS that adds verifier and signatory to the original mix. There are several more you can look at Wikipedia if you like.

Check our similar posts

Authentication and Access Control

Threats to your data can come from external or internal sources.

There are individuals who don’t have the authorisation but are driven by malicious intentions to gain access to certain information. This may refer to individuals who already belong to your organisation (but don’t have the necessary access rights) as well as those who don’t.
There are individuals who have both the authorisation and, unfortunately, the malicious intentions over certain information.
Finally, there are individuals who have the authorisation, no malicious intentions, but have accidentally exposed the information in question to those without the proper authority.

While curbing threats 2 and 3 would require other methods, threat #1 can be countered if the right authentication and access control systems are in place.

Here’s what we can do for you:

Work with your key personnel to determine who gets access to what.
Help you decide whether a single factor or a two-factor authentication (2FA) is appropriate for your organisation and recommend which factors are most suitable. Login methods may include but are not limited to the following:
- biometric devices
- Kerberos tickets
- mobile phones
- passwords
- PKI certificates
- proximity cards
- smart cards
- tokens
Install the necessary infrastructure needed for the factors chosen. For instance, if you opt to use biometrics, then biometric scanners will be installed. We’ll make sure that the authentication terminals are situated in places where achieving optimal traffic and work flow has been taken into consideration.

Other defences we’re capable of putting up include:

How DevOps oils the Value Chain

DevOps ? a clipped compound of development and operations – is a way of working whereby software developers are in a team with project beneficiaries. A client centred approach extends the project plan to include the life cycle of the product or service, for which the software is developed.

We can then no longer speak of a software project for say Joe?s Accounting App. The software has no intrinsic value of its own. It follows that the software engineers are building an accounting app product. This is a small, crucially important distinction, because they are no longer in a silo with different business interests.

To take the analogy further, the developers are no longer contractors possibly trying to stretch out the process. They are members of Joe?s accounting company, and they are just as keen to get to market fast as Joe is to start earning income. DevOps uses this synergy to achieve the overarching business goal.

A Brief Introduction to OpsDev

You can skip this section if you already read this article. If not then you need to know that DevOps is a culture, not a working method. The three ?members? are the software developers, the beneficiaries, and a quality control mechanism. The developers break their task into smaller chunks instead of releasing the code to quality control as a single batch. As a result, the review process happens contiguously along these simplified lines.

Code	QC	Test	?	?	?
?	Code	QC	Test	?	?
?	?	Code	QC	Test	?
?	?	?	Code	QC	Test

Colour Key

Developers

Quality Control

Beneficiary

This is a marked improvement over the previously cumbersome method below.

Write the Code	?	Test the Code	?	Use the Code
?	Evaluate, Schedule for Next Review			?

Working quickly and releasing smaller amounts of code means the OpsDev team learns quickly from mistakes, and should come to product release ahead of any competitor using the older, more linear method. The shared method of working releases huge resources in terms of user experience and in-line QC practices. Instead of being in a silo working on its own, development finds it has a richer brief and more support from being ?on the same side of the organisation?.

The Key Role that Application Program Interfaces Play

Application Program Interfaces, or API?s for short, are building blocks for software applications. Using proprietary software-bridges speeds this process up. A good example would be the PayPal applications that we find on so many websites today. API?s are not just for commercial sites, and they can reduce costs and improve efficiency considerably.

The following diagram courtesy of TIBCO illustrates how second-party applications integrate with PayPal architecture via an API fa?ade.

The DevOps Revolution Continues ?

We close with some important insights from an interview with Jim Stoneham. He was general manager of the Yahoo Communities business unit, at the time Flickr became a part. ?Flickr was a codebase,? Jim recalls, ?that evolved to operate at high scale over 7 years – and continuing to scale while adding and refining features was no small challenge. During this transition, it was a huge advantage that there was such an integrated dev and ops team?

The ?maturity model? as engineers refer to DevOps status currently, enables developers to learn faster, and deploy upgrades ahead of their competitors. This means the client reaches and exceeds break-even sooner. DevOps lubricates the value chain so companies add value to a product faster. One reason it worked so well with Flickr, was the immense trust between Dev and Ops, and that is a lesson we should learn.

?We transformed from a team of employees to a team of owners. When you move at that speed, and are looking at the numbers and the results daily, your investment level radically changes. This just can’t happen in teams that release quarterly, and it’s difficult even with monthly cycles.? (Jim Stoneham)

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

ISO Certification and Training

Overview

ISO, or the International Organisation for Standardisation, is a global standard-setting body, made up of a network of various standards organisations from among its 162 member-nations. ISO is a vital force in the manufacturing industry, promoting industrial and commercial global standards for specifications and requirements in materials, products, procedures, information, and quality management.

ISO Certification

For a company, an ISO Certification:

? Is an assurance that the organisation, has met the required management of processes and documentation.

? Provides standards on how businesses and organisations manage information and processes;

? Does not impose any regulations;

? Is not like a license that allows a business or company to operate.

Rather, an ISO Certification merely certifies that a management system, a manufacturing process, or an offered service has all the elements for quality assurance and the capability to compete in the international market.

That said however, an ISO Certification is still vital to most businesses because it brings them up to par with global standards. For instance, in many industries, contracting companies are required ISO 9001 certification, and some government contracts, such as in the oil industry or medical technologies, depend largely on ISO 9001 compliance. Most ISO Standards are specific to different industries, processes, and products, but ISO 9001 is a management system standard that can be applied to any company.

ISO 9001

ISO 9001 is unarguably, one of the most established Quality Management Systems program in the world today that can be a useful tool for any organisation. ISO 9001 Standards is currently the recognised standard not only for quality management systems, but management systems in general, ensuring quality in all aspects ? products, services, and documentation.

Any company, regardless of size or sector, aiming to improve its operations and management, would do well with an ISO 9001 Certification, especially if the organisation is prepared to implement the standards throughout the entire organisation and not just in particular departments or divisions.

Find out more about our Quality Assurance services in the following pages:

Total Quality Management

Failure Mode and Effects Analysis

Six Sigma