CCCDSAFE: IT Quality Assurance
In 2003, ITS adopted CCCDSAFE, a customized version of the International Organization of Standardization (ISO) best management practices model, to assure the quality of all ITS deliverables.
CCCDSAFE is built with an interpretive flexibility that allows ITS to apply the concept in many different ways. ITS currently uses this checklist to build quality into its technological environment; design comprehensive project plans; prepare project sign-off reviews; audit the ITS disaster recovery and business continuity plans; write procedures, guidelines and standards; define tasks and outcomes for position descriptions; and measure performance standards.
Each category must be incorporated into the planning process to ensure that no component is omitted that could affect the quality of the outcome. For each category, the questions to be answered are: what needs to be done; what are the individual tasks required; how will they be performed; what tools are needed; who is responsible; who needs to know about it; and who must be trained.
CCCDSAFE is defined as:
Customer Relations Management
Identifies the methodologies, strategies, information, communications, online services, training and technological capabilities necessary to rapidly, accurately and comprehensively serve users.
Requires the configuration of all systems and processes to be documented, updated regularly and securely stored for immediate retrieval and reinstallation if needed.
Establishes procedures to review, test and schedule system or operational changes to minimize disruption to systems and users.
Disaster Recovery/Business Continuity Management
Establishes the process used to recover from a failure, fault or stoppage of support systems (disaster recovery). Establishes the process for ITS to continue providing critical services in the event support systems are unavailable (business continuity).
Ensures infrastructure integrity and security from cyber attacks; compliance with all state and federal laws and regulations, CSU policy and campus standards and guidelines; proper user authorization and authentication; and mitigation of University risk.
Delineates how information, costs and metrics are gathered, recorded, analyzed and charged back.
Defines the process to detect and isolate problems, and to predict and prevent future problems.
Delineates standards for any procedure or process; monitors performance to meet or exceed standards; and employs process mapping to improve business practices.