Please login or join to subscribe to this thread
Projects involving sensitive data tend to come with significant overhead to protect it.
It can be very difficult to hire enough employees with the appropriate classifications, so work might have to be broken down into tasks where most workers don't even know what they're working on. That means they have limited ability to spot errors as they simply follow instructions.
Various types of electronic and physical controls become required. Special computing systems may be required and there can be significant expense to duplicate existing data sources in the restricted systems. Special rooms may be required for meetings with no external walls, no personal electronics required, secured doors, and all electronics like video projectors checked by security.
To mitigate all that extra cost, there can be significant effort on reviewing all the information to limit how much of it is actually restricted and requires the additional security, vs. what is not restricted and can be dealt with using less secure means. Meetings can require everyone without a clearance leaving the room at some points, and other measures to ensure that not everything requires the highest levels of information protection.
How projects get managed needs to be tailored to the specific context of a project or the environment in which it is being managed.
In your example, activities such as planning project communications, establishing configuration management, developing team working agreements, defining the terms and conditions of contracts with third parties will be affected along with many others. Greater emphasis will be place on certain requirements and activities whereas some others may simply not be possible in the same manner as we would see on projects where such restrictions do not exist.
But the essence of project management in terms of the principles followed should not change.
Nothing different than from other projects in the field. Just to comment I am working inside a company (and I worked in others before) where information about projects/program are confidential. Why? Because project are a sign of the strategy organizations will use to be competitive.
The tools we use to identify, analyze and engage with stakeholders will remain consistent, but the specific tactics we would be using for communicating or involving them will vary depending on the level of trust which we have in the stakeholder.
So again, it is not so much of a change in the "what" but rather in the "how" to address the need for heightened security.
To amplify on Keith's comments, don't be surprised if security clearances take a long time. As well, it may limit your pool of resources to those who are citizens or permanent residents.
For my current project, I cannot expect a security clearance on anyone who resided in Canada for less than five years to take less than six months.
Hiring can also be difficult if candidates have to obtain an original proof of their education. A friend of mine had to give up because of the difficulty in getting a copy of his degree obtained in Bahrain.
Kiron made a good point
Please login or join to reply