i3 Implementation Highlights
- Support ISO 9000, AS9100, 20000, and 27000 Certifications
- Support CMMI for Development and CMMI for Services Models
- Support NIST 800-53 and NIST 800-171 Assessments and Consulting
- Proven Past Performance. Customers include: Crystal Clear Technologies, Dynamic Software Solutions, L-3 Communications, AmericanCyber, U.S. Army, Okaloosa County Schools, Florida, Maryland Department of Transportation, and Montgomery County, Maryland.
Quality and Security are paramount to delivering industry-leading products and services. i3 Design and Consulting LLC has over 17 years’ experience supporting public and commercial organizations to achieve their certification, maturity rating, and IT Security goals. More importantly, we help organizations put in value added processes and business discipline that measurably improves their top and bottom lines. Our customers are our testament. Make an appointment to chat and check out the experiences of our customers.
i3 provides a range of consulting support for the following ISO standards:
ISO 9000 is a set of international standards on quality management and quality assurance developed to help companies effectively document the quality system elements to be implemented to maintain an efficient quality system. They are not specific to any one industry and can be applied to organizations of any size. ISO 9000 can help a company satisfy its customers, meet regulatory requirements, and achieve continual improvement. However, it should be considered to be a first step, the base level of a quality system, not a complete guarantee of quality.
AS9100 is the international management system standard for the Aircraft, Space and Defense (AS&D) industry. Standard AS9100 includes ASQ 9001:2000 quality system requirements and specifies additional requirements for the quality system of the aerospace industry. The purpose of this aerospace standard is to help organizations provide products and services that meet customer needs and requirements and comply with all applicable regulatory and statutory requirements. It is also designed to encourage organizations to continually improve the quality and performance of their products and services. The standard provides suppliers with a comprehensive quality system for providing safe and reliable products to the aerospace industry. Organizations certifying to AS9100 also receive and ISO 9000 registration.
ISO 20000 is the international standard for IT Service Management (ITSM), published by ISO (the International Organization for Standardization), and ICE (the International Electoral Commission). The standard describes a set of management processes designed to help you deliver more effective IT services (both to those within your business and to your customers). ISO 20000 gives you the methodology and the framework to help you manage your ITSM, while allowing you to prove your company follows best practice. With the requirements of the standard you will achieve best practice, helping to improve your delivery of IT services. And ISO 20000 is applicable to any company size and any industry.
The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure.
i3 provides system and process design, implementation, quality assurance, and appraisal team support for the following CMMI Models
The CMMI for Development Model (CMMI-DEV) provides guidance for applying CMMI best practices in a development organization. Best practices in the model focus on activities for developing quality products and services to meet the needs of customers and end users. CMMI-DEV contains practices that cover project management, process management, systems engineering, hardware engineering, software engineering, and other supporting processes used in development and maintenance. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development.
The CMMI for Services Model (CMMI-SVC), provides a comprehensive integrated set of guidelines for providing superior services. The CMMI-SVC model provides guidance for applying CMMI best practices in a service provider organization. Best practices in the model focus on activities for providing quality services to customers and end users. CMMI-SVC contains practices that cover service delivery, service transition, strategic service design, work management, process management, and other supporting processes used in development and maintenance. CMMI-SVC integrates bodies of knowledge that are essential for a service provider.
Information security (and specifically cybersecurity) continue to grow in importance. With the continued and increasing threat to critical infrastructure, the requirements for improved security for government contractors has also increased. Over the past five years, U.S. Government contractors have seen additional requirements certified systems that can meet requirements of the NIST Cybersecurity Framework (CSF).
NIST 800-53 is a publication that recommends security controls for federal information systems and organizations and documents security controls for all federal information systems, except those designed for national security. NIST 800-53 subdivides security controls into common, custom and hybrid categories. Common controls are those often used throughout an organization. Custom controls are those intended to be used by an individual application or device. Hybrid controls start with a standard control and are customized per the requirements of a particular device or application. It includes the procedures in the Risk Management Framework, which deal with security-control selection for federal information systems per the security requirements in Federal Information Processing Standard (FIPS) 200. This consists of the selection of a primary set of baseline security controls in accordance with a FIPS 199 worst-case impact analysis, creating standard security controls, as well as adding the security controls in line with an organizational risk assessment. The security rules cover 17 areas, including incident response, access control, ability for disaster recovery and business continuity.
NIST 800-171 is a framework that specifies how your information systems and policies need to be setup in order to protect Controlled Unclassified Information (CUI). The publication provides federal agencies and contractors with recommended requirements for protecting the confidentiality of CUI: (i) when the CUI is resident in non-federal information systems and organizations; (ii) when the information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and (iii) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or government wide policy for the CUI category or subcategory listed in the CUI Registry. The security rules cover 14 areas, including incident response, access control, system and communications protections, and system and information integrity.
U.S. Government Contractor Specialization
ISO and CMMI are designed to support any business or organization. While this facilitates the broad use of the frameworks, it often results in sub-optimal implementation results. i3 specializes in working with contractors that deliver IT, cyber, engineering, and (staff) services to the U.S. Government. Operating successfully in the government contracting arena requires specialized knowledge of government requirements, laws, and expectations. Also, it requires a deep content understanding for the types of products and services delivered by the contractor and the methods by which those products and services are developed, acquired, and delivered.
Solutions for (Staffing) Services Contractors
Nearly every U.S. Government IDIQ or GWAC vehicle requires or provides procurement advantages for firms with ISO certifications and CMMI ratings. Most prime contractors pass those requirements to their subcontractors through contract flow-down clauses. However, implementation of the ISO standards and achievement of an appropriate CMMI rating is challenging for companies providing staffing resources to the federal government because the standards are not written in a way that easily accommodates these types of businesses. i3 has custom solutions built specifically to achieve the required certifications and ratings for resource staffing services firms. Moreover, our solutions have proven to improve business performance by lowering operational costs, raising customer acceptance rates for candidates, and significantly improving customer satisfaction. We do not just provide you a path to certification; we improve your business. Our solutions focus on using the ISO standards and CMMI models to achieve business transformations that improve revenue, quality and margin. Utilizing our product accelerators, we achieve these results with a 75% cost and timeline reduction from standard implementations.
Engineering and Development Solutions
Over the past five years increasing numbers of software engineering and development projects have moved from the traditional waterfall and spiral development methods to agile and scrum. Integrating an agile development with government CMMI requirements is not a straightforward endeavor. i3 is experienced in developing agile SDLC’s that map to the CMMI for Development Level 3 requirements. If you have an existing agile SDLC, we can customize and integrate your existing solution to meet the model requirements. Our solutions embrace the spirit of agile and significantly streamline and consolidate the documentation and artifact requirements of the CMMI model. This approach means that the CMMI requirements are simply built into your agile implementation and do not create additional work outside of your development processes. Our consultants will work with your team to create solutions work with industry leading agile development tools, such as Jira, Version One, and Microsoft TFS & VSO.
IT and Cyber Solutions
i3 has extensive experience implementing ISO 20000 (IT Service Management) and 27000 (Information Security Management) solutions. We utilize our ITSM, ISO 20000, and ISO 27000 accelerators to jump-start your implementation. Using this approach, we are typically able to reduce the costs and implementation timeframes for ISO 20000 and ISO 27000 by nearly 75%. Our solutions are platform independent. However, as a certified ServiceNow Services Implementation partner, we have pre-built forms and extensions for the platform that can further reduce cost and improve the overall effectiveness of your implementation. Our consultants leverage the NIST Risk Management Framework for our government ISO 27000 implementations. This approach ensures consistency with current and future government cyber security requirements. Moreover, we leverage the controls compatibility between ISO 27000 and NIST 800-53 to ensure you are positioned for future work in this critical area.