| 2008
WINNERS announced on Oct 22nd, 2008 |
Business
Process Improvement:
FIRST PLACE (TIE) |
Bharti
Airtel & technology partner IBM India Private Limited |
The telecom industry
in India has grown at a blistering pace. To keep up with the rapid
rate of growth, Bharti Airtel outsourced IT functions to IBM India.
While customer-facing applications were streamlined, many internal
business processes were manual, non-standard and spread across disparate
systems. Employee attrition rate was high. The winning Bharti Airtel/
IBM project is called e-tize—a program designed to automate
internal business processes and develop new applications to increase
productivity and efficiencies. The ultimate goal of e-tize, however,
was to transform the culture within Bharti Airtel by empowering employees
with technology tools and remote computing capabilities. Using a combination
of strategies-- such as setting up business owners and subject matter
experts, technology-based awareness training, employee focus groups
and an internal website for reporting about e-tize applications--the
process improvements were substantial. Bharti Airtel reduced spending,
increased procurement compliance and rationalized suppliers. As a
result of e-tize, more employees can work from remote locations. And
with fewer manual processes and cleaner data, employees spend less
time on administration--and more time with customers. As a result
of e-tize, Bharti Airtel has experienced an annual growth of 63% year-over-year.
|
Business
Process Improvement:
FIRST PLACE (TIE) |
Deutsche
Bank AG |
Deutsche Bank
AG-Global Banking IT developed an organizational SWAT team that brings
together application developers and architects with security and network
infrastructure professionals. Called Application Infrastructure Services
(AIS), the AIS mission was to resolve problems that arise when application
owners and those responsible for network support and security compliance
are siloed—do not reside in the same organization. AIS was developed
to support a holistic approach to managing application environments
and maintaining software versioning. When new projects are planned,
the AIS team shares its knowledge and technical expertise on the various
technologies used within the bank. In creating the AIS, Global Banking-IT
demonstrated a number of best practices such as clearly defining success
criteria, incorporating service level agreements into their deliverables,
and establishing objective, measurable outcomes for the unit--such
as "not more than 1 audit point allowed per application supported."
With the initial 50 products now under AIS support, Global Banking-IT
has realized a number of benefits from AIS, including cost reductions,
deceased application startup time, and increased product stability.
As perhaps the ultimate endorsement its value, AIS has been recently
invited to extend its coverage to all 300+ applications supported
by Global Banking-IT. |
Business
Process Improvement:
Honorable Mention |
Horizon
Blue Cross Blue Shield of New Jersey |
As the leading
health insurer in New Jersey, Horizon Blue Cross Blue Shield of New
Jersey has over 35,000 physician and 3.6 members. The Physicians Network
Operation (PNO) was a large-scale redesign of the physician information
database. Complicating the re-engineering project, the PNO needed
to flawlessly integrate with 14 other systems that drew down data
from the PNO. Before the project was implemented, multiple areas of
Horizon BCBSNJ received and managed physician data--but no one organization
owned the data. As a result of the PNO--and a best practice for this
business process improvement--stakeholders were identified and data
stewards were made accountable for accurate data. Horizon BCBSNJ created
an extensive validation and testing process for the PBNO, including
full regression testing to insure the highest level of accuracy. Providers
are now users of the PNO, they can to search the data, correct their
information and complete transactions. And the PNO is now compatible
with a national provider database that serves insurers across the
country.
|
Business
Process Improvement:
Honorable Mention |
Prudential
Douglas Elliman & Gig Werks |
Prudential Douglas
Elliman is a company that resulted from the corporate merger of Prudential
Long Island Realty and Douglas Elliman Real Estate. The information
systems for the two organizations, known as Update, was to be a one-stop
location for all the needs of the agents and staff. In fact, items
were difficult to find, there was no searching capability, and each
system was restricted to information in a specific region. The new
system, Update 2, was based on the creation of a data warehouse and
designed to automate forms and processes, streamline updates and changes,
track policies and procedures, and generate management reports. Prudential
Douglas Elliman and technology partner Gig Werks devoted extensive
effort to the requirement-gathering phase, and contribute their success
to their thorough research. The Update 2 system provides critical
tools and services for the agent. Agents can work from anywhere at
any time; process forms and receive manager approval; get marketplace
information; and access training seminars, company videos and live
broadcasting of events. For top management and accounting, the analytical
reporting enabled by Update 2 supports real-time decisions based on
the current marketplace.
|
Technology
Innovation:
FIRST PLACE |
Citi & technology partner Alexander Interactive |
Adds,
moves and changes—provisioning users with systems and entitlements
is the bread and butter of enterprise IT. Citi’s provisioning
systems had grown by acquisition—each business sector, application
and technology device brought with it a jumble of interfaces, actors
and processes. Provisioning new employees often took weeks. Citi
re-engineered its provisioning architecture, to create Marketplace—an
internal webspace that provides an Amazon.com-like shopping experience
for employees. Today a user can go to the Marketplace website and
request access to a product (desktop, business application, email)
and be approved within minutes. The Marketplace team and their technology
partner Alexander Interactive combined four off-the shelf products
to create one end to end business solution for more than 122,000
users. Using a Project Management Office (PMO) governance methodology,
the team implemented workflow mechanisms, automatic triggers and
provisioning engines for users according to their entitlements.
Marketplace streamlines the approval process and leverages multiple
fulfillment resources for employees and new hires. The return on
investment in recouped non-productive time is significant and through
account management capabilities, Citi’s Marketplace ensures
high levels of compliance with federal and state regulations. More
importantly, Marketplace is breaking ground in the security area
by providing a platform for managing changes in work status provisioning.
|
Information
Security:
FIRST PLACE |
United
States Postal Service |
Vulnerability
scanning is a challenging problem in a large enterprise because scans
must cover multiple layers of software and hardware, reach a large
number of systems, and finish the scanning in a reasonable time frame
so as not to degrade performance. The United States Postal Service
(USPS) vulnerability scanning project effectively addresses both the
technical challenges and organizational challenges of vulnerability
scanning. The USPS created one unit in their organization, the Enterprise
Centralized Scanning solution (ECSS), to drive the security scanning.
This ECSS effectively provides security guidance and direction to
the rest of the organization, including field offices. A key best
practice was to involve top management, the Office of Inspector General,
which assigned priority to this project. USPS also made a significant
effort to educate the field offices, which operate as decentralized
units, about the value of vulnerability scanning. ECSS was a very
large scale solution involving 250,000 workstations and covered workstations,
servers, printers, network devices, databases, modems and wireless
access points. |
Storage
Management :
FIRST PLACE |
Hilton
Grand Vacations Club |
Hilton Grand
Vacations’ business has grown 20% a year for the last five years
which presented the company with technology support and management
challenges-- server sprawl in their data centers. To control the spiraling
costs of servers, storage and time intensive provisioning and change
management, Hilton began a virtualization strategy in August of 2007.
Hilton, with technology partner 3PAR, settled on a virtualization
model that integrated with their existing data warehouse. Using 3PAR
storage technology, HP blade servers and VMware software virtualization
tools, Hilton’s virtualization and consolidation project was
deployed on a very large scale, involving two hundred server blades
and 136 TB of networked storage. The completed transformation saved
from 50 – 70 % on data center floor space and provided an average
monthly reduction of 75% on power and cooling. The result is not only
a $650,000 data center cost savings but a substantially reduced carbon
footprint, a nice plus in today’s “green-conscious”
business environment. Added benefits of the project are tripled performance
in their SQL server environment and a four fold gain in storage administrative
efficiency. Virtualized servers and storage can now be provisioned
in minutes as opposed to weeks. All of this has been accomplished
without increasing storage management headcount.
|
Storage
Management:
Honorable Mention |
Grey
Healthcare Group, a division of the Grey Global Group, and FalconStor
Software |
The Grey Healthcare
Group, part of the Grey Global Group advertising agency, is one of
the largest healthcare communications companies in the world. Because
their services range from medical animation and video to online collaboration,
their project files are quite large often exceeding 2GB each. As their
tape library was reaching capacity, routine backups and restores were
taking longer which jeopardized system availability. In order to overcome
these challenges, Grey set out to build a scalable, integrated system
that leveraged virtualization technologies and worked with both their
MAC and PC environments. They were working under a strict timeline
of one month, with an additional goal to reduce their overall Recovery
Time Objective (RTO) to 24 hours. Together with technology partner
FalconStor, Grey reduced their overall storage footprint using de-duplication
technology. They eliminated redundant data, compressed unique data
and reduced the data sets for backup by more than 75:1 from 175TB
to 2TB. The final implementation has helped Grey Healthcare realize
a number of benefits, including the return of a realistic backup and
recovery time which was part of their original goal. The new system’s
encryption capabilities are also helping Grey meet regulatory requirements.
Moreover, the new centralized design has reduced travel costs by tens
of thousands of dollars and returned maintenance expenses to normal
levels.
|
| 2007
WINNERS announced on Oct 16th, 2007 |
| Category |
Organization |
Summary
of Best Practice |
Business
Process Improvement:
First Place (TIE) |
Internal
Revenue Service (IRS) |
The Internal
Revenue Service exemplified Best Practices for Business Process Improvement
and we’re pleased to name them as winners of the 2007 Best Practice
Award. The IRS processes hundreds of millions of individual and business
tax returns each year, of which 75 million are submitted electronically,
enabling the collection of over $2 trillion in revenue annually. The
importance of a robust, highly available portal for tax information
and filing cannot be underestimated: this process may well be the
largest known in terms of revenue. The IRS used a comprehensive and
standardized framework, the ITIL (IT Information Library) process,
coupled with a Capacity Planning and Performance Engineering tool,
to assess and improve customer-facing and behind-the-scenes processes
and information systems for service management, service support, and
service delivery. A key theme throughout this initiative was a shift
from superficial metrics, such as ticket closure time, to customer-impacting
metrics such as application performance. Applying this approach in
fewer than four months, portal incidents reported by registered users
within the IRS were reduced 53% while downtime was reduced 67%. Likewise,
end-user portal incidents were reduced 46% while downtime was reduced
89%. These leading-edge processes and tools are now being deployed
more broadly to support business process improvement across the IRS.
|
Business
Process Improvement:
First Place (TIE)
|
Pershing
LLC & Information Builders |
Pershing LLC,
a subsidiary of the Bank of New York Mellon Corporation, supported
by Information Builders, exemplified Best Practices for Business Process
Improvement. Pershing developed and deployed a comprehensive Service
Level Management and Quality program, supported by an in-depth scorecard
to analyze and improve the services they provide to financial investors.
Using data from the scorecard, they measured the performance of their
internal systems and monitored the progress of their improvements
against quality goals. For customer-facing services, continuous improvement
in service metrics, as monitored by the scorecard, is viewed as an
imperative for customer success. They captured operational data, published
it to a data warehouse and applied actionable analytics to make recommendations
to business process. A Service Level Management engine processes this
data and evaluates results against target service levels, which may
be categorized by customer. This system, built using a Capability
Maturity Model Level 5 Certified process, handles millions of transactions
each year across hundreds of business processes. The resulting performance
improvements of these systems against target goals has increased from
98.5% to 99.3%, even while the absolute number of transactions increased.
|
| First
Place: Outsourcing Management |
Deutsche Bank & HCL Technologies Ltd. |
The outsourcing project as described by Deutsche Bank demonstrated
a high level of excellent business planning, execution and a creative
approach to outsourcing software development and support to an off-shore
vendor. Deutsche Bank’s challenge was to integrate the off-shore
work into the already-established brokerage advisory service for a
large number of customers and branches. Deutsche Bank chose an India-based
company, HCL Technologies Ltd., as their vendor, applying a rigorous
due-diligence and risk analysis process for the selection. One of
the most difficult hurdles facing the new team was the cultural differences
between the offshore groups and the business users. By developing
a "Charter of Common Culture," Deutsche Bank was able to
set out mutually agreeable terms on how to work together as partners.
This turned out to be enormously successful in increasing productivity.
Subsequently they had to address how to integrate the off-shore work
without jeopardizing the successful customer service processes they
already had in place. The best practice approach used for the initial
transition was practical--and another reason for the project's success.
They decided to transition software development first, while holding
back outsourcing maintenance and customer support. This practice headed
off possible negative impacts to the customer and at the same time,
did not dilute the resources used for software development. Through
this staged approach, Deutsche Bank realized a development cost savings
of 25% with their first software roll-out and now the model used is
an example for the rest of the company.
|
| First
Place: Information Security |
Mass Mutual Financial Group & OpenService |
Mass Mutual’s
implementation of InfoCenter, a security information management system
(SIMS) provided by OpenService, exemplifies many Information Security
best practices. When implementing a SIMS product, it is useful to
prioritize information assets to ensure that identified vulnerabilities
related to those assets are addressed first. Mass Mutual determined
that its “financially significant applications” were priority
assets. Thus, the implementation of InfoCenter demonstrated an effective
conjoining of security risk mitigation with business needs. In addition,
Mass Mutual has used InfoCenter not only to increase incident response
time, but also to enhance the quality of responses. More specifically,
Mass Mutual Information Security has developed means to analyze data
generated by InfoCenter to reveal vulnerabilities that are not immediately
apparent from an initial alert notification. Also, the customized
reports generated by InfoCenter permitted Mass Mutual to expand its
concept of security awareness. Often, security awareness is viewed
narrowly as the process of informing end-users concerning the importance
of specific behaviors or best practices. However, Mass Mutual has
used the InfoCenter reports to educate business managers, network
engineers, and other technical staff to become more aware of vulnerabilities
and the need for mitigating controls.
|
| First
Place: TECHNOLOGY INNOVATION (TIE) |
Internal
Revenue Service (IRS) & AT&T Government Services & TiVerity
Consulting |
The Internal Revenue Service operates one of the most complex Contact
Center Environments (CCE) in the world, servicing taxpayers who require
assistance or information about their accounts, and across dozens
of product lines. The IRS CCE comprised 28 separate call centers across
the United States and Puerto Rico, all of which previously maintained
site-based queues for customers. Customers would experience different
wait times depending on the center to which their call was routed.
The development of high-volume gateways by Cisco, optimized for Voice
eXtensible Markup Language (VXML), along with a multi-tiered architectural
model developed by the IRS, in combination with Cisco Customer Voice
Portal (CVP) software, finally offered a solution to the inconsistent
treatment of callers. At the enterprise level, business practices
had to change from the legacy practice of managing customer queues
at 28 separate sites all of whom maintained individual site-based
queues, to managing a single virtual queue distributed across three
sites. In addition to improved call control and visibility, calls
no longer have to be manually transferred to other sites if any site
becomes unavailable or ceases operation. This significant improvement
required moving from TDM to IP and coordinating the efforts of staff
from AT&T, Cisco Systems, Nuance, SRA, and TiVerity Consulting.
The IRS solution is a notable example of a large-scale rationalization
of distributed business processes (call centers) and their supporting
out-dated technology all focused on improving customer service.
.
.
|
First
Place: TECHNOLOGY INNOVATION (TIE)
|
Blackboard,
Inc. & Scalent Systems |
Continuing
the theme of doing more with less, Blackboard, Inc. has found a way
to quickly re-purpose data center servers using innovative virtualization
technology. Blackboard ASP hosts mission-critical applications for
over 600 educational institutions serving over five million active
students and participants. Infrastructure management is the critical
requirement for a successful hosting business. The intention of Blackboard’s
ASP strategy is to minimize the potential impact of any disaster,
be it a rack power failure or the complete destruction of a datacenter.
Based on Scalent Systems’ software, which provides a complete
hardware abstraction layer for all software, Blackboard’s ASP
Advanced Hosting platform allows near-instant failure recovery, resource
optimization, cross-site disaster recovery, capacity on demand and
rapid deployment—all performed automatically or via a minimum
click interface. Using a Scalent-based platform, Blackboard is able
to unlock machines from server software, enabling real time repurposing
of existing infrastructure. Physical machines can be rapidly turned
on and deployed for different business services, on the fly, without
any physical network changes. The Blackboard/Scalent solution reduces
operational costs while improving their competitive advantage—the
ability to provide timely and dynamic infrastructure support for the
critical business systems of their customers.
|
| |
| 2006
|
| Category |
Organization |
Best
Practice Summary |
| First
Place: BUSINESS PROCESS IMPROVEMENT |
Citigroup |
The Citigroup
Citidocs System, an in-house document management system, was modified
using Adobe’s Bar Coding feature. The resulting solution enables
just-in-time processing of a wide range of funds transfer options
for countries that do not have an electronic banking infrastructure.
Citigroup customers in emerging market countries formerly relied on
a manual fax-based process to initiate funds transfer requests. This
process required a visit to a local branch to initiate the transaction,
and was subject to errors when the faxed information was re-keyed
into the core Citigroup systems. Citigroup Corporate Investment Bank
(CIB) recognized the need for an improved business process that addressed
these limitations and provided end-to-end automation of a manual process.
CIB incorporated the Adobe barcode feature into its existing Citidocs
imaging & workflow management system to allow customers to securely
initiate funds transfer instructions electronically, without needing
to visit a local branch. Besides improvements in convenience and security
for the customer, the new process has reduced manual keying-in by
more than 75% and has reduced human error by almost 80%. Most significantly,
the entire process is completely electronic from end-to-end, achieving
greater speed, efficiency and flexibility. Congratulations to Citigroup
for an innovative business process solution to a pressing business
problem that provided the company with a competitive advantage.
|
Honorable
Mention: Business Process Improvement
|
Smithfield |
At Smithfield,
rapid growth had exhausted the resources of the End-User Services
Department, and old processes and procedures had led to a dispirited
staff and unhappy users. Smithfield recognized the problem and applied
best practices to turn around the situation. Smithfield chose the
Information Technology Infrastructure Library (ITIL) as a guideline.
Following ITIL principles, a dedicated manager was identified and
the group was broken out from the facilities management group. Next
they established service level agreements (SLAs). SLAs forced them
to establish goals that could be measured and communicated and at
the same time accurately represent what is ultimately hard to define:
good service. Their list of goals is impressive, and each ties a deliverable
service to a concrete metric. The transition was executed in three
phases: revising internal practices, reorganizing and retraining the
staff, and improving their own use of technology. They saved an amount
equal to 10% of their entire IT budget. User satisfaction significantly
increased and plant downtime decreased. Congratulations to Smithfield
for an excellent Business Process Improvement.
|
| First
Place: Information Security |
Horizon
Blue Cross Blue Shield of New Jersey & Forsythe Solutions Group |
This
year's winner in Information Security, Horizon Blue Cross Blue Shield
of New Jersey, in conjunction with Forsythe Solutions Group, combined
an excellent risk assessment process with a comprehensive compliance
monitoring system. In the highly regulated world of healthcare, their
ability to protect the personal privacy of over 3 million customers
and secure transactions with numerous suppliers external to the organization
is central to their reputation as one of the premier healthcare payors
in the Blue Cross Blue Shield umbrella. Some of the best practices
they implemented were a role based access control system, in addition
to authentication and encryption methodologies and real time compliance
mapping of policies and regulatory requirements to applications. Horizon's
three-tier Demilitarized Zone (DMZ) architecture supports internal
business functions as well as web applications with authentication
and authorization at both the web and application levels. This allows
Horizon's members and business partners to process claims, enroll
new members and answer questions securely without compromising the
protected health information of Horizon's members. This has contributed
to Horizon's 95% account retention rate—a telling metric of
the excellence of their Information Security Practice.
|
| Honorable
Mention: Information Security |
Verizon
Wireless & Open Service |
We are pleased
to award an honorable mention in Information Security to Verizon Wireless
and their vendor partner, Open Service, for their excellent and highly
automated Security Management Center (SMC). The SMC is a tool that
helps Verizon Wireless monitor security events in real time and allows
the Incident response team to react to prioritized threats to the
environment. Before the Security Management Center was in place, compliance
was a paper filled, extremely manual process for meeting regulatory
requirements. The SMC is now used for forensic research and SOX compliance
and its customized system of alerts enables Verizon Wireless to proactively
respond to potential threats. The Security Management Center has allowed
the Verizon Wireless team to focus on security and compliance with
an efficiency that could not previously been realized and has taken
the organization to another level of both customer service and accountability
with its web based applications for both internal and external users. |
| First
Place: IT COMPLIANCE |
Verizon
Business |
Verizon
Business’ IT Compliance Team was fully dedicated to SOX compliance
and used an off-the-shelf internal management control application
for an organization of 3000 employees and 2000 contractors. Among
the best practices employed, the team leveraged external consultants
and analyzed the history of control work and previous auditors’
recommendations to define benchmarks, and included the development
of a repository for future assessments. They developed a repeatable
methodology which is also leveraged for testing, internal audit, and
viewing executive reports on current status/compliance. The team used
COBIT control framework, and embedded controls into SDLC, working
with the standards group to ensure key control points are identified.
They included documented process for yearly control and measure reviews,
which allowed standardization across business processes and applications;
incorporation of new, and modification of existing, controls-- including
modification of standards to include more frequent testing of identified
elements; and overlay of the new process with governance/policy. Prior
to the team’s implementation, it took several months to test
an application—now, the assessment time has been reduced to
6-8 weeks. In addition, vendors are held to Verizon standards, included
in Master Agreements. External auditors’ time is reduced, and
the CIO can sign off with confidence there are no significant deficiencies.
Congratulations to Verizon Business for a stellar IT compliance solution.
.
|
First
Place: SERVICE ORIENTED COMPUTING
|
Motorola
& AmberPoint |
Motorola
exemplifies the strategic vision, investment philosophy, organizational
efficiency and technical expertise required to implement Service Oriented
Computing successfully. In conjunction with AmberPoint as their SOA
Management vendor, Motorola’s new, standards-based application
architecture enables their IT organization to deliver projects faster
by using composite application tools. Business teams benefited from
projects built top-down from existing processes. Components have re-use
potential across projects and business groups. But the real competitive
advantage gained from SOC was business agility. Motorola has hundreds
of web services in production. Benefiting from component reuse and
the easy portability of loosely coupled systems, Motorola is now able
to introduce new applications faster and integrate systems more flexibly.
With several billion dollars in electronic commerce, Motorola uses
web services across multiple lines of business and geographic territories
worldwide. The company uses both J2EE and .NET development environments.
Motorola selected a non-invasive approach to SOC management that fit
their needs for a management layer that would foster the rapid growth
and evolution of its SOC landscape. They deployed the solution as
a discrete management layer that's completely independent of their
web services development and deployment efforts. Motorola has built
more than 100 web services and many more web services are planned.
With an environment this complex, their robust management layer will
serve Motorola long into the future
|
| First
Place: Technology Innovation |
Nationwide
Insurance & TeraData |
Nationwide Insurance’s
implementation of an enterprise data warehouse represents technology
innovation at its best. The project was planned and implemented over
a period of 18 months and resulted in considerable improvements and
increased capabilities across all aspects of its operations. Nationwide’s
Teradata warehouse is at the heart of a revamped finance data infrastructure
called FOCUS (Faster, Online, Customer-driven, User-friendly, Streamlined),
which has redefined and centralized the company’s core finance
functions, processes and systems. Prior to this innovation, finance
employees were faced with contradictory data from multiple transactions
systems used in planning, budgeting, forecasting and regulatory reporting.
The consolidation and underlying redefinition effort of how financial
data is represented, stored and served has resulted in better fact
based decisions, more accurate forecasts, and faster responses to
marketplace changes. The approach of defining and utilizing metadata,
together with the huge scope of the project, is impressive. And the
project added value over and above the financial ROI: much of the
business value derives from the new unified data architecture, standardized
enterprise processes, common financial information, and an integrated
risk governance model. The commitment to delivering this level of
control over Nationwide’s information assets transformed the
organization into a leaner, more responsive and cost-effective machine.
.
|
| First
Place: Outsourcing Management |
Deutsche
Bank |
With the near-shore
outsourcing of their Customer Relationship Management System (CRM)
Deutsche Bank proved best practices that helped them improve the business
efficiency of their system without adding cost. The CRM System is
a mission critical system used by 13,500 sales people advising 10
million customers. Deutsche Bank created a business case for benefits
of the project, before it was started which helped them reduce costs
by selecting one strategic outsourcing partner, rather than using
multiple vendors. Of note, Deutsche Bank developed a Best Practice
for assuring quality in the outsourced project, which they call ‘shadowing.’
Internal users were shadowed daily as they supported and maintained
the system by the outsourcing partner. When the application was transferred
to the vendor, ‘reverse shadowing” took place whereby
the internal users oversaw the operations of the vendor partner. Another
key practice was Deutsche Bank’s change management process which
allowed them to define and implement new ways of communicating with
the outsourcing partner. These improvements were paid for by the cost
savings generated as a result of outsourcing. Many outcomes of the
project have been templated by Deutsche Bank for reuse in other outsourcing
projects. They improved business process without increasing IT costs
and therefore enhanced the shareholder value. DB is a deserving winner
of TechForum’s Best Practice Award for Outsourcing Management. |
| 2005
|
| Category |
Organization |
Best
Practice Summary |
| First
Place: BUSINESS PROCESS IMPROVEMENT |
Nationwide
Insurance Enterprise |
Nationwide Insurance
provides a role model for achieving significant, quantifiable improvements
in its key business metrics -- including cost savings and revenue
growth -- via reengineered business processes transformed with leading-edge
technology. The Personal Lines Property Homecare initiative, which
was rolled out to thousands of agents and hundreds of their inspectors
and underwriters, impacted several million customers, grew revenue
by millions of dollars, and created operating cost savings also in
millions of dollars. Through a rigorous and disciplined methodology,
the current process was analyzed and a new process defined, supported
by portable pen-based tablet computers, advanced scheduling and load
balancing algorithms, geographic mapping, and web-based on-line access.
Some process steps were eliminated, and others automated, resulting
in a dramatic increase in percentage of work orders completed within
the target time period, elimination of rework and inspection, and
higher average utilization of key personnel. The improved process
was rolled out in accordance with a focused, well-planned change management
program. In addition to these process-oriented metrics, customer satisfaction
scores increased, and by providing improved inspections coverage and
enabling improved, and more timely, underwriting, Nationwide has developed
a competitive advantage.
|
| First
Place: INFORMATION SECURITY |
Novartis
& Qualys, Inc. |
Novartis has
deployed an excellent security vulnerability engine in its SeTraSys
and Kaizen systems that help the company ensuring security vulnerabilities
are identified and addressed in a timely manner. By identifying vulnerabilities
(e.g. missing a security patch or signature) with the assistance of
these scanning engines, Novartis is able to deploy the remedy or other
mitigating workarounds to its technology platforms. If, however, the
company gets affected by a virus, or another security measure is compromised,
these products also produce reports about what exactly is affected,
along with the name and location of the devices (servers, workstations,
etc.). This assists Novartis in quickly responding to the incident.
The products by nature are transparent to the user community. However,
periodic security awareness is conducted by Novartis utilizing email
notifications, web demos, etc. Online surveys measure the success
of an awareness campaign, and security awards are distributed to raise
user participation.
The coverage provided by SeTraSys and Kaizen is great, as they monitor
thousands of servers and workstations worldwide. By assisting in keeping
up with the security patches, hotfixes, signatures and workarounds,
Novartis maintains an uninterrupted-- or least-interrupted--workplace
for conducting business while it complies with regulatory requirements
and protects its information assets.
|
| Honorable
Mention: INFORMATION SECURITY |
Citigroup--CIB
Tech |
Developer
access to production environment has always been a key issue at enterprises--and
not only for audit compliance reasons. From the security point of
view, this is a high-level privilege that can be used to make intentional
or unintentional changes to live data, as well as the application
itself. While this is an inevitable privilege developers need for
troubleshooting, such access must be strongly restricted, and every
activity must be closely monitored and coupled with legitimate authorizations.
To that end, Citigroup has deployed DAPHNE – Developer Access
to Production Environment – a product that effectively assists
in restricting and monitoring access of the developers to their production
environment. DAPHNE ensures that all application development staff
are authorized prior to accessing live application and data, and all
their activities are logged and monitored for adequate compliance.
This deployment has raised awareness in the technology community that
access should always be granted at lowest possible level commensurate
with a staff’s job function. Additionally, DAPHNE has provided
an effective competitive advantage by ensuring that only development
staff at Citigroup can have the powerful production access to ensure
their systems continue to stay stable and have the least possible
downtime.
.
|
First
Place: SERVICE ORIENTED COMPUTING
|
Horizon
BCBSNJ & Microsoft Corporation |
Horizon
Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) exemplifies
the strategic vision, investment philosophy, organizational efficiency
and technology savvy required to implement Service Oriented Computing
successfully. Charged with keeping abreast of growing service demands
and stricter regulations, Horizon BCBSNJ must leverage its enormous
investment in existing infrastructure, and still address continuous
change. Their technology executives convinced business partners that
Service Oriented Architecture (SOA) would provide more flexibility
and agility in the long-run, despite initial costs being higher than
the alternative of point-to-point integration. The Horizon BCBSNJ
SOA encompasses core operational components and standards, including
an enterprise data warehouse and a Microsoft-based, message-oriented
infrastructure. Operating across mainframes and Windows and Unix-based
distributed systems, the SOA allows business processes to be developed,
versioned and scaled without either the consumers or providers knowing
changes have been made. Backend systems can be enhanced or replaced
with internal or external systems without the knowledge of the consuming
application. Horizon BCBSNJ’s best practices include establishing
a dedicated Message Oriented Middleware (MOM) team, creating service
classifications based on number of potential clients and re-usability,
and educating information providers and consumers on how to use the
SOA. Cost savings, service level improvements, and customer service
enhancements are expected to continue long into the future.
|
| First
Place: OUTSOURCING MANAGEMENT |
J.
& W. Seligman & Globix & Harte-Hanks & BitLathe |
J.&W. Seligman
demonstrated excellence in all the criteria for the Outsourcing Management
award. While J.&W. Seligman had experienced outsourcing before,
they had always chosen the traditional path by using either staff
augmentation or total assignment of the management of the delivery
to the external partner. This time around they worked with a group
of three domestic strategic partners—Globix, Harte-Hanks, and
BitLathe-- to completely replace an existing online broker literature
ordering application. Working with multiple subject matter experts
to collaborate on one solution was a risk. But J.&W. Seligman
boldly traded risk and additional management complexities for quality.
In order to manage the partners, J.&W. Seligman used several best
practices. The risk paid off--the project was hugely successful, and
on time and budget. Afterwards, J.&W. Seligman also realized the
interaction architecture they used to communicate with their outsource
providers was applicable to other projects at the firm. Because of
the success of this project, managers in different areas of J.&W.
Seligman are looking at adopting this best practice method as a way
to improve efficiency companywide.
.
|
|
First Place (co-winner): IT COMPLIANCE |
Citigroup |
The
Corporate and Investment Banking Technology (CIB) group at Citigroup
has created the Software Quality Assurance Process (SQA) to manage
and measure the organizations compliance with Citigroup’s standards
in the process of software development. The Citigroup project exemplified
best practices in multiple areas of IT compliance. It provided 100%
coverage of projects within the group; integrated tools for all phases
of the SQA process; collected and disseminated metrics via integrated
tools; and delivered information and value to staff at all levels
involved in the SQA process. In addition the SQA project gave a clearly
defined role to all participants, with customized tools and reports
for each. All activities are transparent, and all participants are
accountable. Governance processes include appropriate management participation
for exceptions to standards. Citigroup’s SQA project has demonstrated
quantifiable results, as shown in period over period improvements—and
clearly exemplifies best practices in the category of IT Compliance.
|
| First
Place (co-winner): IT COMPLIANCE |
U.S.
Postal Service & Harris Corp. & Internet Security Systems |
The
United States Postal Service (USPS) developed a process that successfully
incorporates a “risk-based” methodology to identify and
correct network security vulnerabilities. USPS implemented a network
security process that involved analysis at multiple levels. First
they identified highly sensitive, critical applications; secondly,
they scanned network devices for compliance with established security
standards; third, they analyzed the results of the scan; and finally,
they assigned priority to high-risk vulnerabilities for mitigation.
Through this process, remediation focuses first on those assets that
have been designated as most critical. USPS applies this process to
more than 200 applications involving approximately 7,000 servers and
150,000 workstations. The result is a comprehensive set of metrics,
which allows USPS to monitor the vulnerabilities have been mitigated,
as well as those that have not yet been addressed,. As a result, compliance
with security standards—as well as the availability and integrity
of critical applications—has been greatly enhanced. |
| First
Place (co-winner): TECHNOLOGY INNOVATION |
MCI
– IMPACT Network Management |
MCI implemented
the IMPACT system (Integrated Management Platform for Advanced Communications
Technologies) which automates network monitoring, and using knowledge
engine modeling, performs trouble-shooting and problem resolution
for MCI’s managed network customers. IMPACT is built on MCI’s
existing network infrastructure that includes hardware and software
from industry leading vendors: SUN Microsystems, EMC/SMARTS (System
Management Arts), XML Data Model, JAVA, BEA Web Logic Services, Rational
Tool Suite, and CORBA. MCI was able to integrate many business processes,
some of which were still manual, to produce a solution that facilitates
efficient work flows among several business units. The bottom line
is that MCI customers benefit from quicker problem resolution, and
support costs are dramatically reduced, a best practices hallmark.
|
| First
Place (co-winner): TECHNOLOGY INNOVATION |
The
Corcoran Group |
The
Corcoran Group employs a new way of communication and advertising
- Real Simple Syndication feed (R.S.S). RSS is a web tool that allows
computer users to pull content from websites and have it fed into
their computers automatically. With a combination of ASP.NET and XML,
Corcoran’s high performance application serves over 80,000 different
visitors monthly. The customer-tailored solution facilitates linking
the customer, the broker and the right property efficiently in what
is a rapidly changing real estate market. This is an innovative use
of a simple technology that served as a market differentiator for
The Corcoran Group. This solution effectively addresses the business
issue that time is money for both buyers and sellers. |
| First
Place (co-winner): TECHNOLOGY INNOVATION |
Noble
Group-Fleet Management Limited |
Noble
Group’s business unit Fleet Management Limited, based in Hong
Kong, provides a comprehensive range of ship management services to
cargo ship owners worldwide. Their application PARIS (Planning and
Reporting Infrastructure Ship) is a replication of a subset running
on Linux miniservers on each of their 120 ships. Automatic synchronization
with the office database via XML over the Inmarsat link allows for
two-way swapping of data between ship and office computers. The solution
employs generic no-name PCs running Red Hat Linux, and the application
is written in Java with a MYSQL database. The data communication between
ship and office is in the form of zipped XML files via Inmarsat C.
The small data files keep down the cost of satellite communications.
Fleet Management addresses the challenge of cost-effective ship management
by providing information to ships that constantly move around the
globe, have no local IT support, and have a high-cost low-bandwidth
communications infrastructure. |
| Honorable
mention: TECHNOLOGY INNOVATION |
Merrill
Lynch & Softricity, Inc. |
Merrill
Lynch implemented the Softricity SoftGridT application virtualization
and management platform. The solution eliminates the need for installing
and updating software on a machine-by-machine basis--therefore simplifying
the management and administration of Windows desktops, notebook PC's
and Windows Terminal Servers, and going a long way towards reducing
the total cost of ownership in supporting a large, PC- based infrastructure. |
| Honorable
mention: TECHNOLOGY INNOVATION |
Pershing
LLC |
Pershing LLC,
leading global provider of clearing and financial services outsourcing
solutions, solved a common problem in an innovative way. Their ResetExpress
was designed to automate the process of password reset using biometric
authentication via the telephone. They successfully support 65,000
internal users and plan to implement this solution for their customers.
Their direct support results in significant cost reductions for Pershing--a
signature of best practices. |
| 2004
|
| Category |
Organization |
Best
Practice Summary |
| First
Place: TECHNOLOGY INNOVATION |
UPS |
UPS
exemplified excellence in all the demanding criteria for the Technology
Innovation award. UPS designed, developed, and deployed technology
to automate loading, routing, quality control, and service assurance
for truck-based delivery. In doing so, they tied together advanced
algorithms, massive databases, mobile computing, GPS positioning,
legacy systems integration, patented technology, and extremely low
latency system performance with process improvements based largely
on automation. This truck based delivery system and the related process
and operational improvements were rolled out globally to over 100,000
employees. To accomplish this, UPS developed a multidisciplinary approach
involving business leaders, IT, industrial engineering, operations
logistics, and related personnel/competencies. In addition to delivering
explicitly quantifiable business results and environmental benefits,
the application has enhanced UPS' competitive advantage. Supporting
a leading edge process with technology vision, the UPS team also exhibited
excellence in technology project management, conducting workshops
and acquiring senior leadership buy-in supported by rigorous business
cases. A pilot implementation yielded user feedback that helped fine-tune
the solution and ensured a more successful user buy-in downstream.
UPS demonstrated how advanced technology, appropriately human-engineered,
can be repeatedly rolled out on massive global scale. They achieved
quantifiable business results, productivity gains and enhanced their
customer value proposition. Most importantly, the UPS truck delivery
system improves a mission critical application and contributes directly
to their competitive advantage.
|
| Honorable
Mention: TECHNOLOGY INNOVATION |
Deutsche
Bank, Execution Services |
Deutsche
Bank reengineered the core IT architecture for its equity trading
platform to achieve solid competitive and business results. Through
an innovative use of tools, they leveraged financial data generated
by the equity trading system to improve market share, increase wallet
share, reduce costs, and create new businesses. By overhauling the
trading platform architecture, they realized unprecedented performance
and scalability for the system, reduced latency, increased throughput,
and dramatically enhanced its recoverability from server, storage,
and network failures. Furthermore, they added value to the equity
trading system because the new tools support data visualization, data
mining, and other functions related to large scale statistical analysis.
Finally, this solid platform has enabled a much higher degree of straight-through
processing and end-to-end automation. To accomplish all this, an innovative
project structure was created called "smart sourcing" development--
an in-house mix of Western and Russian developer resources. Agile
development techniques were used in a controlled pilot environment
to rapidly iterate through design changes that were in-line with user
feedback. Congratulations to Deutsche Bank's for its innovative improvements
to its equity trading system that led to a four-fold increase in trading
volume resulting in a 2 to 3 times increase in market share, as well
as enabling dozens of major new client acquisitions.
|
| First
Place: INFORMATION TECHNOLOGY COMPLIANCE |
Prudential
Financial |
Prudential
Financial’s approach is best- of -breed and highly deserving
of this year's Best Practice Award in the new category of IT Compliance.
Effective IT compliance programs frequently rely upon departmental
self-assessments, utilizing standard templates. Prudential Financial's
Technology Risk Management team created the "Self Assessment
Front End" (SAFE) application to ensure consistent self assessments
across the Prudential Financial enterprise. SAFE is a central repository
of self assessment templates, covering such subject areas as Sarbanes-Oxley,
privacy, business process re-engineering and corporate/business as
usual initiatives. The application supports an enterprise-wide process
that ensures consistency in terms of approach, scope, and commonality
in language; it also enforces an approval process that explicitly
assigns responsibility to the appropriate managerial levels. The development
of SAFE avoided time delays, costs, and duplication of efforts that
would have occurred by reliance on individual, spreadsheet based processes
of self assessment. The SAFE process enabled Prudential Financial
to effectively meet Sarbanes-Oxley requirements within the timeframes
dictated by the legislation. Indeed, third parties have already purchased
SAFE to get a head start on developing their own standard risk and
control libraries. Congratulations to the Prudential team for this
innovative and cost-effective compliance solution.
.
|
First
Place: BUSINESS CONTINUITY
|
Calpine
Corporation and Iron Mountain |
The
winner of the 2004 Best Practices Award for Business Continuity goes
to Calpine Corporation and Iron Mountain. Calpine, along with Iron
Mountain, which provides Calpine with electronic vaulting services,
was able to achieve triple digit ROI over three and five year calculations
and met the challenges of business continuity/disaster recovery using
best practice processes across all aspects of the project. From thorough
risk analysis to formal change management processes and comprehensive
testing, Calpine has built a sound BCDR plan and met the ever-demanding
regulatory requirements of today’s corporate landscape. Implementing
best practices around backup and recovery, Calpine was able to ensure
business continuity at remote sites. Data is now backed-up continuously,
monitored 24 x 7, and stored offsite. Additionally, focus on retention
addresses compliance challenges. The use of disk storage enables quick
recovery times and an up-to-the-minute recovery point. Calpine’s
commitment to its more than 90 energy centers has resulted in substantial
cost savings, a unique competitive advantage, and increased business
value. Congratulations to the teams at Calpine Corporation and Iron
Mountain for the successful implementation of a detailed business
continuity strategy that enables the company to mitigate the risks
associated with man-made and natural disasters.
|
| First
Place: BUSINESS PROCESS IMPROVEMENT |
Horizon
Blue Cross Blue Shield of New Jersey & Dakota Imaging, Inc., a
WebMD company |
The
classic Business Process Improvement award winner meets and exceeds
the “better, faster, cheaper” challenge. Horizon Blue
Cross Blue Shield of New Jersey is a role model in their re-engineering
efforts for their claims process. Millions of people submit medical
claims every year. Horizon BCBS, with their vendor partner, Dakota
Imaging, Inc., a WebMD company, developed an improved process for
handling these claims which resulted in lower costs, greater capacity
and higher satisfaction ratings from both the internal users and customers.
Specifically, Horizon BCBS developed an impressive methodology for
tool selection and business process improvement: their process change
significantly reduced headcount, cost per claim, and operating costs,
which resulted in a huge overall savings running into the millions
of dollars. Additionally, the technology and process changes were
well communicated to all levels of the organization throughout the
project, and any resistance to change was addressed through open forums,
training and increased visibility and support of senior management--in
fact changes suggested by users were frequently implemented. Finally,
the process resulted in increased customer satisfaction due to improved
data accuracy and a 25% faster turn-around time. Congratulations to
Horizon Blue Cross Blue Shield of New Jersey and Dakota Imaging, Inc.
for their achievement in this extremely competitive category.
.
|
Honorable Mention:
BUSINESS PROCESS IMPROVEMENT |
New
York City Health and Hospitals Corporation and Business Logic, Inc.
|
New
York City Health and Hospitals Corporation (HHC) executed an excellent
project with the help of Business Logic, Inc., a New York City-based
software and technology consulting firm. The solution is an interactive
internet and intranet application that addresses critical business
requirements of New York state regulations (Bell 405) that monitor
residents’ working conditions--in HHC’s case, 2,200 residents
in 180 residency programs at 11 hospitals. With 4500 users, the solution
allows HHC to monitor its resident programs, individual residents,
individual hospitals, and whole networks for compliance. They can
also compare resident surveys with the regulation parameters and track
the implementation of new national standards. HHC’s web-based
reporting system replaced a manual process that was cumbersome and
difficult to validate. Establishing a web-based site enabled member
hospitals to expand the number of residents monitored, ensure greater
accuracy, and reduce substantially the manpower needed to track residents,
thereby allowing staff to be re-deployed to more critical functions.
Congratulations to both New York City Health and Hospitals Corporation
and Business Logic, Inc for their successful implementation of a web-based,
intranet-internet solution that provides the largest municipal health
care system in the country with a distinct advantage in meeting their
compliance obligations.
|
| First
Place: OUTSOURCING MANAGEMENT |
Deutsche
Bank |
The
Deutsche Bank Securities Processing Evaluation and Architectural
Re-Engineering (eSPEAR) project is an enterprise-class outsourcing
undertaking. Among its many merits, eSPEAR demonstrated an excellent
balance of in-house and outsource resource that cut across a range
of countries and involved more than 500 employees. Deutsche Bank
demonstrated proper methodology in its vendor selection, coordination
and managerial oversight, as well as in its financial management.
Insightful metrics were used and missteps were revisited to adapt
and improve mid-project. Appropriate measures were taken in security
management and knowledge retention. The approach to fabricate a
business analysis composed of both vendor and in-house employees
was an excellent practice and was a factor in the project’s
success. The judges’ were most impressed by the success with
which Deutsche Bank engaged their vendor as a partner. The breadth
and complexity of the project was managed with industry best practices
which lead to deployment and production efficiencies. Deutsche Bank
demonstrated leading edge best practices in outsourcing through
eSPEAR, and justifiably earned the Technology Manager's Forum Best
Practice Award for Outsourcing Management for 2004.
|
| 2003
|
| Category |
Organization |
Best
Practice Summary |
| First
Place: Business Continuity Planning |
PHH
Arval |
We are proud
to award the Best Practices Award in Business Continuity to PHH Arval,
a leasing and vehicle management service provider for thousands of
firms, for a business continuity plan focused on ensuring customer
service continuity and business survivability during any business
interruption.
PHH’s plan includes a wide range of scenarios. Additionally,
the firm has successfully addressed its dependencies on suppliers
and cross functional inter-dependencies within its own business framework.
The firm aggressively pursues testing of the business continuity plans
by holding multiple drills and testing its plan repeatedly. Templates
are in place for each business area in the firm, but each business
areas manages its own response. Critical systems and functions are
prioritized in the recovery effort with IT and business units working
together as a team.
PHH Arval’s clear commitment to its client base, as well as
its business areas gives them a competitive edge that has resulted
in an increase in new business. Congratulations to the team at PHH
Arval for implementing a successful and aggressive business continuity
program that clearly protects its business interests as well as its
employee base.
|
| Honorable
Mention: Business Continuity Planning |
FleetBoston
Financial Crisis Management Program |
FleetBoston was
awarded honorable mention for their exceptional implementation of
a crisis management program within their firm. A critical component
in managing a business crisis is ensuring that communication between
outside agencies as well as internal groups works effectively.
FleetBoston has implemented a process and flow that incorporates crisis
management with its business recovery and disaster recovery divisions.
Awareness of the importance of communications in a crisis is on the
radar screen of every employee in the firm. The business continuity
plan was introduced to 50,000 employees in the firm to ensure that
everyone knows his or her role in the event of an emergency.
The business continuity team engaging in continual testing activities
and has integrated outside agency updates into its mainstream processes.
We feel strongly that the work that has taken place in FleetBoston
Financial’s crisis management program is a strong model for
business continuity best practices and deserves our congratulations.
|
| First
Place: B2B E-Commerce |
Citigroup |
CitiDirect
Online Banking, Citigroup's web-based corporate banking platform,
does everything you'd expect of an online banking system. What sets
it apart from similar offerings, and constitutes industry best practices,
are three things:
First: great user interfaces. Effective interfaces are the result
of thinking carefully about what users want to accomplish, and closely
observing user behavior. Citigroup's clean interfaces communicate
functions clearly, through strong visual language and intelligent
information design.
Second: clean architecture. The hodge-podge of web, mainframe, client-server,
and desktop applications in a typical large organization present a
challenge for anyone developing a new critical system. The easiest
thing to do is sidestep existing systems, and build another silo.
Instead, Citigroup worked to architect a system that plays well with
existing corporate systems and preserves the value of earlier efforts.
Third: good attention to security. Online security practices are raw
right now, and rapidly evolving. In such an environment, it would
be easy to make do with typical, but inadequate, challenge-response
password protection. Instead, Citigroup chose to go the extra mile
and employ encryption, digital certificates, and digital token smartcards,
giving their customers the benefit of stronger protection. Congratulations
to Citigroup for a superior B2B site that embodies best practices
in its category.
.
|
First
Place: Business Process Improvement
|
TruServ
and Business Objects |
TruServ,
a member-owned hardware cooperative, deserves its first place win
in the Business Process Improvement category for its implementation
of a data warehouse and enterprise performance management system using
a Business Objects solution.
The TruServ system is ambitious in scale, encompassing an enormous
range of systems, users and physical locations. Their data warehouse
is accessed by internal users via flexible “dashboard”
clients on their Intranet. Customers, the remote sales force and suppliers
within the cooperative also have secure access to information in the
data warehouse via a web-enabled application. The TruServ system demonstrated
an impressive cost savings to the cooperative and, in one case, reduced
promotion-related returnable inventory by $50 million. Their training
methodology demonstrates an excellent best practice for deploying
applications rapidly. They used expert consultants to train super
users and business users, who in turn, were responsible for training
in their own business areas. Once deployed, the TruServ application
produced a return on investment in 90 days.
Congratulations to TruServ and Business Objects for demonstrating
exemplary best practices in rapid deployment and providing a novel
solution that supports continuous improvement. It is a system that
other organizations can learn from and replicate.
|
| First
Place: Customer Relationship Management (CRM) |
Horizon
Blue Cross Blue Shield of New Jersey and Siebel Healthcare |
The Universal
Customer Service Workstation (UCSW) project from Horizon Blue Cross
Blue Shield of NJ is the deserving winner of the CRM category. Using
Siebel Healthcare software, they’ve increased customer satisfaction
by deriving data from multiple sources and transforming it for the
users; integrating data and business rules related to that data, particularly
regulatory requirements; and converting users from a mainframe to
a Windows-based application.
The system integrates information from multiple legacy systems and
provides a single view of members’ claims to the customer service
representative, resulting in a reduced call time and fewer transfers
of to other claim areas. Outstanding ROI metrics included reducing
new hire training time from 32 weeks to 8 weeks; a significant decrease
in call handling time; and an anticipated $21 million savings in staff
reductions. Other best practices include using a “model office”
for training; involving business and training staff with IT staff;
establishing data accountability through controls and balances to
ensure data is transferred between systems correctly; maintaining
one central model for change management; and using small regression
tests as well as full system tests.
Congratulations to Horizon Blue Cross Blue Shield of NJ and Siebel
Healthcare for successfully addressing some of the biggest challenges
in developing CRM applications.
.
|
|
First Place : Information Security |
Astoria
Federal Savings |
Astoria
Federal Savings is the First Place winner thanks to their easy-to-follow
technical and policy-based practices. Astoria developed an impressive
CIRT and Incident Management Team that works with business units to
identify “pre-incidents” and plan responses, and has a
robust security awareness program for both internal employees and
external customers who require 24x7access, as well as separate curriculums
for internal and consultant-based information security staff.
Astoria’s best practices included requiring cost justifications
for security spending and requiring "two sets of eyes" to
validate security procedure: procedures are tested by people who did
not have a hand in writing them. Astoria also developed a comprehensive
process for protecting confidential data that mandates business areas
maintain the inventory of confidential data, its location, owner,
and accesses. The inventory is reviewed annually by information security,
legal, and internal audit staff. Additionally, Astoria established
a central security hotline for reporting incidents, anonymously if
need be. To aid cross-environment security testing, Astoria established
browser-based reduced sign-on solutions.
Congratulations to Astoria Federal Savings for a for their “make-sense”,
straightforward set of best practices that garnered them a First Place
win the category of information security.
|
| Honorable
Mention: Information Security |
Citigroup
and eEye Digital Security |
Citigroup
has developed an innovative solution integrating various security
components from security software solution provider eEye Digital
Security. This comprehensive approach consisted of a network monitoring
solution and a workflow solution.
Citigroup has effectively integrated CVAST (Continuous Vulnerability
Assessment and Scanning Toolkit) with their asset management system.
Specifically, the eEye Retina® host vulnerability scanner solution
allows a small team of security technicians to manage security on
a large number of globally-dispersed systems. Through a combination
of tools and processes, they provide on-demand scanning of their
entire server infrastructure.
Citigroup demonstrated their understanding that information security
is a “business risk management issue.” In their business
process, automated workflow (a true technical solution) is used
to send notifications and/or tasks to all pertinent stakeholders
(audit, business, security, and operations personnel). This process
engages the entire organization and ensures information security
by holding various groups accountable through statistics and tangible
quantified results.
Congratulations to Citigroup for its impressive and sophisticated
use of technology for information security.
|
| First
Place: Project Management |
Pershing
LLC |
Pershing
LLC is awarded First Place in the Project Management category thanks
to a highly complex project that had an impact on the organization
at an enterprise-wide level.
The inclusion of concepts such as usability engineering and the use
of XML represent forward-looking approaches to project management,
and the patenting of part of the design reflects the groundbreaking
accomplishment. In addition, the methodology encompassed a pre-defined
solid structure, organized regular meetings, closely tracked issues,
and utilized an online tool for time and cost efficiency and supporting
documentation. Multiple management metrics were put in place, and
tracked with multiple tools.
Risk management is a key component of Pershing’s efforts. Risks
were identified at the onset of the project and tracked through the
project lifecycle. The project includes remote locations and balances
risk management with confidentiality. The issue of disparate corporate
cultures was clearly identified, to minimize disputes among teams.
An excellent set of practices were put in place, including post-mortem
recommendations for managing future projects. Significant competitive
advantages were delivered to the major participants of the project.
Kudos to Pershing for demonstrating best practices in project management,
resulting in a full service, online application that services its
customer base in an efficient and user-friendly manner.
|
First
Place: (TIE)
Technology Innovation
|
South
Carolina Department of Health & Human Services and Novell |
The
South Carolina Department of Health and Human Services (DHHS) also
merits a First Place award for its significant and inventive implementation
of Web portal technology. They responded to operational and regulatory
challenges, and at the same time supported behavioral changes in their
organization. Working in partnership with Novell across 150 different
offices with over 1,800 employees, they implemented a secure access
interface for their medical records systems that can be used by both
employees and affiliated Medicaid eligibility workers.
This government agency utilized existing technology in directory and
identity management by leveraging the experience of integration partner
Novell. Together, they applied object-oriented web development methodologies
for accessing information housed in legacy mainframe applications.
In so doing, they created value by reducing some costs and avoiding
other costs altogether. At the same time, they improved the flow of
information to a broad audience and did so securely, in compliance
with HIPAA regulations.
Congratulations to South Carolina Department of Health and Human Services
and Novell for employing a novel solution that serves the humanitarian
needs of a large and mostly disadvantaged group of people.
|
First
Place: (TIE)
Technology Innovation |
Citigroup |
Citigroup ties
for First Place in the Technology Innovation category thanks to an
extremely innovative project that provides a clear competitive advantage
to their organization. With over 1,500 employees located in the world’s
major cities, Citigroup has reconfigured its business on the New York
Stock Exchange floor by shifting 95 percent of its brokers to wireless
transactions and at the same time cutting operational costs in half.
The Citigroup Hand Held Order project represents innovation on both
technical and organizational fronts. Technical innovation was matched
with innovative changes to existing work processes, and the result
was a sum greater than its parts. Citigroup's project has measurable,
tangible benefits, including advantages in its ability to handle greater
order volumes while reducing its communication cycle to a global audience.
Congratulations to Citigroup for providing a comprehensive solution
that executes significant volume transactions from the floor of the
stock exchange.
|
|
