Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »

Introduction

 Section Explanation. Click to expand.

The product requirements document (PRD) is a central document used to align all stakeholders (product management, engineering, QA, designers, and leadership) on the overall objective and vision of the proposed product and is used as a decision-making tool.

When creating the PRD, provide just as much information as needed and nothing more. If the document is too long and complex, it will quickly become outdated, and readers will lose interest.

PRD content and structure vary by organization. Depending upon the product line, company culture, and processes, PRDs could have quite a different look and feel.

In this latest iteration of the Unified Compliance PRD template, we changed the template to help raise visibility of how the proposed product (or feature set) adheres to Unified Compliance’s strategic plan including details on why this product proposal is important to Unified Compliance.

Strategic Planning and Decision Making

 Section Explanation. Click to expand.
  • Vision and Goal Setting: articulates the vision alignment, problem being addressed, and goals of the product proposal describing what the product is, who it is for, and how it will benefit the users and the organization.

  • Decision-Making Framework: helps in making informed decisions throughout the product development process acting as a reference point for evaluating progress and making changes.

  • Performance Measurement: sets the criteria for measuring the success of the product through specified metrics and key performance indicators (KPIs) including potential financial impact.

  • Basis for Prioritization: helps in prioritizing features based on the product strategy, market needs, and resource constraints.

 Vision and Initiative Alignment

How does this proposal fit into our overall vision and which specific initiative does this proposal align with and how?

The UC Strategic Plan for 2024 has two foci:

  1. content and

  2. the sale of that content

This project squarely fits into the focus of bringing in additional content.

Content Ingestion Automation - ETL is a critical aspect of the initiative to “Partner with 3rd Party to Develop Automated Content Mapping”.

The automated content mapping comprises the complete end-to-end content capture, ETL, and mapping to the common controls. This particular product proposal is the “left-hand” side from capture to ETL.

 The Problem

What problem are we trying to solve? and why it important to our customers and/or to Unified Compliance?

We currently rely on a team of expert mappers to meticulously add content into the UCF. The process works well but is slow. With the advent of automation and AI, Unified Compliance risks attacks from competitors who will use technology to accelerate content acquisition.

We risk losing customers to other platforms if we fall behind on the extent of coverage.

We will also find it difficult to take on new market segments without automation.

 High-level Approach

Briefly describe the approach you’re taking to solve this problem. Provide enough information for the reader to imagine possible solution directions and get a rough sense of the scope of this proposal.

The approach is to start with the “left-hand” side of the end-to-end content ingestion process focusing on compliance content through ETL for an identified list of four (4) compliance content providers.

For each content provider, Authority Documents will be identified, then Citations and Glossaries will be extracted from the Authority Documents, transformed into the Common Data Format specification, and loaded into the UC platform.

Automation tools and AI will be used to accelerate the end-to-end process with human assistance to review and approve critical steps in the process focusing on reviewing and updating AI suggestions.

Once the process is proven out, the intent is to extend the solution to many additional compliance content providers.

 Goals

What does success look like? What metrics can we effect and why it is important to affect those metrics?

Goal

Metric

Why Important?

Reliably extract citations from Authority Documents

>= 80% accuracy where 20% of Citations need to be reworked (e.g., split, merged, rejected …)

If there is poor accuracy requiring extensive human correction, then there is little value.

Reliably extract glossaries from Authority Documents

>= 95% accuracy where only 5% of term-definition pairs need to be reworked. Glossaries are substantially easier to identify and extract than citations.

If there is poor accuracy requiring extensive human correction, then there is little value.

Reliably automate the end-to-end process of capturing, transforming, and loading STIG, NIST 800-53, FedRAMP, eCFR compliance content into the Unified Compliance platform.

100% of identified Authority Documents for all four compliance content contributor sources is loaded into the UCF.

All four Authority Documents sources are related to securing and hardening IT infrastructure for both the private and public sector.

To provide value to customers with Security Operation's requirements, UC needs to maximize the breadth of security coverage to ensure we can provide security guidance for as many IT assets as possible.

Scope and Requirements

 Section Explanation. Click to expand.

The intent of this section is for the following:

Scope Definition: defines the scope of the proposed product (or features), including what will and will not be included helping manage expectations and focus development efforts.

Guideline for Development: provides detailed information on the product’s features, functionalities, user flow, and interface to guide the development team in building the product.

Framework: provides high-level evaluation criteria for alternative solutions (build, buy, partner) to evaluate different routes to success.

 Features

Describe the product features that will bring value to customers and fulfill underserved need(s).

Feature

Comments

Automatic Citation and Glossary Extraction from Authority Documents

Citations are passages in the Authority Document that:

  1. contain Mandates (requirements) OR

  2. related contextual information such as stubs, informational, and informational gathering.

Human-in-the-loop Training for Content Extraction AI Models

Specifically for the Citation and Glossary extraction

Automated Compliance Content Ingestion into the Common Data Format

Initially targeted for STIGs, NIST 800-53, FedRAMP, and eCFR

Monitoring and Logging

Metadata and Data Change Detection

Statistical Data Capture and Reporting

For each step in the ingestion pipeline with critical data capture of AI model accuracy.

 Out of Scope / Future Functionality

List the known features that are out of scope for this project or might be revisited at a later time.

As is case with the assumptions, it is important to list these out so that architects and engineers can plan accordingly for these later updates.

Feature

Comments

Tagging and Mapping of content to the Common Controls.

This project ends at the AD, Citation and Glossary extraction, transformation, and load.

Follow-on projects will include the tagging and mapping.

Human-in-the-loop for content capture.

Later projects can include additional human validation. To limit scope of this project, steps such as metadata change detection can be reviewed and validated after the fact looking at logs and other information.

Human-in-the-loop for the AD cataloging.

Same as above

Human-in-the-loop for transformation into the common data format

Same as above

Human-in-the-loop for loading into the UCF

Same as above

Corpora Management and Administration

A non-production version of a corpora exists. Any work on the corpora is out of scope for this product.

Corpora Data Loads

The focus of this PRD is to load compliance content into the UCF 4.0 application for customer consumption over the API.

Follow-on projects can tap into the pipeline and use the content for other purposes.

Fit-for-purpose frontend for each step in the content ingestion process.

UX/UI for any other aspect of the process outside of human review and approval of suggested citations and suggested term-definition pairs.

Later product updates could include additional front-end steps for tasks throughout the process.

 User Interaction and Design

Link to mockups, prototypes, or screenshots related to the requirements.

For this PRD, the focus of the user interaction is on the reviewing of suggested citations and term-definition pairs.

 Process Flow Diagrams

Links to user journeys, process flow, or other diagrams related to the requirements.

 Impacted Product Components

If this project is a component to other areas or an update to an existing product, specifically call out where this product will interact with other areas.

 Open Questions

List any open questions that come to mind throughout the lifecycle of this initiative.

Question

Answer

Date Answered

What do we do with deprecated authority documents?

For STIGs, how do we identify which files are authority documents?

For NIST 800-53, how do we identify which files are authority documents?

For FedRAMP, how do we identify which files are authority documents?

For eCFRs, how do we identify which files are authority documents?

Specifically, what is required to catalog an AD?

In this first pass, what should constitute content changes?

We don’t want to get too crazy and make this a massive project.

Need to discuss.

 Alternative Solutions

Provide a high-level evaluation criterion for alternative solutions (build, buy, partner) to evaluate different routes to success.

Milestones and Launch Checklist

 Section Explanation. Click to expand.

The intent of this section is for the following:

Monetization: Financial impact this product will introduce (if any)

Risk Mitigation: Identifies potential risks and propose mitigation strategies.

Launch Readiness: launch checklist including high-level go-to-market plan to ensure cross-departmental alignment.

High-level Messaging: Includes Unique Selling Proposition (USP) raising visibility of the proposed solution’s value proposition.

 High-level Messaging

What is the Unique Selling Proposition (USP)? Relay the key factors that separate our product from the competition and why we are the best possible solution for our prospects based on their unique needs.

 Monetization

Will this product be part of an existing subscription or an add-on?

Will this product be usage based or part of a subscription?

 Risk Mitigation

Identifies potential risks and propose mitigation strategies.

Risk

Mitigation Strategy

The eCFR content volume could cause multiple challenges including impact on API responses, searches, dominate other content sources …

 Launch Readiness

Identify any relevant milestones that people should now about. Will we “eat it” ourselves first? Will this require a beta? and what is the target launch date?

Date

Milestone

Audience

Description

TBD

Dogfood 🐶

Internal employees only.

Testing internally

TBD

Beta 🎈

Early cohort of X customers.

Getting user feedback

TBD

Public Launch 🚀

Roll-out to all users.

Let’s do it!

 Launch Checklist

This section is a reminder to the product team to make sure all relevant stakeholders are involved as necessary.

Area

Question

Answer (yes/no)

Instructions if "Yes” (or unsure)

Customer Success

Will new training material be needed (or updates to existing classes)? 

 No

Talk to the Customer Success team.

Customer Success

Do we need a new or updated onboarding experience?

No

Talk to the Customer Success team.

Support

Will new FAQs be required (or updates to existing ones)? API documentation?

Yes

Talk to the Customer Support team.

Support

Will this functionality require new support processes like new HubSpot workflows or saved replies? Or training the support team on the product?

Yes

Talk to the Support team.

Growth & Data

Do we need additional tracking in order to measure success and impact on user behavior for the new feature? Will UserFlow be used? Do we need a new Power BI report?

Yes

Review within our Product Team

Growth & Data

Could this impact CTAs? Or new-user-experience (NUX)?

 Yes

Review within our Product Team

Growth & Data

Are we turning this product or feature on for everyone immediately or are we going to use feature flags for a slow roll-out?

Everyone

Not applicable yet until feature flags are ready to go

Product

Are we running a Beta for this?

No

Review within our Product Team

Marketing

Are we introducing functionality where we will want to update or create new web pages? New/updated CTAs?

Yes

Talk with Marketing

Additional References

 Section Explanation. Click to expand.

List and link to any other reference sites, documents … that might be important to the reader including the business model canvas (BMC).

STIG Overview

STIG Document Library

NIST SP 800-53 Overview

NIST GitHub Repository

FedRAMP Basics

FedRAMP GitHub Repository

eCFR Overview

eCFR Developer Resources

  • No labels