CaseManagement/Deploy

  1. New Application

_WARNING_: **ON BOARDING A NEW SOLUTION/APPLICATION TO PRODUCTION CAN TAKE 1-2 months DUE TO TC DSO SIGN OFF REQUIRED BY GCCASE!**

NOTE: This page is designed to facilitate getting your product to deployment (and providing value), not to help understand the process. Also you can do the GCCase docs and the TC DSO Sign off docs (See Deploy to Prod) in parallel (highly recommended).

    1. Begin Here:

A completely new CRM solution/application requires a new service code for SMGS. Fill in http://mytc/rdims/1352290 Email to Luckner Thermonvil and DLOTTClientSupport@tc.gc.ca to create code This will allow you to create CR/SMGS for deployments. You'll be able to deploy to Acc after this is done.

    1. From this point on:

Refer to GCCase Onboarding guide http://mytc/rdims/12380556. Find the process diagram and use it as an index of the docs needed to deploy to the environment(s) listed below. Blue docs are your responsibility. Just fill out the docs for each deployment environment as indicated.

  1. Deploy to Dev (Small Delay)

If you don't have a tenant you need to start from zero with GCCase. Refer to diagram, SCMS Program Interest, Client Dev and Test phase.

If you are using an existing tenant with Dev and Test environments setup, but releasing apps, you will start in the Solution Readiness phase of the diagram; per application.

Do these as per diagram if new tenant, otherwise SRF for existing tenant: Connectivity Testing Signed MOU Solution Requirements Form (SRF) http://mytc/rdims/13183559 Complete Critical Path Document Tenant provisioned Submit SMGS to deploy your solution/app Test solution/App

  1. Deploy to Acc (Small Delay)

Deploying to Acc builds on Dev (I know you did the work for above...right?), submit SMGS request to deploy to Acc. Assign the task to deploy to APPS_CRM.

  1. Deploy to Prod (Huge Delay)

DSO Signoff required by GCCase to go to Production environment. This requires a TC process described in TC process for on-boarding applications to SCMS Environment http://mytc/rdims/13329555.

There are different docs for Protected A or B. Complete docs as per your rating. The below is taken from the TC on-boarding document.

In order for this to be accomplished, during the initiation phase of a project, the following documents will need to be completed by the business client and reviewed by IT Security to validate the sensitivity of the system: • Statement of Sensitivity (SoS Form) http://tcapps/Corp-Serv-Gen/5/forms-formulaires/download/09-0362_BI_PX • Security Concept of Operations (Security Concept of Operations Template) http://mytc/rdims/6916198 pcdocs://RDIMS/6916198/R • System description in sufficient detail to understand how the system is intended to be operated • Identity Assurance Level Requirements Worksheet form http://mytc/rdims/9692825 pcdocs://RDIMS/9692825/R

When the sensitivity of the system has been validated, one of two different on-boarding paths will need to be completed.


      1. For Systems rated Unclassified and Protected A:

The development and testing of the system would follow the current SDLC process. Prior to the system being released to production, an approval package will be created to be sent to the DSO to have the Statement of Compliance signed. The package would consist of the following deliverables: • Statement of Sensitivity http://tcapps/Corp-Serv-Gen/5/forms-formulaires/download/09-0362_BI_PX • Security Concept of Operation http://mytc/rdims/6916198 pcdocs://RDIMS/6916198/R • Identity Assurance Level Requirements Worksheet http://mytc/rdims/9692825 pcdocs://RDIMS/9692825/R • Assessment of how the system meets the requirements in the SCMS SRTM • Information Technology Security Risk Assessment. http://mytc/rdims/4953512 • Results of appropriate security testing, including a Vulnerability Assessment performed by SSC for web based apps. • Statement of Compliance Letter for signature. http://mytc/rdims/14402727

Once the DSO has reviewed the package and signed the Statement of Compliance letter, the system would be ready for release to **production**


      1. For SCMS Systems rated Protected B:

Additional rigor is required around the development of Protected B system, so in addition to following the current TC SDLC process, Protected B systems will need to complete the current TC Security Assessment and Authorization (SA&A) process.

In addition to the deliverables required for Unclassified and Protected A systems, the following additional deliverables from the SA&A process are required for Protected B systems being on-boarded to the SCMS environment: • Completion of a Threat and Risk Assessment • Completion of a Safeguard Implementation Plan • Completion of appropriate security testing, including a Vulnerability Assessment performed by SSC for web based apps. • IT Security completing an Authority to Operate (ATO) with appropriate recommendations • Business signing as accepting the ATO

Please contact IT Security early on in the development process for Protected B systems to ascertain the details of the additional steps.

Prior to the system being released to production, an approval package will be created to be sent to the DSO to have the Statement of Compliance signed. The package would consist of the following: • Statement of Sensitivity • Security Concept of Operation • Identity Assurance Level Requirements Worksheet • Assessment of how the system meets the requirements in the SCMS SRTM • Information Technology Security Risk Assessment. • Results of appropriate security testing, including a Vulnerability Assessment performed by SSC for web based apps. • SA&A deliverables • Statement of Compliance Letter for signature.

Once the DSO has reviewed the package and signed the Statement of Compliance letter, the system would be ready for release to **production**