Do you need customer support or technical assistance? Click here to submit a support ticket...

TOPIC: Legal requirements such as Sarbanes oxley

Legal requirements such as Sarbanes oxley 5 months 2 weeks ago #17774

  • Rick Schleicher
  • Rick Schleicher's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 6
  • Thank you received: 0
Hello all,

Let's say i'm in executing and a SO report comes into the org that says we must implement NIST Cybersecurity requirements.

Question is what should the PM do next? (yes this was a recent sample test question)
1. Tell the team to implement the requirements b/c it's a legal requirement?
2. Submit a change request through the PICC process?

Reason I ask is this, I was told recently that since it's a legal requirement, you don't have a choice but to comply. While I agree with that statement, shouldn't the CCB have say in the matter, since they might choose to deny the CR and terminate the project?

Seems like in the PMI world, you don't do much unless it is either to the plan or approved to change the plan

Am I off base here?
Thanks, Rick

Legal requirements such as Sarbanes oxley 5 months 2 weeks ago #17775

  • Donald Terry, PMP, PMI-ACP
  • Donald Terry, PMP, PMI-ACP's Avatar
  • Offline
  • Junior Boarder
  • Junior Boarder
  • Posts: 30
  • Thank you received: 6
Hi Rick,

First, please post the source of the practice question per forum policy.

We would need to see the practice question verbatim to align on the correct answer. Paraphrasing can lead to a different outcome as changing just a single word can lead to a different correct response. However, based on your question as worded, you should still submit a CR. This is assuming that the implementation of the cybersecurity requirements would require a change to any element of the project management plan including the associated baselines. The reason I hedge on the CR is because it is possible that these requirements were already captured and included in the project management plan in which case no change is necessary. Any change to the project management plan including baselines requires an approved change request to implement even if it is a legal requirement.
Donald Terry, MBA, PMP, PMI-ACP

Full disclosure: I work for OSP International as an independent contractor
Last edit: by Donald Terry, PMP, PMI-ACP.

Legal requirements such as Sarbanes oxley 5 months 2 weeks ago #17776

  • Rick Schleicher
  • Rick Schleicher's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 6
  • Thank you received: 0
Thank you Donald for the follow up

The test question came from a boot camp that I attended this week, therefore I am not allowed to share their test questions.

Your rationale for CR is what I would have expected since the SO report was new to the project and implementing the requirements would change the cost, schedule and scope of the project.

Also, TY for the reminder to post the question, I will remember that moving forward

Rick
Moderators: Yolanda MabutasScott GillardMary Kathrine PaduaCynthia Lim Louis, PMPTracy Shagnea, PMPPatrick Floris PhD PMPJoe PangJohn Paul BugarinAmy MartinezEmily RiveraLisa Sweeney PMPHarry ElstonMani Selvan

OSP INTERNATIONAL LLC
OSP INTERNATIONAL LLC
Training for Project Management Professional (PMP)®, PMI Agile Certified Practitioner (PMI-ACP)®, and Certified Associate in Project Management (CAPM)®

Login