I wrote a piece on Release Management on my LinkedIn Blog. I talk about the minimum properties of a change control authorisation system, the minimum evidence required before agreement can be issued, the need for emergency change control process, the
Elon Musk has taken over twitter; I wrote a short piece on LinkedIn on the deal, its funding, and the technology. Since then some, including the FT (£) have commented on its funding, not the least the bank loans and
As part of the ‘drains up’ undertaken after the 2019 General Election, a coalition calling itself Labour Together undertook a review of what went wrong and as part of that review commissioned an organisation called the “common knowledge co-op” to look at Labour’s IT and its management. They produced a report called “System update required”. (original | mirror ) What did it say? I think this is important, but like so many learning opportunities that challenge power and the bad behaviour of the powerful it seems to me to be dramatically under-valued.
When I first read it, I was outraged. I hoped to summarise it in a sensationalist fashion to see if I could interest someone who might pick it and make things better. What I have written is not that exciting and I suspect little will change because the Party doesn’t have the knowledge and experience and today is led by people who care more about their control and position within the Party than they do in winning an election and becoming a government. I mean they’d be happy to be in Government but it’s more important to them that they control the Party.
In summary, the report says, portfolio management was unacceptably poor and not accountable to the highest levels of management although they too didn’t have clue. There weren’t enough IT staff and the more numerous IT management layer wasn’t good enough. The report makes no mention of ‘requirements management’, nor of any benefits analysis tools to allow an understanding the effectiveness of the software applications provided. Labour’s voter ID/GOTV software is no longer the best. Local adoption of the IT tools is low, partly because of poor commitment to training, partly due to a high turnover of local activists and partly because the Labour machine didn’t care.
In the rest of the article, overleaf, these failings are explored in more detail. …
I found some old notes on classifying and evaluating risk and have put them on my LinkedIn blog. How does one work out the importance and value of a risk and how much to spend on mitigation. Some of this
I wrote a note on information systems programme evaluation and management on my linkedin blog. It considers business value vs reliance and observes that this technique permits the management of software products to have different governance policies, that measuring competitive advantage
The Labour Party can’t issue the ballots for their internal elections; they claim it’s a consequence of the cyber-breach last October. The Party seems to have attempted to create a replacement membership database by updating its mail manager system and
Data Protection Officers roles were revised by GDPR and the member state implementations. Here is a reminder for those that need it.
Article 37 states that a processor or controller requires a DPO if it is a public authority, if it requires regular sys systematic monitoring of data subjects on a large scale or if it processes special data.
A DPO may work for multiple companies, but Article 38 requires the DPO to be adequately resourced and supported.
The DPO must be appointed on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks specified in the GDPR Article 39.
Article 38 states that the DPO must be involved in in all issues which relate to the protection of personal data, be properly resourced to perform their duties and to maintain their professional expertise, not receive instructions on the conduct of their duties, not be dismissed for doing their job, and report to the highest levels of management.
The tasks of the role are defined in Article 39, the job is to advise the highest levels of management on their obligations, to monitor compliance including the assignment of responsibilities, training and operations’ audits, to assist and monitor the data privacy impact assessments, to cooperate and act as a contact point for the supervisory body, in the UK, the ICO.
I have used the EU text as the source of my summary and is reproduced overleaf/below …
This post was originally posted at linkedin.
When evaluating Data Protection laws and enforcement appetite, one sometimes needs to refer to the 7 principles. These were agreed by the OECD in 1980 and I summarise them below. Notice, Data subjects should be given notice when their data
I posted a note on cyber security on my linkedin blog. I post some pointers on the standards and controls needed to defend against a cyberattack and implement “adequate technical and organisational” protection. It looks and links at the NIST
This is interesting. From the Register, an article called, “Software piracy pushes companies to be more competitive, study claims • The Register“, sub-titled, irreverently as ever, “So, do copy that floppy?” The article is written by, Wendy Bradley, assistant professor