Healthy Body Wellness Center
Business Requirements Document
Healthy Body Wellness Center/Initiative
Computer Sciences and Information Technology
Version 1.00
Company Information
1 Document Revisions (Not required for performance assessment)
Date Version Number Document Changes
03/17/2020 0.1 Initial Draft
2 Approvals (Not required for performance assessment)
Role Name Title Signature Date
Project Sponsor
Business Owner
Project Manager
System Architect
Development Lead
User Experience Lead
Quality Lead
Content Lead
3 Introduction
3.1 Project Summary
3.1.1 Objectives
To integrate the new technology that will accept the new requirements proposed by the Healthy Body Wellness Center (HBWC)
To investigate and analyze the proposed systems in terms of accommodating new features
To analyze and evaluate the new requirements of the (HBWC) and include the Small Hospital Grant Tracking System (SHGTS) as well as the Office Grants Giveaway (OGG).
To propose measures of enhancing the security of the systems of HBWC by introducing the security apparatus and vulnerability assessment.
3.1.2 Background
HBWC is a body entitled in promoting the medical research including the sharing of critical information among the healthcare professionals and practitioners. The HBWC has a good working relationship with OGG office which deals with the provision of grants. Like any other organization the OGG has implemented the use of Microsoft Access database for storage and sharing of information to the intended people. The assessment report that was presented indicated several other vulnerabilities that pose the security risks to the company. The recommendations were provided on how to strengthen the security of the system. HBWC has also grown and expanded to accommodate more users especially in the remote locations. The body is also looking forward for expansion and therefore there is need of involvement of scalability factors.
3.1.3 Business Drivers
The business drivers for the integration of the new features include the new technological developments such as cloud computing. The cloud computing technology has challenged the body on how it should conduct its business. The incorporation of new technology is a factor that will determine the future growth and its effectiveness in the competitive market. The body is also in the verge of expanding to accommodate several users to enhance the delivery of services. The urge has prompted the organization to look for other possible ways such as expanding the databases and the introduction of the new servers and other technologies. The current technology of operation is risky and can expose the organization to attacks. Therefore HBWC is focusing on the integration of the features to satisfy the stakeholders such as OGG and increase transparency as well as accountability in the delivery of services.
The Healthy Body Wellness Center (HBWC) is engaged in promoting, evaluating and sharing information among the healthcare professionals. It requires Information Security Management System (ISMS) with core consideration of implementing a plan to audit and maintain the information system security objectives of company. The Office of Grants Giveaway (OGG) of company tend to provide for the medical grants distribution. The objective of OGG is to offer the potential methodology that tend to promote the usefulness of and improvements in quality of medical grants. A Microsoft Access database also referred to Small Hospital Tracking System (SHGTS) is used by OGG for the efficient management of medical grand distribution. A risk assessment of SHGTS was conducted for the purpose of establishing the baseline of potential threats and evaluating the vulnerabilities. The reason of shifting the business model to new system is because the existing system i.e. SHGTS does not give or receive required data from and to any other major application and it does not contain any proprietary data or privacy act information in its tables. Also, the HBWC would not be precluded from accomplish core objectives of business from short term to long term in case of the failure of SHGTS.
3.2 Project Scope
The project would help in creating the new web-based database and portal in order to replace the SGHTS system and to improve the quality and worth of the hospital services. With the use of the new system, the employees and customers of the hospital would be able to access to data as required. The new system would help HBWC to secure the remote access of employee, ACH data transmission, patient data as well as NPI to the required level and extranet connections of third party to SaaS provider as a cloud based grant tracking system to Office of Grants Giveaway (OGG).
3.2.1 In-Scope Functionality
The in-scope functionality entails the implementation of the new features new security apparatus. The other issues include the briefings of the progress of the project and communication process. The other important elements involve the training of the staff on how to use the new requirements of the proposed system. The training of the staff could take more time due to several processes involved in learning the new skills while the acquisition of the resources and equipment may take lesser period of time.
3.2.2 Out-of-Scope Functionality
In the process of project implementation, there are some activities that may take longer period of time. The functionalities include the design of the new databases and the servers of the system and the integration of network components. The processes fall in the implementation stage which constitutes of the critical features of the project. The process of outsourcing of IT experts or resources may also take a longer period of time.
3.3 System Perspective
With regard to develop the cloud-based grant tracking system, a The Healthy Body Wellness Center (HBWC) would confront with certain risk and benefits. The new system would be proven to help company in efficient management of all requirements throughout the grant lifecycle. The development of cloud based grant tracking system would enables the increased storage and operational flexibility.
All data transferred from this SGHTS system has not lost its integrity and should be properly transferred to the new data. The Portal square measure absolutely created and thus the multiple data-bases area unit organized properly to act with it. to boot, the analysis data has not been tampered with by any suspicious actors.
In contradiction to benefits, the company would face some challenges in terms of time line for Portal as well as databases design and implementation. Furthermore, the healthcare provider would gave to ensure that the individual comes up to speed with how to work efficiently on cloud and there is a less likelihood that the NIH and hospital stakeholders agrees to change processes.
Taking into consideration the risk of developing a SaaS as a cloud-based grant tracking system, the migration requirement of the SGHTS to the cloud-based tracking system to run a parallel system is expected to lead to process confusion. This is mainly due to the difficulties faced by the users to view the change in trends in more than one system. Secondly, the change in the system visualization i.e. change in functions, capability, and infrastructure in the new version as compared to old ones might result in improper and inaccurate outcomes. The shift to cloud-computing might result in the accidental deletion of the organizational data either by the CSP or a physical disaster like earthquake or fire which leads to permanent data loss. (Morrow, 2018)
On the other hand, the requirement of low-cost for the easy implementation of SaaS products, there is a probability of increased unauthorized use of cloud services which results in the loss of control over data and decline in the visibility of the organizational process (Moon, 2015).
3.3.1 Assumptions
The assumptions include, the designed system will have a capability of responding to the emerging security issues. The project will be implemented and closed within the stipulated timeline. The resources allocated for the project will drive the project to the completion stage. The workers are required to have the background knowledge of the new developments.
3.3.2 Constraints
The constraints in the resources that will be used in financing the project are a factor that should be of significant concern. The other constraints include the skills and other expertise that are needed for successful implementation of the project. The other issues include the time constraint or the project timeline. Timeline is an important element in the project and due to several factors involved there is a likelihood of a constraint
3.3.3 Risks
The risks involved in the project include the security issues that might compromise the implementation as well as the other activities after the completion process. The other risk entails the incompatibility of some devices and features during the integration process. The risks of database not accepting some of the requirements of the body among others
3.3.4 Issues
There are several issues involved in the integration of the new technologies. The issues include financial issues such as scarcity of the resources. The others are the technological issues such as incompatibility of the databases and other software or hardware. The issue of training of the staff might be a lengthy process and may consume a huge amount of resources.
4 Business Process Overview
4.1 Current Business Process (As-Is)
Figure 1 Current Business Process
The grant money would be distributed from NIH to OGG (Office of Grants Giveaway) and entered manually into the database of SGHTS. An Assessment application of grant is completed by the qualifying hospital and the research database is updated with the information of hospitals. Additionally, the executives of OGG prepares the weekly grand status report and goes in the SGHTS database as well as assign the funds of grants to the particular hospitals. A mailing technique is used to send the paper check to hospitals. The remaining money is returned to OGG after 30 days and the updated status is updated in the SGHTS database.
After the hiring of an employee within an organization, the personally identifiable information (PII) data which includes phone number, emergency contact, home address, salaries, and social security numbers are incorporated into the database of QuickBooks. On each Friday of the week, the paper check is created and left with the office manager or mailed to the home address of employees.
4.2 Proposed Business Process (To-Be)
Figure 2 Proposed Business Process
Grant money is assigned to the OGG from bureau. the workers of OGG logs into portals and incorporate data; the new SGHTS information is updated automatically. Hospitals log on to the OGG information processing system and completes a grant analysis application and analysis data is automatically updated. Funds area unit money transferred to the revered hospital. once thirty days the remaining money is came back to the OGG geographic point and thus the updated standing is updated on the portal.
After the hiring of an employee within an organization, the personally identifiable information (PII) data which includes phone number, emergency contact, home address, salaries, and social security numbers are incorporated into secure web portal provided by APD by HBWC human resources department. employees are paid by every Friday by APD. audit will be applied for all payroll and benefits on the APD web portal monthly.
5 Business Requirements
The requirements in this document are prioritized as follows:
Value Rating Description
1 Critical Document Revision is censorious for the project’s success making it impossible to be completed by neglecting this requirement.
2 High Approval from the business management is the key priority for the project implementation. But, the implementation of the project is possible at a bare minimum by neglecting this requirement.
3 Medium The project overview is considered somewhat important, as it tend to provide the organization with value information, but the project can be proceeded by neglecting this requirement.
4 Low The overview of business process is considered as a low priority requirement, or a “nice to have” feature, depending on the availability of time and resources.
5 Future This requirement is primarily not a basic requirement to taken under consideration. Therefore, it has been included here for a possible release in future.
5.1 Functional Requirements
Req# Priority Description Rationale Use Case Reference Impacted Stakeholders
General / Base Functionality
FR-G-001 1 Purchase a SaaS service from a cloud provider. The SaaS platform will host the research database, the new SGHTS database and a web server with a fully interactive portal for customers and employees. The company plans for the purpose of upgrading the research database as well as developing SaaS as a cloud-based grant tracking system. OGG executives
Financial officer
Database Administrators
FR-G-002 1 Obtain a contract with APD for the management of the employee wages and benefits package. All wages and benefits will be managed by an external entity for accuracy and efficiency. HBWC is contemplated to update the employee benefit as well as payroll management with a use of the outsourced partner including PeopleSoft, ADP and Workday. Financial Officer
Human Resources
Security Requirements
FR-S-001 1 Portal and databases user access level shall be restricted using least privilege and separation of duties concepts.
The workers of the company would only be given access to the resources and information that are necessarily required for the legitimate purpose (LaPedis, 2015).
A requirements are also collected by HBWC for the web-based and new portal for use by researchers who tend to receive grant funds. Such application tend to contains nonpublic information and patient sensitive information that need to be protected adequately during transmission, storage as well as processing. The staff of HBWC with the appropriate privileged access would manage the access to this resource.
Workers of organization
FR-S-002 1 All historical data will be transferred by hand to ensure the integrity of the data. With the use of the data validation rules, the data integrity could be ensured by administrators through restricting and controlling the values that users could enter into the system. This tend to prevent the accidental data modification, providing better quality and additional security which automatically leads to accurate data analytics (Williams, 2018).
The manual inspection of the invoices for the information related to receipt could be used to ensure the data integrity. Data entry clerk or operator
FR-S-003 1 After all financial data has been transferred to ADP all historical paper copies shall be maintained for 7 years. With the transference of financial data to the outsourced party, it could be possible for the company to maintain the copies of historical data for 7 years. The company intended to use the outsource provider for the maintenance of the historical paper copies for the time period of seven years.
ADP – outsourced provider
Reporting Requirements
FR-R-001 2 After the respected hospitals are have applied for the grant, the hospitals will be given a read only account to be able to see their account information. It would provide patients to access the information related to the treatments performed in the hospital i.e. based on the use of e-record service i.e. the provision of a read-only account (Margunn Aanestad, 2017)
It would provide with the access and the ability for the key field update related to the information regarding the assigned grant.
Patients
Employees
FR-R-002 2 Need to know employees from NIH will get a read only account to the portal to track specific grant information. The provision of read only account to the NIH employees is required for data exchange on multiple sites in order to process the grants.
The access to provide to the NIH employees is considered important to share the data among the HWBC, hospitals and NIH through internet.
NIH employees
Health management
FR-R-002 3 Respected Hospitals and NIH will be notified on the movement on grant funds based on requirements. The notification of the grant fund is to notify each applicant and make the management and delivery of the grant fund easy.
It is considered important for the initial delivery of grant funds across the different facilities of the hospital.
Hospitals
Management
Audit Requirements
FR-A-001 1 After all data has been transferred from the research database and the SGHTS data base an audit will take place for accuracy and integrity of the data. The integrity of data is highly essential as when the data integrity is secure, the information stored in database would remain reliable, accurate and complete. The web based services and web server lacks auditing, accountability and cryptographic controls. Investors
Management
FR-A-001 1 After all financial data has been transferred an audit will be conducted for accuracy. The audit of the financial data is required to catch internal wrongdoings and costly mistakes during the development of new database. The security audit is required to ensure that how well it conforms to the criteria. Audit engagement partner
Controller or CFO
5.2 Nonfunctional Requirements
ID Requirement
NFR-001 SaaS container space need to be expandable as needed.
NFR-002 All employees will receive training before being granted access to portal.
6 Appendices (Not required for performance assessment)
6.1 List of Acronyms
SBWC – Healthy Body Wellness Center
SaaS – Software as a service
CSP – Cloud service provider
NIS – National Institution of Health
OGG – Office of Grants Giveaway
SHGTS – Small Hospital Tracking System
6.2 References
1 LaPedis, R. (2015, May 15). What are Separation of Duties and Least Privilege?
2 Margunn Aanestad, M. G. (2017). Information Infrastructures within European Health Care: Working with the Installed Base . Cham: Springer Nature.
3 Moon, M. (2015, August 27). Benefits and risks to upgrades and migrations.
4 Morrow, T. (2018). 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud. SEI BLOG. Retrieved from https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-to-the-cloud.html
5 Williams, J. (2018, July 20). 7 Steps to Improve Data Integrity.