The Best Places to Work

Every year the Best Places to Work rankings are released and every year the Nuclear Regulatory Commission is at the top of that list. Every year I work for an organization that isn't in the top third. But I think the rankings aren't a good indicator. There are things in my agency that are really good and I'm sure that there are some things at Nuclear Regulatory that are not-so-good.

The interesting thing from the survey is that this year you are able to compare organizations. It wouldn't be interesting to compare my agency against the NRC. But maybe it would be interesting to compare my agency against the Department average. When I did this I was surprised to find that the agency beat the departmental average in most categories except Training and Employee Development.

Strategically as an agency that should be an area of emphasis. I encourage others to perform som analysis on the best places to work survey. You may discover interesting nuggets like this.

Problem Solving

Seriously, as soon as I had written my last post (Missing Requirements) I received an invitation from the CIO in a different Agency inviting me to view a demo of a product called PCAT (Public Comment Analysis Toolkit). This is a product created by Stuart Schulman Ph.D.

That name was very familiar to me. A couple years ago when I was working with CNPP on the 2010 Dietary Guidelines, that was one of the products we had considered in the cobbled-together solution that EPA was advocating. That product would assist with the analysis portion of the process.

What PCAT does is grab the data from FDMS and then crawl it. It will create a Wordle type of output but more importantly it will help by creating a list of categories. Even better though, you can specify your own list of categories and then quickly tag comments to relate them to one or more categories. Finally, it is entirely cloud-based. It is essentially Software as a Service, so there is no hardware or applications to install or maintain.

The product certainly has matured in the last 2 years. Mr. Schulman explained how the application was created. It was really funded through some research grants from the National Science Foundation. It was conceived as an approach to dealing with unstructured data. Is it perfect? No. But I have to admit, it seems like it has really been a 1-man show so far. It would be interesting to see what could be accomplished with a small development team and about 4 months. I suspect that it could have a much more focused benefit.

Anyway, that was pretty good new to help address the analysis portion of the work. We have an enterprise license that will carry us through March, and that will likely be what we need to address the immediate concern. Long-term, I still think that EPA through their Regulations.gov/FDMS have a responsibility to nullify the need for applications like PCAT by making their solutions better, but until that day comes...

The other issue, the data load issue, getting the content from the box that the mail room provides into FDMS had some movement as well. We could pay another Agency in the Department somewhere in the neighborhood of 30 cents per page and they will load the content for us.

Missing the requirements

People who know me, know that I'll tell you the truth. When a system or an application misses the target, someone needs to step up and address the deficiency.

More than 2 years ago I worked with the Center for Nutrition Policy and Promotion (CNPP) to help manage the 2010 Dietary Guidelines. This is actually a very prestigious project. Every 5 years USDA and HHS get together to consider and revise the guidance we issue to all Americans concerning things like how much fat is appropriate, how many green vegetables should be eaten and meat and the components to a healthy diet. This information flows into almost everything else we do, like the Food Pyramid, the School Lunch programs and even the WIC program.

Anyway, to initiate the process for considering adjustments to the Dietary Guidelines a series of public comment events is convened to engage academics, nutritionists, advocates the industry and everyday people in the process. Two years ago, we wanted to use Regulations.gov and its back-office counterpart, the Federal Docket Management System to host this process.

As you can see we eventually decided to not use those services for this work because they didn't meet our requirements. Specifically we need the ability to categorize each comment that we receive. If the Environmental Protection Agency, the organization that operates these two applications that support the business process, would have implemented one very easy change then we would have used it. We would not have spent money to go a different direction and acquire services from a company that specializes in this area.

The change is simple. Allow the Agency to identify a finite list of categories that will be tied to the comment. If someone comments through the Regulations.gov interface then he or she is able to chose one or more of those categories. If the comment is received by the Agency (hard-copy or FAX), then when we upload the comment through FDMS we would assign the category on behalf of the commentor. This is a simple change, a drop down list. It would be comprised of one column in the code table and one column in the comment table.

At the time, two years ago, the executives from EPA pushed very hard for us to include the Dietary Guidelines in their services. We cited over and over again that this requirement had to be met. Both sides were equally dug in. I found the technicality that broke the stalemate. Regulations.gov is required for all regulations and policy memorandum. Since we were talking about the Dietary Guidelines ADVISORY Committee, it does not fall into either of those buckets and we were free to choose whatever service we want. Essentially what we will be putting out is advise, and is not binding one any person or program.

Flash forward two years. This past summer I worked with the WIC program on the public comment for a proposed Rule (essentially a change in their regulations). This had to be published on the Regulations.gov/FDMS service. They received around 8,000 comments and we struggled mightily. There are two distinct business processes that must occur. The first I'll call the "Load Process". This is when the Agency receives boxes of paper comments that are mailed to us concerning the proposed regulation change. We have to expend effort to scan, OCR, load the comment into FDMS and then key in the meta data concerning the comment like who it is from and the address. This must all happen so that the person who make the comment is able to go on Regulations.gov and find the comment that he or she sent in.

The second process I'll term the "Analysis Process". Of all the comments that we received, the Agency is responsible for expending effort to analyze the comments to understand how many we received concerning each of the primary categories of comments, that we have addressed all of those comments, and that they were considered and impacted the development of the final rule.

In the Agency we recognize that we can't make the first problem go away. For as long as we receive paper comments we will have to bear the effort of digitizing them and loading them into FDMS. But on the Analysis process, shouldn't we be able to use FDMS, the system that has each and every comment to perform the Analysis? If EPA implemented the ability to assign one or more categories to each comment that would likely address the need. But since they haven't, we are forced to acquire a system or services that will help us to do that separately.

So I brought this to their attention 2 years ago. FDMS just had a major upgrade. I assumed that this no-brainer feature would be in there. Nope. Not even on their radar.

But more importantly, this isn't a need just with my Agency. Every organization that wants to change a regulation has to go through this exact same rule-making process. How is it that a thousand people aren't screaming at the top of their lungs that this simple change, which would save tens of thousands of work hours, and probably millions of dollars hasn't been implemented.

Now I'm helping on a project that expects to receive 50,000 comments. I called my colleague over at EPA and asked her what's up? I know it isn't her per se, but as an organization you need to understand the overall business process. Maybe you don't meet all of the requirements with the initial release, but I would definitely assume that 2 years later, you would look to leverage greater value for the user community.

Phishing

A dozen or more times per year I get a cold call from a software vendor, recruiter or news organization to provide information. The vendors typically want to know what types of products I'm planning on buying in the next 12 months. The recruiters want a Project Manager or developer for some client. The newspapers want me to sign up for their magazine or stuff so that they can claim a certain level of circulation.

In all of these situations the person cold calling me is looking for new information. They would call them leads. Please know that I have nothing against any of these people, in fact, we (the government) need them just as much as they need us. It is a symbiotic relationship.

But, we all now must complete the annual cyber security training. Part of that training involves the idea of phishing. While I believe that each of these people has completely benign intent, we (government employees), really shouldn't be giving out any information.

Thus, when ESRI or Oracle calls to inquire about how much we use their products and what we'll be spending next year, no. In terms of technology, if an unscrupulous person knew the technology stack we were using, that person could be more efficient in penetrating our defenses.

The recruiter who wants the name of a good PM in the Agency, no. If I gave you the names of the PMs or developers I work with, you could use that information for a social engineering attack.

Or when FCW comes calling for the subscription, but I need to identify how many people I work with and the scope of those projects, no. Anyone who needs me to supply information in order to feed the relationship is necessarily cut off. This could be both of the situations above, the technology stack and a social engineering attack.

Am I not being pragmatic or realistic? Maybe. But you know what, when these people call me, I don't know them at all. I can't vouch for them. Who is to say they really work for the organization they claim. So, sorry guys and gals. It isn't personal, I'm not permitted to supply the information. I would if the rules allowed me to, but until the rules change, don't bother.