SSP Branching / Draft Risk Solutions
Problem
Currently, Paramify allows us to work with multiple versions. A difficulty with the current capability is that there is no way to merge changes that occur in two versions to make a third. A use case that requires changes to multiple versions simultaneously:
- CSP begins annual assessment, and makes changes to the SSP based on 3PAO feedback
- CSP continues to iterate and build new capabilities/infrastructure in an R&D mode
- Original SSP takes final shape with changes from the annual assessment, but the new/R&D version of the SSP would need to get those updates too
Solution 1
Given that significant changes can take a long time, a branching feature like git could help us work on the docs, diagrams, etc., without modifying the current SSP.
When the changes have been accepted by the PMO/Customer, we could merge this branch into the SSP and bump the version.
With a larger CSP or technical environment, I imagine that this need would be more acute, with multiple teams working in different branches.
Solution 2
An alternative approach seems a bit simpler:
Devise a way to create RS (with control mapping functionality as currently exists) with some status like DRAFT that would exclude it from SSP publications.
This way, we could simply work with new RS and publish them when the significant changes have been accepted.
Please sign in to leave a comment.
Comments
0 comments