Conduct discovery
Identify business-critical applications
Identifying key applications early helps you identify important contacts to make, helps define success metrics, and helps early prioritization. Your business may have thousands of applications, but can you identify a few key applications to benchmark progress and priority?
For large enterprises, you can import everything, but that additional information can be collected in parallel to help prioritize work and measure success. This should not be a blocker or delay, it can be done in parallel in the planning and implementation phases.
Confirm internal points of contact and roles
To successfully implement Snyk, you must identify the skills needed and the stakeholders who will be involved. For example, you will want to start to identify people who can:
Create the necessary single-sign-on (SSO) connections.
Generate tokens with the necessary permissions for Git repositories and other integrations being considered.
Identify stakeholders with a RACI matrix
In smaller organizations where a few individuals may have the necessary access, involving the stakeholders can be quick and easy. You can use a RACI matrix to determine who is:
Responsible: the person ultimately accountable for carrying out the task or deliverable
Accountable: the approver who must sign off on work before it is considered complete
Consulted: those whose opinions are sought, two-way communication
Informed: kept up-to-date on progress, one-way communication
For large enterprises, the following RACI matrix is useful to clearly define roles and responsibilities during rollout:
Onboarding
Responsible
Responsible
Responsible
Responsible
SSO setup
Responsible
Accountable
Responsible
Responsible
Admin training
Accountable
Responsible
Consulted
Responsible
Security training
Responsible
Consulted
Accountable
Responsible
DevOps training
Responsible
Consulted
Consulted
Accountable
Source Control, IDE, pipeline setup
Responsible
Responsible
Responsible
Accountable
Policy management
Responsible
Responsible
Responsible
Accountable
Security triage
Responsible
Consulted
Accountable
Consulted
This ensures all stakeholders are engaged in suitable capacities without duplicated or neglected efforts. Following the matrix enables smooth collaboration, with individuals contributing specialized skills within their designated areas.
The clear delineation of duties promotes productivity, efficiency, and accountability. Overall, the RACI framework is an effective method for orchestrating a structured, well-coordinated onboarding process, resulting in the successful implementation of Snyk.
Last updated