DELETED_3139
- Thread starter DELETED_3139
- Start date
Also might be worth looking at the consequences of not having the accreditation/legislation/rules set up correctly, as i believe the financial penalties are quite steep.
At the end of the day, if it's something you don't know what you're doing, or are unsure of what you're doing, then it should surely make sense to your boss to have this done externally without worrying about it not being done correctly.
At the end of the day, if it's something you don't know what you're doing, or are unsure of what you're doing, then it should surely make sense to your boss to have this done externally without worrying about it not being done correctly.
We did our own ISO27001 and 9001 but had an auditor come in at the end to verify before we passed to give us time to fix any issues.
Whilst it's often lumbered with IT it's an entire business process everyone needs to be on board, and it's best if it's driven by the top-down to avoid any blocked gates.
Whilst it's often lumbered with IT it's an entire business process everyone needs to be on board, and it's best if it's driven by the top-down to avoid any blocked gates.
Some would argue that is exactly the direction it should be going in - a methodical, automated process gives comfort around reducing the dependency on skilled resource and freeing up their time to do more advanced tasks. It's one reason why IaaS/PaaS offerings are coming more in to fashion because you want these type of activities to be highly repeatable and indeed 'just happen' without you needing to worry about it.
Soldato
- Joined
- 10 Oct 2005
- Posts
- 8,706
- Location
- Nottingham
No, that was done about 10 years ago ... now it's about fully automating it as much as possible so patches etc can be applied in a standard way without having to interact with each individual server every time. I.e. tell the tool with one command to produce a report say how many patches are missing across the entire inventory and then even patch and reboot with the same level of automation. Likewise looking for faults should not involve manually logging onto servers but instead a monitoring tool which reports when errors are detected and, dependent on the error, even fix it.
As Hangtime says the idea is to free up resource to do the (more interesting) complex work rather than the repetitive work which anyone could do.
Well there's always the key person hit by a bus scenario, that companies need to protect against.
They always want to drive down the cost of skilled labour thats just a given. This has backfired spectacularly so any times now with huge headlines thats its hardly news worthy now.
But that aside I have never found these massive documentation projects, for ISO, to be productive use of time. They are almost out of date as soon as they are written. Suggest hiring a short term contractor to do the documentation, and see what value management put on the work.
That said having a highly skilled person silo their information in themselves is not useful either. It often means that person is a roadblock for many projects as everyone has to go through them to get things done. Eventually this outweighs their usefulness.
I have kinda given up trying to explain to clueless or stubborn people how not to manage projects. I just confirm the decisions and instruction via email and don't worry about it. At some point the impact of their poor decisions dawns on them, and they start to listen.
They always want to drive down the cost of skilled labour thats just a given. This has backfired spectacularly so any times now with huge headlines thats its hardly news worthy now.
But that aside I have never found these massive documentation projects, for ISO, to be productive use of time. They are almost out of date as soon as they are written. Suggest hiring a short term contractor to do the documentation, and see what value management put on the work.
That said having a highly skilled person silo their information in themselves is not useful either. It often means that person is a roadblock for many projects as everyone has to go through them to get things done. Eventually this outweighs their usefulness.
I have kinda given up trying to explain to clueless or stubborn people how not to manage projects. I just confirm the decisions and instruction via email and don't worry about it. At some point the impact of their poor decisions dawns on them, and they start to listen.