Previous | Table of Contents | Next |
Standards for equipment that is not mission critical are relatively easy. Basically, a statement such as, The company bought it, the shareholders paid for it, the company will protect it, will suffice. In practice, this means securing the area in which the equipment resides from unauthorized access by outside persons when there is danger of tampering or theft. It also includes avoiding needless exposures to factors which could damage the equipment, such as water and combustibles, and controlling food items around the equipment, such as soft drinks and coffee. The most one would expect from a user engaged in non-mission-critical applications would be something that protects the equipment itself, such as a maintenance contract.
Mission-critical equipment, however, has a value to the company that far exceeds the value of the equipment itself, because of the type of functions it supports. Determination of what constitutes a mission-critical system should be made at a senior management level. It cannot be automatically assumed that technical services will be privy to the organizations financial data.
LAN and telecommunication equipment that supports an in-bound call center for companies such as the Home Shopping Club, would definitely be mission-critical equipment, because disruption of the equipment, for whatever cause, would cause a financial hit to the company that far exceeds the value of the equipment. Therefore, mission-critical equipment should be defined as equipment that, if lost, would result in significant loss to the organization, measured in terms of lost sales, lost market share, lost customer confidence, or lost employee productivity.
Monetary cost is not the only measurement with regard to mission-critical. If an organization supports a poison-control line, for example, and loss of equipment means a mother cannot get through when a child is in danger, it has other implications. Because financial cost is a meaningful criteria to probably 90% of the companies, it is the measurement used for purposes of this discussion.
There is not necessarily a correlation between physical size and mission criticality. It is easy to look at a LAN of 100 people and say that it is more mission-critical than another LAN that has only 4people. However, the LAN with 100 people on it may provide purely an administrative function. The LAN with four people on it may have an important financial function.
In the following approach, it is recommended that two distinct sets of standards are created for mission-critical vs. non-mission-critical equipment.
One item that should be considered in this section is, Who is authorized to make major changes to LAN or telecommunications equipment?
There is a good reason to consider this question. If everyone is making major changes to a system haphazardly, a company is inviting disaster, because there is little communication concerning who changed what and whether these changes are compatible with changes made by another person. Standards should therefore include a list of persons authorized to make major changes to a mission-critical technical system. It should also have procedures for changing passwords on a regular basis, both for the maintenance and operation functions of LANs and telecommunications. Procedures should be defined that mandate a backup before major changes in order to have something to fall back on in case something goes wrong.
Procedures should be established to include DISA (direct inward system access). Unauthorized use of DISA lines is a major cause of telecommunication fraud or theft of long-distance services. Automated attendants, for example, should also be secured and telephone credit cards properly managed. As a minimum, establish a procedure that cancels remote access and telephone credit to employees who leave the company, especially under adverse conditions.
There should be a set of basic, physical standards for all installations, regardless of their mission-critical status. These might include use of a UPS (uninterruptible power supply) on any LAN server. A UPS not only guards against loss of productivity when the lights flicker, but also cleans up the power somewhat and protects the equipment itself.
There should be standards for physically protecting the equipment, because LAN equipment is frequently stolen and because there is a black market for PBX cards as well. There should be general housekeeping standards as far as prohibitions against eating and drinking in equipment areas and properly disposing of confidential materials through shredding or other means. No- smoking policies should be included. Standards for storing combustibles or flammables in the vicinity of equipment should also be written.
Physical standards for mission-critical applications are more intensive. These might include sign-in logs for visitors requiring access to equipment rooms. They may require additional physical protection, such as sprinkler systems or fire extinguishers. They may require general improvements to the building, such as building fire-resistant walls. They should also include protection against water, since this is a frequent cause of disruption, either from drains, building plumbing, sprinklers, or other sources.
The standards committee ideally should provide a forum for users to display new technologies and subject them to a technical evaluation. For example, a LAN manager or end user may find a new, innovative use of technology that promises to greatly enhance productivity in their department. They can present this new technology to the standards committee for both productivity and technical evaluations. The technologist on the committee can then advise the user of the feasibility of this technology; whether it will create an undue maintenance burden, for example, or whether it is difficult to support.
If it is found that this equipment does indeed increase productivity and that it does not create an undue maintenance burden, it could be accepted by the committee and added to a list of supported services and vendors that is underwritten by the committee. Other issues include what level of support users are required to provide for themselves, what the support level of the help desk should be, and more global issues, such as interconnection standards for a corporate backbone network and policies on virus protection.
The LAN operating and securities standards document is designed to be an organizations system of government with regard to the conduct and operation of technical platforms supporting the business. A properly written standards document includes input from departments throughout the organization, both the enhance productivity and to keep expenses for procurement, maintenance, and support under control. Standards also ensure that appropriate preventive safeguards are undertaken, especially for mission- critical equipment, to avoid undue loss of productivity, profitability, or equity to the company in the event something goes wrong. In other words, they are designed to prevent disruptions.
Use of a LAN operating and security standards committee is advised to ensure that critical issues are decided by a group of people with wide exposure within the company and to increase ownership of the final document across departmental boundaries and throughout the organization. If properly defined, the standards document will accommodate the advantages of the mainframe environment and needs of LAN administrators by finding the middle ground between these operating environments. By writing and adopting effective standards, an organization can enjoy the productivity afforded by modern LAN environments while at the same time enjoying a high level of support afforded through more traditional environments.
Previous | Table of Contents | Next |