This page is powered by Blogger.





Contacting Us
Mike Tarrani
Linda Zarate
Kate Hartshorn

Who We Are
TEAM Zarate-Tarrani

Our main weblog
Notes from the Field

Our other pages
Mike's home page
Linda's home page
Kate's home page

Simpatico [we]blogs
Dan Gilmore
Robert X. Cringely
Jakob Nielsen
Julian Bond
Deborah Branscum
Lisa Rein
Ed Yourdon


Thursday, February 14, 2002


Service Delivery, MS Security and Business Continuity Planning. My topics today are eclectic to say the least, but then, I'm an eclectic person.

Service Delivery. I closely follow the IT Services CMM initiative. This project appears to stall, then show signs of life, then stall again. This is a frustration because the work is important and adds much to the IT profession. The last update was made to the Level 3 definition on 29 November 2001, and does show promise that things are proceeding with some momentum. Another artifact that has emerged from the project is the Assess to Improve (A2I) assessment kit. The base document is IT Service CMM Questionnaire, which goes to Level 2. I have have a copy of the CCTA IS Management Self-Assessment Questionnaire in MS Word format that complements the IT Service CMM material. If you want to learn more about the IT Service CMM this IT Service CMM presentation in PDF format fully describes the initiative and its goals.

MS Security. Why am I not surprised? Or, can Microsoft make good on its commitments? It seems that a new Microsoft security feature that was added to their latest C++ compiler (called both Visual C++.NET and Visual C++ version 7) resulted in a security flaw. In Mike's 9 February entry he expressed skepticism about Microsoft's ability to meet an ambitious schedule to correct the flaws. Perhaps the cowboys and cowgirls in Redmond have taken on more than they can handle in such a short timeframe. Time will tell, but it doesn't look promising so far. At least they're doing something, though, which is a step forward.

Business Continuity Planning. Bill Meredith's 14 February essay on business continuity planning (reprinted from Continuity Planner's The E-ZINE) is one of the best descriptions of BCP I've read. I want to summarize the key points, all with which I'm in total agreement:

  1. Disaster Recovery is a term of the past, an admission of failure. Yes, some of you will experience serious disruption but if you are aware of the consequences it will not be a disaster.
  2. Business Continuity Management is the process to ensure your critical business functions continue in a crisis and the remainder are recovered in a controlled and phased manner.
  3. Business Continuity Management and Maintenance do not belong with IT or Premises but with the business itself. If responsibility cannot reside there then Internal Audit is the obvious choice.
  4. It is easier to teach someone to carry out a BIA than it is to teach someone your business. Make sure at least some of your people are involved first hand in the BIA or the consultant comes from a relevant background.
If you're interested in BCP and disaster recovery planning there are two books that I recommend:
  1. Manager's Guide to Contingency Planning for Disasters: Protecting Vital Facilities and Critical Operations by Kenneth N. Myers (see my 23 September 2001 Amazon review)
  2. Disaster Recovery Planning For Computers and Communication Resouces by Jon Toigo (see my 11 July 2001 Amazon review)
That's all for today ...