Assurance Plans Guideline

All business continuity analysis should be risk based, and risk prioritised to deal with the important business risks first. This means that any risks to your business need to be identified, examined and dealt with.
There are 4 options for dealing with each risk:

1. Reduce the risk. Reducing the risk falls into 2 categories - reducing the likelihood of the problem occurring and reducing the impact of the problem if it does happen. A simple example is that by having a fire alarm you are reducing the likelihood of a fire spreading unseen and by installing a sprinkler system you are reducing the impact of fire.

Reducing the risk is often referred to as mitigation. For example, data backups are a form of mitigation. They reduce the impact if a problem occurs which affects the primary data source. Any mitigating actions require testing to provide assurance they work when required.

2. Transfer the risk. This is an interesting option which may be seen as a get-out, but which is a perfectly valid thing to do. By transferring a risk it becomes someone else’s problem and you therefore have the risk covered. We are not talking about blaming someone else, or even transferring the risk to someone else in the company.

For example, there could be a risk that office space will not be available in the case of a disaster in the main location. Therefore the risk can be transferred to a third party company which organises office space for disaster recovery and keeps offices available for companies who need such a recovery service.

3. Accept the risk. By accepting the risk of a potential problem you are at least aware of its existence and can plan for it happening. If it is a risk that would have no impact for an acceptable period of time it should still be noted but you may decide to take no action until it occurs.

Almost by definition, accepting a risk is also reducing the impact of the risk as you are aware of the potential problem and can write it into your business continuity plan.

4. Ignore the risk. This option should never be selected. There is never a reason for ignoring a risk once it has been identified. A risk can be accepted (acknowledged) but must never be ignored.

Once the actions for each risk have been identified, then anything put in place to help cope with a risk needs testing. However, many companies either test nothing at all or try testing every facet of a business continuity plan. Both methods are doomed to failure. The answer is to adopt a risk based testing approach from two perspectives: the business continuity plan is fit for purpose and it will work when invoked.

A health check (testing the plan is fit for purpose) needs to be performed by someone other than the authors of the business continuity plan. Ideally it’s performed by an independent third party that specialises in testing business continuity plans, but it could be a disinterested party from another part of the company. Independence is essential here for an objective assessment.

Testing the plan will work when invoked, must be viewed in a business context and the elements of the plan prioritised so that the risks with the most business impact and likelihood are tested first. This approach and the techniques to perform business continuity testing in a cost effective manner are the subject of other articles.

Copyright Acutest UK 2005

A Streeb is an experienced practitioner of business continuity testing at Acutest, an independent consultancy specialising in business continuity assurance and software testing services. For more information on this topic visit http://www.acutest.co.uk or send an email to enquires@acutest.co.uk

Share This

INTRODUCTION

We now live in a fast paced society where we expect products and services to be delivered rapidly (some say “yesterday”), cheaply, and with a high degree of quality. This is particularly true in the systems and software industry. If we lived in a perfect world, systems and software would be developed rapidly and inexpensively, they would effectively satisfy business needs, and would be easy to maintain and modify. There is only one problem with this scenario: it is a fantasy. In reality, we live in a “disposable” world where systems and software are slapped together in the hopes everything will hold together and will pacify the end-user for the moment. Some people believe striving for a Utopian world is an impossibility and, as such, resign themselves to rewriting systems and software time and again as opposed to designing them to be industrial strength.

Improving speed in the development process is relatively simple to accomplish; e.g., the plethora of programming tools available. But adding quality into a product is something entirely different. From the outset we must recognize that quality doesn’t come naturally to people anymore. Back when there was a sense of craftsmanship, quality was rarely a problem. This is back when people identified with their work products, and strove to seek perfection as it was a reflection of their character. Corners were not cut and products were made to last. Unfortunately, we no longer live in such times and people tend to disassociate their work from their personal lives. Further, the speed and sophistication of our tools leads us to believe we are producing quality products. The reality is that our tools are only as good as the people using them, not the other way around.

A PERFECT WORLD

How one person perceives quality may be entirely different than another’s. This is because we tend to have different perspectives in how to build something, e.g., whereas one person may build a product one way, another may build it using an entirely different approach. This means products are commonly built using inconsistent methods. Let me give you some examples:

• If we lived in a perfect world, we would have a standardized approach for defining requirements, thereby everyone would be operating with a standard approach for scrutinizing requirements. But the reality is our approach to requirements definition is redefined with each development project, thereby making it impossible to validate requirements with any consistency.

• If we lived in a perfect world, developers would be working with standard data definitions that would include validation/editing rules, among other things. This would result in a consistent approach in the use of data (aka “Data Cleanliness”) and would promote system integration through data sharing. But the reality is that each programmer specifies the use of data (including its physical characteristics and validation/editing rules) on a program by program basis, thereby defeating the opportunity to share and reuse data in a consistent manner. Even worse, implementing changes on a consistent basis is difficult at best (e.g., the Y2K problem).

• If we lived in a perfect world, programs would be designed in a standardized manner so they may be easily modified or maintained by any other programmer at a later date. But the reality is that programs are written based on the personal nuances of the programmer, making it next to impossible to maintain or modify by another person. Consequently programs are discarded and rewritten.

• If we lived in a perfect world, developers would adhere to a standard and consistent approach (methodology) whereby uniform work products could be produced and reviewed, thereby improving communications among the staff and allowing for the interchangeability of workers in the development process. But the reality is, the development process is defined on a project-by-project basis, thereby uniformity and interchangeability is defeated.

The reality is we live in an imperfect world. What would appear to be obvious approaches to development seldom occurs in most systems and software shops. It is simply unnatural to developers who prefer to operate independently as opposed to adopting a shop standard. This of course means development organizations tend to “reinvent the wheel” with each project.

Because of such inconsistencies, the only option for improving quality is to try to inspect the product after it has been built, not during development. Under this approach, inspection is complicated as each person has designed the product according to their own personal interpretation of development, not as a standard body of work.

BUILDING QUALITY INTO THE PRODUCT

It is obviously cheaper and more sensible to arrest a product defect early during development as opposed to trying to catch it afterwards. To do so, the development process has to be subdivided into defined units of work specifying what is to be
produced (work products, aka “deliverables”), how it should be produced (using accepted tools and techniques), and its acceptance criteria (including review points). Such a work environment is in sharp contrast to “The Black Hole” approach used by most organizations today; e.g., requirements are fed into an unknown development environment and the resultant product is inspected afterwards. This approach concentrates only on the final deliverable and not on the overall process by which the product is to be developed. By the time the final product is produced, it may be unrecognizable to the user and the project may have exceeded estimated cost and schedule. Even worse, the product may have to be redesigned and rewritten over and over again. Interestingly, this is the approach advocated by today’s “Agile” proponents.

In other manufacturing practices, the definition of the work environment is the responsibility of an Industrial Engineer who defines the units of work in the development of a product (assembly line), the standard tools and techniques to be used, the work products, and the acceptance criteria. Although the concept of Industrial Engineering is applicable to systems and software, few development organizations are familiar with the concept.

THE PRICE OF QUALITY

Regardless of what you call it, Industrial Engineering or Quality Assurance, quality requires a dedicated group of people to define the overall development process, monitor progress, and constantly research new ways to improve it (tools and techniques). This does not mean quality is the sole responsibility of such a group. It is not. Quality is the responsibility of every person involved in the development process. The group simply provides leadership in this regards.

In terms of costs, the truth is that quality is free (as the likes of Philip Crosby have pointed out to us). True, it requires an outlay of money upfront to embark on a quality assurance program, but this will be offset by reduced costs later on in terms of reduced development time and fewer defects requiring rework. By having everyone working according to defined processes and work products, errors are caught and corrected early in the
development process. Further, work products are easier to maintain and modify later on, this specifically includes systems and software. Such a program, therefore, does not add overhead to the development process, it reduces it.

To make this work though requires commitment from management and herein lies the rub. As I mentioned earlier, we live in fast-paced times. Implementing an effective quality assurance program takes time to cultivate, it cannot be installed overnight. There is more to it than mechanics; standards have to be devised, attitudes have to be adjusted, consciousness’ raised, etc. In other words, it is the people-side of quality that takes time to mature and become ingrained in the corporate culture. As such, a quality assurance program requires management vision and long-term commitment to see it come to fruition. This is difficult to sell to managers who have trouble thinking past the next financial statement. But if executives understand that a company truly runs on systems and software, then they will be more amenable to investing in industrial strength applications.

CONCLUSION

Its interesting, the systems and software industry is one of the few industries that resists standardization as opposed to embracing it. Standardization is an inherent part of any quality program. It means devising and applying craftsman-like rules in the development of a product or service. Such rules substantiates completion of work in a prescribed sequence and is measurable. And maybe it is this kind of accountability that developers resist.

Some developers even go so far as to question the necessity of a quality assurance program since many companies rewrite their systems and software year after year. Maybe they are right, but I tend to see this as a defeatist attitude, that we can do nothing more than produce mass mediocrity. I believe we can do better. But to do so, we need to invest in ourselves and our future. Remember, you must first plant the seeds in order to harvest the crop. Unfortunately, most companies tend to eat the seeds and then there is no crop to harvest. Somehow I am reminded of the old expression, “You can pay me now or pay me later, but you’re going to pay me.”

“Quality must be built into the product during design, not inspected in afterwards.”

- Bryce’s Law

Tim Bryce is the Managing Director of M. Bryce & Associates (MBA) of Palm Harbor, Florida, a management consulting firm specializing in Information Resource Management (IRM). Mr. Bryce has over 30 years of experience in the field. He is available for lecturing, training and consulting on an international basis. His corporate web page is at:

http://www.phmainstreet.com/mba/

He can be contacted at: timb001@phmainstreet.com

Copyright © 2006 MBA. All rights reserved.

Share This

Do you realize that God teaches us through Jesus Christ’s personal experiences how to have a fabulous, long lasting, and loving relationship? All we have to do is compare the personal experiences that we have with those of Jesus Christ and ask ourselves, “What would Jesus do?” The personal experiences we have with God in our life helps us learn and grow into love. After all, love is what makes and breaks relationships. 1 John Chapter 3 verse reads “11″: For this is the message that ye heard from the beginning, that we should love one another.

We often have conversations with people we befriend or associates who deal with ethics: right and wrong or good and evil. People often categorize themselves with good or evil based on their belief system and the circumstances at that moment. Each person, depending on their belief system, has the ability to rationalize his or her actions or reactions based on the way they view the world at a specific time. Hence we have the moving target of right and wrong, good and evil and what is ethical. This is why it is necessary to have immutable laws, laws given by God, to give humans the truth to think and live by.

I thought about how this affects us in our relationships and I discovered that God’s laws affect humans by giving us assurance of what is right and wrong and His Holy Spirit leads and guides us into righteousness and truth. However, it is up to us to receive what God has for us. We, as individuals, can choose to ignore Gods influence in our life. Those of us, who seek peace and love with others, would be well served to pay close attention to what God’s laws have taught us through the writings in the Bible and specifically the words of Jesus Christ. Because it is Gods laws that give us assurance in our relationships.

What You Need

The definition of “Assurance” is: Inspires confidence; guarantee or pledge; Free from doubt; Self Confidence; Presumption.

We all need to understand the simple examples that God gives us in regards to establishing and maintaining relationships via Bible illustration in the old and New Testament teachings. We must keep in mind that there are many types of relationships: working relationships, dating relationships, husband and wife relationships, church relationships, spiritual relationships, lustful relationships, love relationships, etc.

The Bible talks about all types of relationships and we need to understand what these relationships are for. For instance, God established the Church (we are the Church collectively; each person whom the Holy Spirit dwells in is part of the church. Some get this confused with the church building) to be his bride because he loves each and everyone person, whether or not, if they love Him. God is a jealous God. This is why he sent his Son, the bridegroom, Jesus Christ, to die on the cross for the sins of the world.

Only through reading and studying the Bible, particularly the words of Jesus, will you get a full understanding of what you need from God. 2 Timothy Chapter 2 verse 15 says: “15″: Study to shew thyself approved unto God, a workman that needeth not to be ashamed, rightly dividing the word of truth. This becomes the assurance we have for our relationships.

When You Need It

Now that we know that God’s word gives us instruction and assurance in relationships, it is just as important that we understand God’s word, we need to know when we need to use it. God’s word is not something that you read and intellectualize. God’s word is truth and life. We need Gods word all of the time, in every situation, in every relationship, in every trial or tribulation, in every celebration and every occasion. John chapter 1, verse 17 states: “17″: For the law was given by Moses, but grace and truth came by Jesus Christ. God’s words are for every situation in our lives, all of the time. This assurance gives us the confidence we need to respond and act like Jesus Christ in every relationship that we have.

Why You Need It

We humans have a tendency get into relationships and rationalize what’s right and wrong, good and evil based on how we feel at the moment, we need God’s word to help us find our way back to the truth. Have you ever noticed anyone who does something bad to someone and then tells him or her that they love them? Makes you wonder doesn’t it? To do what is good, is synonymous with having love. 1 Peter Chapter 3 talks about the way people should act toward each other.

“8″: Finally, be ye all of one mind, having compassion one of another, love as brethren, be pitiful, be courteous:

“9″: Not rendering evil for evil, or railing for railing: but contrariwise blessing; knowing that ye are thereunto called, that ye should inherit a blessing.

“10″: For he that will love life, and see good days, let him refrain his tongue from evil, and his lips that they speak no guile:

“11″: Let him eschew evil, and do good; let him seek peace, and ensue it.
As you can imagine, if we could take inventory of our own life, day by day, minute by minute, I dare say, daily each of us has fallen short of what Peter was saying. This is why you need Gods word and his holy spirit

Colossians Chapter 2 verse 2 speaks of getting assurance of understanding and the knowledge of God and Jesus Christ. “2″: That their hearts might be comforted, being knit together in love, and unto all riches of the full assurance of understanding, to the acknowledgement of the mystery of God, and of the Father, and of Christ.

To have assurance is to have wisdom and understanding that goes beyond trusting in the things that you can get from someone or give to someone. To have assurance you must get the mind of Jesus Christ to do the things of God. This is what gives us the faith to receive those things which we cannot see and believe with confidence that what God has for us, no one can take away.

Faith Is Necessary To Have Assurance

We need to have faith to believe in God and faith comes by reading and hearing the word of God. Romans Chapter 10 verse 17 states,

“17″: So then faith cometh by hearing, and hearing by the word of God.

After we hear God’s word through the Bible, we must read it for ourselves to be able to meditate on it and allow the spirit of God to minister to our spirit. Through the Holy Spirit we can gain assurance in God.

Conclusion

To have assurance in your relationship, learn about what Jesus Christ says about relationships and follow Him.

Nevada York has based one of her characters: “Pastor Ethan”, in her book Mahogany’s Revelation on Ethan Berry, A.K.A. “Pastor Ethan.” He resides in the Bay Area of California. http://nevadayork.com

Share This