Skip to main content

Checklist for Infrastructure risk assessment


  1. Dependence on technology
    • Level of automation
      • All
      • Extensive
      • Many
      • Some
      • Few
    • Sophistication
      • Leading edge
      • Real time
      • Mix of real time and batch
      • Batch mode
      • Basic
    • Allowable downtime
      • Greater than an hour
      • Greater than a day
      • Greater than a week
      • Greater than a month
      • Revert to paper
  2. External interaction
    • Outsourcing
      • Complete outsource
      • Most key activities outsourced
      • Outsourcing of some key activities
      • Some outsourcing
      • No outsourcing
    • Partner and contracters
      • Untested suppliers
      • Less well known suppliers
      • Range of partners with some smaller suppliers
      • Established partners
      • Reputable partners
    • Business unit user computing external to the system
      • Vital part of operations
      • Supplemental
      • Regular
      • Some
      • Minimal
  3. Skills and resources
    • Qualification and training
      • Inexperienced and inadequately trained staff
      • Poorly trained staff
      • Mix of qualified and inexperienced staff
      • Good range of skilled staff
      • High calibre of staff
    • Workload
      • Insufficient resources
      • Shortfall in resources
      • Resources adequate for current needs and informal planning of future needs
      • Sufficient staff to meet current workload
      • At predetermined levels
    • Management structure
      • No management
      • No management defined
      • Management function suitable for current resources
      • Accountability is clear
      • High level enterprise representation
    • Staff churn
      • No stability
      • Low morale
      • Regular churn
      • Limited churn and satisfactory replacement strategy
      • Negligible churn
  4. Changing environment
    • Major projects
      • Extremely high activity stretching resources to the limit
      • High volume with intermittent capacity problems
      • Within resource ability
      • Limited
      • Minimal
    • Custom development
      • Extremely high activity of development
      • High volume of development activity
      • Balanced development and packaged solutions
      • Majority of solutions are packaged
      • Packaged solutions
    • Leading edge technology
      • Leading edge technology
      • New technology introduced
      • Some level of recent technology change
      • Low level of technology change
      • Stable technology
    • Business resources
      • All business activities being reorganised
      • Major reorganisation
      • Some core business processes reorganised
      • Some elements of the business reorganised
      • No significant changes
  5. Reliability of systems
    • Complexity
      • Very large and complex systems
      • Large systems
      • Moderately large systems
      • Majority simple systems
      • Small or simple systems
    • Fragmentation
      • Separate ‘islands’ of systems
      • Majority of information is relayed manually
      • Resources adequate for current needs and informal planning of future needs
      • Interfaces between systems automated
      • Fully integrated
    • Scalablity
      • Environment is volatile
      • Difficult to predict changes
      • Occasional emergency changes
      • Changes can be predicted
      • Demand is stable
    • Error rate
      • Constant error rate
      • Regular error rate
      • Occasional errors
      • Errors rare
      • No errors
    • Stability
      • Systems inflexible and majority of needs are not addressed
      • Systems inflexible
      • Delays experienced
      • Stable and all key needs addressed
      • Systems are stable and all needs addressed
  6. Focus on business environment
    • Business interaction
      • No coordination with business
      • Some involvement of business
      • Business needs considered in strategy
      • Business requirements a priority
      • Strategic part of business
    • Management awareness
      • Management and business users are not aware of value and risk of systems
      • Management aware of value and risk but business users are not
      • High level addressed and limited knowledge of lower levels
      • Understanding of systems is a high priority
      • Full awareness of value and risk
    • Satisfy requirements
      • Requirements not addressed
      • Systems unsatisfactory
      • Systems satisfy core requirements
      • Most systems satisfy requirement
      • Business needs are satisfied
  7. Value of information
    • Fraud
      • Business has highly desirable assets
      • Significant range of valuable information
      • Some valuable information
      • Information not valuable
      • Minimal desirable assets
    • Legislation
      • Highly regulated
      • Extensive regulation and compliance activity
      • Some systems need to be adapted for compliance
      • Some relevance
      • Minimal impact
    • Data sensitivity
      • Information is highly sensitive and confidential
      • High confidential information stored
      • Important information stored
      • Limited storage of information
      • Minimal system use
    • Reputation
      • Company involved in highly sensitive activity
      • Company has high profile
      • Company is well known
      • Little reason for damage to reputation
      • Low profile

Comments

Popular posts from this blog

Why Madge Networks, the token-ring company, went titsup

There I was shooting the breeze with an old mate. The conversation turned to why Madge Networks which I wrote about here went titsup. My analysis is that Madge Networks had a solution and decided to go out and find a problem. They deferred to more incorrect strategic technology choices. The truth of the matter is that when something goes titsup, its not because of one reason only, but a myriad of them all contributing to the negative consequence. There are the immediate or visual ones, which are underpinned by intermediate ones and finally after digging right down, there are the root causes. There is never a singular root cause for anything but I'll present my opinion and encourage everyone else to chip in. All of them together are more likely the reason the company went titsup. As far as technology brainfarts go there is no better example than Kodak . They invented the digital camera that killed them. However, they were so focused on milking people in their leg

Flawed "ITIL aligned"​ Incident Management

Many "ITIL aligned" service desk tools have flawed incident management. The reason is that incidents are logged with a time association and some related fields to type in some gobbledygook. The expanded incident life cycle is not enforced and as a result trending and problem management is not possible. Here is a fictitious log of an incident at PFS, a financial services company, which uses CGTSD, an “ITIL-aligned” service desk tool. Here is the log of an incident record from this system: Monday, 12 August: 09:03am (Bob, the service desk guy): Alice (customer in retail banking) phoned in. Logged an issue. Unable to assist over the phone (there goes our FCR), will escalate to second line. 09:04am (Bob, the service desk guy): Escalate the incident to Charles in second line support. 09:05am (Charles, technical support): Open incident. 09:05am (Charles, technical support): Delayed incident by 1 day. Tuesday, 13 August: 10:11am (Charles, technical support): Phoned Alice.

Updated: Articles by Ron Bartels published on iot for all

  These are articles that I published during the course of the past year on one of the popular international Internet of Things publishing sites, iot for all .  These are articles that I published during the course of the past year on one of the popular international Internet of Things publishing sites, iot for all . Improving Data Center Reliability With IoT Reliability and availability are essential to data centers. IoT can enable better issue tracking and data collection, leading to greater stability. Doing the Work Right in Data Centers With Checklists Data centers are complex. Modern economies rely upon their continuous operation. IoT solutions paired with this data center checklist can help! IoT Optimi