Modernizing PBGC’s IT Environment to Improve Operational Efficacy
Background
The Pension Benefit Guaranty Corporation (PBGC) protects the pensions of nearly 40 million workers and retirees across over 24,000 private defined benefit pension plans by ensuring timely and uninterrupted payment of pension benefits and keeping premiums to a minimum.
To deliver secure, flexible, and scalable technology that supports effective and efficient business operations, PBGC’s Office of Benefits Administration (OBA) relies on its actuarial product line portfolio. This portfolio comprises over 500 custom-built software applications and includes two major components- the Integrated Present Value of Future Benefits (IPVFB) and the Benefits Calculation and Valuation (BCV) systems.
Using these products, PBGC manages actuarial data for over 1.5 million participants in over 4,000 pension plans valued at approximately $105 billion, with a high degree of accuracy.
Understanding the Need
IPVFB and BCV provide data feeds through system interfaces to other PBGC systems. These legacy tools are built on technology nearing end-of-life and a single-tier client architecture unable to support online estimates, data traceability, synchronization, and security requirements. PBGC needed to modernize these products to better meet customer needs.
In addition, under prior contracting paradigms, PBGC faced cost and performance issues across its IT contract portfolio, including duplicative efforts and costs, stovepipe behaviors and communication challenges, and lack of innovation.
To drive this modernization and address contracting issues, in 2019, PBGC shifted to a product-oriented contracting structure and brought on a proven contractor, GovCIO (formerly SCRGT), to support enhancement, operations, maintenance, and modernization of its actuarial product line.
Our Solution
Building upon Agile and DevSecOps processes and best practices, GovCIO works closely with PBGC product owners to modernize, enhance, and maintain its actuarial product line and its two major components—IPVFB and BCV, as well as ten legacy production systems.
Agile Scrum Execution
Our Scrum teams have a mix of full-stack developers, business analysts, and testers to enhance their autonomy and deliver results quickly. Using two-week Sprints, we design code iteratively with product owners for more frequent and higher-quality software.
DevSecOps Pipeline
GovCIO implemented a Microsoft Azure DevSecOps platform to introduce a Continuous Integration/Continuous Deployment pipeline and full DevSecOps toolset for automated builds, scans, tests, and deployments to the lower environments. Our use of this platform increases development efficiencies, eliminates a previously labor-intensive build process to improve code quality, and allows for continually secure coding.
Real-Time Program Visibility
Using Tableau, GovCIO created an interactive quarterly task tracker dashboard to provide real-time access and visibility to key indicators, including performance, cost, and schedule.
Modern Architecture
Our solution introduces a modern architecture that employs loosely coupled layers (microservices) to facilitate reuse and replacement at a component level, ensure horizontal scalability, facilitate cloud migration efforts, and support additional users.
Security Testing and Scanning
Our support for PBGC’s Actuarial technical systems includes the proactive logging and scanning of data to safeguard PII across hundreds of servers, virtual machines, and secure gateways to support data exchanges. We validate security considerations in a DevSecOps pipeline to improve code quality and use SonarQube to detect security vulnerabilities, while decreasing effort through automation. The use of an automated tool allows us to proactively address vulnerabilities in the lower environments and resulted in zero vulnerabilities within the final production-ready code.
Results
Immediately upon contract award, GovCIO began rapidly advancing PBGC’s Agile and DevSecOps maturity to enhance operational efficacy. Over the life of the contract so far, we have-
- Implemented a DevSecOps based platform and process to streamline support to interdependent applications, reduce cost, mitigate risk, and continually improve customer service.
- Migrated to the Azure DevSecOps platform in under two months.
- Improved the release frequency of the IPVFB program from one annual release to a planned release every two months, with the capability to deploy emergency fixes in 20-minutes.
- Delivered 20% cost savings in IPVFB O&M.
- Implemented automated testing tool suite to achieve a 300% increase in release frequency. Our 70% automated test coverage results in 40% less testing time, improved accuracy, and reduced defects over time.
- Successfully executed numerous application modernizations.
- Completed three Oracle WebLogic 12c upgrade projects within six–eight months of award. Similar projects take up to 18 months to complete.
- Modernized BCV’s legacy architecture to web-based applications in under 12 months.
- Replaced AgileCraft with Azure DevSecOps platform in under two months.
- Introduced DevOps Research and Assessment (DORA) metrics to ensure cyber security and privacy considerations are incorporated, improving the observed mean speed of software change deployment to within days for routine requirements and under a day for urgent requirements.