Case Study: cASM

[Mirrored on Intelink-U]

Here’s another story about buying systems without a clear concept of who is going to operate it:

I was at my neighborhood spaghetti dinner and I happened to sit across from some guy who – it turns out – also works for OSD.  He’s a contractor working for OUSD(AT&L) on a system that he was quite enthusiastic about called “Contingency Acquisition Support Model (cASM)”.  (I have no idea why they capitalize it that way.)  This system, cASM, is a web-based application designed to assist people responsible for initiating contracting requirements in an contingency or expeditionary environment.  I understand it as workflow automation for contracting in a crisis.

Since I’d been thinking about this a lot, I immediately asked him, “Who is going to run it?”  and he said, “Oh, it’s hosted by DISA.”

I tried not to choke, and said something like, “That’s not what I meant.  Okay, DISA hosts it, but who is going to run it?”

He looked a little puzzled, but promised to send me the briefing, saying that the brief would explain better than he could over a mouthful of spaghetti and a glass of wine.

On Monday, I look at the brief, which makes a compelling business case for the existence of cASM.  Statement Of Work (SOW) reviews take too long, docs are sometimes missing, SOW or diagrams are often in the wrong format for later parts of the process, etc.  In a crisis situation, it’s doubly hard to get this right when you are understandably distracted by incoming fire (or tsunamis), and doubly important to get it right.  cASM already interfaces with other DoD systems such as GEX, EDA and various ERPs.  The backup slides have screenshots most of the UI.

So, I’m convinced it’s a good idea.  Unfortunately, nowhere in the brief is a hint of who is responsible for running this service.  This troubles me.

I write back:


Thanks.   I have some (unsolicited and possibly misguided) concerns.  (Brace yourself; I’m about to call your baby ugly.)

I believe we doom ourselves to failure whenever we think about buying a ‘system’ or a ‘tool’ without clear understanding of whose mission is to operate that system as a service.

Who is supposed to run cASM?  I.e. Who has the responsibility to provide contingency contracting automation?

Hint #1: It’s not DISA.  DISA might know how to run a server or a data center, but they wouldn’t know a contingency contract if it bit them.  They can host your system, but they can’t really operate it.  They do not have the expertise to know which way to turn the knobs.

Hint #2: It’s not AT&L.  AT&L is responsible for policy and oversight of a lot of things, but operating a business system is not in your charter.  (I just re-read DoDD 5134.01 and DoDD 5134.12 to make sure.)

It might be DLA or DCAA – I don’t know.  If anything, AT&L almost certainly is responsible for figuring that out and tasking them to do it.

It is a common mistake to underestimate the difficulty and importance of the operation of information systems.  Consider Wikipedia, for example: the software is “free”, and the content “free”.  But it still takes 147 full-time people to run it – not including the datacenter operations.

I would recommend that you think hard about who owns the mission of cASM in the long term, if you haven’t already.


To his great credit, he responded:

That’s precisely whats going on now with Joint Staff, OSD, Army and AF. Agreed!  Vr Charlie

Which I think is a very mature response, given that I just said “the thing you’ve been working on for the past year is poorly thought out.”

That said, I’m still astonished:  How, in the name of history, did we get to the point that AT&L (of all people!) is funding development of a system without a clear understanding of who is going to run the damn thing?!?  I can only understand in the context of: “We do not know what it means to be a service provider in the DoD.”

1 thought on “Case Study: cASM

  1. charles lord

    Recommended you research the issue a little more before you broadcast. You’ve scratched the surface.


Leave a Reply

Your email address will not be published.