1. Application IT architecture
1.1. Please briefly review and describe the information system (as you did in the previous paper about AllCell).
1.2. If the application software was purchased (or was licensed in “the Cloud”) from an external vendor, and what is the name of the vendor who provides and supports it? After purchase, what usually needs to be done to configure this application to the target organization’s requirements?
1.3. What type of database is used for this information system, relational or NoSQL? What vendor provides the database?
1.4. What data is stored to support the system?
1.5. How does the new information system fit into the organization’s overall portfolio of information systems?
If there is integration of the application with existing information systems in this organization, then please describe this integration in term of which systems are integrated and how are they integrated (i.e. processes and/or data)?
If the application being studied is completely separate (i.e. “stand-alone”), what is the reason why isn’t it integrated with any of the organization’s other information systems? If the system is not cloud-based, then by what means is the application being run in a synchronized manner at the multiple sites for this organization?
1.6. Does the organization have a formal process for tracking hardware? software & database licenses? Network components? (e.g. bar-coding hardware or RFID Tracking or even just registry lists)
Are there published policies and/or procedures to address the acquisition and/or ongoing operation of its software, hardware and/or network/telecommunication components? Please describe this.
1.7. Does the organization have governance, risk and/or compliance requirements in place that influence (or determine) decisions about information systems and technology?
2. Application hosting and capacity requirements
2.1. Is the application hosted in the Cloud or “on-premises” (i.e. locally by the organization itself)?
2.2. If the application is hosted in the cloud is it hosted as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) Software as a Service (SaaS)? Is it on a private or public cloud?
If the application is hosted “on premises” are virtual servers (and/or networks) being used? Is a virtual data center being used?
2.3. In the hosting and maintenance of the system, are automated tools being used to accomplish this? Or is the IT staff spending a lot of time doing this one activity at a time? (This kind of automation is popularly known as “Infrastructure as Code” and more classically known as “production operations” for IT)
2.4. What are the capacity requirements for this system in terms of Scalability? Availability? Maintainability?
3. Application Security & Backup/Recovery
3.1. Do any standards or policies of the organizations address security requirements for this information system? Please describe them.
3.2. Is there a standard identification/authentication procedure that must be integrated with the system? Are users fully identified and authenticated before access is allowed? (i.e. via validated access to an intranet or extranet)?
3.3. What are the security requirements for this information system? Please describe them.
3.4. How are data back-up requirements for this system being addressed? What backup and recovery plans were developed for the systems in the event of system failure (i.e. how would the organization get the same business tasks accomplished)?
3.5. Is the system included within general (organization-wide) plans for business continuity or disaster recovery (as in the case of a pandemic)?
3.5.1. In respect to recovery, is there is a time objective for restoring the system after a disruption?
3.5.2. Is there a service level objective when restoring the system?
3.5.2 Is there a certain amount of data (like 3 hours or days of transactions) that can be considered an acceptable (tolerable) interim loss from a disruption to the system?
4. Application maintenance & performance monitoring
4.1. Regardless of how the application is hosted (in the cloud or on-premises), how does the organization monitor its performance and its uptime? What measures are used?
4.2 Who is responsible for system maintenance? Is there an ongoing maintenance and support plan? Is the application hosted by a “Cloud provider” that coordinates issues of service continuity and uptime?
4.3. Is the initial support contact for the application done through a Help Desk (internal or external)?
4.4. How are fixes incorporated into the application? How is the security of fixes maintained?
4.5. Is there a release plan for releases of updated versions of the application (i.e. version control)? How are requests for change handled? Are there enhancements and/or additional functions pending release?
0 comments