Concord

At Concord, we are committed to providing true leadership and wisdom in some core areas of Information Technology and Business Process. We like to differentiate ourselves from our Big 6 competition by delivering more than just "paperwork and assessments." We want to stick around for the delivery of complex program and enterprise initiatives.

Assurance

Internal Audit often needs support in order to provide the level of assurance your organization demands. Concord has the expertise to bring leadership and wisdom to your Internal Audit organization. We can do so by augmenting your team with subject matter expertise, conducting a quality review of your Internal Audit group, developing and implementing an Off Shore strategy, or helping with Tools Selection. Concord is also perfectly positioned to help you ramp up resources for the special project requests that come up throughout the year.

Compliance Management

Concord recognizes that while many of our clients are aware that they are subject to regulatory and compliance requirements, they don't necessarily feel they fully understand what applies to them or where to get started with compliance initiatives. Our Compliance Management service is intended to help our clients "know what they don't know" about themselves. These services can be useful either as a refresher or as a starting point for our clients who want to ensure they're addressing the "right" compliance issues; allowing you to properly sustain compliance programs over time.

This service is well suited for companies who: are required to conduct periodic assessments, may want to refresh a previous assessment, wish to develop a long term strategy, or want to support ongoing enterprise risk management. Specific areas of strength in compliance are:

• PCI (Payment Card Industry)
• HIPAA (Health Insurance Portability and Accountability Act)
• SOX (Sarbanes-Oxley)
• GLBA (Gramm Leach Bliley Act)
• NERC/FERC Critical Infrastructure Protection (North American Electric Reliability Corporation and Federal Energy Regulatory Commission)

All deliverables are designed to support a standardized, repeatable, and measureable process for assessing and validating compliance.

• Basic Compliance Services - The basic service is best characterized as an "assessment" service that conducts the initial information gathering and identifies potential high risk gaps in the security and compliance posture by assessing the "design effectiveness" of controls. The primary phases of the Basic service can include:
  • Awareness- Understanding the unique client environment and mapping their risks to the specific compliance requirements applicable to that environment.
  • Assessment- Conduct an assessment to identify both gaps and effective controls.
  • Strategy Roadmap- Develop a longer term strategy for establishing and sustaining compliance over time.
  • Presentation- Present the results in an actionable format so that they can be used to execute on the adopted strategy.

• Advanced Compliance Services - Advanced services are for our clients who have conducted an assessment and identified potential security & compliance risks but now need to validate that the risks actually exist and to what degree they exists. The assessment phase is a look at the "design effectiveness" and this is a look at the "operating effectiveness". The primary phases of the Advanced service can include:
• Validation Plan - A plan will be developed to establish validation objectives based upon the risks identified and/or the compliance requirements and guidance.
• Testing- Testing consists of both an automated and manual validation process that determines whether controls exist and are effectively addressing compliance requirements.
• Risk Consolidation- Findings will be consolidated, categorized, and mapped to key business objectives.
• Presentation- The final deliverable will be a report that includes a high level overview of the findings, their potential impact and consequences, and actionable recommendations on strategies to mitigate the risks.

Enterprise Integration

Concord, at its core, is committed to delivering to our clients the expertise that allows them to address their most complex Integration initiatives. Many of our core competencies in some way relate to the concept of Integration. Industry buzzwords like SOA, BPM, Middleware and Web Portals are just different ways of thinking about Integration. Master Data Management, Security, Performance, and Scalability are all issues that can only be addressed by high level Enterprise Architects that have a deep background in large scale Integration projects. Concord has these Enterprise Architects.

Concord is unique in the integration space because we don't sell software; yet we have the expertise to deal with most complex software integration initiatives. We employ a team of very high level Enterprise Architects who must be able to think in terms of Business Architecture, Software Architecture, AND Infrastructure Architecture. We work with your Business Owners and your IT Owners to ensure that complex integration projects are successful.

EAI, BPM and SOA

Leverage the Strengths of Your Whole Organization

Today's complex business processes rely on a complex web of enterprise applications and human actors that act on important business events. Many business processes include complex automated business logic processing coupled with human sign-offs, validations, and approvals. In addition, business managers need to gain a high degree of visibility into business processes to track and measure performance for improvements. Integration of long running processes that must keep track of state and involve human interaction can be automated through Stateful Process Orchestration tools following Concord's integration methodology for Business Process Management.

Concord recommends classic EAI solutions using proprietary messaging when:

• Investment in proprietary messaging is prohibitively expensive to replace with standards-based solutions.
• The business process runs for a short period of time.
• The business process involves not human activities.
• The business process is static at runtime.

In these cases Concord standard practice is to insulate proprietary messaging solutions with standards-based façades for new solutions. This approach both preserves investments in proprietary technology and extends the same resources as services for the enterprise systems to utilize.

Concord recommends BPM-focused solutions when:

• The business process involves long-running distributed transactions.
• The business process involves a mixture of automated application steps and human activities.
• Security is an issue and tasks should be only assigned to users of certain roles.
• The business process could change dynamically at runtime to anticipate unforeseen business events.

Concord architects usually define several classes of BPM services:

• Discrete integration services represent the lowest units defined by a task-based decomposition of the business process. They represent logical units of work in a business process such as a business task or a number of tightly integrated business tasks that are performed together. An example discrete integration service would be a lookup of an employee's address.
• Composite orchestration services are created by orchestrating a sequence of discrete services. Composite services represent entire business sub-processes and processes. An example composite integration service would be hiring of a new employee including system and human steps necessary to provision an employee id and access badges; setup payroll, direct deposit, and benefits; provision equipment (telephone, computer); provision network and VPN access, etc.
• Business rules-based decision services are created by delivering disjoint raw business data and correlating it to deliver meaningful decision making actions or executing the actions in an automated fashion.

The key goals of structuring the solution architecture in this manner are to:

• Enable the creation of a business-oriented technology infrastructure.
• Isolate the complexity of systems participating in enterprise integration by encapsulating their business logic.
• Facilitate incremental implementations of enterprise integration solutions by introducing a componentized service-based architecture.

Don't Forget Your People and Process When You Adopt SOA

Concord has successfully helped many clients transition from an EAI to an SOA enterprise application and integration paradigm. We have achieved repeated success by focusing on change SOA brings from a people and process standpoint, not only from the technology one. Our unique perspective is delivered by:

• Implementing SOA-conducive organizational structure
• Providing a focused yet phased approach for SOA adoption
• Infusing SOA in business processes
• Defining enterprise SOA enablement patterns
• Using and maximizing investments in existing enterprise asset portfolio whenever possible rather than introduce new assets

Please contact us to find out how we can help you achieve a high Return on Integration using Concord's experience and methodology and our partner's SOA enabled process orchestration tools.

ETL and Business Intelligence

Your Data is Your Enterprise, Use It

We build enterprise data stores with consistent and non-redundant data that can be used by multiple consumers. We optimize our data warehouses using both batch and real-time integration technology to provide the following benefits:

• A single source for business units to come for a cross functional/application view of corporate data.
• A single, consistent source for the enterprise-wide reporting.
• A standard data dictionary to align the definition, owners and nature of many corporate data elements.
• Reduced number of integration points across systems over time. This will reduce the effort to update integration points when upgrades/changes occur to source systems.
• A central source for reconciliation of corporate data.
• Reduced maintenance and support of multiple disjoint data stores.
• Ability to leverage the strength of various in-house tools for the purposes of data integration, consolidation, and aggregation.

In instance when immediate decision support feedback is required we build elegant real-time analytics solutions(e.g. Business Activity Monitoring and Complex Event Processing) that will enable you to:

• Operationalize business decisions.
• Harvest key technology asset metrics to efficiently tune your enterprise backbone.

Enterprise Architecture

Concord is an industry leader in Shared Services offerings in the areas of Enterprise Architecture, Enterprise Integration and Identity Management. Concord assists clients in bridging the gap between business strategy and C-Level vision on one side and the execution of Shared Enterprise Services on the other. Concord approaches projects from a value-oriented perspective, assessing organizational needs at multiple levels from a Business and a technology point of view. In these Shared Services spaces, C-Level buy-in is presumed; and assessing and fulfilling business goals are paramount to delivering successful projects.

Our focus is on delivering long-term value by creating standards-based solutions customized to meet your specific business goals. We work for you and with you, integrating your staff at every stage of the project to ensure a targeted solution that is part of your organization. We embrace the business side of the project and align IT priorities to the major value drivers – ultimately delivering solutions that benefit the whole organization. We stand by our work by accepting long-term responsibility for the systems we build, including support. The quality of our work is guaranteed by the high commitment and integrity of our consultants coupled with our strict process-oriented approach.

Make Wise and Informed Business Decisions

At Concord we help clients make the right decisions in each and every situation. Making the right decisions requires in depth understanding of our client's business, their goals and the technological solutions available. We understand that every client and situation is unique. Two clients with very similar needs might require two very different technology solutions and Concord takes particular care in weighing short term gains versus long term implications of each solution we propose. We want to ensure that each decision our client makes has the highest possible ROI while meeting their particular needs.

Create Strategic Alliances with the Business

Concord seeks to create a cohesive whole from the sum of business and technology parts. We strive to provide a strategic direction that's actionable through services that enable immediate business value and measurable return.

Enable IT Evolution

Stability, continuous functional alignment and predictability are three of the most important goals of a successful IT organization. Concord helps large and medium-sized businesses to define an IT management strategy that ensures the achievement of these ideals.

Address Key Pain Points

Concord SME's will assist with your specific pain points by asking and ultimately helping you answer the difficult questions with long reaching impact:

• What are our exact needs and what existing solutions meet those needs?
• What can we do to automate our business process and lower our labor costs?
• What alternatives exist allowing us to reduce our overall licensing costs?
• What technological solutions can we implement to better serve our customers?
• How can we better utilize our existing enterprise systems?
• Given our growing employee and customer base, what solution will be scalable enough to meet our needs long term?
• We have a very specific and unique business need, should we purchase an existing packaged solution or develop our own custom application?
• What solution can help us quickly capture a particular business opportunity gain us market share?
• What enterprise solutions can we implement to better support our business process?

Competency Centers

Retain and Grow Your Knowledge

Competency Centers are a powerful catalyst to enable enterprise integration. Concord has helped several Fortune 500 clients to structure their EAI, BPM, SOA, and IAM initiatives and centralize their technical delivery processes and project management integration expertise. We have developed a practical approach to integration that allows clients to build working centers that are actively involved in projects and elevate the integration maturity of the whole organization

Process Services

Find The Shortest Way to Where You Need To Be

Opaque home-grown business processes that develop naturally as the organization grows are often a hindrance to operational excellence. Concord has created an innovative methodology for business process analysis and innovation through technology. We offer a customized industry-specific approach for each client. The first step is to define the purpose of the analysis and set the scope of the engagement in the business context. Our experienced industry experts then create high-level process maps that clearly identify:

• Inputs and outputs
• Process owners and participants
• Customers and suppliers
• Benefits
• Detailed process steps
• Concise process narratives
• Actual and potential strengths
• Actual and potential weaknesses

Such a detailed analysis allows us to clearly identify process improvement delta's and tie them to specific Key Performance Indicators (KPI's) The KPI's that Concord develops are always well defined both semantically and quantitatively, and are tied to specific targets and measurement criteria.

We communicate our results through an effective communication strategy including:

• Seminars
• Project plans
• Change readiness reports
• Process context maps
• Process step maps
• Storyboards
• Role-centric activity diagrams
• Process value maps

The best part of working with Concord is that we do not only identify the end target and map out the route. Throughout integrated solution offerings, we also help you follow it and stand by you until you get to your destination.

Internal Audit Support

• Internal IT Audit Co-Sourcing - We know that it is not always practical for you to have full-time staff available to meet every peak and valley that internal audit demands. Concord will work closely with your organization to quickly source talent in a way that allows you to sustain headcount at flexible and appropriate levels. We have the expert technical and functional resources available to meet your needs. Our co-sourcing solutions allow your organization to obtain the appropriate resources quickly and professionally - and yet only when you need them.
• Internal Audit Review - Would your established Assurance organization like to have an independent review of the overall IT audit function? Reviews are helpful at providing management with a benchmark of: audit focus, audit coverage, technical capabilities and expertise, and comparisons to similarly sized companies within the industry. You can help management understand and prioritize the current or future IT audit plan and assess the current resource and skill levels necessary to be successful.
• Concord can also assist you with a readiness pre-review for a Quality Assessment Review (QAR) as directed by the Institute of Internal Auditors in standards 1300 and 1312. We can provide subject matter expertise to help prepare for the reviews and/or we can provide experienced staff support for the review itself. Key benefits of this service include:
• Speed - Gain time to remediate gaps and achieve conformance by identifying the issues early.
• Preparedness - Be prepared for the actual assessment by having the experience of working with Concord do the pre-assessment or a subset of it.
• Content - Materials can be prepared for the assessment.
• Developing Internal Audit Offshore - Concord can assist you with managing and improving existing offshore operations or help you assess the viability of building an internal audit function overseas. Concord has the subject matter expertise to not only assist with the development of the strategy but also with the implementation of the transition plan.
• Tool Selection for Internal Audit - Internal Audit organizations face significant challenges with automating auditing, managing large volumes of data, work papers, and evidence. Concord can assist your Internal Audit group in the evaluation and use of leading edge audit and risk management technologies to perform the work more effectively and efficiently.

Risk Management & Governance

Concord has the expertise to offer our clients strategic services around Risk Management and Risk Governance. While some vendors or solutions may be focused on a specific issue or divisions of your systems, Concord is capable of addressing your risks on an enterprise and global level.

Concord has four key offerings for our clients to deal with the challenges of Risk:

• Trusted Advisor (Virtual Chief Information Security Officer - CISO) - Concord can provide our clients with a dedicated security advisor that can help define and manage the security strategy for your company. While all companies need security governance over their IT operations, not all companies need a full time or permanent resource in that role. We can help your executive management better run your business by understanding which security related issues are most important. Finally, you can contain cost when managing the issues around Risk.
• Strategy Roadmaps for Information Security - Whether you have an existing security strategy that needs reviewing or need to develop a strategy from scratch, Concord has the ability to provide value by:
• Conducting a gap analysis to identify improvement opportunities in the security posture.
• Prioritizing initiatives to ensure a cost effective approach towards remediation, staff utilization, and solution development.
• Establishing a clear set of objectives and milestones for management.
• Developing a process to ensure you can effectively govern and sustain a reasonable level of assurance over time.
• Solution Identification & Deployment - On behalf of our clients, Concord will work with commercial vendors to evaluate products such as firewalls, databases, and network systems and components. When assessing security tools and vendors, you should not have to sit alone in the selection process. We have a good understanding of the capabilities and limitations of products, both in general and for specific products and their competitors. We offer our clients the benefits of our product experience through solution identification and deployment. We can:
• Benchmark the effectiveness of current technologies.
• Explore alternative solutions in each area.
• Develop a plan to address information security issues and concerns.
• Assist you with the integration of solutions.
• Security Policy and Procedures - Concord can help you define your organization's strategy or priorities with respect to security. We can help you establish security operating procedures to support the implementation of your security policy by providing detailed guidance for users and operators. Depending on the need, Concord offers varying levels of service:
• Enterprise Security Policies. These policies define enterprise wide requirements that will promote the highest level of sustainable compliance, confidentiality, integrity, availability, and connectivity of information resident on or communicated through the network systems. These policies identify security responsibilities of management, staff, and users of the IT environment system and established implementation requirements for all controls used.
• VCD Security Policy. The Virtual Data Center (VDC) environment requires a policy similar to the Enterprise Security Policy, but differs in that it defines issue-specific security policies such as vendors or service providers.
• Security Operating Procedures. These practices establish and force implementation of Security Policies. They promote the secure transmission, processing, storage, and destruction of information within your environment. Examples include password guidelines, configuration procedures, change management, and secure deployment and takedown.
• Secure Connection Memorandum. This can also be known as Memorandum of Understanding or Business Associate Agreement (BAA) for HIPAA. This memorandum documents an agreement between two entities with separate networks that will be connected together. The agreement defines a minimum set of requirements that must be established and maintained on both networks to ensure the secure processing, storage, and transmission of the information shared by the organizations.
• Network Security Device Policy and Procedures. These define the configuration, rule set, and procedures for use of protect and detect devices such as firewalls, IDS/IPS, and security monitoring tools in your organization.

Identity and Access Management

Concord realizes that existing static technology infrastructures and associated processes are ill suited for the proliferation of heterogeneous technology and human assets (internal and external) in an enterprise as well as their geographic diversity and global reach. The problem is even more severe when we consider the fact that Concord offers an end-to-end Identity and Access Management (IAM) solution toolkit that will enable your enterprise to:

• Provide a process model that will enable you to methodically track human assets in an enterprise from hire to termination
• Provide a technology model that will enable user characteristic definition (e.g. roles, rules, security groups)
• Provide an administrative model for managing users (e.g. user identity self self-service, delegated administration)

Through:

• Design and implementation of VPN and SSL architecture
• Architecture of global IAM infrastructure
• Architecture and design of enterprise directories, including meta-directories, virtual and federated directory and authentication/authorization directory
• Delegated administration models
• Implementation of user access provisioning capabilities
• Single and multi-domain single sing-on
• Comprehensive application and service integration with the IAM service bus including hub and spoke data syncs, virtual reference based federated id infrastructure, and authentication/authorization services.

Please contact us to find out how we can help you achieve a measurable operational return on IAM integration using Concord's experience and methodology and our partner's IAM tools.

Security

Successful enterprise initiatives are only possible when they are Secure and Auditable (SAA). Concord takes complex IT architecture to the next level by bringing our deep security, compliance, and audit knowledge to every engagement. From an SAA perspective, Concord emphasizes a structured CMM-based methodology and the use of domestic, international and internal standards. We offer comprehensive security consulting that match the specific and changing needs of our clients. We want you to feel comfortable with our ability to respect and maintain the confidentiality of your sensitive information. We have expertise in all areas of computer security - from networks to servers and workstations; from applications to infrastructure. Our experience includes: threat and risk assessment, evaluation, countermeasures, and configuration and administration.

And as you are navigating the overwhelming waters of compliance, we will help you demonstrate readiness to comply with the myriad of regulatory requirements. From HIPAA and GLBA, to SOX, PCI and NERC/FERC. Our primary objective is to establish well defined and repeatable processes that will provide sustainability over time.

Quality & Testing

Concord is one of the nation's premier software quality management firms specializing in Quality Assurance and Quality Control testing services. We perform various levels of testing activities for in-house software development projects as well as software package applications. Concord has a strong software QA practice with a large team. The team consists of seasoned QA professionals with proven expertise in software testing process improvements, manual testing, and test automation. A majority of our Test Consultants are Certified Quality Analysts (CQA), Certified Software Test Analysts (CSTE) or Certified Test Managers (CMT).

Assessments

A Senior Quality Assurance Lead will complete a 2-3 week assessment of current processes, standards, and testing artifacts. Upon completion, Concord provides a formal action plan to remediate action items discovered during assessment.

Quality Assurance

Concord delivers a testing process to build quality into an application, establish a testing organization, mentor the business on user acceptance testing, or implementing test tools. We specialize in various development methodologies such as:

• Agile/Iterative
• Incremental
• Waterfall

Quality Control

Independent testing of in-house and packaged software applications. Quality Control is designed to identify defects and ensure the functional correctness of a software application. Some examples of packaged software expertise are:

• SAP
• Oracle
• Trizetto
• Tibco
• JDEdwards
• Pega

We specialize in several stages of testing:

• Integration/System Testing
• Functional Testing
• Web based UI and Configuration Testing
• Regression Testing
• Package Testing
• User Acceptance Testing
• Conversion Testing
• Performance Testing

Test Automation

Implement an automation architecture and framework to support automated test management and test execution using a tool that best meets your needs. We have experienced resources that can effectively implement and utilize the following test tools:

Performance Testing

Testing of an application to provide a response that meets the users expectations of various transaction loads:

• Load Testing
• Volume Testing
• Peak Testing
• Stress Testing
• Performance Monitoring
• Compliance Testing

Onshore/Offshore Integration

Having trouble integrating your onshore/offshore model into your QA organization? We are experts in working with onshore/offshore test teams to ensure you obtain the efficiencies you are anticipating. Our model provides an onsite Test Lead as a liaison between IT or business organization and the onshore/offshore client Test Lead.

HomeShoring

This service is for clients that are lacking office space, want to save on commuting expenses, concerned about their budget, or want to outsource their testing to a local based onshore consulting company for a specified period of time.

System Benchmarking & Troubleshooting

Concord is proud to offer an industry leading system benchmarking service in conjunction with the opening of our Edina, MN based solution center.

We have built our solution center from scratch. We have equipped it with state of the art resources to facilitate ever-growing customer demand for:

• End-to-end system capacity planning and scaling
• Quantitative system impact definition as a result of user on-boarding, M&A, or new integration
• Distributed system performance measurements for bottleneck isolation
• Application performance testing and test harnessing
• System KPI and SLA measurement and definition

Support Service

Focus On Your Core Business While We Support Your Integration Backbone

In order to extract maximum value from IT solution companies need to optimize total cost of ownership. The major cost of any IT solution is maintenance. Concord Professional Services not only delivers successful projects, but can also assume the support burden. Concord builds effective support organizations and focuses on the everyday maintenance tasks. We let our clients retain involvement and control through efficient grovernance while reaping the benefits of the solution. We can absorb the existing support team or provide full resourcing. We help define and maintain custom service level agreements that meet the need of each client. We bring optimized processes, efficient governance structure, experienced people and predictable low pricing. Concord support brings the following benefits to your support organization:

• Process: low-risk transition, solid support methodology, strict quality control
• Governance: well-defined support organization structure, effective measurement and communication
• People: experienced team, excellent training and high retention rate
• Pricing: competitive pricing, periodic value reviews

We specialize in managing your IT risk from project definition and implementation, through support to solution retirement.

Systems & Architecture Security

To build a secure network, platform, or application solution you need an appropriate architecture design. The cost and effort of retrofitting security after implementation is often excessively high and misses the mark for compliance. Concord specializes in helping our clients design solutions that are sustainable and auditable by ensuring that the supporting business processes are aligned & designed into the technical solution.

• Security Architecture Review - An architecture and design review helps validate the security-related design features of the solution before starting the development or implementation phase. Concord will partner closely with you to address compliance requirements, accurately budget costs, and to identify and fix potential vulnerabilities before they can be exploited and before the fix requires a substantial reengineering effort. Concord works with you to design and implement secure architectures for both new and existing solutions. Concord solutions can address the breadth of security related architecture issues such as:
• Remote Access Solutions (VPN, End Point Security, Multi-Factor ID)
• Identity/Access Management
• Wireless Architecture and Security
• B2B Interconnections
• Perimeter or Tiered Security Solutions
• Detection, Monitoring, and Response Solutions (IDS, IPS, Scanning)
Vulnerability Scan & Assessment(Internal and External) - Whether your objective is to detect existing vulnerabilities, to anticipate and prevent common vulnerabilities, or to demonstrate compliance to auditors, certifiers or regulators Concord works with you to develop solutions that fit. Concord's approach to scanning goes beyond that of most providers by providing not just an analysis of vulnerabilities but also a threat path mapping by which vulnerabilities can be exploited, thus going beyond today's common practice of just providing reports that show “inferred” vulnerabilities. This mapping enables you to make the best decisions about how to quickly prioritize remediation efforts and that saves time and money.
• Secure Host Hardening - Due to default vendor configurations, changes made over time, or neglect most operating systems are not secure. Concord has the experienced professionals to work closely with you to help identify and prioritize the hardening of key systems. Concord's host hardening service involves a security engineer systematically walking through the installed operating system (OS) and "locking down" or disabling specific services that are not required or have been compromised in the past. By performing these steps, the risk of compromise for the machine will be greatly diminished. Because every system is unique in some way, each has its own unique security settings that need to be tested before implementation.
• Security Training - One of the most effective methods of ensuring security and compliance is by making sure there is an appropriate level of awareness about the risk your company needs to manage. While Concord's approach is to share knowledge with our clients during the delivery of solutions, there are also times when more formal and structured training is desired. Concord will work closely with you to design and conduct periodic and targeted training sessions that are customized to the needs of the business. Our training solutions can be customized for you in the areas of compliance, security, and risk management.