Why Develop C3Q? 
No Current Solution - Most
current IT compliance audit and verification methods are focused on 1980's-style
Waterfall development models. These models are heavily dependent upon the basic
techniques of 1.) Preserving the results of commissioning events and 2.)
Extensive audits of development and deployment procedures. These techniques fall
short of the requirements for the qualification of modern, computer and network
infrastructures (CNIs) and systems built on them.
CNI-based
systems are by their nature dynamic, re-configurable systems that cannot depend
on a "set it up and don't touch it" qualification rationale. Instead,
they require concurrent, responsive qualification methods that include rigorous,
documented surveillance and challenge of components and sub systems.
Methodology Requirements - In addition to the requirements for concurrency and for directly
testing the in-situ performance and installed design of systems, modern business
practices also dictate:
Service Continuity -
Removing the computer and network infrastructure from service to perform some
commissioning-driven methodology is NOT an option. The CNI itself must be
qualified while it is in service. Also, because of heavy network dependencies,
mission critical scientific and business applications need to be tested and
qualified in the CNI environment.
Accretive Deployment - In a
similar vein, when we add components to expand the CNI, re-qualification service
interruptions are unacceptable. New components must also be "in-service
qualified." In other words, we need to verify, validate and qualify
(VV&Q) that adding a couple more workstations doesn't adversely affect the
CNI or a co-located application.
Evolutionary Upgrades - We
need to be able to upgrade component versions, usually in-situ, as required for
service level assurance, and qualify correct and reliable performance.
Concurrent Configuration Management
- In a modern CNI environment, most changes are remedial in nature and respond
to an outage or a security threat. Since these are emergency changes
(i.e., ones that can't wait for traditional change review board cycles), we must
have methods for managing change and configuration with prior
self-authorization, but still with rigorous documentation and review after the
repairs have taken place.
The
Hollis Group has answered the challenge of infrastructure qualification and met
the requirements described above with its new, state-of-the-art,
industry-specific system and infrastructure qualification methodology, C3Q.
Browse to CNIQ, CDCM or SDDM, for
details of the various C3Q components, or better yet, contact
the Hollis Group directly to arrange a presentation of the C3Q
methodology and its fully-developed SOP set, SPRIITS.
