Breaking a Year Long Bottleneck .

Building a Vendor/Contractor Access Request Manager from the Ground Up

Challenge: Rocket Companies lacked a system to track, manage, and revoke vendor/contractor access requests, posing a significant security risk. Despite being a critical issue, the project had been stalled for over a year. Collaborating with Project Manager Katie, I led the efforts to identify user needs and system requirements while she translated them into business needs to support future application procurement.

How can we: How can we improve security measures for vendor/contractor access? What features are essential to streamline the access request process for users, admins, and vendors?

Solution: Enhancing security and simplifying the access request process by:

Swimlane Diagram Creation: Mapped the 9 user journeys involved in the access request process to pinpoint essential functions and features. Further focused specifically on the business requestor journey as the central user in this process.
User/Admin Needs Analysis: Compiled a comprehensive PDF outlining user, admin, and system needs, detailing how the system must support each.
Stakeholder Collaboration: Engaged with cross-functional stakeholders to validate deliverables, ensuring all roles and requirements were accurately represented.

UX Team

Whitney Speck
Katie Haggitt
Joe Lopata

Role / Contribution

Lead UI/UX Designer
UX Researcher
Accessibility Consult

Tools

Figma, Lucid, Microsoft Teams

Duration

09.23 - 04.24

Additional Context

My internship was originally supposed to end in December 2023, but I was given an extension into my next semester
My mentor Shelby, the Senior UX Designer for my team, left for maternity leave during my internship. She guided me for the first half of my internship, and for the second half I took over her Senior UX Design responsibilities

Swimlanes

Initially Mapping the Vendor/Contractor Access Request Process

This Lucid diagram, created by the Vendor Lifecycle project owners, mapped Rocket Companies' vendor/contractor access request process, highlighting key touchpoints and subsystems.

Concerned with complexity of the user experience and feasibility of system procurement, my team was tasked with ensuring its usability.

‍Collaborating with my mentor, Shelby, we identified users and system requirements, ultimately streamlining the process into the Swimlane diagram below.

Vendor Contractor lifecycle Lucid diagram.

(The image is purposely grainy to protect sensitive information).

9 Users Along the Access Request Process

To identify business requirements for managing access requests, we first mapped the needs of users, admins, and vendors. This Swimlane diagram outlines the process flow for:

User: The Business Requestor seeking to grant access for the vendor/contractors
Admin: Security, Procurement, Bedrock Operations, Legal, Stamp of Approval, Infosec, The Guy Tech
Vendor/Contractor: External party seeking physical, digital, or equipment access

Initially created by my mentor, Shelby, the Swimlane was refined by me after she went on maternity leave, at which point the project transitioned fully into my hands.

The Business Requestor Journey

Following one piece of the puzzle

While the swimlane provided a starting point, my Project Manager Katie and I identified gaps in the process flow. Questions like, "What if a Business Requestor needs to add people to an access request?" or "What happens if a request isn't approved?" highlighted the need for deeper analysis.

Narrowing the Scope: The Business Requestor

I focused on the Business Requestor - the primary user of the system.

These are Rocket Team Members submitting access requests for new recipients under an existing partner contract, requiring clearance through various security measures. All admins and vendors intersect with this journey. The diagram below outlines the Business Requestor's journey, mapping their needs and the system's necessary responses.

My goal was to ensure the user journey is fully supported, facilitating successful system procurement and a viable solution.

[data-wf-bgvideo-fallback-img] { display: none; } @media (prefers-reduced-motion: reduce) { [data-wf-bgvideo-fallback-img] { position: absolute; z-index: -100; display: inline-block; height: 100%; width: 100%; object-fit: cover; } }

First vs Final Access Request Form

This access request form underwent many iterations as questions came up. Here are a few notable features I designing in the final form:

Prioritizing Easy Access to Information for the Business Requestor

Live request updates: Users need to track progress and reduce status update emails
Team-specific contacts: Easy access to contact details for relevant teams if issues arise.
Centralized management: A single place to view and manage all access requests.
Request modifications: Users can modify requests, with notifications for reapproval when needed.

Pizza tracker for the Vendor/Contractor access request progress: 4 steps until access approval.

Determining Business Requirements

The Swimlane and Business Requestor Journey outlined the user, admin, and system needs, but weren’t easily digestible for non-UX stakeholders.

My Project Manager Katie and I met with admin stakeholders to confirm roles and identify needed process changes.

I created a detailed document that outlined: Tasks for users/admins + How the system should respond. This document helped Katie gather stakeholder needs and enabled the Vendor Lifecycle team to plan the procurement process.

So What's Next?

I finished my part of this project ;)

I helped my team's Project Manager Katie define business requirements and confirm deliverables with stakeholders.

The next steps involve procuring software that meets the needs of Rocket Holdings' users, admins, and vendors throughout the access request lifecycle. They plan to begin product testing by the end of 2024, with a system launch expected in early 2025.