Dj_Jestar said:
Client: "Who authorised this change?"
You (company): "Er.. we did?"
Client: "You're fired!"
(Judging from your lack of knowing who your clients are!)
or
Client: "Quick, the system is down and we haven't paid ourselves our bonuses yet! Help!"
You: "Er, that'll be some time next week once the replacement hardware has arrived and we have it up and running."
Client: "Just what the hell did we give you £30mill for?!"
You: "Er.."
Client: "You're fired!"
If anything, this is dealing with financials and doesn't have a redundant system.. Sarbanes & Oxely Auditors would have a field day and terminate the contract for you..
Think I've given the wrong impression - the 30 mil is the amount of money including profit and costs that they have put through the system (i.e. lend 100k, get 110k back, 110k is the amount "put through system".)
We know exactly who our client is, what we don't know (or rather, the information we aren't allowed to use) is which of their customers they have installed our client software on.
Also, "Er.. we did?" becomes, "Er... You did, and here is your signature and an email from your superior to prove it". They approve all updates, client and server - we do internal testing, followed by them doing user acceptance testing and then finally getting a signature from the guy in charge over there and an email from the UK MD to acknowledge that he knows the update is going on.
We also have a service level agreement for technical services, development, support and a bunch or other stuff we do for them which clearly states there is no redundancy. Technically the loss of the server isn't the end of the world anyway - all the deals are still stored on the original dealers machines so the updates can be resynced as soon as the server (or a replacement) is made available - the worst case scenario is they have to wait 12 hrs (max) more for their deal to be underwritten; the client say they will try to underwrite in 24 hours and usually do it within 2 so we've still got 10 hours to spare if it all goes pear-shaped. It's not like we don't have other racks that *could* be used in an emergency, it's just they are ours for internal use and aren't paid for by the client.
We are not at any risk of getting shafted by the client - we've get very tight contracts and have fulfilled all of our obligations and provided more support than contracted. If it came down to it they would have to choose, keep paying us or loose the use of the software - they have been granted limited rights to use it, we still own the intellectual property and copy rights. For us, the worst possible case is we stop getting their money but still have a framework that we can sell to other finance companies whereas for them, they get a dump of the database and no way to use it nor any software to continue their new business with; they would have to go back to their old manual methods and loose a lot of face. We would probably help them get the data into a usable state and part on the best possible terms. But this is a moot point anyway; they are very happy and plan a load of future business with us. The point of this thread wasn't to discuss if we had a professional/moral responsibility to provide free redundancy the client isn't willing to pay for, it was to find out if there was any way to improve the update process for a few hours work to make the best of the current servers/software/business processes.
Our company isn't perfect, none is, but we have very strict contracts and change procedures in order to protect us and the clients.
JonRohan, the auditor can come and do whatever he likes, they aren't our servers, we supplied and host them but they belong to the client. I think we are more likely to get in trouble for providing redundancy the client doesn't want because we would be using their data in a way we don't have permission to. Saying we would be to blame is like saying a web hosting company would be to blame if their bottom level server package ever went down. If we had said we will provide x% uptime and then failed to take the necessary precautions to guarantee this we would be to blame but all we have agreed to do is connect their server to the internet and install software updates on it at their request. DPA, backup and security is their problem. We can, and have, given them the benefit of our experience but they have chosen (and stated in a contract) to ignore it.
No matter what angle you look at it from, we are not answerable to audit because we aren't dealing with consumers money, we are dealing with a finance companies money - the obligation lies with them to protect
their customers. It would be different if we were managing debt or stock or whatever, but all we are doing is keeping track of money transfers two third parties are making. If we are at fault so are Microsoft for not making excel infallible and me losing 50p from the tuck shop when my machine crashed.
It is interesting that you assume that we are at fault from what little I have told you - We are a big company dealing with big clients dealing with big money, don't you think we are at least a little clued up? Sure, there are rogue companies but they are few and far between at this level of business. Ok, you think redundancy is next to godliness and, I would probably tend to agree, but it's not our place to fork out 20k to provide redundancy to someone who doesn't want it, and it's not your place, nor mine, to condemn the company I work for for not forcing redundancy on our clients against their will.
I would be interested to hear at what point you draw the line of what is our obligation and what is theirs. Do we force them to have 20 char, symbol passwords that are changed on a weekly basis? Do we force them to get 5 forms of identity before accepting a broker onto the system? Do we force them to have every deal independently validated and verified? I think our responsibility goes as far as giving them the best advice we can and telling them when they are making a mistake, much more an we may as well run their business for them.
This isn't a rant, please feel free to argue the point, I would love to hear what you would do in this situation assuming that your boss doesn’t want to spend their profits on redundant servers, client have already said no and wouldn't take kindly to a bill of 20k landing on their doorstep and that you, your boss and your colleagues have tried your best to change the client's mind.
