IS&S Playbook

playbook coverCreating an Information Sharing and Safeguarding (IS&S) Environment is a challenging task, but there are many resources, lessons learned, and best practices from past projects.


attention buttonBefore diving in to the plays, read the IS&S Environment Playbook Principles that guided the development of this resource.


The IS&S Playbook was developed by the IJIS Institute for the Standards Coordinating Council using the U.S. Digital Services Playbook as the foundational framework. This is a work in progress and user feedback is always welcome. We are especially interested in hearing from the community of interest about additional resources for the plays. Please contact us online or email info@standardscoordination.org.


The first step in Information Sharing and Safeguarding (IS&S) Environment projects is exploring and pinpointing the needs of the people who will use the service, and the ways the IS&S Environment will allow them to fulfill their missions. The needs of people and their organizational missions — not constraints of government processes or legacy systems — should inform technical and design decisions. Part of this step is to establish the collaboration environment where the stakeholders agree to work together to create a useful and effective sharing environment. Desired Outcome: Representatives of stakeholder organizations approve the written definition of requirements to be met by implementing an information sharing environment. 
See more...
Putting in place a governance process where all stakeholders believe they are represented in the making of policy decisions is the fastest way to get complete acceptance and support for an Information Sharing and Safeguarding (IS&S) Environment. A governance body can be created by executive order, legislative action, or by a consensus of leadership from sponsors or leading actors in the IS&S Environment. Essential to success is the formal assignment of responsibility to the individuals who are selected to represent the participating organizations. Governance bodies need a charter to define both the boundaries of their responsibility and authority and the processes for making decisions that affect all participants. Such a body is essential during early policy discussions on issues such as privacy, selection of standards, responsibilities for implementation, and other critical decisions shaping the IS&S Environment. The governance body will remain in place and active for the duration of the IS&S Environment lifecycle. Desired Outcome: Representatives of relevant stakeholder organizations are appointed to a governance body authorized and empowered to proceed to implement an information sharing environment.  
See more...
It is important to understand how users and stakeholders will interact with the IS&S Environment and by what means. The vision of how the IS&S Environment will operate must be tied to direct improvements in mission effectiveness. Think of the IS&S Environment as an information highway – the user organizations need a roadmap to identify on ramps, define the rules of the road for managing traffic interactions, and show the off ramps for delivering information. Desired Outcome: Governance body adopts a written concept of operations on behalf of all stakeholder organizations.
See more...
It is important to identify the sponsors who support the IS&S Environment’s mission-critical endeavor and are willing to provide support, resources, and funding to enable capabilities and showcase the project value. It is helpful to engage these key sponsors in a collaborative process to develop a funding strategy built on a strong and well-defined business case that demonstrates the mission problem an IS&S Environment will solve.  Desired Outcome: A satisfactory business case is defined and one or more legislative or executive organizations agrees to sponsor the initial work to move the project forward.
See more...
Defining Information Sharing and Safeguarding (IS&S) Environment capabilities shouldn’t be confusing or daunting – capabilities should be simple and intuitive with the goal of enabling users to support their mission and overcome obstacles. Technical capabilities identified, if already developed/implemented by other communities, should be evaluated and reused when applicable. Where possible, leverage existing investments with proven track records of success and documented lessons learned in developing the IS&S Environment’s capabilities. Desired Outcome: Governance body agrees on the determination of technology and human resources and processes that must be developed in order to succeed in implementing an IS&S Environment.
See more...
Early in the process, identify applicable Information Sharing and Safeguarding (IS&S) standards. IS&S standards were created to provide a common approach to sharing electronic information among tribal, territorial, local, state, and Federal organizations. Standards help define business processes, provide a common framework, platform, and language to exchange information, and assist with security and privacy. The governance body must be actively engaged in the identification and the application of these standards especially in the context of the policy including privacy concerns.  Desired Outcome: Governance body adopts a policy specifying the standards to be used in IS&S Environment implementation.
See more...
The IS&S Environment is not just about data or systems, but the fundamental purpose of an IS&S Environment has to do with collecting, analyzing, and disseminating data and doing so across jurisdictional and disciplinary boundaries. As a result, a strong policy dealing with the issues of data management is important. This is a topic best dealt with by the governance body, with input from all stakeholders.  Desired Outcome: A data management policy is adopted by the governance body and communicated to all stakeholder organizations.
See more...
Building an Information Sharing and Safeguarding (IS&S) Environment is a team effort. Sponsoring organizations have to assemble a team of strong players who can handle all of the disparate tasks involved. A single project manager (PM) is essential, with the authority to make critical decisions on behalf of the governance body. The build or buy decisions will be made in this play, and plans will be developed for the acquisition of in-house talent or contractor services to ensure that all facets of building the IS&S Environment are being handled by experienced and knowledgeable team players. Contracting officers must understand how to evaluate third-party technical competency so in-house teams can be paired with contractors who are good at both building and delivering effective IS&S Environment capabilities. A procurement strategy in keeping with applicable regulatory provisions is essential. Ways to accelerate and establish agility in procurement actions are applicable at this point.   Desired Outcome: Project manager is on board and key leaders are identified and available for service.
See more...
Every Information Sharing and Safeguarding (IS&S) Environment project is likely to need some form of procurement to acquire resources, even those being built in house. To improve the chances of success when contracting out development activities, acquiring resources, or acquiring items in the technology stack, we need to work with experienced budgeting and contracting officers. In cases where third parties are used to help build a service or supplement an in-house team, a well-defined contract can facilitate good development practices. Examples of outsourced services can include conducting research, prototyping, refining product requirements, evaluating open source alternatives, testing, and certification. Strong procurement support allows the flexibility to consider alternative solutions such as cloud computing, storage, and design services. Desired Outcome: Internal staff are on board and contracts are in place with all suppliers required to achieve implementation.
See more...
A milestone-based development plan with short-term measurement of progress and periodic revisiting of objectives related to the end game is essential to eventual success. Today’s advanced methodologies call for iterative development and constant user feedback. An incremental, fast-paced style of software development with close collaboration between technologists and practitioners helps reduce the risk of failure and gets working software into users’ hands as early as possible to give the design and development team opportunities to adjust based on user feedback about the service. Breaking down the total Information Sharing and Safeguarding (IS&S) Environment development into subtasks so that each can be monitored and explained to management and the governance body is an important contribution to the likelihood of overall success. Desired Outcome: A milestone-based project plan is in place and is used to monitor and manage implementation through initial installation and system testing.
See more...
Today, government agencies, solution providers, and open standards organizations are developing standards and solutions that automate testing that verifies conformance to standards. Testing for code development can be done in-house but testing for conformance to the standards can be very challenging because the standards don’t come with the detailed conformance criteria or how-to adoption guidance. Demonstrating conformance to the implemented standards is important, and while manual tests and quality assurance are still necessary, automated tests provide consistent and reliable protection against unintentional regressions, and make it possible for developers to confidently release frequent updates. Desired Outcome: Automated testing of systems against requirements and conformance to standards is in place and used to test various component systems as a part of the IS&S Environment.
See more...
After the development and testing are done, it is time to begin operations. The Information Sharing and Safeguarding (IS&S) Environment should be deployed on flexible infrastructure, where resources can be provisioned in real time to meet identified user requirements and user demand. Going live is more than simply flipping the on switch – it involves user acceptance testing as a proof point for identified user requirements, organizing all the stakeholders for the transition, and training users on the new IS&S Environment. Desired Outcome: Component systems required to implement the IS&S Environment are in place, tested, and user training has been completed so that the system is ready for operation.
See more...
At every stage of a project, teams should measure how well service components are working for users. At the point of going live, it is critical to have in place the methodology for measuring outcomes and the evaluation plan to provide feedback to the sponsors and stakeholders on initial performance. The measurement methodology and the evaluation plan should both be in accordance with the metrics chosen to describe the outcome of the work but also on improvements required after going live. Reporting the impact should never shy away from failures as they can be valuable learning experiences. The performance measurement process should also serve to identify fixes and improvements and prioritize them based on user needs and input. Along with monitoring tools, a feedback mechanism should be in place for people to report issues directly. Desired Outcome: A measurement system is in place to report output and outcomes of system implementation and reports have been issued for initial system operation.
See more...
Every Information Sharing and Safeguarding (IS&S) Environment project offers value for all the projects that come after it. As members of the greater community of interest, sharing our IS&S Environment successes and failures is critical to the success of the information sharing and safeguarding mission. Not only will contributing your project information help others build IS&S Environment capabilities, but as you become more familiar with the community and the resources it includes, it will improve your chances of success in your next IS&S Environment endeavor! Desired Outcome: Reports covering system implementation and outcome measures have been posted to appropriate websites and portals and announced organizations that may be interested in project outcomes.
See more...
Consider the ways in which the public might be interested in seeing data so that the work of criminal justice, public safety, and homeland security agencies is as transparent as possible. When we collaborate in the open and publish relevant data publicly and with respect to security and privacy guidelines and best practices, we can work towards mission success together. By building services more openly and publishing open data, we simplify the public’s access to government services and information, allow the public to contribute easily, and enable reuse by entrepreneurs, nonprofits, other agencies, and the public.  Desired Outcome: Anonymized data sets are posted to an open data portal to make information available to the public for research and innovation purposes. 
See more...
In an earlier play we discussed how challenging a task it can be to fund an Information Sharing and Safeguarding (IS&S) Environment. The goal for any project should be the long-term sustainability of the systems to meet the mission-critical needs of the agencies. To do this we can break the overall project into logical pieces or phases so that funding can be obtained across a longer period of time. Plans for IS&S Environment’s development and the technology stack must be scalable to meet any identified future phases. As the capabilities in the IS&S Environment are enabled, there will also be changes in user needs, corrective actions, and enhancements that will arise, and there should be a plan in place to not only sustain the project funding but also to keep the IS&S Environment meeting the needs of its end users. Desired Outcome: Line item budget or other ongoing means for sustaining operations have been adopted by legislative or executive bodies.
See more...