Using Voluntary Consensus Standards


Statement of the problem
It has been more than 10 years since The Office of Management and Budget (OMB) issued Circular A-119 (Revised) directing federal agencies to use voluntary consensus standards, both domestic and international, in its regulatory and procurement activities. This circular defined voluntary consensus standards as having the following attributes: openness; balance of interest; due process; an appeals process; and consensus. Standards that meet these criteria include ISO, IEEE, and ANSI standards. It was expected that the agencies, including the Department of Defense, would cease using their own agency-specific standards which were often modeled after the proprietary standards of the contractors hired to develop those standards.

Although the circular is not specific as to its use in the external development of systems and/or software, it is specific in stating that the agencies must use voluntary consensus standards in its regulatory and procurement activities. For example, agencies could, if they desired, state via the RFP that their evaluation of a contract deliverable would be based on its conformance to the applicable voluntary consensus standard. Since the release of Circular A-119 (Revised) few if any of the federal agencies have attempted to bring their System Development Life Cycle standards into alignment with the circular. Recently, OMB issued Circular A-11 which references the use of voluntary consensus standards in Section 53. However, legacy systems continue to be upgraded and new systems continue to be built with little or no standardization across agencies or within individual agencies.

Assuming the federal agencies want to conform to OMB Circular A-119(Revised), the unanswered question is – what precludes conformance? Some possible answers include: it will be too expensive; our operations and maintenance contractors won’t cooperate; our CPIC group doesn’t care how IT is done; our project managers don’t know how to do it or think it will take too much effort to implement. These arguments are all realistic albeit not very logical.

Perhaps the unspoken reason is that the federal agencies do not know how to implement the use of voluntary consensus standards. This paper is specific to the use of such standards in the development of systems and software and will propose several implementation options ranging from directive to consensus.

Implementation Options
The implementation that is correct for a particular federal agency is the one that is in-synch with the agency culture and its way of managing IT. One agency may feel comfortable with a top-down approach whereas another agency may be more comfortable with a bottom-up approach. Yet another agency may find that a combination or hybrid of these two diverse approaches is most effective. This paper describes four models – Directive, Project, Consensus, and Hybrid.

Directive Model
Description: The CIO determines that it is advantageous for the agency to adopt voluntary consensus standards and signs that directive. The CIO staff will then develop an implementation strategy and guidelines for implementation. The directive is binding for all internal system or software development. Although OMB Circular A-119 does not mandate the use of voluntary consensus standards by external contractors, it does mandate their use in regulatory and procurement activities, and the CIO could make a determination that the agency will evaluate contractor deliverables against these standards. Also, the CIO could make the determination that any externally produced system utilizing the agency backbone or connecting to an in-house system must be developed using voluntary consensus standards.

Advantages: The specifics of implementation are specified. Project managers know what they have to do. All members of projects immediately are held accountable. This model is best used by an organization with a well-defined chain-of-command.

Disadvantages: Some IT program managers may push back because they have not been consulted and/or because their programs are developed outside of the CIO’s arena. They may neglect to use the standards or they may not monitor the use of the standards. There is no opportunity to validate the guidelines before they are implemented.

Project Model
Description: Pilot the transition to voluntary consensus standards using a highly visible project to learn from and improve the implementation process. In this model, the program manager declares that voluntary consensus standards are to be used on the project, and the applicable voluntary standards are provided by the agency. As a result, all documentation generated by the agency is based on voluntary consensus standards and the RFP states that all contract deliverables will be assessed and accepted or rejected based on voluntary consensus standards.

Advantages: Using a single project reduces the potential impact of an ill-planned implementation. A single project allows for the validation of the concept and provides a feed-back mechanism that enhances the final implementation across all IT projects. This ultimately gains buy-in from the stakeholders.

Disadvantages: Other projects continue to have the option of not using voluntary consensus standards. A highly visible project that requires more than a year will delay implementation of the use of voluntary consensus standards throughout the agency’s IT projects.

Consensus Model
Description: A champion, whether at the level of the CIO or lower down, introduces the idea to relevant managers. In an agency with a high level CIO and division level CIOs the relevant managers would be the low-level CIOs. In another agency, the relevant managers may be the IT Program Officers. Once that group agrees that the use of voluntary consensus standards would be beneficial, they may request the CIO to issue the policy statement and to have staff develop implementing procedures and guidelines. In addition to achieving consensus on the need for the use of voluntary consensus standards, the consensus model may include the need to achieve consensus on the implementation procedures and guidelines.

Advantages: The consensus model ensures that all stakeholders have a sense of ownership in the process to be followed. This is especially true if the consensus model is used for the development of the implementing procedures and guidelines as well as in the selection of the model. The consensus model may reflect the requirements of small as well as large and complex projects.

Disadvantages: The process of achieving consensus may require the inclusion of a waiver process that dilutes the potential impact of using the voluntary consensus standards. The time required to affect this model may be the lengthiest of any of the options as stakeholders struggle to exempt their area or to determine criteria for exception.

Hybrid Model
Description: A hybrid model may involve the Directive Model and the Project Model, or it may involve the Consensus Model and the Project Model. In the first instance, a highly visible project may be identified to implement voluntary consensus standards while the CIO staff is developing the procedures and guidelines for the agency. In the second instance, a highly visible project may be identified to implement voluntary consensus standards while the management team is achieving the consensus required to bring the use of voluntary consensus standards to the agency as a whole. Alternatively, an agency may identify a highly visible project as a way of implementing procedures and guidelines that have been drawn up as a result of either the directive or the consensus model.

Advantages: The hybrid model provides the opportunity to implement the model in a limited fashion while mitigating potential risks associated with an all-agency implementation. The model affords the organization needed experience to modify the method of implementation, as well as the specific procedures and techniques based on the experience of the highly visible project.

Disadvantages: A highly visible project ,that requires more than a year to complete, may delay implementation of the use of voluntary consensus standards throughout the agency’s IT projects. The relative ease of implementing voluntary consensus standards in a single project compared with the difficulty of an all agency implementation may deter the all-agency implementation.

OMB Circular A-119 directs the federal agencies to remove themselves from the business of generating and maintaining standards. The availability of voluntary consensus standards allows them to do just that. The use of voluntary consensus standards allows the federal agencies to manage their IT staff and contractors better by setting a consistent level of expectations for them and the agency program manager. The OMB Circular does not specify the method by which the agencies are to implement the directive to use voluntary consensus standards. Rather the OMB Circular leaves it up to each federal agency to determine the best way to implement the requirement.

This paper has defined four models (Directive, Project, Consensus, Hybrid) that can be implemented. In addition this paper has described some advantages and disadvantages of each model. It is up to the agency to identify the model that best suits its needs and its culture. Once the agency has selected this model, they may desire to use an outside contractor to develop the process and procedures required for implementation.

About the Author Eva Freund is the President and founder of The IV&V Group, Inc. She has over 20 years of verification and validation including planning, monitoring and controlling IV&V programs for numerous Federal government agencies. Ms Freund is an active participant on the PIEEE 1012 (Standard for System Verification and Validation) Working Group which is broadening the current Standard for Verification and Validation to include the System and Hardware perspectives. She served as Vice‐Chair of the IEEE 829 (Standard for Software and System Test Documentation) Working Group which was responsible for the publication of IEEE 829-2008. Ms. Freund has an undergraduate degree in Business Management from Fairleigh Dickinson University and a graduate degree in Organization Development from Goddard College. She is designated by IEEE as a Certified Software Development Professional and by ASQ as a Certified Software Quality Engineer.

About the author

StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.