Need a fully-managed, measurable programme of security capability improvement?

Contact us

Overview

In product delivery, the scope of some technical capabilities must be coordinated across all Product Teams. The Technology Community Of Practice is the group that coordinates these capabilities. The responsibility of the Technology Community Of Practice is to inform Product Teams and the wider Product Delivery Organisation, through both knowledge and data, to improve decision-making at all levels.

The above diagram shows how the Technology Community Of Practice informs Product Teams and the wider Product Delivery Organisation.

The Technology Community Of Practice has representation from all Product Teams with distinct requirements. This could be across technologies (web, mobile, etc.), lines of business, or any other distinction that makes sense for your Product Delivery Organisation. Whether participation is a part of certain roles, or it’s by interest in the educational and data analysis responsibilities of the group, is left for the Product Delivery Organisation to decide.

If you have people in specialist security roles within your Organisation then the Technology Community Of Practice is the place for them to get involved and use their expertise to help to improve the understanding and measuring of security in product delivery.

Having no decision-making power over Product Teams, or any other group in the Product Delivery Organisation, the Technology Community Of Practice has no accountability assigned to it in this framework.

Continuous Improvement

A goal of this framework is for the desired outcomes to be emergent from simple, repeatable processes that can self-correct and adapt quickly to changes in the business environment of the Organisation. To achieve this, it requires the Technology Community Of Practice to manage one continuous improvement cycle.

Understanding Improvement Cycle

The goal of the Technology Community Of Practice is to take a data-driven approach to improve how knowledge and data are presented to Product Teams and the wider Product Delivery Organisation. The outcome it’s creating is that the Alignment Gap between the Agreed Ways Of Working and how teams and people are actually working is as small as possible and that all Products are meeting the requirements of their Product Security Levels.

The above cycle diagram shows how the Technology Community Of Practice maintains Product Security Knowledge and a Product Security Insights containing information and data gathered from across Product Teams and the Product Delivery Organisation. The aim of this is to improve decision-making by Product Teams and the Product Delivery Organisation. This improvement is measured by the measurements of Agreed Ways Of Working and Product Security Levels which inform and support improvements to Product Security Knowledge.

For example, if Measurements of Agreed Ways Of Working show that Product Teams are struggling with Product Data Classification and aren’t all maintaining a Product Data Catalog as part of their Product Inventory then the Technology Community Of Practice improves Product Security Knowledge together with data provided through Product Security Insights. This improves understanding and drives better adoption of Product Data Catalogs by all Product Teams, reflected in the measurements of Agreed Ways Of Working.

Use the navigation links on the left to explore the individual policy objectives for the Technology Community Of Practice, grouped by the artefacts it maintains.

Policy Viewer

Resource Objectives (3)

Group Objectives (18)